The default bug view has changed. See this FAQ.

Update WebGL tests to r17794

RESOLVED FIXED in mozilla15

Status

()

Core
Canvas: WebGL
RESOLVED FIXED
5 years ago
5 years ago

People

(Reporter: bjacob, Assigned: bjacob)

Tracking

(Blocks: 1 bug)

unspecified
mozilla15
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(2 attachments)

Upstream is:
  https://cvs.khronos.org/svn/repos/registry/trunk/public/webgl/conformance-suites/1.0.1/

This has some important fixes since our last sync, but many of the important recently added tests are not there. If we want the most exhaustive tests, we'll have to switch back to trunk.

Try:
https://tbpl.mozilla.org/?tree=Try&rev=d9f145fc866d
(Assignee)

Comment 1

5 years ago
Created attachment 626204 [details] [diff] [review]
remove legacy cast to int32 in vertexAttribPointer

Needed to pass updated 1.0.1 tests.
Attachment #626204 - Flags: review?(bzbarsky)
(Assignee)

Comment 2

5 years ago
https://tbpl.mozilla.org/?tree=Try&rev=c4e52cc8c081
Comment on attachment 626204 [details] [diff] [review]
remove legacy cast to int32 in vertexAttribPointer

r=me
Attachment #626204 - Flags: review?(bzbarsky) → review+
Blocks: 749497
(Assignee)

Comment 4

5 years ago
The Mac oranges on this tryserver run are crashes while running conformance/misc/invalid-passed-params.html. Need a mac to test locally.
(Assignee)

Comment 5

5 years ago
Can't reproduce on MacBook Air with 10.7. This suggests a NVIDIA-specific driver bug (the test slaves have NVIDIA).
Note that Mo at google mentioned that 10.7.4 regressed graphics drivers badly, breaking the webgl conformance suite.  Wonder if we're hitting something like that?
(Assignee)

Comment 7

5 years ago
Nope, the crash occurs on both our 10.6 and 10.7 mac slaves.
(Assignee)

Comment 8

5 years ago
Actually, Linux 32bit slaves crash too, in the same test. Not the 64bit ones though. Anyway, this adds more suspiscion of a NVIDIA driver bug.
(Assignee)

Comment 9

5 years ago
Googlers -- Have you seen NVIDIA driver crashes in invalid-passed-params.html in recent revisions of 1.0.1 tests?
The last log line is from

  shouldGenerateGLError(context, context.NO_ERROR, "context.bindTexture(context.TEXTURE_2D, tex)");

So the crash occurs in the next line, which is

  shouldGenerateGLError(context, context.INVALID_VALUE, "context.texImage2D(context.TEXTURE_2D, 0, context.RGBA, -16, -16, 0, context.RGBA, context.UNSIGNED_BYTE, null)");

We should be catching negative sizes in texImage2D...
Yes we do check for negative sizes.
TL;DR: not a driver bug. Pure Mozilla bug. The reason why it was finicky to reproduce was stack corruption.

I was adding some printf debugging to push to tryserver, ran it locally just to test... and boom! Got the crash. The stack shows I was crashing in NSPR printf implementation:

(gdb) bt
#0  0x00007ffff7e92dc0 in cvt_s (ss=0x7fffffff7d80, str=0x4000 <Address 0x4000 out of bounds>, width=0, prec=-1, flags=0)
    at /hack/mozilla-central/nsprpub/pr/src/io/prprf.c:370
#1  0x00007ffff7e94429 in dosprintf (ss=0x7fffffff7d80, fmt=0x7ffff5a55fb2 ": width and height must be >= 0", ap=0x7fffffff8248)
    at /hack/mozilla-central/nsprpub/pr/src/io/prprf.c:998
#2  0x00007ffff7e94bc9 in PR_vsnprintf (out=0x7fffffff7e10 "PUO\312\377\177", outlen=1024, 
    fmt=0x7ffff5a55fb0 "%s: width and height must be >= 0", ap=0x7fffffff8248) at /hack/mozilla-central/nsprpub/pr/src/io/prprf.c:1202
#3  0x00007ffff3d5196c in mozilla::WebGLContext::GenerateWarning (this=0x7fffdec2d400, 
    fmt=0x7ffff5a55fb0 "%s: width and height must be >= 0", ap=0x7fffffff8248)
    at /hack/mozilla-central/content/canvas/src/WebGLContextUtils.cpp:56
#4  0x00007ffff3d51d8e in mozilla::WebGLContext::ErrorInvalidValue (this=0x7fffdec2d400, 
    fmt=0x7ffff5a55fb0 "%s: width and height must be >= 0") at /hack/mozilla-central/content/canvas/src/WebGLContextUtils.cpp:144
#5  0x00007ffff3d55796 in mozilla::WebGLContext::ValidateLevelWidthHeightForTarget (this=0x7fffdec2d400, target=3553, level=0, 
    width=-16, height=-16, info=0x7ffff5a50fcb "texImage2D") at /hack/mozilla-central/content/canvas/src/WebGLContextValidate.cpp:436
#6  0x00007ffff3d4b1d3 in mozilla::WebGLContext::TexImage2D_base (this=0x7fffdec2d400, target=3553, level=0, internalformat=6408, 
    width=-16, height=-16, srcStrideOrZero=0, border=0, format=6408, type=5121, data=0x0, byteLength=0, jsArrayType=-1, 
    srcFormat=mozilla::WebGLTexelConversions::Auto, srcPremultiplied=false)
    at /hack/mozilla-central/content/canvas/src/WebGLContextGL.cpp:5582


And the cause is a regression from bug 728017 which refactored how we do this validation: the new code is:

    if (width < 0 || height < 0) {
        ErrorInvalidValue("%s: width and height must be >= 0");
        return false;
    }

Spot the bug? Printf-like call with a %s but without matching extra argument!

This would explain why the stacks we got were useless.
Created attachment 626547 [details] [diff] [review]
fix stack corruption

New try:
https://tbpl.mozilla.org/?tree=Try&rev=2e38b791857d
Attachment #626547 - Flags: review?(jmuizelaar)
Attachment #626547 - Flags: review?(jmuizelaar) → review+
Green \o/
Landed the stack corruption fix on a CLOSED TREE as somehow, this preexisting stack corruption started causing crashes with my earlier push today.

https://hg.mozilla.org/integration/mozilla-inbound/rev/2a421f162401

Keep open for the other patches, which I'll land once the tree reopens.
Remaining patches:

http://hg.mozilla.org/integration/mozilla-inbound/rev/62ca6f4bd8f0
http://hg.mozilla.org/integration/mozilla-inbound/rev/19dbf7300434

Can close this bug now!
Assignee: nobody → bjacob
OS: Linux → All
Hardware: x86_64 → All
Target Milestone: --- → mozilla15
https://hg.mozilla.org/mozilla-central/rev/62ca6f4bd8f0
https://hg.mozilla.org/mozilla-central/rev/19dbf7300434
Status: NEW → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → FIXED
And the first changeset:
https://hg.mozilla.org/mozilla-central/rev/2a421f162401
You need to log in before you can comment on or make changes to this bug.