Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[naga] Forbid cycles between global expressions and types. #6800

Open
wants to merge 2 commits into
base: trunk
Choose a base branch
from
+179 −39
Open

[naga] Forbid cycles between global expressions and types. #6800

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
96445a9
[naga] Move type handle validation into its own function.
jimblandy Dec 20, 2024
75a5565
[naga] Forbid cycles between global expressions and types.
jimblandy Dec 21, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
218 changes: 179 additions & 39 deletions naga/src/valid/handles.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,36 +44,89 @@ impl super::Validator {
ref diagnostic_filter_leaf,
} = module;

// NOTE: Types being first is important. All other forms of validation depend on this.
for (this_handle, ty) in types.iter() {
match ty.inner {
crate::TypeInner::Scalar { .. }
| crate::TypeInner::Vector { .. }
| crate::TypeInner::Matrix { .. }
| crate::TypeInner::ValuePointer { .. }
| crate::TypeInner::Atomic { .. }
| crate::TypeInner::Image { .. }
| crate::TypeInner::Sampler { .. }
| crate::TypeInner::AccelerationStructure
| crate::TypeInner::RayQuery => (),
crate::TypeInner::Pointer { base, space: _ } => {
this_handle.check_dep(base)?;
}
crate::TypeInner::Array { base, .. }
| crate::TypeInner::BindingArray { base, .. } => {
this_handle.check_dep(base)?;
}
crate::TypeInner::Struct {
ref members,
span: _,
} => {
this_handle.check_dep_iter(members.iter().map(|m| m.ty))?;
// Because types can refer to global expressions and vice versa, to
// ensure the overall structure is free of cycles, we must traverse them
// both in tandem.
//
// Try to visit all types and global expressions in an order such that
// each item refers only to previously visited items. If we succeed,
// that shows that there cannot be any cycles, since walking any edge
// advances you towards the beginning of the visiting order.
//
// Validate all the handles in types and expressions as we traverse the
// arenas.
let mut global_exprs_iter = global_expressions.iter().peekable();
for (th, t) in types.iter() {
// Imagine the `for` loop and `global_exprs_iter` as two fingers
// walking the type and global expression arenas. They don't visit
// elements at the same rate: sometimes one processes a bunch of
// elements while the other one stays still. But at each point, they
// check that the two ranges of elements they've visited only refer
// to other elements in those ranges.
//
// For brevity, we'll say 'handles behind `global_exprs_iter`' to
// mean handles that have already been produced by
// `global_exprs_iter`. Once `global_exprs_iter` returns `None`, all
// global expression handles are 'behind' it.
//
// At this point:
//
// - All types visited by prior iterations (that is, before
// `th`/`t`) refer only to expressions behind `global_exprs_iter`.
//
// On the first iteration, this is obviously true: there are no
// prior iterations, and `global_exprs_iter` hasn't produced
// anything yet. At the bottom of the loop, we'll claim that it's
// true for `th`/`t` as well, so the condition remains true when
// we advance to the next type.
//
// - All expressions behind `global_exprs_iter` refer only to
// previously visited types.
//
// Again, trivially true at the start, and we'll show it's true
// about each expression that `global_exprs_iter` produces.
//
// Once we also check that arena elements only refer to prior
// elements in that arena, we can see that `th`/`t` does not
// participate in a cycle: it only refers to previously visited
// types and expressions behind `global_exprs_iter`, and none of
// those refer to `th`/`t`, because they passed the same checks
// before we reached `th`/`t`.
if let Some(max_expr) = Self::validate_type_handles((th, t))? {
max_expr.check_valid_for(global_expressions)?;
// Since `t` refers to `max_expr`, if we want our invariants to
// remain true, we must advance `global_exprs_iter` beyond
// `max_expr`.
while let Some((eh, e)) = global_exprs_iter.next_if(|&(eh, _)| eh <= max_expr) {
if let Some(max_type) =
Self::validate_const_expression_handles((eh, e), constants, overrides)?
{
// Show that `eh` refers only to previously visited types.
th.check_dep(max_type)?;
}
// We've advanced `global_exprs_iter` past `eh` already. But
// since we now know that `eh` refers only to previously
// visited types, it is again true that all expressions
// behind `global_exprs_iter` refer only to previously
// visited types. So we can continue to the next expression.
}
}

// Here we know that if `th` refers to any expressions at all,
// `max_expr` is the latest one. And we know that `max_expr` is
// behind `global_exprs_iter`. So `th` refers only to expressions
// behind `global_exprs_iter`, and the invariants will still be
// true on the next iteration.
}

for handle_and_expr in global_expressions.iter() {
Self::validate_const_expression_handles(handle_and_expr, constants, overrides, types)?;
// Since we also enforced the usual intra-arena rules that expressions
// refer only to prior expressions, expressions can only form cycles if
// they include types. But we've shown that all types are acyclic, so
// all expressions must be acyclic as well.
//
// Validate the remaining expressions normally.
for handle_and_expr in global_exprs_iter {
Self::validate_const_expression_handles(handle_and_expr, constants, overrides)?;
}

let validate_type = |handle| Self::validate_type_handle(handle, types);
Expand Down Expand Up @@ -239,38 +292,86 @@ impl super::Validator {
handle.check_valid_for(functions).map(|_| ())
}

