Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Crash in glslang_program_SPIRV_generate_with_options in Android (arm64-v8a) #3534

Open
rokuz opened this issue Mar 1, 2024 · 2 comments
Open

Crash in glslang_program_SPIRV_generate_with_options in Android (arm64-v8a) #3534

rokuz opened this issue Mar 1, 2024 · 2 comments

Comments

@rokuz
Copy link

rokuz commented Mar 1, 2024

Problem

Compiling the following shader to SPIR-V on Android device (arm64-v8a) leads to crash in compiler.

#version 460
#extension GL_EXT_buffer_reference_uvec2 : require
#extension GL_EXT_debug_printf : enable
#extension GL_EXT_nonuniform_qualifier : require
#extension GL_EXT_samplerless_texture_functions : require
#extension GL_EXT_shader_explicit_arithmetic_types_float16 : require

layout (set = 0, binding = 0) uniform texture2D kTextures2D[];
layout (set = 0, binding = 1) uniform sampler kSamplers[];

layout (location = 0) in vec4 in_color;
layout (location = 1) in vec2 in_uv;
layout (location = 2) in flat uint in_textureId;

layout (location = 0) out vec4 out_color;

layout (constant_id = 0) const bool kNonLinearColorSpace = false;

void main() {
  vec4 c = in_color * texture(sampler2D(kTextures2D[in_textureId], kSamplers[0]), in_uv);
  // Render UI in linear color space to sRGB framebuffer.
  out_color = kNonLinearColorSpace ? vec4(pow(c.rgb, vec3(2.2)), c.a) : c;
}

Crash stack:

#00 pc 0000000000a97648  /data/app/~~5nZrItIXbZvTM17cKJbe1A==/org.lvk.samples.Tiny_MeshLarge-WXp1AFnIhUV-fYwJE7yJ8A==/base.apk!liblvk_android_native_Tiny_MeshLarge.so (offset 0x2da7000) (void std::__ndk1::allocator<unsigned int>::construct[abi:v170000]<unsigned int, unsigned int&>(unsigned int*, unsigned int&)+28) (BuildId: df4f13a95be87c9c4384ab1cf9619d80de606f71)

#01 pc 0000000000a97594  /data/app/~~5nZrItIXbZvTM17cKJbe1A==/org.lvk.samples.Tiny_MeshLarge-WXp1AFnIhUV-fYwJE7yJ8A==/base.apk!liblvk_android_native_Tiny_MeshLarge.so (offset 0x2da7000) (void std::__ndk1::allocator_traits<std::__ndk1::allocator<unsigned int> >::construct[abi:v170000]<unsigned int, unsigned int&, void>(std::__ndk1::allocator<unsigned int>&, unsigned int*, unsigned int&)+36) (BuildId: df4f13a95be87c9c4384ab1cf9619d80de606f71)

#02 pc 0000000000eb4080  /data/app/~~5nZrItIXbZvTM17cKJbe1A==/org.lvk.samples.Tiny_MeshLarge-WXp1AFnIhUV-fYwJE7yJ8A==/base.apk!liblvk_android_native_Tiny_MeshLarge.so (offset 0x2da7000) (BuildId: df4f13a95be87c9c4384ab1cf9619d80de606f71)

#03 pc 0000000000eb3f00  /data/app/~~5nZrItIXbZvTM17cKJbe1A==/org.lvk.samples.Tiny_MeshLarge-WXp1AFnIhUV-fYwJE7yJ8A==/base.apk!liblvk_android_native_Tiny_MeshLarge.so (offset 0x2da7000) (void std::__ndk1::vector<unsigned int, std::__ndk1::allocator<unsigned int> >::__construct_at_end<std::__ndk1::__wrap_iter<unsigned int*>, 0>(std::__ndk1::__wrap_iter<unsigned int*>, std::__ndk1::__wrap_iter<unsigned int*>, unsigned long)+104) (BuildId: df4f13a95be87c9c4384ab1cf9619d80de606f71)

#04 pc 0000000000eb1f64  /data/app/~~5nZrItIXbZvTM17cKJbe1A==/org.lvk.samples.Tiny_MeshLarge-WXp1AFnIhUV-fYwJE7yJ8A==/base.apk!liblvk_android_native_Tiny_MeshLarge.so (offset 0x2da7000) (std::__ndk1::vector<unsigned int, std::__ndk1::allocator<unsigned int> >::vector<std::__ndk1::__wrap_iter<unsigned int*>, 0>(std::__ndk1::__wrap_iter<unsigned int*>, std::__ndk1::__wrap_iter<unsigned int*>)+204) (BuildId: df4f13a95be87c9c4384ab1cf9619d80de606f71)

