Bug 225864

Summary:

ASSERT(!toType.isArray()) failure in sh::CoerceSimple due to vector array dereference

Product:

WebKit

Reporter:

Kimmo Kinnunen <kkinnunen>

Component:

ANGLE

Assignee:

Kyle Piddington <kpiddington>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

dino, ews-watchlist, graouts, kkinnunen, kondapallykalyan, webkit-bug-importer

Priority:

Keywords:

InRadar

Version:

WebKit Local Build

Hardware:

All

OS:

macOS 10.15

Attachments:

Description	Flags
Test to fix	none
Test to fix	none
Patch	none
Patch	none

Kimmo Kinnunen

Reported 2021-05-17 03:36:05 PDT

ASSERT(!toType.isArray()) failure in sh::CoerceSimple due to vector array dereference https://playcanv.as/e/p/44MRmJRU/ #version 300 es void main(){vec2 S[1];S;} Process: com.apple.WebKit.WebContent.Development [8288] Path: /Users/USER/*/com.apple.WebKit.WebContent.Development Identifier: com.apple.WebKit.WebContent Version: 612+ (612.1.13+) Code Type: X86-64 (Native) Parent Process: ??? [1] Responsible: MiniBrowser [6920] User ID: 501 PlugIn Path: /Users/USER/*/libANGLE-shared.dylib PlugIn Identifier: libANGLE-shared.dylib PlugIn Version: ??? (0) Date/Time: 2021-05-17 12:50:57.808 +0300 OS Version: macOS 11.3 (20E201) Report Version: 12 Bridge OS Version: 6.0 (19P253) Anonymous UUID: ADEB2724-109F-6379-8A4B-657A6A37BBA8 Sleep/Wake UUID: 1C32DABA-8A49-4470-B6BB-977317E3EC81 Time Awake Since Boot: 57000 seconds Time Since Wake: 1500 seconds System Integrity Protection: enabled Crashed Thread: 0 Dispatch queue: com.apple.main-thread Exception Type: EXC_BAD_INSTRUCTION (SIGILL) Exception Codes: 0x0000000000000001, 0x0000000000000000 Exception Note: EXC_CORPSE_NOTIFY Termination Signal: Illegal instruction: 4 Termination Reason: Namespace SIGNAL, Code 0x4 Terminating Process: exc handler [8288] Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 libANGLE-shared.dylib 0x00000003b8b0222e gl::LogMessage::~LogMessage() + 238 (debug.cpp:199) 1 libANGLE-shared.dylib 0x00000003b8b01b05 gl::LogMessage::~LogMessage() + 21 (debug.cpp:175) 2 libANGLE-shared.dylib 0x00000003b89bdf19 sh::CoerceSimple(sh::TType const&, sh::TIntermTyped&, bool) + 1545 (AstHelpers.cpp:480) 3 libANGLE-shared.dylib 0x00000003b89a4119 (anonymous namespace)::Rewriter::visitAggregatePost(sh::TIntermAggregate&) + 537 (AddExplicitTypeCasts.cpp:53) 4 libANGLE-shared.dylib 0x00000003b8ddeef6 sh::TIntermRebuild::traversePost(sh::NodeType, sh::TIntermNode const&, sh::TIntermNode&, sh::TIntermRebuild::VisitBits) + 1542 (IntermRebuild.cpp:504) 5 libANGLE-shared.dylib 0x00000003b8ddd659 sh::TIntermRebuild::traverseAny(sh::TIntermNode&) + 585 (IntermRebuild.cpp:328) 6 libANGLE-shared.dylib 0x00000003b8de14a1 sh::TIntermTyped* sh::TIntermRebuild::traverseAnyAs<sh::TIntermTyped>(sh::TIntermNode&) + 33 (IntermRebuild.cpp:233) 7 libANGLE-shared.dylib 0x00000003b8ddf652 sh::TIntermRebuild::traverseBinaryChildren(sh::TIntermBinary&) + 706 (IntermRebuild.cpp:573) 8 libANGLE-shared.dylib 0x00000003b8dde624 sh::TIntermRebuild::traverseChildren(sh::NodeType, sh::TIntermNode const&, sh::TIntermNode&, sh::TIntermRebuild::VisitBits) + 708 (IntermRebuild.cpp:422) 9 libANGLE-shared.dylib 0x00000003b8ddd5fe sh::TIntermRebuild::traverseAny(sh::TIntermNode&) + 494 (IntermRebuild.cpp:322) 10 libANGLE-shared.dylib 0x00000003b8ddd979 sh::TIntermRebuild::traverseAggregateBaseChildren(sh::TIntermAggregateBase&) + 761 (IntermRebuild.cpp:266) 11 libANGLE-shared.dylib 0x00000003b8de0ce6 sh::TIntermRebuild::traverseDeclarationChildren(sh::TIntermDeclaration&) + 38 (IntermRebuild.cpp:541) 12 libANGLE-shared.dylib 0x00000003b8dde803 sh::TIntermRebuild::traverseChildren(sh::NodeType, sh::TIntermNode const&, sh::TIntermNode&, sh::TIntermRebuild::VisitBits) + 1187 (IntermRebuild.cpp:443) 13 libANGLE-shared.dylib 0x00000003b8ddd5fe sh::TIntermRebuild::traverseAny(sh::TIntermNode&) + 494 (IntermRebuild.cpp:322) 14 libANGLE-shared.dylib 0x00000003b8ddd979 sh::TIntermRebuild::traverseAggregateBaseChildren(sh::TIntermAggregateBase&) + 761 (IntermRebuild.cpp:266) 15 libANGLE-shared.dylib 0x00000003b8de0a66 sh::TIntermRebuild::traverseBlockChildren(sh::TIntermBlock&) + 38 (IntermRebuild.cpp:532) 16 libANGLE-shared.dylib 0x00000003b8dde7a5 sh::TIntermRebuild::traverseChildren(sh::NodeType, sh::TIntermNode