glsl: Eliminate assigments to out-of-bounds elements of vector

Several optimization paths, including constant folding, can lead to indexing vector with an out of bounds index. Out-of-bounds writes could be eliminated per spec: Section 5.11 (Out-of-Bounds Accesses) of the GLSL 4.60 spec says: "In the subsections described above for array, vector, matrix and structure accesses, any out-of-bounds access produced undefined behavior.... Out-of-bounds writes may be discarded or overwrite other variables of the active program." Fixes piglit tests: spec@glsl-1.20@execution@vector-out-of-bounds-access@fs-vec4-out-of-bounds-1 spec@glsl-1.20@execution@vector-out-of-bounds-access@fs-vec4-out-of-bounds-6 CC: <mesa-stable@lists.freedesktop.org> Signed-off-by: Danylo Piliaiev <danylo.piliaiev@globallogic.com> Reviewed-by: Eric Anholt <eric@anholt.net> Reviewed-by: Marcin Ślusarz <marcin.slusarz@intel.com> Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/6363>
2020-08-17 18:22:47 +03:00
parent e93979ba59
commit 5922d57a18
2 changed files with 26 additions and 12 deletions
--- a/.gitlab-ci/piglit/quick_shader.txt
+++ b/.gitlab-ci/piglit/quick_shader.txt
@@ -369,8 +369,6 @@ spec/glsl-1.10/execution/built-in-functions/fs-pow-float-float: fail
 spec/glsl-1.10/execution/built-in-functions/vs-pow-float-float: fail
 spec/glsl-1.10/preprocessor/extension-defined-test: skip
 spec/glsl-1.10/preprocessor/extension-if-1: skip
-spec/glsl-1.20/execution/vector-out-of-bounds-access/fs-vec4-out-of-bounds-1: crash
-spec/glsl-1.20/execution/vector-out-of-bounds-access/fs-vec4-out-of-bounds-6: crash
 spec/glsl-1.30/execution/fs-texturegrad-miplevels: fail
 spec/glsl-1.30/execution/fs-texturelod-miplevels: fail
 spec/glsl-1.30/execution/fs-texturelod-miplevels-biased: fail
@@ -592,9 +590,9 @@ spec/nv_viewport_swizzle/viewport_swizzle: skip
 summary:
       name:  results
       ----  --------
-       pass:    15784
+       pass:    15786
       fail:      104
-      crash:      172
+      crash:      170
       skip:      315
    timeout:        0
       warn:        0
--- a/src/compiler/glsl/lower_vector_derefs.cpp
+++ b/src/compiler/glsl/lower_vector_derefs.cpp
@@ -136,16 +136,32 @@ vector_deref_visitor::visit_enter(ir_assignment *ir)
         ir->write_mask = (1 << new_lhs->type->vector_elements) - 1;
         ir->set_lhs(new_lhs);
      }
-   } else if (new_lhs->ir_type != ir_type_swizzle) {
+   } else {
+      unsigned index = old_index_constant->get_uint_component(0);
+
+      if (index >= new_lhs->type->vector_elements) {
+         /* Section 5.11 (Out-of-Bounds Accesses) of the GLSL 4.60 spec says:
+          *
+          *  In the subsections described above for array, vector, matrix and
+          *  structure accesses, any out-of-bounds access produced undefined
+          *  behavior.... Out-of-bounds writes may be discarded or overwrite
+          *  other variables of the active program.
+          */
+         ir->remove();
+         return visit_continue;
+      }
+
+      if (new_lhs->ir_type != ir_type_swizzle) {
         ir->set_lhs(new_lhs);
-      ir->write_mask = 1 << old_index_constant->get_uint_component(0);
+         ir->write_mask = 1 << index;
      } else {
         /* If the "new" LHS is a swizzle, use the set_lhs helper to instead
          * swizzle the RHS.
          */
-      unsigned component[1] = { old_index_constant->get_uint_component(0) };
+         unsigned component[1] = { index };
         ir->set_lhs(new(mem_ctx) ir_swizzle(new_lhs, component, 1));
      }
+   }

   return ir_rvalue_enter_visitor::visit_enter(ir);
 }