#05 pc 0000000000ea562c  /data/app/~~5nZrItIXbZvTM17cKJbe1A==/org.lvk.samples.Tiny_MeshLarge-WXp1AFnIhUV-fYwJE7yJ8A==/base.apk!liblvk_android_native_Tiny_MeshLarge.so (offset 0x2da7000) (BuildId: df4f13a95be87c9c4384ab1cf9619d80de606f71)

#06 pc 0000000000e56d20  /data/app/~~5nZrItIXbZvTM17cKJbe1A==/org.lvk.samples.Tiny_MeshLarge-WXp1AFnIhUV-fYwJE7yJ8A==/base.apk!liblvk_android_native_Tiny_MeshLarge.so (offset 0x2da7000) (BuildId: df4f13a95be87c9c4384ab1cf9619d80de606f71)
 
#07 pc 0000000000f479bc  /data/app/~~5nZrItIXbZvTM17cKJbe1A==/org.lvk.samples.Tiny_MeshLarge-WXp1AFnIhUV-fYwJE7yJ8A==/base.apk!liblvk_android_native_Tiny_MeshLarge.so (offset 0x2da7000) (glslang::TIntermAggregate::traverse(glslang::TIntermTraverser*)+84) (BuildId: df4f13a95be87c9c4384ab1cf9619d80de606f71)

#08 pc 0000000000e573f8  /data/app/~~5nZrItIXbZvTM17cKJbe1A==/org.lvk.samples.Tiny_MeshLarge-WXp1AFnIhUV-fYwJE7yJ8A==/base.apk!liblvk_android_native_Tiny_MeshLarge.so (offset 0x2da7000) (BuildId: df4f13a95be87c9c4384ab1cf9619d80de606f71)

#09 pc 0000000000f4834c  /data/app/~~5nZrItIXbZvTM17cKJbe1A==/org.lvk.samples.Tiny_MeshLarge-WXp1AFnIhUV-fYwJE7yJ8A==/base.apk!liblvk_android_native_Tiny_MeshLarge.so (offset 0x2da7000) (glslang::TIntermBranch::traverse(glslang::TIntermTraverser*)+72) (BuildId: df4f13a95be87c9c4384ab1cf9619d80de606f71)

#10 pc 0000000000f47b34  /data/app/~~5nZrItIXbZvTM17cKJbe1A==/org.lvk.samples.Tiny_MeshLarge-WXp1AFnIhUV-fYwJE7yJ8A==/base.apk!liblvk_android_native_Tiny_MeshLarge.so (offset 0x2da7000) (glslang::TIntermAggregate::traverse(glslang::TIntermTraverser*)+460) (BuildId: df4f13a95be87c9c4384ab1cf9619d80de606f71)

#11 pc 0000000000e9eebc  /data/app/~~5nZrItIXbZvTM17cKJbe1A==/org.lvk.samples.Tiny_MeshLarge-WXp1AFnIhUV-fYwJE7yJ8A==/base.apk!liblvk_android_native_Tiny_MeshLarge.so (offset 0x2da7000) (BuildId: df4f13a95be87c9c4384ab1cf9619d80de606f71)

#12 pc 0000000000e53eac  /data/app/~~5nZrItIXbZvTM17cKJbe1A==/org.lvk.samples.Tiny_MeshLarge-WXp1AFnIhUV-fYwJE7yJ8A==/base.apk!liblvk_android_native_Tiny_MeshLarge.so (offset 0x2da7000) (BuildId: df4f13a95be87c9c4384ab1cf9619d80de606f71)

#13 pc 0000000000f47f64  /data/app/~~5nZrItIXbZvTM17cKJbe1A==/org.lvk.samples.Tiny_MeshLarge-WXp1AFnIhUV-fYwJE7yJ8A==/base.apk!liblvk_android_native_Tiny_MeshLarge.so (offset 0x2da7000) (glslang::TIntermSelection::traverse(glslang::TIntermTraverser*)+72) (BuildId: df4f13a95be87c9c4384ab1cf9619d80de606f71)

