WebGL infinite loops are optimized out in certain cases

kkinnunen-apple · kkinnunen-apple · commit b82d94e60f49 · 2024-10-24T01:19:59.000-07:00
https://bugs.webkit.org/show_bug.cgi?id=281902 rdar://136486349 Reviewed by Mike Wyrzykowski. Metal: Ensure potentially infinite loops have defined behavior The MSL compiler would omit infinite loops and assume number domains based on the omission logic. This would induce incorrect number domains in case the infinite loops would be invokable. Infinite loops are undefined in C++ and thus in MSL. It is the job of the programmer to ensure undefined behavior cannot happen. Consider GLSL loop like: uniform float i; ... if (i != 0.5) for(;;) { } gl_FragColor = vec4(i); Historically this would emit MSL loop in spirit of: if (i != 0.5) { bool c = true; while (c) { } } ANGLE_fragmentOut.gl_FragColor = metal::float4(i, i, i, i); Since This could cause the MSL compiler to optimize the function to equivalent of: ANGLE_fragmentOut.gl_FragColor = metal::float4(0.5, 0.5, 0.5, 0.5); Presumably this loop omission would happen at the clang frontend part. Before, was worked around by emitting asm statements to the MSL: bool c = true; while (c) { __asm__(""); } The asm injection would would work for this particular source pattern, presumably because injecting the asm would avoid the loop omission at the clang frontend part. The MSL/C++ code is still UB, though. The asm statement does not cause anything that C++ would consider as "forward progress" of the loop. The success was just due to how the backend worked. The bitcode produced would be similar to: 4: tail call void asm sideeffect "", ""() #6, !srcloc !28 br label %4, !llvm.loop !29 Here, the compiler can be seen to simply fail to detect a loop that does not make forward progress. Considering GLSL of form: uniform int f; ... for (;;) { if (f <= 1) break; } With asm injection to the loop, this would produce: 5: tail call void asm sideeffect "", ""() #8, !srcloc !29 %6 = load i32, i32 addrspace(2)* %4, align 4, !tbaa !30 %7 = icmp slt i32 %6, 2 br i1 %7, label %8, label %5 8: This code is still assumed to make progress. The backend optimizer is free to assume that the condition holds, since the load to break the loop is from constant address space. I.e. uniform f does not change its value during the loop. Instead of injecting asm, inject a read of unused volatile variable. The volatile variable access is defined in C++ as forward progress. This means infinite loop containing such read is considered defined. To simplify the implementation and to avoid volatile writes, the read is to a dummy variable instead of the loop condition bool. The tests here do not pass completely for MSL backend. In case the compiler would omit the infinite loop (unpatched code), they would fail with demonstration of how the values behave. After fixing, the loops cause timeout but Metal backend does not have implementation to report context loss. Also, the ReadPixels is just for demostration purposes of the unpatched code. * Source/ThirdParty/ANGLE/src/compiler/translator/msl/EmitMetal.cpp: (GenMetalTraverser::GenMetalTraverser): (GenMetalTraverser::emitLoopBody): (GenMetalTraverser::emitForwardProgressStore): (GenMetalTraverser::emitForwardProgressSignal): (GenMetalTraverser::visitForLoop): (GenMetalTraverser::visitWhileLoop): (GenMetalTraverser::visitDoWhileLoop): * Source/ThirdParty/ANGLE/src/tests/angle_end2end_tests.gni: * Source/ThirdParty/ANGLE/src/tests/gl_tests/TimeoutDrawTest.cpp: Added. (angle::TimeoutDrawTest::TimeoutDrawTest): (angle::TEST_P): Canonical link: https://commits.webkit.org/283286.350@safari-7620-branch
diff --git a/Source/ThirdParty/ANGLE/src/compiler/translator/msl/EmitMetal.cpp b/Source/ThirdParty/ANGLE/src/compiler/translator/msl/EmitMetal.cpp
@@ -181,12 +181,17 @@ class GenMetalTraverser : public TIntermTraverser
 
     void emitSingleConstant(const TConstantUnion *const constUnion);
 
