ASSERT: false |
|||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=4759058784190464 Fuzzer: libFuzzer_gpu_swiftshader_fuzzer Job Type: libfuzzer_chrome_asan_debug Platform Id: linux Crash Type: ASSERT Crash Address: Crash State: false sw::VertexProgram::relativeAddress sw::VertexProgram::readConstant Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=529739:529747 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4759058784190464 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.
,
May 21 2018
Automatically adding ccs based on suspected regression changelists: Use half-precision for special internal formats. by capn@google.com - https://swiftshader.googlesource.com/SwiftShader/+/a6bc61d61d6fe9551d72f917629bf6bccfeafce0 Rename version to shaderModel by sugoi@google.com - https://swiftshader.googlesource.com/SwiftShader/+/53ad4afcee973b4323f84eb54c26d8329c66e51c Minor C++11 code cleanup by sugoi@google.com - https://swiftshader.googlesource.com/SwiftShader/+/bf3fc254f96e60ff38e55496c27ba057787a8e9c If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label.
,
May 21 2018
Automatically adding ccs based on OWNERS file / target commit history. If this is incorrect, please add ClusterFuzz-Wrong label.
,
May 21 2018
->capn for triage
,
May 22 2018
I'm not sure how the testcase could reach that code. Doesn't look very high priority to fix this. The value returned in release builds should be safe.
,
May 23 2018
Reproduced. It's a problem with indexing arrays with the gl_VertexID built-in variable.
,
May 29 2018
The following revision refers to this bug: https://swiftshader.googlesource.com/SwiftShader.git/+/ac3f2faccda5a53f3003ff66b600ed4e4cec1800 commit ac3f2faccda5a53f3003ff66b600ed4e4cec1800 Author: Nicolas Capens <capn@google.com> Date: Tue May 29 13:59:43 2018 Detect loop index modifications in loop body. Loops can only be unrolled if their loop index variable is not being modified in the loop body. Also check that the increment step of the loop operates on the initial index variable. Also remove some UNIMPLEMENTED's that were benign. Bug chromium:845103 Bug chromium:843867 Bug skia:7846 Change-Id: Ib2b39f2d58763f0299ce7f6f75a8a75e6bdc7963 Reviewed-on: https://swiftshader-review.googlesource.com/18988 Reviewed-by: Alexis Hétu <sugoi@google.com> Tested-by: Nicolas Capens <nicolascapens@google.com> [modify] https://crrev.com/ac3f2faccda5a53f3003ff66b600ed4e4cec1800/src/OpenGL/compiler/OutputASM.cpp [modify] https://crrev.com/ac3f2faccda5a53f3003ff66b600ed4e4cec1800/src/OpenGL/compiler/OutputASM.h
,
May 29 2018
The following revision refers to this bug: https://swiftshader.googlesource.com/SwiftShader.git/+/5bff4059d646fbd296818d8d17fb38c8590de8a7 commit 5bff4059d646fbd296818d8d17fb38c8590de8a7 Author: Nicolas Capens <capn@google.com> Date: Tue May 29 13:59:43 2018 Implement gather/scatter operations for shader register files. This allows to address the registers with a vector of indices. Also rename 'dynamic' register files to 'indirect addressable', to disambiguate from 'dynamic indexing' at the shader level. Indexing with a uniform does not require gather/scatter operations, but does require indirect addressing. Bug chromium:845103 Bug skia:7846 Change-Id: I3c42be33def66328688f2900c61c80246bf1e584 Reviewed-on: https://swiftshader-review.googlesource.com/18989 Tested-by: Nicolas Capens <nicolascapens@google.com> Reviewed-by: Alexis Hétu <sugoi@google.com> [modify] https://crrev.com/5bff4059d646fbd296818d8d17fb38c8590de8a7/src/Shader/PixelProgram.hpp [modify] https://crrev.com/5bff4059d646fbd296818d8d17fb38c8590de8a7/src/Shader/PixelRoutine.cpp [modify] https://crrev.com/5bff4059d646fbd296818d8d17fb38c8590de8a7/src/Shader/PixelShader.cpp [modify] https://crrev.com/5bff4059d646fbd296818d8d17fb38c8590de8a7/src/Shader/Shader.cpp [modify] https://crrev.com/5bff4059d646fbd296818d8d17fb38c8590de8a7/src/Shader/Shader.hpp [modify] https://crrev.com/5bff4059d646fbd296818d8d17fb38c8590de8a7/src/Shader/ShaderCore.cpp [modify] https://crrev.com/5bff4059d646fbd296818d8d17fb38c8590de8a7/src/Shader/ShaderCore.hpp [modify] https://crrev.com/5bff4059d646fbd296818d8d17fb38c8590de8a7/src/Shader/VertexProgram.cpp [modify] https://crrev.com/5bff4059d646fbd296818d8d17fb38c8590de8a7/src/Shader/VertexRoutine.cpp [modify] https://crrev.com/5bff4059d646fbd296818d8d17fb38c8590de8a7/src/Shader/VertexShader.cpp
,
May 29 2018
The following revision refers to this bug: https://swiftshader.googlesource.com/SwiftShader.git/+/4b74373aac5107233555ae00b6df2340251b5022 commit 4b74373aac5107233555ae00b6df2340251b5022 Author: Nicolas Capens <capn@google.com> Date: Tue May 29 13:59:43 2018 Implement dynamic indexing of temporaries. Previously only dynamic indexing of uniforms was supported. Since this is essentially a gather operation within the register file, it is slow. We optimize the common case of using the loop index variable as relative address, where the index value would be the same for all shader invocations running in lock-step across SIMD lanes. Bug chromium:845103 Bug skia:7846 Change-Id: Idb36b512dd560d740ac9088691b633ff3a1561c1 Reviewed-on: https://swiftshader-review.googlesource.com/18968 Tested-by: Nicolas Capens <nicolascapens@google.com> Reviewed-by: Alexis Hétu <sugoi@google.com> [modify] https://crrev.com/4b74373aac5107233555ae00b6df2340251b5022/src/OpenGL/compiler/OutputASM.cpp [modify] https://crrev.com/4b74373aac5107233555ae00b6df2340251b5022/src/OpenGL/compiler/OutputASM.h [modify] https://crrev.com/4b74373aac5107233555ae00b6df2340251b5022/src/Reactor/Reactor.hpp [modify] https://crrev.com/4b74373aac5107233555ae00b6df2340251b5022/src/Shader/PixelProgram.cpp [modify] https://crrev.com/4b74373aac5107233555ae00b6df2340251b5022/src/Shader/PixelProgram.hpp [modify] https://crrev.com/4b74373aac5107233555ae00b6df2340251b5022/src/Shader/Shader.hpp [modify] https://crrev.com/4b74373aac5107233555ae00b6df2340251b5022/src/Shader/VertexProgram.cpp [modify] https://crrev.com/4b74373aac5107233555ae00b6df2340251b5022/src/Shader/VertexProgram.hpp
,
May 29 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/885440e7b1f0f374c106f0c91bc1ad62a4032356 commit 885440e7b1f0f374c106f0c91bc1ad62a4032356 Author: Nicolas Capens <capn@chromium.org> Date: Tue May 29 16:05:42 2018 Roll SwiftShader cbb80f5..4b74373 https://swiftshader.googlesource.com/SwiftShader.git/+log/cbb80f5..4b74373 BUG= chromium:845103 , chromium:843867 , skia:7846 TBR=kbr@chromium.org TEST=bots CQ_INCLUDE_TRYBOTS=luci.chromium.try:win_optional_gpu_tests_rel;luci.chromium.try:mac_optional_gpu_tests_rel;luci.chromium.try:linux_optional_gpu_tests_rel;master.tryserver.chromium.linux:linux_chromium_cfi_rel_ng;luci.chromium.try:android_optional_gpu_tests_rel Change-Id: Ic11ae1fb5e76e40a997a1017913a2901b576898b Reviewed-on: https://chromium-review.googlesource.com/1076487 Reviewed-by: Alexis Hétu <sugoi@chromium.org> Commit-Queue: Alexis Hétu <sugoi@chromium.org> Commit-Queue: Nicolas Capens <capn@chromium.org> Cr-Commit-Position: refs/heads/master@{#562447} [modify] https://crrev.com/885440e7b1f0f374c106f0c91bc1ad62a4032356/DEPS
,
May 29 2018
ClusterFuzz has detected this issue as fixed in range 562413:562449. Detailed report: https://clusterfuzz.com/testcase?key=4759058784190464 Fuzzer: libFuzzer_gpu_swiftshader_fuzzer Job Type: libfuzzer_chrome_asan_debug Platform Id: linux Crash Type: ASSERT Crash Address: Crash State: false sw::VertexProgram::relativeAddress sw::VertexProgram::readConstant Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=529739:529747 Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=562413:562449 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4759058784190464 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
May 29 2018
ClusterFuzz testcase 4759058784190464 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
May 30 2018
The following revision refers to this bug: https://swiftshader.googlesource.com/SwiftShader.git/+/937e6a5acd8649251a21022ff0554f9a74479baf commit 937e6a5acd8649251a21022ff0554f9a74479baf Author: Nicolas Capens <capn@google.com> Date: Wed May 30 15:40:54 2018 Also copy shader info log on success. Previously we only copied the GLSL shader compiler's info log on failure. This hid any warnings or debug info from the application. Bug chromium:845103 Change-Id: Ia1877a405db2017d327dfc68037596fbda1579fa Reviewed-on: https://swiftshader-review.googlesource.com/19009 Tested-by: Nicolas Capens <nicolascapens@google.com> Reviewed-by: Alexis Hétu <sugoi@google.com> [modify] https://crrev.com/937e6a5acd8649251a21022ff0554f9a74479baf/src/OpenGL/compiler/Diagnostics.cpp [modify] https://crrev.com/937e6a5acd8649251a21022ff0554f9a74479baf/src/OpenGL/compiler/Diagnostics.h [modify] https://crrev.com/937e6a5acd8649251a21022ff0554f9a74479baf/src/OpenGL/compiler/InfoSink.cpp [modify] https://crrev.com/937e6a5acd8649251a21022ff0554f9a74479baf/src/OpenGL/compiler/InfoSink.h [modify] https://crrev.com/937e6a5acd8649251a21022ff0554f9a74479baf/src/OpenGL/compiler/ParseHelper.cpp [modify] https://crrev.com/937e6a5acd8649251a21022ff0554f9a74479baf/src/OpenGL/compiler/ParseHelper.h [modify] https://crrev.com/937e6a5acd8649251a21022ff0554f9a74479baf/src/OpenGL/compiler/preprocessor/DiagnosticsBase.h [modify] https://crrev.com/937e6a5acd8649251a21022ff0554f9a74479baf/src/OpenGL/libGLESv2/Shader.cpp
,
May 30 2018
The following revision refers to this bug: https://swiftshader.googlesource.com/SwiftShader.git/+/493fc54a61c37b1d28e4641449bbdef792af9ce8 commit 493fc54a61c37b1d28e4641449bbdef792af9ce8 Author: Nicolas Capens <capn@google.com> Date: Wed May 30 15:40:54 2018 Fix loop unrolling. Loops were no longer getting unrolled because we analyzed the entire loop, not just the body, for changes to the index variable. Also, the logic was inverted. Also, be conservative about loops with return statements not being unrollable. Bug chromium:845103 Change-Id: I5957e17f7b985ae90b10053216b6945f3f64338e Reviewed-on: https://swiftshader-review.googlesource.com/19008 Tested-by: Nicolas Capens <nicolascapens@google.com> Reviewed-by: Alexis Hétu <sugoi@google.com> [modify] https://crrev.com/493fc54a61c37b1d28e4641449bbdef792af9ce8/src/OpenGL/compiler/OutputASM.cpp [modify] https://crrev.com/493fc54a61c37b1d28e4641449bbdef792af9ce8/src/OpenGL/compiler/OutputASM.h [modify] https://crrev.com/493fc54a61c37b1d28e4641449bbdef792af9ce8/tests/unittests/unittests.cpp |
|||||||
►
Sign in to add a comment |
|||||||
Comment 1 by ClusterFuzz
, May 21 2018Labels: Test-Predator-Auto-Components