#14 pc 0000000000f47b34  /data/app/~~5nZrItIXbZvTM17cKJbe1A==/org.lvk.samples.Tiny_MeshLarge-WXp1AFnIhUV-fYwJE7yJ8A==/base.apk!liblvk_android_native_Tiny_MeshLarge.so (offset 0x2da7000) (glslang::TIntermAggregate::traverse(glslang::TIntermTraverser*)+460) (BuildId: df4f13a95be87c9c4384ab1cf9619d80de606f71)

#15 pc 0000000000f47b34  /data/app/~~5nZrItIXbZvTM17cKJbe1A==/org.lvk.samples.Tiny_MeshLarge-WXp1AFnIhUV-fYwJE7yJ8A==/base.apk!liblvk_android_native_Tiny_MeshLarge.so (offset 0x2da7000) (glslang::TIntermAggregate::traverse(glslang::TIntermTraverser*)+460) (BuildId: df4f13a95be87c9c4384ab1cf9619d80de606f71)

#16 pc 0000000000ea1c28  /data/app/~~5nZrItIXbZvTM17cKJbe1A==/org.lvk.samples.Tiny_MeshLarge-WXp1AFnIhUV-fYwJE7yJ8A==/base.apk!liblvk_android_native_Tiny_MeshLarge.so (offset 0x2da7000) (BuildId: df4f13a95be87c9c4384ab1cf9619d80de606f71)

#17 pc 0000000000e541b4  /data/app/~~5nZrItIXbZvTM17cKJbe1A==/org.lvk.samples.Tiny_MeshLarge-WXp1AFnIhUV-fYwJE7yJ8A==/base.apk!liblvk_android_native_Tiny_MeshLarge.so (offset 0x2da7000) (BuildId: df4f13a95be87c9c4384ab1cf9619d80de606f71)

#18 pc 0000000000f479bc  /data/app/~~5nZrItIXbZvTM17cKJbe1A==/org.lvk.samples.Tiny_MeshLarge-WXp1AFnIhUV-fYwJE7yJ8A==/base.apk!liblvk_android_native_Tiny_MeshLarge.so (offset 0x2da7000) (glslang::TIntermAggregate::traverse(glslang::TIntermTraverser*)+84) (BuildId: df4f13a95be87c9c4384ab1cf9619d80de606f71)

#19 pc 0000000000e4c128  /data/app/~~5nZrItIXbZvTM17cKJbe1A==/org.lvk.samples.Tiny_MeshLarge-WXp1AFnIhUV-fYwJE7yJ8A==/base.apk!liblvk_android_native_Tiny_MeshLarge.so (offset 0x2da7000) (glslang::GlslangToSpv(glslang::TIntermediate const&, std::__ndk1::vector<unsigned int, std::__ndk1::allocator<unsigned int> >&, spv::SpvBuildLogger*, glslang::SpvOptions*)+164) (BuildId: df4f13a95be87c9c4384ab1cf9619d80de606f71)

#20 pc 0000000000e4b30c  /data/app/~~5nZrItIXbZvTM17cKJbe1A==/org.lvk.samples.Tiny_MeshLarge-WXp1AFnIhUV-fYwJE7yJ8A==/base.apk!liblvk_android_native_Tiny_MeshLarge.so (offset 0x2da7000) (glslang_program_SPIRV_generate_with_options+108) (BuildId: df4f13a95be87c9c4384ab1cf9619d80de606f71)

Tested on 2 Android devices both with Android 14, crash is stable. After debugging, line of code that leads to it was found.

// https://github.com/KhronosGroup/glslang/blob/9fd0fcd737f1369e89fb3aa8b2e62bad57ac46c6/SPIRV/GlslangToSpv.cpp#L9252

std::vector<spv::Id> callArguments(operands.begin(), operands.begin() + consumedOperands);

Repro

Android Studio Hedgehog | 2023.1.1 Patch 2
Android NDK r26b

Build Android sample TinyMesh_Large: https://github.com/corporateshark/lightweightvk
@rokuz rokuz mentioned this issue Mar 1, 2024
Closed
@arcady-lunarg
Copy link
Contributor

Is there any way you can run this under valgrind or ASAN or some other memory checking program? We tried to reproduce this but have not been able to do so thus far.

@rokuz
Copy link
Author

rokuz commented Mar 1, 2024

@arcady-lunarg Do you mean you tried to reproduce it under ASAN and it didn't reproduce on your Android?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rokuz @arcady-lunarg