Mesa (main): nir: Eliminate out-of-bounds read/writes in local lowering.

GitLab Mirror gitlab-mirror at kemper.freedesktop.org
Tue May 3 19:01:13 UTC 2022 

Module: Mesa
Branch: main
Commit: e3607e96bb6691941f55edbfe2ed82e224c890c2
URL:    http://cgit.freedesktop.org/mesa/mesa/commit/?id=e3607e96bb6691941f55edbfe2ed82e224c890c2

Author: Emma Anholt <emma at anholt.net>
Date:   Wed Apr 20 14:31:50 2022 -0700

nir: Eliminate out-of-bounds read/writes in local lowering.

Avoids nir validation assertion failures, and it's not like backend
drivers would want to see definitely-out-of-bounds read/writes either.

Reviewed-by: Matt Turner <mattst88 at gmail.com>
Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/16066>

---

 src/compiler/nir/nir_lower_locals_to_regs.c        | 18 ++++++++++++++++++
 src/gallium/drivers/r600/ci/r600-rv770-fails.txt   |  4 ----
 src/gallium/drivers/r600/ci/r600-turks-fails.txt   |  4 ----
 src/gallium/drivers/softpipe/ci/softpipe-fails.txt |  3 ---
 src/gallium/drivers/virgl/ci/virpipe-gl-fails.txt  |  5 -----
 src/gallium/drivers/virgl/ci/virpipe-gl-flakes.txt |  2 --
 6 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/src/compiler/nir/nir_lower_locals_to_regs.c b/src/compiler/nir/nir_lower_locals_to_regs.c
index a0f5ecb61cd..40e10cadb0a 100644
--- a/src/compiler/nir/nir_lower_locals_to_regs.c
+++ b/src/compiler/nir/nir_lower_locals_to_regs.c
@@ -200,7 +200,17 @@ lower_locals_to_regs_block(nir_block *block,
 
          nir_alu_instr *mov = nir_alu_instr_create(b->shader, nir_op_mov);
          mov->src[0].src = get_deref_reg_src(deref, state);
+
+         if (mov->src[0].src.reg.reg->num_array_elems != 0 &&
+             mov->src[0].src.reg.base_offset >= mov->src[0].src.reg.reg->num_array_elems) {
+            /* out-of-bounds read, return 0 instead. */
+            mov->src[0].src = nir_src_for_ssa(nir_imm_intN_t(b, 0, mov->src[0].src.reg.reg->bit_size));
+            for (int i = 0; i < intrin->num_components; i++)
+               mov->src[0].swizzle[i] = 0;
+         }
+
          mov->dest.write_mask = (1 << intrin->num_components) - 1;
+
          if (intrin->dest.is_ssa) {
             nir_ssa_dest_init(&mov->instr, &mov->dest.dest,
                               intrin->num_components,
@@ -226,6 +236,14 @@ lower_locals_to_regs_block(nir_block *block,
 
          nir_src reg_src = get_deref_reg_src(deref, state);
 
+         if (reg_src.reg.reg->num_array_elems != 0 &&
+             reg_src.reg.base_offset >= reg_src.reg.reg->num_array_elems) {
+            /* Out of bounds write, just eliminate it. */
+            nir_instr_remove(&intrin->instr);
+            state->progress = true;
+            break;
+         }
+
          nir_alu_instr *mov = nir_alu_instr_create(b->shader, nir_op_mov);
 
          nir_src_copy(&mov->src[0].src, &intrin->src[1]);
diff --git a/src/gallium/drivers/r600/ci/r600-rv770-fails.txt b/src/gallium/drivers/r600/ci/r600-rv770-fails.txt
index 851d9cc2c7e..6e0fd3b7f6a 100644
--- a/src/gallium/drivers/r600/ci/r600-rv770-fails.txt
+++ b/src/gallium/drivers/r600/ci/r600-rv770-fails.txt
@@ -991,10 +991,6 @@ spec at glsl-1.20@execution at vs-nan-builtin-max,Fail
 spec at glsl-1.20@execution at vs-nan-builtin-min,Fail
 spec at glsl-1.30@execution at clipping@vs-clip-distance-primitives,Fail
 
