Skip to content

/ servo

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

webgl: compiling shader with a sampler2D causes a crash #10326

Closed
cbrewster opened this issue Apr 1, 2016 · 6 comments
Closed

webgl: compiling shader with a sampler2D causes a crash #10326

cbrewster opened this issue Apr 1, 2016 · 6 comments
Assignees
@emilio
Labels
A-content/webgl I-crash

Comments

@cbrewster
Copy link
Member

@cbrewster cbrewster commented Apr 1, 2016

Servo crashes when compiling a shader containing a uniform sampler2D.

Example:

<!DOCTYPE html>
<html>
<head>
  <meta charset="utf-8" />
  <title>WebGL Texture Mipmap</title>
</head>
<body>
<div style="text-align: center">
   <canvas id="canvas" width="128" height="128"></canvas>
</div>
<script id="fragmentshader" type="x-shader">
   precision mediump float;
   varying vec2 vTextureCoord;
   uniform sampler2D uSampler;

   void main() {
      gl_FragColor = texture2D(uSampler, vec2(vTextureCoord.s, vTextureCoord.t));
   }
</script>
<script type="text/javascript">

   var canvas;
   function initWebGL()
   {
      canvas = document.getElementById("canvas");
      var gl = canvas.getContext("webgl") || canvas.getContext("experimental-webgl");
      if (!gl) return null; // can't initialize WebGL
      return gl;
   }

   var gl = initWebGL();
   var f = document.getElementById("fragmentshader").firstChild.nodeValue;
   var fs = gl.createShader(gl.FRAGMENT_SHADER);
   gl.shaderSource(fs, f);
   gl.compileShader(fs);
</script>
</body>
</html>

It crashes with the following message:

servo(72289,0x700001e47000) malloc: *** error for object 0x700001e334b0: pointer being freed was not allocated
@cbrewster cbrewster mentioned this issue Apr 1, 2016
Merged
@cbrewster
Copy link
Member Author

@cbrewster cbrewster commented Apr 1, 2016

backtrace:

* thread #20: tid = 0x77c3b9, 0x00007fff9427af06 libsystem_kernel.dylib`__pthread_kill + 10, stop reason = signal SIGABRT
  * frame #0: 0x00007fff9427af06 libsystem_kernel.dylib`__pthread_kill + 10
    frame #1: 0x00007fff93ad14ec libsystem_pthread.dylib`pthread_kill + 90
    frame #2: 0x00007fff8fcf26e7 libsystem_c.dylib`abort + 129
    frame #3: 0x00007fff9da52041 libsystem_malloc.dylib`free + 425
    frame #4: 0x00000001016f8039 servo`TGraphArgument::traverse(TDependencyGraphTraverser*) + 25
    frame #5: 0x00000001016f7fc7 servo`TGraphParentNode::traverse(TDependencyGraphTraverser*) + 343
    frame #6: 0x000000010172a780 servo`RestrictFragmentShaderTiming::enforceRestrictions(TDependencyGraph const&) + 224
    frame #7: 0x000000010170f6ac servo`TCompiler::enforceFragmentShaderTimingRestrictions(TDependencyGraph const&) + 44
    frame #8: 0x000000010170df60 servo`TCompiler::enforceTimingRestrictions(TIntermNode*, bool) + 80
    frame #9: 0x000000010170c6f8 servo`TCompiler::compileTreeImpl(char const* const*, unsigned long, int) + 1624
    frame #10: 0x000000010170ef22 servo`TCompiler::compile(char const* const*, unsigned long, int) + 82
    frame #11: 0x00000001016c1fc9 servo`GLSLangCompile + 9
    frame #12: 0x00000001016c163f servo`hl::ShaderValidator::compile::hbdb7de4e953790669ia + 143 at hl.rs:141
    frame #13: 0x00000001016c1e87 servo`hl::ShaderValidator::compile_and_translate::h8b2fb2d308312495Dka + 71 at hl.rs:173
    frame #14: 0x0000000101186c37 servo`dom::webglshader::WebGLShader::compile::h0e9ede8ab593eff34vm + 1383 at webglshader.rs:102
    frame #15: 0x0000000100d38efb servo`dom::webglrenderingcontext::WebGLRenderingContext.WebGLRenderingContextMethods::CompileShader::h3c5b5d4990e920d2XLl + 43 at webglrenderingcontext.rs:649
    frame #16: 0x0000000100d38e2a servo`dom::bindings::codegen::Bindings::WebGLRenderingContextBinding::compileShader::__rust_abi + 986 at WebGLRenderingContextBinding.rs:1543
    frame #17: 0x0000000100d38a39 servo`dom::bindings::codegen::Bindings::WebGLRenderingContextBinding::compileShader::h1f123d6920e4539dU9k + 41
    frame #18: 0x00000001023671b1 servo`CallJitMethodOp + 193
    frame #19: 0x00000001008f0c9e servo`dom::bindings::utils::generic_call::h628152586aa8c1eamqg + 1646 at utils.rs:501
    frame #20: 0x00000001008f1e5c servo`dom::bindings::utils::generic_method::__rust_abi + 44 at utils.rs:509
    frame #21: 0x00000001008f1e23 servo`dom::bindings::utils::generic_method::h5f98df88dd75f184Ytg + 35
    frame #22: 0x0000000102594edc servo`js::Invoke(JSContext*, JS::CallArgs, js::MaybeConstruct) [inlined] js::CallJSNative(native=0x00000001008f1e00)(JSContext*, unsigned int, JS::Value*), JS::CallArgs const&) + 66 at jscntxtinlines.h:235 [opt]
    frame #23: 0x0000000102594e9a servo`js::Invoke(cx=&0x1093310c0, args=<unavailable>, construct=<unavailable>) + 202 at Interpreter.cpp:495 [opt]
    frame #24: 0x00000001025a672a servo`Interpret(cx=&0x1093310c0, state=<unavailable>) + 41002 at Interpreter.cpp:2609 [opt]
    frame #25: 0x000000010259c6cb servo`js::RunScript(cx=&0x1093310c0, state=0x0000700001db25f8) + 411 at Interpreter.cpp:452 [opt]
    frame #26: 0x00000001025abd99 servo`js::ExecuteKernel(cx=&0x1093310c0, script=<unavailable>, scopeChainArg=0x0000000117256060, thisv=0x0000700001db26a8, type=EXECUTE_GLOBAL, evalInFrame=None, result=<unavailable>) + 361 at Interpreter.cpp:660 [opt]
    frame #27: 0x00000001025abec4 servo`js::Execute(cx=&0x1093310c0, script=<unavailable>, scopeChainArg=<unavailable>, rval=&0x700001db3070) + 228 at Interpreter.cpp:702 [opt]