+    void emitForwardProgressStore();
+    void emitForwardProgressSignal();
+    bool shouldEnsureForwardProgress() const { return mForwardProgressStoreNestingCount >= 0; }
+
   private:
     Sink &mOut;
     const TCompiler &mCompiler;
     const PipelineStructs &mPipelineStructs;
     SymbolEnv &mSymbolEnv;
     IdGen &mIdGen;
+    int mForwardProgressStoreNestingCount  = -1; // Negative means forward progress is not ensured.
     int mIndentLevel                  = -1;
     int mLastIndentationPos           = -1;
     int mOpenPointerParenCount        = 0;
@@ -201,8 +206,44 @@ class GenMetalTraverser : public TIntermTraverser
     size_t mDriverUniformsBindingIndex     = 0;
     size_t mUBOArgumentBufferBindingIndex  = 0;
     bool mRasterOrderGroupsSupported       = false;
-    bool mInjectAsmStatementIntoLoopBodies = false;
+    friend class ScopedForwardProgressStore;
 };
+
+class ScopedForwardProgressStore
+{
+public:
+    ScopedForwardProgressStore(GenMetalTraverser& traverser);
+    ~ScopedForwardProgressStore();
+private:
+    GenMetalTraverser& mTraverser;
+};
+
+ScopedForwardProgressStore::ScopedForwardProgressStore(GenMetalTraverser& traverser)
+    : mTraverser(traverser)
+{
+    if (mTraverser.shouldEnsureForwardProgress())
+    {
+        if (mTraverser.mForwardProgressStoreNestingCount == 0)
+        {
+            mTraverser.emitOpenBrace();
+            mTraverser.emitForwardProgressStore();
+        }
+        ++mTraverser.mForwardProgressStoreNestingCount;
+    }
+}
+
+ScopedForwardProgressStore::~ScopedForwardProgressStore()
+{
+    if (mTraverser.shouldEnsureForwardProgress())
+    {
+        --mTraverser.mForwardProgressStoreNestingCount;
+        if (mTraverser.mForwardProgressStoreNestingCount == 0)
+        {
+            mTraverser.emitCloseBrace();
+        }
+    }
+}
+
 }  // anonymous namespace
 
 GenMetalTraverser::~GenMetalTraverser()
@@ -228,9 +269,11 @@ GenMetalTraverser::GenMetalTraverser(const TCompiler &compiler,
       mDriverUniformsBindingIndex(compileOptions.metal.driverUniformsBindingIndex),
       mUBOArgumentBufferBindingIndex(compileOptions.metal.UBOArgumentBufferBindingIndex),
       mRasterOrderGroupsSupported(compileOptions.pls.fragmentSyncType ==
-                                  ShFragmentSynchronizationType::RasterOrderGroups_Metal),
-      mInjectAsmStatementIntoLoopBodies(compileOptions.metal.injectAsmStatementIntoLoopBodies)
-{}
+                                  ShFragmentSynchronizationType::RasterOrderGroups_Metal)
+{
+    if (compileOptions.metal.injectAsmStatementIntoLoopBodies)
+        mForwardProgressStoreNestingCount = 0;
+}
 
 void GenMetalTraverser::emitIndentation()
 {
@@ -887,17 +930,14 @@ void GenMetalTraverser::emitPostQualifier(const EmitVariableDeclarationConfig &e
 
 void GenMetalTraverser::emitLoopBody(TIntermBlock *bodyNode)
 {
-    if (mInjectAsmStatementIntoLoopBodies)
+    const bool emitForwardProgress = shouldEnsureForwardProgress();
+    if (emitForwardProgress)
     {
         emitOpenBrace();
-
-        emitIndentation();
-        mOut << "__asm__(\"\");\n";
+        emitForwardProgressSignal();
     }
-
     bodyNode->traverse(this);
-
-    if (mInjectAsmStatementIntoLoopBodies)
+    if (emitForwardProgress)
     {
         emitCloseBrace();
     }
@@ -2415,6 +2455,26 @@ void GenMetalTraverser::emitCloseBrace()
     mOut << "}";
 }
 
+void GenMetalTraverser::emitForwardProgressStore()
+{
+    // https://eel.is/c++draft/intro.progress
+    // "The implementation may assume that any thread will eventually do one of the following:""
+    //  - ...
+    //  - "perform an access through a volatile glvalue"
+    // Emit a volatile variable which all loops in the stack will access.
+    emitIndentation();
+    mOut << "volatile bool ANGLE_p;\n";
+}
+
+void GenMetalTraverser::emitForwardProgressSignal()
+{
+    // Emit a read though the volatile variable. This marks the loop as making forward progress even
+    // if the compiler can otherwise analyze it to be infinite. This ensures that the loop
+    // has defined behavior.
+    emitIndentation();
+    mOut << "(void) ANGLE_p;\n";
+}
+
 static bool RequiresSemicolonTerminator(TIntermNode &node)
 {
     if (node.getAsBlock())
@@ -2616,6 +2676,8 @@ bool GenMetalTraverser::visitForLoop(TIntermLoop *loopNode)
     TIntermTyped *condNode = loopNode->getCondition();
     TIntermTyped *exprNode = loopNode->getExpression();
 