const&, sh::TIntermNode&, sh::TIntermRebuild::VisitBits) + 1093 (IntermRebuild.cpp:438) 17 libANGLE-shared.dylib 0x00000003b8ddd5fe sh::TIntermRebuild::traverseAny(sh::TIntermNode&) + 494 (IntermRebuild.cpp:322) 18 libANGLE-shared.dylib 0x00000003b8de15f1 sh::TIntermBlock* sh::TIntermRebuild::traverseAnyAs<sh::TIntermBlock>(sh::TIntermNode&) + 33 (IntermRebuild.cpp:233) 19 libANGLE-shared.dylib 0x00000003b8de091c sh::TIntermRebuild::traverseFunctionDefinitionChildren(sh::TIntermFunctionDefinition&) + 796 (IntermRebuild.cpp:736) 20 libANGLE-shared.dylib 0x00000003b8dde747 sh::TIntermRebuild::traverseChildren(sh::NodeType, sh::TIntermNode const&, sh::TIntermNode&, sh::TIntermRebuild::VisitBits) + 999 (IntermRebuild.cpp:434) 21 libANGLE-shared.dylib 0x00000003b8ddd5fe sh::TIntermRebuild::traverseAny(sh::TIntermNode&) + 494 (IntermRebuild.cpp:322) 22 libANGLE-shared.dylib 0x00000003b8ddd979 sh::TIntermRebuild::traverseAggregateBaseChildren(sh::TIntermAggregateBase&) + 761 (IntermRebuild.cpp:266) 23 libANGLE-shared.dylib 0x00000003b8de0a66 sh::TIntermRebuild::traverseBlockChildren(sh::TIntermBlock&) + 38 (IntermRebuild.cpp:532) 24 libANGLE-shared.dylib 0x00000003b8dde7a5 sh::TIntermRebuild::traverseChildren(sh::NodeType, sh::TIntermNode const&, sh::TIntermNode&, sh::TIntermRebuild::VisitBits) + 1093 (IntermRebuild.cpp:438) 25 libANGLE-shared.dylib 0x00000003b8ddd5fe sh::TIntermRebuild::traverseAny(sh::TIntermNode&) + 494 (IntermRebuild.cpp:322) 26 libANGLE-shared.dylib 0x00000003b8de15f1 sh::TIntermBlock* sh::TIntermRebuild::traverseAnyAs<sh::TIntermBlock>(sh::TIntermNode&) + 33 (IntermRebuild.cpp:233) 27 libANGLE-shared.dylib 0x00000003b8ddd2a0 bool sh::TIntermRebuild::rebuildInPlaceImpl<sh::TIntermBlock>(sh::TIntermBlock&) + 32 (IntermRebuild.cpp:209) 28 libANGLE-shared.dylib 0x00000003b8ddd1ad sh::TIntermRebuild::rebuildInPlace(sh::TIntermBlock&) + 29 (IntermRebuild.cpp:198) 29 libANGLE-shared.dylib 0x00000003b8ddd154 sh::TIntermRebuild::rebuildRoot(sh::TIntermBlock&) + 36 (IntermRebuild.cpp:184) 30 libANGLE-shared.dylib 0x00000003b89a3d9c sh::AddExplicitTypeCasts(sh::TCompiler&, sh::TIntermBlock&, sh::SymbolEnv&, bool) + 76 (AddExplicitTypeCasts.cpp:91) 31 libANGLE-shared.dylib 0x00000003b91f3d68 sh::TranslatorMetalDirect::translateImpl(sh::TIntermBlock&, unsigned long long) + 5976 (TranslatorMetalDirect.cpp:1457) 32 libANGLE-shared.dylib 0x00000003b91f6bcc sh::TranslatorMetalDirect::translate(sh::TIntermBlock*, unsigned long long, sh::PerformanceDiagnostics*) + 316 (TranslatorMetalDirect.cpp:1552) 33 libANGLE-shared.dylib 0x00000003b8a31efe sh::TCompiler::compile(char const* const*, unsigned long, unsigned long long) + 286 (Compiler.cpp:981) 34 libANGLE-shared.dylib 0x00000003b910cbb4 sh::Compile(void*, char const* const*, unsigned long, unsigned long long) + 340 (ShaderLang.cpp:336) 35 libANGLE-shared.dylib 0x00000003b910aa80 rx::TranslateTask::operator()() + 288 (ShaderImpl.cpp:52) 36 libANGLE-shared.dylib 0x00000003b92baa9f angle::SingleThreadedWorkerPool::postWorkerTask(std::__1::shared_ptr<angle::Closure>) + 47 (WorkerThread.cpp:68) 37 libANGLE-shared.dylib 0x00000003b92bbe14 angle::WorkerThreadPool::PostWorkerTask(std::__1::shared_ptr<angle::WorkerThreadPool>, std::__1::shared_ptr<angle::Closure>) + 84 (WorkerThread.cpp:348) 38 libANGLE-shared.dylib 0x00000003b910fec2 rx::ShaderMtl::compileImplMtl(gl::Context const*, gl::ShCompilerInstance*, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, unsigned long long) + 242 (ShaderMtl.mm:99) 39 libANGLE-shared.dylib 0x00000003b9110399 rx::ShaderMtl::compile(gl::Context const*, gl::ShCompilerInstance*, unsigned long long) + 521 (ShaderMtl.mm:147) 40 libANGLE-shared.dylib 0x00000003b90f232f gl::Shader::compile(gl::Context const*) + 1663 (Shader.cpp:367) 41 libANGLE-shared.dylib 0x00000003b8a6fc19 gl::Context::compileShader(gl::ShaderProgramID) + 73 (Context.cpp:6183) 42 libANGLE-shared.dylib 0x00000003b8bc5416 gl::CompileShader(unsigned int) + 134 (entry_points_gles_2_0_autogen.cpp:541) 43 com.apple.WebCore 0x0000000391e530a4 WebCore::GraphicsContextGLOpenGL::compileShader(unsigned int) + 148 (GraphicsContextGLANGLE.cpp:918) 44 com.apple.WebCore 0x00000003953bafae WebCore::WebGLRenderingContextBase::compileShader(WebCore::WebGLShader&) + 126 (WebGLRenderingContextBase.cpp:1756)

