Closed Bug 754669 Opened 13 years ago Closed 13 years ago

Update WebGL tests to r17794

Categories

(Core :: Graphics: CanvasWebGL, defect)

Product:
Core
Component:
Graphics: CanvasWebGL
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla15

People

(Reporter: bjacob, Assigned: bjacob)

References

Details

Attachments

(2 files)

remove legacy cast to int32 in vertexAttribPointer
937 bytes, patch
bzbarsky
: review+
Details | Diff | Splinter Review
fix stack corruption
1.27 KB, patch
jrmuizel
: review+
Details | Diff | Splinter Review
Upstream is: https://cvs.khronos.org/svn/repos/registry/trunk/public/webgl/conformance-suites/1.0.1/ This has some important fixes since our last sync, but many of the important recently added tests are not there. If we want the most exhaustive tests, we'll have to switch back to trunk. Try: https://tbpl.mozilla.org/?tree=Try&rev=d9f145fc866d
Needed to pass updated 1.0.1 tests.
Attachment #626204 - Flags: review?(bzbarsky)
Comment on attachment 626204 [details] [diff] [review] remove legacy cast to int32 in vertexAttribPointer r=me
Attachment #626204 - Flags: review?(bzbarsky) → review+
Blocks: 749497
The Mac oranges on this tryserver run are crashes while running conformance/misc/invalid-passed-params.html. Need a mac to test locally.
Can't reproduce on MacBook Air with 10.7. This suggests a NVIDIA-specific driver bug (the test slaves have NVIDIA).
Note that Mo at google mentioned that 10.7.4 regressed graphics drivers badly, breaking the webgl conformance suite. Wonder if we're hitting something like that?
Nope, the crash occurs on both our 10.6 and 10.7 mac slaves.
Actually, Linux 32bit slaves crash too, in the same test. Not the 64bit ones though. Anyway, this adds more suspiscion of a NVIDIA driver bug.
Googlers -- Have you seen NVIDIA driver crashes in invalid-passed-params.html in recent revisions of 1.0.1 tests?
The last log line is from shouldGenerateGLError(context, context.NO_ERROR, "context.bindTexture(context.TEXTURE_2D, tex)"); So the crash occurs in the next line, which is shouldGenerateGLError(context, context.INVALID_VALUE, "context.texImage2D(context.TEXTURE_2D, 0, context.RGBA, -16, -16, 0, context.RGBA, context.UNSIGNED_BYTE, null)"); We should be catching negative sizes in texImage2D...
Yes we do check for negative sizes.
TL;DR: not a driver bug. Pure Mozilla bug. The reason why it was finicky to reproduce was stack corruption. I was adding some printf debugging to push to tryserver, ran it locally just to test... and boom! Got the crash. The stack shows I was crashing in NSPR printf implementation: (gdb) bt #0 0x00007ffff7e92dc0 in cvt_s (ss=0x7fffffff7d80, str=0x4000 <Address 0x4000 out of bounds>, width=0, prec=-1, flags=0) at /hack/mozilla-central/nsprpub/pr/src/io/prprf.c:370 #1 0x00007ffff7e94429 in dosprintf (ss=0x7fffffff7d80, fmt=0x7ffff5a55fb2 ": width and height must be >= 0", ap=0x7fffffff8248) at /hack/mozilla-central/nsprpub/pr/src/io/prprf.c:998 #2 0x00007ffff7e94bc9 in PR_vsnprintf (out=0x7fffffff7e10 "PUO\312\377\177", outlen=1024, fmt=0x7ffff5a55fb0 "%s: width and height must be >= 0", ap=0x7fffffff8248) at /hack/mozilla-central/nsprpub/pr/src/io/prprf.c:1202 #3 0x00007ffff3d5196c in mozilla::WebGLContext::GenerateWarning (this=0x7fffdec2d400, fmt=0x7ffff5a55fb0 "%s: width and height must be >= 0", ap=0x7fffffff8248) at /hack/mozilla-central/content/canvas/src/WebGLContextUtils.cpp:56 #4 0x00007ffff3d51d8e in mozilla::WebGLContext::ErrorInvalidValue (this=0x7fffdec2d400, fmt=0x7ffff5a55fb0 "%s: width and height must be >= 0") at /hack/mozilla-central/content/canvas/src/WebGLContextUtils.cpp:144 #5 0x00007ffff3d55796 in mozilla::WebGLContext::ValidateLevelWidthHeightForTarget (this=0x7fffdec2d400, target=3553, level=0, width=-16, height=-16, info=0x7ffff5a50fcb "texImage2D") at /hack/mozilla-central/content/canvas/src/WebGLContextValidate.cpp:436 #6 0x00007ffff3d4b1d3 in mozilla::WebGLContext::TexImage2D_base (this=0x7fffdec2d400, target=3553, level=0, internalformat=6408, width=-16, height=-16, srcStrideOrZero=0, border=0, format=6408, type=5121, data=0x0, byteLength=0, jsArrayType=-1, srcFormat=mozilla::WebGLTexelConversions::Auto, srcPremultiplied=false) at /hack/mozilla-central/content/canvas/src/WebGLContextGL.cpp:5582 And the cause is a regression from bug 728017 which refactored how we do this validation: the new code is: if (width < 0 || height < 0) { ErrorInvalidValue("%s: width and height must be >= 0"); return false; } Spot the bug? Printf-like call with a %s but without matching extra argument! This would explain why the stacks we got were useless.
Attachment #626547 - Flags: review?(jmuizelaar) → review+
Green \o/
Landed the stack corruption fix on a CLOSED TREE as somehow, this preexisting stack corruption started causing crashes with my earlier push today. https://hg.mozilla.org/integration/mozilla-inbound/rev/2a421f162401 Keep open for the other patches, which I'll land once the tree reopens.
Remaining patches: http://hg.mozilla.org/integration/mozilla-inbound/rev/62ca6f4bd8f0 http://hg.mozilla.org/integration/mozilla-inbound/rev/19dbf7300434 Can close this bug now!
Assignee: nobody → bjacob
OS: Linux → All
Hardware: x86_64 → All
Target Milestone: --- → mozilla15
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: