nir: Eliminate out-of-bounds read/writes in local lowering.

Avoids nir validation assertion failures, and it's not like backend drivers would want to see definitely-out-of-bounds read/writes either. Reviewed-by: Matt Turner <mattst88@gmail.com> Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/16066>
2022-04-20 14:31:50 -07:00 · 2022-04-20 14:31:50 -07:00 · e3607e96bb
parent b25eb4d43f
commit e3607e96bb
6 changed files with 18 additions and 18 deletions
--- a/src/compiler/nir/nir_lower_locals_to_regs.c
+++ b/src/compiler/nir/nir_lower_locals_to_regs.c
@ -200,7 +200,17 @@ lower_locals_to_regs_block(nir_block *block,

         nir_alu_instr *mov = nir_alu_instr_create(b->shader, nir_op_mov);
         mov->src[0].src = get_deref_reg_src(deref, state);
+
+         if (mov->src[0].src.reg.reg->num_array_elems != 0 &&
+             mov->src[0].src.reg.base_offset >= mov->src[0].src.reg.reg->num_array_elems) {
+            /* out-of-bounds read, return 0 instead. */
+            mov->src[0].src = nir_src_for_ssa(nir_imm_intN_t(b, 0, mov->src[0].src.reg.reg->bit_size));
+            for (int i = 0; i < intrin->num_components; i++)
+               mov->src[0].swizzle[i] = 0;
+         }
+
         mov->dest.write_mask = (1 << intrin->num_components) - 1;
+
         if (intrin->dest.is_ssa) {
            nir_ssa_dest_init(&mov->instr, &mov->dest.dest,
                              intrin->num_components,
@ -226,6 +236,14 @@ lower_locals_to_regs_block(nir_block *block,

         nir_src reg_src = get_deref_reg_src(deref, state);

+         if (reg_src.reg.reg->num_array_elems != 0 &&
+             reg_src.reg.base_offset >= reg_src.reg.reg->num_array_elems) {
+            /* Out of bounds write, just eliminate it. */
+            nir_instr_remove(&intrin->instr);
+            state->progress = true;
+            break;
+         }
+
         nir_alu_instr *mov = nir_alu_instr_create(b->shader, nir_op_mov);

         nir_src_copy(&mov->src[0].src, &intrin->src[1]);
--- a/src/gallium/drivers/r600/ci/r600-rv770-fails.txt
+++ b/src/gallium/drivers/r600/ci/r600-rv770-fails.txt
@ -991,10 +991,6 @@ spec@glsl-1.20@execution@vs-nan-builtin-max,Fail
 spec@glsl-1.20@execution@vs-nan-builtin-min,Fail
 spec@glsl-1.30@execution@clipping@vs-clip-distance-primitives,Fail

-# "error: (dest->reg->num_array_elems == 0 || dest->base_offset < dest->reg->num_array_elems) && "definitely out-of-bounds array access" (../src/compiler/nir/nir_validate.c:277)"
-spec@glsl-1.30@execution@fs-large-local-array-out-of-bounds-read,Crash
-spec@glsl-1.30@execution@fs-large-local-array-out-of-bounds-write,Crash
-
 spec@glsl-1.30@execution@range_analysis_fsat_of_nan,Fail
 spec@glsl-1.30@execution@tex-miplevel-selection texture(bias) 1darrayshadow,Fail
 spec@glsl-1.30@execution@tex-miplevel-selection texture(bias) cubeshadow,Fail
--- a/src/gallium/drivers/r600/ci/r600-turks-fails.txt
+++ b/src/gallium/drivers/r600/ci/r600-turks-fails.txt
@ -1453,10 +1453,6 @@ spec@glsl-1.20@execution@clipping@vs-clip-vertex-primitives,Fail

 spec@glsl-1.30@execution@clipping@vs-clip-distance-primitives,Fail

-# "error: (src->reg.reg->num_array_elems == 0 || src->reg.base_offset < src->reg.reg->num_array_elems) && "definitely out-of-bounds array access" (../src/compiler/nir/nir_validate.c:174)"
-spec@glsl-1.30@execution@fs-large-local-array-out-of-bounds-read,Crash
-spec@glsl-1.30@execution@fs-large-local-array-out-of-bounds-write,Crash
-
 spec@glsl-1.30@execution@range_analysis_fsat_of_nan,Fail

 spec@glsl-1.30@execution@tex-miplevel-selection texture(bias) 1darrayshadow,Fail
--- a/src/gallium/drivers/softpipe/ci/softpipe-fails.txt
+++ b/src/gallium/drivers/softpipe/ci/softpipe-fails.txt
@ -1252,9 +1252,6 @@ spec@ext_transform_feedback2@counting with pause,Fail
 spec@ext_transform_feedback@pipeline-basic-primgen,Fail
 spec@ext_transform_feedback@primgen-query transform-feedback-disabled,Fail

-spec@glsl-1.30@execution@fs-large-local-array-out-of-bounds-read,Crash
-spec@glsl-1.30@execution@fs-large-local-array-out-of-bounds-write,Crash
-
 spec@glsl-1.30@execution@tex-miplevel-selection texturegrad 1d,Fail
 spec@glsl-1.30@execution@tex-miplevel-selection texturegrad 1darray,Fail
 spec@glsl-1.30@execution@tex-miplevel-selection texturegrad 1darrayshadow,Fail
--- a/src/gallium/drivers/virgl/ci/virpipe-gl-fails.txt
+++ b/src/gallium/drivers/virgl/ci/virpipe-gl-fails.txt
@ -867,11 +867,6 @@ spec@glsl-1.10@execution@samplers@glsl-fs-shadow2d-08,Fail
 spec@glsl-1.10@execution@samplers@glsl-fs-shadow2d-clamp-z,Fail
 spec@glsl-1.20@compiler@invalid-vec4-array-to-vec3-array-conversion.vert,Fail

-# "ERROR - Piglit error: NIR validation failed after nir_lower_locals_to_regs"
-# "ERROR - Piglit error: error: (src->reg.reg->num_array_elems == 0 || src->reg.base_offset < src->reg.reg->num_array_elems) && "definitely out-of-bounds array access" (../src/compiler/nir/nir_validate.c:174)"
-spec@glsl-1.30@execution@fs-large-local-array-out-of-bounds-read,Crash
-spec@glsl-1.30@execution@fs-large-local-array-out-of-bounds-write,Crash
-
 spec@glsl-1.30@execution@vs-isnan-and-more-comparison,Fail

 spec@glsl-1.50@execution@primitive-id-no-gs-quad-strip,Fail
--- a/src/gallium/drivers/virgl/ci/virpipe-gl-flakes.txt
+++ b/src/gallium/drivers/virgl/ci/virpipe-gl-flakes.txt
@ -54,7 +54,5 @@ spec@oes_viewport_array@viewport-gs-writes-in-range

 spec@arb_timer_query@timestamp-get

-spec@glsl-1.30@execution@fs-large-local-array-out-of-bounds-write
-
 spec@nv_primitive_restart@primitive-restart-draw-mode-polygon
 spec@nv_primitive_restart@primitive-restart-draw-mode-quad_strip