search

KhronosGroup / glslang

Khronos-reference front end for GLSL/ESSL, partial front end for HLSL, and a SPIR-V generator.
Other
3.07k stars 837 forks source link

Crash in glslang_program_SPIRV_generate_with_options in Android (arm64-v8a) #3534

Open rokuz opened 8 months ago

rokuz commented 8 months ago

Problem

Compiling the following shader to SPIR-V on Android device (arm64-v8a) leads to crash in compiler.

#version 460
#extension GL_EXT_buffer_reference_uvec2 : require
#extension GL_EXT_debug_printf : enable
#extension GL_EXT_nonuniform_qualifier : require
#extension GL_EXT_samplerless_texture_functions : require
#extension GL_EXT_shader_explicit_arithmetic_types_float16 : require

layout (set = 0, binding = 0) uniform texture2D kTextures2D[];
layout (set = 0, binding = 1) uniform sampler kSamplers[];

layout (location = 0) in vec4 in_color;
layout (location = 1) in vec2 in_uv;
layout (location = 2) in flat uint in_textureId;

layout (location = 0) out vec4 out_color;

layout (constant_id = 0) const bool kNonLinearColorSpace = false;

void main() {
  vec4 c = in_color * texture(sampler2D(kTextures2D[in_textureId], kSamplers[0]), in_uv);
  // Render UI in linear color space to sRGB framebuffer.
  out_color = kNonLinearColorSpace ? vec4(pow(c.rgb, vec3(2.2)), c.a) : c;
}

Crash stack:

#00 pc 0000000000a97648  /data/app/~~5nZrItIXbZvTM17cKJbe1A==/org.lvk.samples.Tiny_MeshLarge-WXp1AFnIhUV-fYwJE7yJ8A==/base.apk!liblvk_android_native_Tiny_MeshLarge.so (offset 0x2da7000) (void std::__ndk1::allocator<unsigned int>::construct[abi:v170000]<unsigned int, unsigned int&>(unsigned int*, unsigned int&)+28) (BuildId: df4f13a95be87c9c4384ab1cf9619d80de606f71)

#01 pc 0000000000a97594  /data/app/~~5nZrItIXbZvTM17cKJbe1A==/org.lvk.samples.Tiny_MeshLarge-WXp1AFnIhUV-fYwJE7yJ8A==/base.apk!liblvk_android_native_Tiny_MeshLarge.so (offset 0x2da7000) (void std::__ndk1::allocator_traits<std::__ndk1::allocator<unsigned int> >::construct[abi:v170000]<unsigned int, unsigned int&, void>(std::__ndk1::allocator<unsigned int>&, unsigned int*, unsigned int&)+36) (BuildId: df4f13a95be87c9c4384ab1cf9619d80de606f71)

#02 pc 0000000000eb4080  /data/app/~~5nZrItIXbZvTM17cKJbe1A==/org.lvk.samples.Tiny_MeshLarge-WXp1AFnIhUV-fYwJE7yJ8A==/base.apk!liblvk_android_native_Tiny_MeshLarge.so (offset 0x2da7000) (BuildId: df4f13a95be87c9c4384ab1cf9619d80de606f71)

#03 pc 0000000000eb3f00  /data/app/~~5nZrItIXbZvTM17cKJbe1A==/org.lvk.samples.Tiny_MeshLarge-WXp1AFnIhUV-fYwJE7yJ8A==/base.apk!liblvk_android_native_Tiny_MeshLarge.so (offset 0x2da7000) (void std::__ndk1::vector<unsigned int, std::__ndk1::allocator<unsigned int> >::__construct_at_end<std::__ndk1::__wrap_iter<unsigned int*>, 0>(std::__ndk1::__wrap_iter<unsigned int*>, std::__ndk1::__wrap_iter<unsigned int*>, unsigned long)+104) (BuildId: df4f13a95be87c9c4384ab1cf9619d80de606f71)

#04 pc 0000000000eb1f64  /data/app/~~5nZrItIXbZvTM17cKJbe1A==/org.lvk.samples.Tiny_MeshLarge-WXp1AFnIhUV-fYwJE7yJ8A==/base.apk!liblvk_android_native_Tiny_MeshLarge.so (offset 0x2da7000) (std::__ndk1::vector<unsigned int, std::__ndk1::allocator<unsigned int> >::vector<std::__ndk1::__wrap_iter<unsigned int*>, 0>(std::__ndk1::__wrap_iter<unsigned int*>, std::__ndk1::__wrap_iter<unsigned int*>)+204) (BuildId: df4f13a95be87c9c4384ab1cf9619d80de606f71)

#05 pc 0000000000ea562c  /data/app/~~5nZrItIXbZvTM17cKJbe1A==/org.lvk.samples.Tiny_MeshLarge-WXp1AFnIhUV-fYwJE7yJ8A==/base.apk!liblvk_android_native_Tiny_MeshLarge.so (offset 0x2da7000) (BuildId: df4f13a95be87c9c4384ab1cf9619d80de606f71)

#06 pc 0000000000e56d20  /data/app/~~5nZrItIXbZvTM17cKJbe1A==/org.lvk.samples.Tiny_MeshLarge-WXp1AFnIhUV-fYwJE7yJ8A==/base.apk!liblvk_android_native_Tiny_MeshLarge.so (offset 0x2da7000) (BuildId: df4f13a95be87c9c4384ab1cf9619d80de606f71)

#07 pc 0000000000f479bc  /data/app/~~5nZrItIXbZvTM17cKJbe1A==/org.lvk.samples.Tiny_MeshLarge-WXp1AFnIhUV-fYwJE7yJ8A==/base.apk!liblvk_android_native_Tiny_MeshLarge.so (offset 0x2da7000) (glslang::TIntermAggregate::traverse(glslang::TIntermTraverser*)+84) (BuildId: df4f13a95be87c9c4384ab1cf9619d80de606f71)

#08 pc 0000000000e573f8  /data/app/~~5nZrItIXbZvTM17cKJbe1A==/org.lvk.samples.Tiny_MeshLarge-WXp1AFnIhUV-fYwJE7yJ8A==/base.apk!liblvk_android_native_Tiny_MeshLarge.so (offset 0x2da7000) (BuildId: df4f13a95be87c9c4384ab1cf9619d80de606f71)

#09 pc 0000000000f4834c  /data/app/~~5nZrItIXbZvTM17cKJbe1A==/org.lvk.samples.Tiny_MeshLarge-WXp1AFnIhUV-fYwJE7yJ8A==/base.apk!liblvk_android_native_Tiny_MeshLarge.so (offset 0x2da7000) (glslang::TIntermBranch::traverse(glslang::TIntermTraverser*)+72) (BuildId: df4f13a95be87c9c4384ab1cf9619d80de606f71)

#10 pc 0000000000f47b34  /data/app/~~5nZrItIXbZvTM17cKJbe1A==/org.lvk.samples.Tiny_MeshLarge-WXp1AFnIhUV-fYwJE7yJ8A==/base.apk!liblvk_android_native_Tiny_MeshLarge.so (offset 0x2da7000) (glslang::TIntermAggregate::traverse(glslang::TIntermTraverser*)+460) (BuildId: df4f13a95be87c9c4384ab1cf9619d80de606f71)

#11 pc 0000000000e9eebc  /data/app/~~5nZrItIXbZvTM17cKJbe1A==/org.lvk.samples.Tiny_MeshLarge-WXp1AFnIhUV-fYwJE7yJ8A==/base.apk!liblvk_android_native_Tiny_MeshLarge.so (offset 0x2da7000) (BuildId: df4f13a95be87c9c4384ab1cf9619d80de606f71)

#12 pc 0000000000e53eac  /data/app/~~5nZrItIXbZvTM17cKJbe1A==/org.lvk.samples.Tiny_MeshLarge-WXp1AFnIhUV-fYwJE7yJ8A==/base.apk!liblvk_android_native_Tiny_MeshLarge.so (offset 0x2da7000) (BuildId: df4f13a95be87c9c4384ab1cf9619d80de606f71)

#13 pc 0000000000f47f64  /data/app/~~5nZrItIXbZvTM17cKJbe1A==/org.lvk.samples.Tiny_MeshLarge-WXp1AFnIhUV-fYwJE7yJ8A==/base.apk!liblvk_android_native_Tiny_MeshLarge.so (offset 0x2da7000) (glslang::TIntermSelection::traverse(glslang::TIntermTraverser*)+72) (BuildId: df4f13a95be87c9c4384ab1cf9619d80de606f71)