/// Validate all handles that occur in `ty`, whose handle is `handle`.
///
/// If `ty` refers to any expressions, return the highest-indexed expression
/// handle that it uses. This is used for detecting cycles between the
/// expression and type arenas.
fn validate_type_handles(
(handle, ty): (Handle<crate::Type>, &crate::Type),
) -> Result<Option<Handle<crate::Expression>>, InvalidHandleError> {
let max_expr = match ty.inner {
crate::TypeInner::Scalar { .. }
| crate::TypeInner::Vector { .. }
| crate::TypeInner::Matrix { .. }
| crate::TypeInner::ValuePointer { .. }
| crate::TypeInner::Atomic { .. }
| crate::TypeInner::Image { .. }
| crate::TypeInner::Sampler { .. }
| crate::TypeInner::AccelerationStructure
| crate::TypeInner::RayQuery => None,
crate::TypeInner::Pointer { base, space: _ } => {
handle.check_dep(base)?;
None
}
crate::TypeInner::Array { base, size, .. }
| crate::TypeInner::BindingArray { base, size, .. } => {
handle.check_dep(base)?;
match size {
crate::ArraySize::Pending(pending) => match pending {
crate::PendingArraySize::Expression(expr) => Some(expr),
crate::PendingArraySize::Override(_) => None,
},
crate::ArraySize::Constant(_) | crate::ArraySize::Dynamic => None,
}
}
crate::TypeInner::Struct {
ref members,
span: _,
} => {
handle.check_dep_iter(members.iter().map(|m| m.ty))?;
None
}
};

Ok(max_expr)
}

/// Validate all handles that occur in `expression`, whose handle is `handle`.
///
/// If `expression` refers to any `Type`s, return the highest-indexed type
/// handle that it uses. This is used for detecting cycles between the
/// expression and type arenas.
fn validate_const_expression_handles(
(handle, expression): (Handle<crate::Expression>, &crate::Expression),
constants: &Arena<crate::Constant>,
overrides: &Arena<crate::Override>,
types: &UniqueArena<crate::Type>,
) -> Result<(), InvalidHandleError> {
) -> Result<Option<Handle<crate::Type>>, InvalidHandleError> {
let validate_constant = |handle| Self::validate_constant_handle(handle, constants);
let validate_override = |handle| Self::validate_override_handle(handle, overrides);
let validate_type = |handle| Self::validate_type_handle(handle, types);

match *expression {
crate::Expression::Literal(_) => {}
let max_type = match *expression {
crate::Expression::Literal(_) => None,
crate::Expression::Constant(constant) => {
validate_constant(constant)?;
handle.check_dep(constants[constant].init)?;
None
}
crate::Expression::Override(override_) => {
validate_override(override_)?;
if let Some(init) = overrides[override_].init {
handle.check_dep(init)?;
}
None
}
crate::Expression::ZeroValue(ty) => {
validate_type(ty)?;
}
crate::Expression::ZeroValue(ty) => Some(ty),
crate::Expression::Compose { ty, ref components } => {
validate_type(ty)?;
handle.check_dep_iter(components.iter().copied())?;
Some(ty)
}
_ => {}
}
Ok(())
_ => None,
};
Ok(max_type)
}

#[allow(clippy::too_many_arguments)]
Expand Down Expand Up @@ -783,8 +884,47 @@ fn constant_deps() {
handle_and_expr,
&constants,
&overrides,
&types,
)
.is_err());
}
}

#[test]
fn override_deps() {
use super::Validator;
use crate::{ArraySize, Expression, PendingArraySize, Scalar, Span, Type, TypeInner};

let nowhere = Span::default();

let mut m = crate::Module::default();

let ty_u32 = m.types.insert(
Type {
name: Some("u32".to_string()),
inner: TypeInner::Scalar(Scalar::U32),
},
nowhere,
);
let ex_zero = m
.global_expressions
.append(Expression::ZeroValue(ty_u32), nowhere);
let ty_arr = m.types.insert(
Type {
name: Some("bad_array".to_string()),
inner: TypeInner::Array {
base: ty_u32,
size: ArraySize::Pending(PendingArraySize::Expression(ex_zero)),
stride: 4,
},
},
nowhere,
);

// Everything should be okay now.
assert!(Validator::validate_module_handles(&m).is_ok());

// Mutate `ex_zero`'s type to `ty_arr`, introducing a cycle.
// Validation should catch the cycle.
m.global_expressions[ex_zero] = Expression::ZeroValue(ty_arr);
assert!(Validator::validate_module_handles(&m).is_err());
}
Loading