Bug 64330

Summary: WebGL snake demo crash in loop_analysis.cpp:506: bool is_loop_terminator(ir_if*): assertion „inst != __null“ failed.
Product: Mesa Reporter: Pavel Ondračka <pavel.ondracka>
Component: glsl-compilerAssignee: Paul Berry <stereotype441>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: medium CC: ra.vitillo
Version: git   
Hardware: Other   
OS: All   
URL: http://oos.moxiecode.com/js_webgl/snake/
Whiteboard:
i915 platform: i915 features:
Bug Depends on:    
Bug Blocks: 67224    

Description Pavel Ondračka 2013-05-07 17:57:15 UTC 
Just grap latest firefox and go to this page: http://oos.moxiecode.com/js_webgl/snake/ . Also I'm not really sure about the component, this is with gm45 and swrats is fine so maybe i965, however judging from the backtrace this should be a compiler bug.

This is with latest mesa: f8c324268223611ce7d14c4109faed4ab0eb3798
GPU: gm45
Kernel: 3.8.9-200.fc18.x86_64

firefox: ../../../src/glsl/loop_analysis.cpp:506: bool is_loop_terminator(ir_if*): Předpoklad „inst != __null“ nesplněn.

Program received signal SIGABRT, Aborted.
0x000000365ae35ba5 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:63
63	  return INLINE_SYSCALL (tgkill, 3, pid, selftid, sig);

(gdb) bt
#0  0x000000365ae35ba5 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:63
#1  0x000000365ae37358 in __GI_abort () at abort.c:90
#2  0x000000365ae2e972 in __assert_fail_base (fmt=0x7ffff7ec36d4 "%s%s%s:%u: %s%sPředpoklad „%s“ nesplněn.\n%n", assertion=assertion@entry=
    0x7fffd947f884 "inst != __null", file=file@entry=0x7fffd947f7a0 "../../../src/glsl/loop_analysis.cpp", line=line@entry=506, 
    function=function@entry=0x7fffd947f980 <is_loop_terminator(ir_if*)::__PRETTY_FUNCTION__> "bool is_loop_terminator(ir_if*)") at assert.c:92
#3  0x000000365ae2ea22 in __GI___assert_fail (assertion=0x7fffd947f884 "inst != __null", file=0x7fffd947f7a0 "../../../src/glsl/loop_analysis.cpp", 
    line=506, function=0x7fffd947f980 <is_loop_terminator(ir_if*)::__PRETTY_FUNCTION__> "bool is_loop_terminator(ir_if*)") at assert.c:101
#4  0x00007fffd93a51e7 in is_loop_terminator (ir=0x7fffdae992f0) at ../../../src/glsl/loop_analysis.cpp:506
#5  0x00007fffd93a4acc in loop_analysis::visit_leave (this=0x7fffffff1e70, ir=0x7fffdae99260) at ../../../src/glsl/loop_analysis.cpp:247
#6  0x00007fffd938f2b4 in ir_loop::accept (this=0x7fffdae99260, v=0x7fffffff1e70) at ../../../src/glsl/ir_hv_accept.cpp:114
#7  0x00007fffd938f083 in visit_list_elements (v=0x7fffffff1e70, l=0x7fffc6763e58, statement_list=true) at ../../../src/glsl/ir_hv_accept.cpp:56
#8  0x00007fffd938f375 in ir_function_signature::accept (this=0x7fffc6763e10, v=0x7fffffff1e70) at ../../../src/glsl/ir_hv_accept.cpp:136
#9  0x00007fffd938f083 in visit_list_elements (v=0x7fffffff1e70, l=0x7fffcc094228, statement_list=false) at ../../../src/glsl/ir_hv_accept.cpp:56
#10 0x00007fffd938f409 in ir_function::accept (this=0x7fffcc094200, v=0x7fffffff1e70) at ../../../src/glsl/ir_hv_accept.cpp:148
#11 0x00007fffd938f083 in visit_list_elements (v=0x7fffffff1e70, l=0x7fffc676d4a0, statement_list=true) at ../../../src/glsl/ir_hv_accept.cpp:56
#12 0x00007fffd938efa4 in ir_hierarchical_visitor::run (this=0x7fffffff1e70, instructions=0x7fffc676d4a0)
    at ../../../src/glsl/ir_hierarchical_visitor.cpp:291
#13 0x00007fffd93a5269 in analyze_loop_variables (instructions=0x7fffc676d4a0) at ../../../src/glsl/loop_analysis.cpp:525
#14 0x00007fffd937b1db in do_common_optimization (ir=0x7fffc676d4a0, linked=true, uniform_locations_assigned=true, max_unroll_iterations=32)
    at ../../../src/glsl/glsl_parser_extras.cpp:1246
#15 0x00007fffd9873d4b in brw_link_shader (ctx=0x7fffcc0a2030, shProg=0x7fffd45aa1b0) at brw_shader.cpp:212
#16 0x00007fffd93ed894 in _mesa_glsl_link_shader (ctx=0x7fffcc0a2030, prog=0x7fffd45aa1b0) at ../../../src/mesa/program/ir_to_mesa.cpp:3206
#17 0x00007fffd9212cee in link_program (ctx=0x7fffcc0a2030, program=25) at ../../../src/mesa/main/shaderapi.c:784
#18 0x00007fffd9213e89 in _mesa_LinkProgram (programObj=25) at ../../../src/mesa/main/shaderapi.c:1280
#19 0x00007ffff7831dba in shared_dispatch_stub_509 (program=25) at ../../../src/mapi/shared-glapi/glapi_mapi_tmp.h:16437
#20 0x000000350948626d in fLinkProgram (this=<optimized out>, program=25) at ../../../dist/include/GLContext.h:2264
#21 mozilla::WebGLContext::LinkProgram (this=0x7fffd5dab800, program=0x7fffd2f5c6b0)
    at /usr/src/debug/xulrunner-20.0/mozilla-release/content/canvas/src/WebGLContextGL.cpp:3037
#22 0x0000003509c27983 in mozilla::dom::WebGLRenderingContextBinding::linkProgram (cx=0x7fffd30c5a90, obj=..., self=0x7fffd5dab800, 
    argc=<optimized out>, vp=0x7fffec3e4fe0)
    at /usr/src/debug/xulrunner-20.0/mozilla-release/objdir/dom/bindings/WebGLRenderingContextBinding.cpp:7055
#23 0x0000003509c2b83b in mozilla::dom::WebGLRenderingContextBinding::genericMethod (cx=0x7fffd30c5a90, argc=1, vp=0x7fffec3e4fe0)
    at /usr/src/debug/xulrunner-20.0/mozilla-release/objdir/dom/bindings/WebGLRenderingContextBinding.cpp:10168
.....
rest of the backtrace truncated
Comment 1 Ian Romanick 2013-07-23 20:10:07 UTC 
*** Bug 64796 has been marked as a duplicate of this bug. ***
Comment 2 Paul Berry 2013-07-24 15:02:25 UTC 
Yup, it's a compiler bug.  The assertion that's failing is bogus.  It assumes that previous optimization stages have removed dead code of the form:

if (...) { } else { }

But that's not always guaranteed--it's possible that dead code of this form occurred as a result of previous optimization stages, in which case the dead code won't get eliminated until the next time through the optimization loop.

I'll have a fix out to the mesa-dev list shortly.
Comment 3 Paul Berry 2013-07-24 15:19:12 UTC 
Patch sent to mesa-dev list for review: http://lists.freedesktop.org/archives/mesa-dev/2013-July/042264.html
Comment 4 Paul Berry 2013-07-25 16:41:19 UTC 
Fixed by commit a5eecb246d66fd8f27eca3c4f6f83bf2641b9403
Author: Paul Berry <stereotype441@gmail.com>
Date:   Wed Jul 24 08:04:44 2013 -0700

    glsl: Handle empty if statement encountered during loop analysis.
    
    The is_loop_terminator() function was asserting that the following
    kind of if statement could never occur:
    
        if (...) { } else { }
    
    (presumably based on the assumption that such an if statement would be
    eliminated by previous optimization stages).  But that isn't the
    case--it's possible that previous optimization stages might simplify
    more complex code down to this empty if statement, in which case it
    won't be eliminated until the next time through the optimization loop.
    
    So is_loop_terminator() needs to handle it.  Fortunately it's easy to
    handle--it's not a loop terminator because it does nothing.
    
    Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=64330
    CC: mesa-stable@lists.freedesktop.org
    
    Reviewed-by: Kenneth Graunke <kenneth@whitecape.org>

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.