#14 pc 0000000000f47b34  /data/app/~~5nZrItIXbZvTM17cKJbe1A==/org.lvk.samples.Tiny_MeshLarge-WXp1AFnIhUV-fYwJE7yJ8A==/base.apk!liblvk_android_native_Tiny_MeshLarge.so (offset 0x2da7000) (glslang::TIntermAggregate::traverse(glslang::TIntermTraverser*)+460) (BuildId: df4f13a95be87c9c4384ab1cf9619d80de606f71)

#15 pc 0000000000f47b34  /data/app/~~5nZrItIXbZvTM17cKJbe1A==/org.lvk.samples.Tiny_MeshLarge-WXp1AFnIhUV-fYwJE7yJ8A==/base.apk!liblvk_android_native_Tiny_MeshLarge.so (offset 0x2da7000) (glslang::TIntermAggregate::traverse(glslang::TIntermTraverser*)+460) (BuildId: df4f13a95be87c9c4384ab1cf9619d80de606f71)

#16 pc 0000000000ea1c28  /data/app/~~5nZrItIXbZvTM17cKJbe1A==/org.lvk.samples.Tiny_MeshLarge-WXp1AFnIhUV-fYwJE7yJ8A==/base.apk!liblvk_android_native_Tiny_MeshLarge.so (offset 0x2da7000) (BuildId: df4f13a95be87c9c4384ab1cf9619d80de606f71)

#17 pc 0000000000e541b4  /data/app/~~5nZrItIXbZvTM17cKJbe1A==/org.lvk.samples.Tiny_MeshLarge-WXp1AFnIhUV-fYwJE7yJ8A==/base.apk!liblvk_android_native_Tiny_MeshLarge.so (offset 0x2da7000) (BuildId: df4f13a95be87c9c4384ab1cf9619d80de606f71)

#18 pc 0000000000f479bc  /data/app/~~5nZrItIXbZvTM17cKJbe1A==/org.lvk.samples.Tiny_MeshLarge-WXp1AFnIhUV-fYwJE7yJ8A==/base.apk!liblvk_android_native_Tiny_MeshLarge.so (offset 0x2da7000) (glslang::TIntermAggregate::traverse(glslang::TIntermTraverser*)+84) (BuildId: df4f13a95be87c9c4384ab1cf9619d80de606f71)

#19 pc 0000000000e4c128  /data/app/~~5nZrItIXbZvTM17cKJbe1A==/org.lvk.samples.Tiny_MeshLarge-WXp1AFnIhUV-fYwJE7yJ8A==/base.apk!liblvk_android_native_Tiny_MeshLarge.so (offset 0x2da7000) (glslang::GlslangToSpv(glslang::TIntermediate const&, std::__ndk1::vector<unsigned int, std::__ndk1::allocator<unsigned int> >&, spv::SpvBuildLogger*, glslang::SpvOptions*)+164) (BuildId: df4f13a95be87c9c4384ab1cf9619d80de606f71)

#20 pc 0000000000e4b30c  /data/app/~~5nZrItIXbZvTM17cKJbe1A==/org.lvk.samples.Tiny_MeshLarge-WXp1AFnIhUV-fYwJE7yJ8A==/base.apk!liblvk_android_native_Tiny_MeshLarge.so (offset 0x2da7000) (glslang_program_SPIRV_generate_with_options+108) (BuildId: df4f13a95be87c9c4384ab1cf9619d80de606f71)

Tested on 2 Android devices both with Android 14, crash is stable. After debugging, line of code that leads to it was found.

// https://github.com/KhronosGroup/glslang/blob/9fd0fcd737f1369e89fb3aa8b2e62bad57ac46c6/SPIRV/GlslangToSpv.cpp#L9252

std::vector<spv::Id> callArguments(operands.begin(), operands.begin() + consumedOperands);

Repro

Android Studio Hedgehog | 2023.1.1 Patch 2 Android NDK r26b

Build Android sample TinyMesh_Large: https://github.com/corporateshark/lightweightvk

arcady-lunarg commented 8 months ago

Is there any way you can run this under valgrind or ASAN or some other memory checking program? We tried to reproduce this but have not been able to do so thus far.

rokuz commented 8 months ago

@arcady-lunarg Do you mean you tried to reproduce it under ASAN and it didn't reproduce on your Android?

nezticle commented 3 weeks ago

We (QtQuick3D) also see this same issue. It does not occur in release mode however, only for debug builds. That is that any time we try and compile (GlslangToSpv) we crash as a result of std::vector<spv::Id> callArguments(operands.begin(), operands.begin() + consumedOperands);