+    ScopedForwardProgressStore scopedProgress(*this);
+
     mOut << "for (";
 
     if (initNode)
@@ -2658,6 +2720,7 @@ bool GenMetalTraverser::visitWhileLoop(TIntermLoop *loopNode)
     ASSERT(condNode);
     ASSERT(!initNode && !exprNode);
 
+    ScopedForwardProgressStore scopedProgress(*this);
     emitIndentation();
     mOut << "while (";
     condNode->traverse(this);
@@ -2677,6 +2740,7 @@ bool GenMetalTraverser::visitDoWhileLoop(TIntermLoop *loopNode)
     ASSERT(condNode);
     ASSERT(!initNode && !exprNode);
 
+    ScopedForwardProgressStore scopedProgress(*this);
     emitIndentation();
     mOut << "do\n";
     emitLoopBody(loopNode->getBody());
diff --git a/Source/ThirdParty/ANGLE/src/tests/angle_end2end_tests.gni b/Source/ThirdParty/ANGLE/src/tests/angle_end2end_tests.gni
@@ -164,6 +164,7 @@ angle_end2end_tests_sources = [
   "gl_tests/TextureTest.cpp",
   "gl_tests/TextureUploadFormatTest.cpp",
   "gl_tests/TiledRenderingTest.cpp",
+  "gl_tests/TimeoutDrawTest.cpp",
   "gl_tests/TimerQueriesTest.cpp",
   "gl_tests/TransformFeedbackTest.cpp",
   "gl_tests/UniformBufferTest.cpp",
diff --git a/Source/ThirdParty/ANGLE/src/tests/gl_tests/TimeoutDrawTest.cpp b/Source/ThirdParty/ANGLE/src/tests/gl_tests/TimeoutDrawTest.cpp
@@ -0,0 +1,176 @@
+//
+// Copyright 2015 The ANGLE Project Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+//
+
+#include "test_utils/ANGLETest.h"
+
+#include "test_utils/gl_raii.h"
+#include "util/shader_utils.h"
+
+using namespace angle;
+
+namespace
+{
+class TimeoutDrawTest : public ANGLETest<>
+{
+  protected:
+    TimeoutDrawTest()
+    {
+        setWindowWidth(128);
+        setWindowHeight(128);
+        setConfigRedBits(8);
+        setConfigGreenBits(8);
+        setConfigBlueBits(8);
+        setConfigAlphaBits(8);
+        // Tests should skip if robustness not supported, but this can be done only after
+        // Metal supports robustness.
+        if (IsEGLClientExtensionEnabled("EGL_EXT_create_context_robustness"))
+        {
+            setContextResetStrategy(EGL_LOSE_CONTEXT_ON_RESET_EXT);
+        }
+        else
+        {
+            setContextResetStrategy(EGL_NO_RESET_NOTIFICATION_EXT);
+        }
+    }
+    void testSetUp() override
+    {
+        glClear(GL_COLOR_BUFFER_BIT);
+        glFinish();
+    }
+};
+
+// Tests that trivial infinite loops in vertex shaders hang instead of progress.
+TEST_P(TimeoutDrawTest, TrivialInfiniteLoopVS)
+{
+    constexpr char kVS[] = R"(precision highp float;
+attribute vec4 a_position;
+void main()
+{
+    for (;;) {}
+    gl_Position = a_position;
+})";
+    ANGLE_GL_PROGRAM(program, kVS, essl1_shaders::fs::Red());
+    drawQuad(program, essl1_shaders::PositionAttrib(), 0.5f);
+    glFinish();
+    EXPECT_GL_ERROR(GL_CONTEXT_LOST);
+    EXPECT_PIXEL_COLOR_EQ(0, 0, GLColor::transparentBlack);  // Should read through client buffer since context should be lost.
+}
+
+// Tests that trivial infinite loops in fragment shaders hang instead of progress.
+TEST_P(TimeoutDrawTest, TrivialInfiniteLoopFS)
+{
+    constexpr char kFS[] = R"(precision mediump float;
+void main()
+{
+    for (;;) {}
+    gl_FragColor = vec4(1, 0, 0, 1);
+})";
+    ANGLE_GL_PROGRAM(program, essl1_shaders::vs::Simple(), kFS);
+    drawQuad(program, essl1_shaders::PositionAttrib(), 0.5f);
+    glFinish();
+    EXPECT_GL_ERROR(GL_CONTEXT_LOST);
+    EXPECT_PIXEL_COLOR_EQ(0, 0, GLColor::transparentBlack);  // Should read through client buffer since context should be lost.
+}
+
+
+// Tests that infinite loops based on user-supplied values in vertex shaders hang instead of progress.
+// Otherwise optimizer would be able to assume something about the domain of the user-supplied value.