    frame #28: 0x00000001028b99d6 servo`Evaluate(cx=&0x1093310c0, scope=<unavailable>, optionsArg=<unavailable>, srcBuf=<unavailable>, rval=<unavailable>) + 870 at jsapi.cpp:4184 [opt]
    frame #29: 0x00000001028b9b4b servo`JS::Evaluate(JSContext*, JS::ReadOnlyCompileOptions const&, char16_t const*, unsigned long, JS::MutableHandle<JS::Value>) [inlined] Evaluate(chars=<unavailable>, length=<unavailable>) + 67 at jsapi.cpp:4219 [opt]
    frame #30: 0x00000001028b9b08 servo`JS::Evaluate(cx=<unavailable>, optionsArg=<unavailable>, chars=<unavailable>, length=<unavailable>, rval=<unavailable>) + 8 at jsapi.cpp:4273 [opt]
    frame #31: 0x00000001008d4897 servo`dom::window::_$RF$$u27$a$u20$T.ScriptHelpers::evaluate_script_on_global_with_result::h5805964583731089625 + 1111 at window.rs:833
    frame #32: 0x0000000100eec9e6 servo`dom::htmlscriptelement::HTMLScriptElement::execute::h3d10854af5fff7b8BX6 + 4566 at htmlscriptelement.rs:433
    frame #33: 0x0000000101064f97 servo`dom::htmlscriptelement::HTMLScriptElement::prepare::h67ac104364fe928e5M6 + 9383 at htmlscriptelement.rs:353
    frame #34: 0x00000001010f4154 servo`parse::html::servohtmlparser..Sink.TreeSink::complete_script::heb49cf986edf8808lYs + 68 at html.rs:159
    frame #35: 0x00000001010d91e0 servo`tree_builder::rules::super..TreeBuilder$LT$Handle$C$$u20$Sink$GT$.TreeBuilderStep::step::h17145880812314414803 + 53632 at rules.expanded.rs:1461
    frame #36: 0x00000001010bf848 servo`tree_builder::TreeBuilder$LT$Handle$C$$u20$Sink$GT$::process_to_completion::h2366852040355137521 + 616 at mod.rs:327
    frame #37: 0x00000001010bad07 servo`tree_builder::TreeBuilder$LT$Handle$C$$u20$Sink$GT$.TokenSink::process_token::h1586126132377249954 + 3415 at mod.rs:425
    frame #38: 0x00000001010b9ece servo`tokenizer::Tokenizer$LT$Sink$GT$::process_token::h2429077975791956711 + 654 at mod.rs:233
    frame #39: 0x0000000101106cb4 servo`tokenizer::Tokenizer$LT$Sink$GT$::emit_current_tag::h9473990794253402354 + 1140 at mod.rs:392
    frame #40: 0x00000001010fea8a servo`tokenizer::Tokenizer$LT$Sink$GT$::step::h7274337222133731543 + 15370 at mod.rs:795
    frame #41: 0x00000001010fae62 servo`tokenizer::Tokenizer$LT$Sink$GT$::run::h14894689541099087175 + 610 at mod.rs:334
    frame #42: 0x000000010111b6ff servo`tokenizer::Tokenizer$LT$Sink$GT$::feed::h9688095236907604667 + 415 at mod.rs:221
    frame #43: 0x00000001010b0bd8 servo`dom::servohtmlparser::ServoHTMLParser::parse_sync::h460135c4d5bf18a8Llg + 504 at servohtmlparser.rs:470
    frame #44: 0x00000001010b0353 servo`dom::servohtmlparser::_$RF$$u27$a$u20$ServoHTMLParser.Parser::parse_chunk::hf08a258f6637cc30ffg + 371 at servohtmlparser.rs:355
    frame #45: 0x00000001010b012c servo`dom::servohtmlparser::ParserRef$LT$$u27$a$GT$::parse_chunk::h0dda77a88a2e94f9J0f + 172 at servohtmlparser.rs:141
    frame #46: 0x00000001010b433b servo`dom::servohtmlparser::ParserContext.AsyncResponseListener::data_available::hbf6253d3fe858b0248f + 635 at servohtmlparser.rs:306
    frame #47: 0x00000001020841d9 servo`ResponseAction::process::hb935e1cf25f29a21Ypf + 425 at lib.rs:141
    frame #48: 0x00000001012ff6f7 servo`network_listener::ListenerRunnable$LT$T$GT$.Runnable::handler::h7970730234378040875 + 487 at network_listener.rs:48
    frame #49: 0x000000010125e422 servo`script_thread::ScriptThread::handle_msg_from_script::h734f3eaef907bc06iyu + 1106 at script_thread.rs:1072
