Bug 227449 - ANGLE Metal primitive restart range computation could index with size_t
Summary: ANGLE Metal primitive restart range computation could index with size_t
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: ANGLE (show other bugs)
Version: WebKit Local Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Kimmo Kinnunen
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2021-06-28 07:46 PDT by Kimmo Kinnunen
Modified: 2021-06-29 06:54 PDT (History)
7 users (show)

See Also:

Attachments
Patch (5.59 KB, patch)
2021-06-28 07:57 PDT, Kimmo Kinnunen 		no flags Details | Formatted Diff | Diff
Patch (5.61 KB, patch)
2021-06-28 08:03 PDT, Kimmo Kinnunen 		no flags Details | Formatted Diff | Diff
Patch for landing (5.75 KB, patch)
2021-06-29 00:58 PDT, Kimmo Kinnunen 		no flags Details | Formatted Diff | Diff
Show Obsolete (2) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Kimmo Kinnunen 2021-06-28 07:46:48 PDT 
ANGLE Metal primitive restart range computation could index with size_t

It'd be simpler to understand that the index does not overflow. The index limit is size_t.
Comment 1 Kimmo Kinnunen 2021-06-28 07:57:17 PDT 
Created attachment 432393 [details]
Patch
Comment 2 EWS Watchlist 2021-06-28 07:58:11 PDT 
Note that there are important steps to take when updating ANGLE. See https://trac.webkit.org/wiki/UpdatingANGLE
Comment 3 Kimmo Kinnunen 2021-06-28 08:03:32 PDT 
Created attachment 432394 [details]
Patch
Comment 4 Kenneth Russell 2021-06-28 14:46:33 PDT 
Comment on attachment 432394 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=432394&action=review

This is certainly easier to understand. r+ with a couple of small questions.

I defer to kpiddington's review if there's any further feedback.

> Source/ThirdParty/ANGLE/src/libANGLE/renderer/metal/BufferMtl.mm:421
> +    for (size_t i = 0; i < numIndices; i++)

Would it be better to use "++i" here for consistency with the inner loop?

> Source/ThirdParty/ANGLE/src/libANGLE/renderer/metal/BufferMtl.mm:430
> +        } while (i < numIndices && bufferData[i] == restartMarker);

Out of curiosity do you want to leave the restart indices in these ranges or elide them?

> Source/ThirdParty/ANGLE/src/libANGLE/renderer/metal/BufferMtl.mm:445
> +                mRestartIndices = calculateRestartRanges<uint8_t>(ctx, getCurrentBuffer());

How hot is this routine? If it's called very often then maybe there is an advantage to continuing to pass mRestartIndices as an argument to reduce copying (or is return value optimization expected to handle this)?
Comment 5 Kimmo Kinnunen 2021-06-29 00:58:04 PDT 
Created attachment 432457 [details]
Patch for landing
Comment 6 Kimmo Kinnunen 2021-06-29 06:50:35 PDT 
Comment on attachment 432394 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=432394&action=review

>> Source/ThirdParty/ANGLE/src/libANGLE/renderer/metal/BufferMtl.mm:430
>> +        } while (i < numIndices && bufferData[i] == restartMarker);
> 
> Out of curiosity do you want to leave the restart indices in these ranges or elide them?

restart indices should be in the ranges.

>> Source/ThirdParty/ANGLE/src/libANGLE/renderer/metal/BufferMtl.mm:445
>> +                mRestartIndices = calculateRestartRanges<uint8_t>(ctx, getCurrentBuffer());
> 
> How hot is this routine? If it's called very often then maybe there is an advantage to continuing to pass mRestartIndices as an argument to reduce copying (or is return value optimization expected to handle this)?

RVO is expected.
It's not hot, it's called during draw, but only once after the buffer is modified.
Comment 7 EWS 2021-06-29 06:53:51 PDT 
Committed r279373 (239239@main): <https://commits.webkit.org/239239@main>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 432457 [details].
Comment 8 Radar WebKit Bug Importer 2021-06-29 06:54:15 PDT 
<rdar://problem/79913301>