+TEST_P(TimeoutDrawTest, DynamicInfiniteLoopVS)
+{
+    constexpr char kVS[] = R"(precision highp float;
+attribute vec4 a_position;
+uniform int f;
+void main()
+{
+    for (;f != 0;) {}
+    gl_Position = a_position;
+})";
+    ANGLE_GL_PROGRAM(program, kVS, essl1_shaders::fs::Red());
+
+    glUseProgram(program);
+    GLint uniformLocation = glGetUniformLocation(program, "f");
+    glUniform1i(uniformLocation, 77);
+
+    drawQuad(program, essl1_shaders::PositionAttrib(), 0.5f);
+    glFinish();
+    EXPECT_PIXEL_COLOR_EQ(0, 0, GLColor::transparentBlack);  // Should read through client buffer since context should be lost.
+    EXPECT_GL_ERROR(GL_CONTEXT_LOST);
+}
+
+// Tests that infinite loops based on user-supplied values in fragment shaders hang instead of progress.
+// Otherwise optimizer would be able to assume something about the domain of the user-supplied value.
+TEST_P(TimeoutDrawTest, DynamicInfiniteLoopFS)
+{
+    constexpr char kFS[] = R"(precision mediump float;
+uniform int f;
+void main()
+{
+    for (;f != 0;) {}
+    gl_FragColor = vec4(1, 0, 0, 1);
+})";
+    ANGLE_GL_PROGRAM(program, essl1_shaders::vs::Simple(), kFS);
+    glUseProgram(program);
+    GLint uniformLocation = glGetUniformLocation(program, "f");
+    glUniform1i(uniformLocation, 88);
+    EXPECT_GL_NO_ERROR();
+    drawQuad(program, essl1_shaders::PositionAttrib(), 0.5f);
+    glFinish();
+    EXPECT_GL_ERROR(GL_CONTEXT_LOST);
+    EXPECT_PIXEL_COLOR_EQ(0, 0, GLColor::transparentBlack);  // Should read through client buffer since context should be lost.
+}
+
+// Tests that infinite loops based on user-supplied values in vertex shaders hang instead of progress.
+// Otherwise optimizer would be able to assume something about the domain of the user-supplied value.
+// Explicit value break variant.
+TEST_P(TimeoutDrawTest, DynamicInfiniteLoop2VS)
+{
+    constexpr char kVS[] = R"(precision highp float;
+attribute vec4 a_position;
+uniform int f;
+void main()
+{
+    for (;;) { if (f <= 1) break; }
+    gl_Position = a_position;
+})";
+    ANGLE_GL_PROGRAM(program, kVS, essl1_shaders::fs::Red());
+    glUseProgram(program);
+    GLint uniformLocation = glGetUniformLocation(program, "f");
+    glUniform1i(uniformLocation, 66);
+    EXPECT_GL_NO_ERROR();
+    drawQuad(program, essl1_shaders::PositionAttrib(), 0.5f);
+    glFinish();
+    EXPECT_GL_ERROR(GL_CONTEXT_LOST);
+    EXPECT_PIXEL_COLOR_EQ(0, 0, GLColor::transparentBlack);  // Should read through client buffer since context should be lost.
+}
+
+// Tests that infinite loops based on user-supplied values in fragment shaders hang instead of progress.
+// Otherwise optimizer would be able to assume something about the domain of the user-supplied value.
+// Explicit value break variant.
+TEST_P(TimeoutDrawTest, DynamicInfiniteLoop2FS)
+{
+    constexpr char kFS[] = R"(precision mediump float;
+uniform float f;
+void main()
+{
+    for (;;) { if (f < 0.1) break; }
+    gl_FragColor = vec4(1, 0, f, 1);
+})";
+    ANGLE_GL_PROGRAM(program, essl1_shaders::vs::Simple(), kFS);
+    glUseProgram(program);
+    GLint uniformLocation = glGetUniformLocation(program, "f");
+    glUniform1f(uniformLocation, .5f);
+    EXPECT_GL_NO_ERROR();
+    drawQuad(program, essl1_shaders::PositionAttrib(), 0.5f);
+    glFinish();
+    EXPECT_GL_ERROR(GL_CONTEXT_LOST);
+    EXPECT_PIXEL_COLOR_EQ(0, 0, GLColor::transparentBlack);  // Should read through client buffer since context should be lost.
+}
+
+}
+
+ANGLE_INSTANTIATE_TEST(TimeoutDrawTest,
+                       WithRobustness(ES2_METAL().enable(Feature::InjectAsmStatementIntoLoopBodies)),
+                       WithRobustness(ES3_METAL().enable(Feature::InjectAsmStatementIntoLoopBodies)));