-# "error: (dest->reg->num_array_elems == 0 || dest->base_offset < dest->reg->num_array_elems) && "definitely out-of-bounds array access" (../src/compiler/nir/nir_validate.c:277)"
-spec at glsl-1.30@execution at fs-large-local-array-out-of-bounds-read,Crash
-spec at glsl-1.30@execution at fs-large-local-array-out-of-bounds-write,Crash
-
 spec at glsl-1.30@execution at range_analysis_fsat_of_nan,Fail
 spec at glsl-1.30@execution at tex-miplevel-selection texture(bias) 1darrayshadow,Fail
 spec at glsl-1.30@execution at tex-miplevel-selection texture(bias) cubeshadow,Fail
diff --git a/src/gallium/drivers/r600/ci/r600-turks-fails.txt b/src/gallium/drivers/r600/ci/r600-turks-fails.txt
index 7ab129e482a..1944cd15ace 100644
--- a/src/gallium/drivers/r600/ci/r600-turks-fails.txt
+++ b/src/gallium/drivers/r600/ci/r600-turks-fails.txt
@@ -1453,10 +1453,6 @@ spec at glsl-1.20@execution at clipping@vs-clip-vertex-primitives,Fail
 
 spec at glsl-1.30@execution at clipping@vs-clip-distance-primitives,Fail
 
-# "error: (src->reg.reg->num_array_elems == 0 || src->reg.base_offset < src->reg.reg->num_array_elems) && "definitely out-of-bounds array access" (../src/compiler/nir/nir_validate.c:174)"
-spec at glsl-1.30@execution at fs-large-local-array-out-of-bounds-read,Crash
-spec at glsl-1.30@execution at fs-large-local-array-out-of-bounds-write,Crash
-
 spec at glsl-1.30@execution at range_analysis_fsat_of_nan,Fail
 
 spec at glsl-1.30@execution at tex-miplevel-selection texture(bias) 1darrayshadow,Fail
diff --git a/src/gallium/drivers/softpipe/ci/softpipe-fails.txt b/src/gallium/drivers/softpipe/ci/softpipe-fails.txt
index eacbfff5065..d5dd0495a22 100644
--- a/src/gallium/drivers/softpipe/ci/softpipe-fails.txt
+++ b/src/gallium/drivers/softpipe/ci/softpipe-fails.txt
@@ -1252,9 +1252,6 @@ spec at ext_transform_feedback2@counting with pause,Fail
 spec at ext_transform_feedback@pipeline-basic-primgen,Fail
 spec at ext_transform_feedback@primgen-query transform-feedback-disabled,Fail
 
-spec at glsl-1.30@execution at fs-large-local-array-out-of-bounds-read,Crash
-spec at glsl-1.30@execution at fs-large-local-array-out-of-bounds-write,Crash
-
 spec at glsl-1.30@execution at tex-miplevel-selection texturegrad 1d,Fail
 spec at glsl-1.30@execution at tex-miplevel-selection texturegrad 1darray,Fail
 spec at glsl-1.30@execution at tex-miplevel-selection texturegrad 1darrayshadow,Fail
diff --git a/src/gallium/drivers/virgl/ci/virpipe-gl-fails.txt b/src/gallium/drivers/virgl/ci/virpipe-gl-fails.txt
index 482c4b79f74..40ee5c0c868 100644
--- a/src/gallium/drivers/virgl/ci/virpipe-gl-fails.txt
+++ b/src/gallium/drivers/virgl/ci/virpipe-gl-fails.txt
@@ -867,11 +867,6 @@ spec at glsl-1.10@execution at samplers@glsl-fs-shadow2d-08,Fail
 spec at glsl-1.10@execution at samplers@glsl-fs-shadow2d-clamp-z,Fail
 spec at glsl-1.20@compiler at invalid-vec4-array-to-vec3-array-conversion.vert,Fail
 
-# "ERROR - Piglit error: NIR validation failed after nir_lower_locals_to_regs"
-# "ERROR - Piglit error: error: (src->reg.reg->num_array_elems == 0 || src->reg.base_offset < src->reg.reg->num_array_elems) && "definitely out-of-bounds array access" (../src/compiler/nir/nir_validate.c:174)"
-spec at glsl-1.30@execution at fs-large-local-array-out-of-bounds-read,Crash
-spec at glsl-1.30@execution at fs-large-local-array-out-of-bounds-write,Crash
-
 spec at glsl-1.30@execution at vs-isnan-and-more-comparison,Fail
 
 spec at glsl-1.50@execution at primitive-id-no-gs-quad-strip,Fail
diff --git a/src/gallium/drivers/virgl/ci/virpipe-gl-flakes.txt b/src/gallium/drivers/virgl/ci/virpipe-gl-flakes.txt
index dc6c1eee520..f18d0ec14f5 100644
--- a/src/gallium/drivers/virgl/ci/virpipe-gl-flakes.txt
+++ b/src/gallium/drivers/virgl/ci/virpipe-gl-flakes.txt
@@ -54,7 +54,5 @@ spec at oes_viewport_array@viewport-gs-writes-in-range
 
 spec at arb_timer_query@timestamp-get
 
-spec at glsl-1.30@execution at fs-large-local-array-out-of-bounds-write
-
 spec at nv_primitive_restart@primitive-restart-draw-mode-polygon
 spec at nv_primitive_restart@primitive-restart-draw-mode-quad_strip

More information about the mesa-commit mailing list