Attachments
Test to fix (2.09 KB, patch) 2021-05-17 03:42 PDT, Kimmo Kinnunen	no flags	Details Formatted Diff Diff
Test to fix (2.05 KB, patch) 2021-05-17 03:57 PDT, Kimmo Kinnunen	no flags	Details Formatted Diff Diff
Patch (5.94 KB, patch) 2021-05-17 17:24 PDT, Kyle Piddington	no flags	Details Formatted Diff Diff
Patch (6.50 KB, patch) 2021-05-19 12:48 PDT, Kyle Piddington	no flags	Details Formatted Diff Diff
Show Obsolete (3) View All Add attachment proposed patch, testcase, etc.

Kimmo Kinnunen

Comment 1 2021-05-17 03:36:32 PDT

Possibly the reason for <rdar://77968214>

Kimmo Kinnunen

Comment 2 2021-05-17 03:42:58 PDT

Created attachment 428818 [details] Test to fix

Kimmo Kinnunen

Comment 3 2021-05-17 03:57:22 PDT

Created attachment 428819 [details] Test to fix

Kyle Piddington

Comment 4 2021-05-17 17:24:41 PDT

Created attachment 428897 [details] Patch

EWS Watchlist

Comment 5 2021-05-17 17:25:47 PDT

Note that there are important steps to take when updating ANGLE. See https://trac.webkit.org/wiki/UpdatingANGLE

Kimmo Kinnunen

Comment 6 2021-05-17 23:54:24 PDT

Comment on attachment 428897 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=428897&action=review > Source/ThirdParty/ANGLE/src/compiler/translator/TranslatorMetalDirect/AddExplicitTypeCasts.cpp:44 > } You still need to Tools/Scripts/prepare-ChangeLog -b 225864 -g HEAD to get the ANGLE/ChangeLog edits > Source/ThirdParty/ANGLE/src/compiler/translator/TranslatorMetalDirect/AddExplicitTypeCasts.cpp:47 > + //1 element arrays need to be accounted for. It's really an issue with arrays of any arity? (got the crash/assert with other numbers, too). > Source/ThirdParty/ANGLE/src/libANGLE/renderer/metal/ProgramMtl.mm:1274 > bool hasDepthSampler = false; Are these related to the array assert or are these in fact fixing some other bug? > LayoutTests/ChangeLog:10 > + WIP: adds just the tests. Might want to remove this line

Kyle Piddington

Comment 7 2021-05-19 12:48:34 PDT

Created attachment 429086 [details] Patch

EWS

Comment 8 2021-05-19 13:56:46 PDT

Committed r277749 (237919@main): <https://commits.webkit.org/237919@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 429086 [details].

Radar WebKit Bug Importer

Comment 9 2021-05-19 13:57:17 PDT

<rdar://problem/78223139>

Note You need to log in before you can comment on or make changes to this bug.