    frame #50: 0x00000001012de640 servo`script_thread::ScriptThread::handle_msgs::_$u7b$$u7b$closure$u7d$$u7d$::closure.185391 + 384 at script_thread.rs:915
    frame #51: 0x00000001012de206 servo`script_thread::ScriptThread::profile_event::h16691608863477430580 + 950 at script_thread.rs:1006
    frame #52: 0x00000001012b14eb servo`script_thread::ScriptThread::handle_msgs::haa8e81bee8a80c21Wju + 7419 at script_thread.rs:907
    frame #53: 0x000000010125a55d servo`script_thread::ScriptThread::start::h0af5722bbe2fc548Mju + 29 at script_thread.rs:765
    frame #54: 0x000000010125a401 servo`script_thread::ScriptThread.ScriptThreadFactory::create::_$u7b$$u7b$closure$u7d$$u7d$::_$u7b$$u7b$closure$u7d$$u7d$::closure.184194 + 49 at script_thread.rs:550
    frame #55: 0x000000010125a14d servo`mem::ProfilerChan::run_with_memory_reporting::h346888062952384996 + 573 at mem.rs:59
    frame #56: 0x0000000101245587 servo`script_thread::ScriptThread.ScriptThreadFactory::create::_$u7b$$u7b$closure$u7d$$u7d$::closure.183619 + 2039 at script_thread.rs:549
    frame #57: 0x0000000101244ae8 servo`util::thread::spawn_named_with_send_on_failure::_$u7b$$u7b$closure$u7d$$u7d$::closure.183606 + 104 at thread.rs:52
    frame #58: 0x00000001012444d4 servo`std::thread::Builder::spawn::_$u7b$$u7b$closure$u7d$$u7d$::_$u7b$$u7b$closure$u7d$$u7d$::closure.183595 + 116 at mod.rs:278
    frame #59: 0x0000000101244449 servo`sys_common::unwind::try::try_fn::h11795180400197511655 + 73 at mod.rs:127
    frame #60: 0x0000000103021d2c servo`__rust_try + 12
    frame #61: 0x0000000103021cb4 servo`sys_common::unwind::inner_try::hdf6affff6fc30ecdNWt + 116
    frame #62: 0x0000000101244386 servo`sys_common::unwind::try::h8751683880882553826 + 150 at mod.rs:123
    frame #63: 0x00000001012441bf servo`std::thread::Builder::spawn::_$u7b$$u7b$closure$u7d$$u7d$::closure.183592 + 431 at mod.rs:278
    frame #64: 0x0000000101244d08 servo`boxed::F.FnBox$LT$A$GT$::call_box::h903609792936184338 + 104 at boxed.rs:541
    frame #65: 0x00000001030256cd servo`sys::thread::Thread::new::thread_start::he33a0e5f2597fcdejOy + 61
    frame #66: 0x00007fff93ace99d libsystem_pthread.dylib`_pthread_body + 131
    frame #67: 0x00007fff93ace91a libsystem_pthread.dylib`_pthread_start + 168
    frame #68: 0x00007fff93acc351 libsystem_pthread.dylib`thread_start + 13
@emilio
Copy link
Member

@emilio emilio commented Apr 1, 2016

Can you try with the older version of ANGLE? We updated it recently, it might have new bugs.
@cbrewster
Copy link
Member Author

@cbrewster cbrewster commented Apr 1, 2016

@emilio after reverting #10214, it seems to compile the shader just fine. So there must be a new bug in angle
@emilio
Copy link
Member

@emilio emilio commented Apr 1, 2016

Hurrmm... I'll bisect the commit of angle when this was introduced (or maybe just go to the latest stable release instead of YOLOing with master's tip) when I have access to my computer again (travelling today).
@emilio emilio self-assigned this Apr 1, 2016
@cbrewster
Copy link
Member Author

@cbrewster cbrewster commented Apr 2, 2016

Fixed in #10215
@cbrewster cbrewster closed this Apr 2, 2016
@emilio
Copy link
Member

@emilio emilio commented Apr 2, 2016

Concretely in emilio/angle@eefe350
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@emilio emilio

Labels
A-content/webgl I-crash
Projects
None yet
Milestone
No milestone
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
3 participants
@jdm @emilio @cbrewster
You can’t perform that action at this time.