[msl-out] Fix ReadZeroSkipWrite bounds check mode for pointer arguments
#7323
Conversation
|
After spending more time with the spec, I think we'd be justified in disallowing this case (pointer to array element) just like pointer to matrix or vector component, at least until we want to claim support for |
andyleiserson
force-pushed
the
bounds-check
branch
from
c969482 to
1d40580
Compare
ErichDonGubler
force-pushed
the
bounds-check
branch
from
1d40580 to
b5303f4
Compare
|
Two things have been complicating my ability to get to this review:
|
There was a problem hiding this comment.
This mostly LGTM, with some minor issues.
I used Conventional Comments in this review! I hope they help with clarity and tone. 🙂
naga/src/back/msl/writer.rs
Outdated
| Item = ( | ||
| Handle<crate::Expression>, | ||
| index::GuardedIndex, | ||
| index::IndexableLength, | ||
| ), |
There was a problem hiding this comment.
thought: This return type is complicated enough that some follow-up at some point to refactor to a named struct might be nice.
There was a problem hiding this comment.
I went ahead and did this, not hard and it's new (or at least newly more complicated) code.
naga/src/back/msl/writer.rs
Outdated
| let result_ty_handle = match result_ty { | ||
| Some(TypeResolution::Handle(handle)) => handle, | ||
| Some(TypeResolution::Value(_)) => { | ||
| // I don't have a succinct argument why this is the case. |
There was a problem hiding this comment.
nitpick: This is a collective artifact, so writing commentary in first person without a note of authorship is, at best, detail without context. Let's either get your name in here, or re-write this to simply acknowledge that this might not be correct (independent of trying to make this correct, which I'll address in a separate comment) and that we can collectively revise as needed.
There was a problem hiding this comment.
I reworded the comment, although I'm also curious what your thoughts were on "trying to make this correct" -- I don't see another comment about it. I was hoping for some scrutiny on this from reviewers, so thank you for that.
naga/src/back/msl/writer.rs
Outdated
| @@ -611,6 +611,13 @@ trait NameKeyExt { | |||
| FunctionOrigin::EntryPoint(idx) => NameKey::EntryPointLocal(idx, local_handle), | |||
| } | |||
| } | |||
|
|
|||
| fn oob_local(origin: FunctionOrigin, ty: Handle<crate::Type>) -> NameKey { | |||
There was a problem hiding this comment.
question: It's rather confusing to only use the noun local when there are types at play here rather than just local variables.
suggestion: Let's rename to something like s/local/local_type.
There was a problem hiding this comment.
I see how it is confusing, but I'm not sure that oob_local_type is better since the thing we're naming really is a local, not a type (it's just that there is one per type, and we name it based on the type it's for).
I added a bit more documentation that may help clarify this. If you still think the names are confusing, maybe s/oob_locals/oob_local_types and s/oob_local/oob_local_for_type?
There was a problem hiding this comment.
oob_local_for_type seems like a good option to me!
ErichDonGubler
added
backend: metal
ErichDonGubler
force-pushed
the
bounds-check
branch
from
b5303f4 to
778c899
Compare
|
Rebased snapshots onto recent changes merged into |
andyleiserson
force-pushed
the
bounds-check
branch
from
da91497 to
bb3d4ec
Compare
| ## Pointer-typed bounds-checked expressions and OOB locals | ||
|
|
||
| MSL (unlike HLSL and GLSL) has native support for pointer-typed function | ||
| arguments. When the [`BoundsCheckPolicy`] is `ReadZeroSkipWrite` and an |
There was a problem hiding this comment.
nitpick: It'd be nice to doc-link ReadZeroSkipWrite here, but I see that some existing commentary has also not linked it.
|
Github seems not to be triggering the CI jobs any more. I am going to try closing and reopening. |
-- Co-authored-by: Liam Murphy <[email protected]> Co-Authored-By: Erich Gubler <[email protected]>
-- Co-authored-by: Liam Murphy <[email protected]> Co-Authored-By: Erich Gubler <[email protected]>
-- Co-authored-by: Liam Murphy <[email protected]> Co-Authored-By: Erich Gubler <[email protected]>
-- Co-authored-by: Liam Murphy <[email protected]> Co-Authored-By: Erich Gubler <[email protected]>
…ents Fixes gfx-rs#4541 -- Co-authored-by: Liam Murphy <[email protected]> Co-Authored-By: Erich Gubler <[email protected]>
Co-Authored-By: Erich Gubler <[email protected]>
ErichDonGubler
force-pushed
the
bounds-check
branch
from
846a199 to
1bc6e8d
Compare
Connections
Fixes #4541
Description
See the description of #4541 for more detail and sample code, but in short, the ReadZeroSkipWrite bounds check policy didn't previously work when the result of the indexing operation was itself a pointer that then gets passed to a function. With this change, a dummy local variable is created for each type that may appear in this manner. If a bounds check fails, the address of the dummy variable is substituted as the argument value for the called function.
This change is based on gfx-rs/naga#2451.
Testing
Added snapshot tests for the test case from the issue and a variety of other cases. I also ran the output from naga through the metal compiler to verify it is now accepted.
Checklist
cargo fmt.taplo format.cargo clippy. If applicable, add:--target wasm32-unknown-unknowncargo xtask testto run tests.CHANGELOG.mdentry.