Bug 69805

Summary: flightgear crashes on r600 (rs880) with llvm backend
Product: Mesa Reporter: Marc Dietrich <marvin24>
Component: Drivers/Gallium/r600Assignee: vincent <vljn>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: medium    
Version: git   
Hardware: x86-64 (AMD64)   
OS: Linux (All)   
Whiteboard:
i915 platform: i915 features:
Attachments: output of R600_DEBUG=vs,fs

Description Marc Dietrich 2013-09-25 10:52:00 UTC
flightgear 2.12 crashes on git mesa. Works with R600_LLVM=0. I initially thought it is due to missing trig functions, but after applying a workaround (from some other bug), it still crashes, so this must be something different.

environment init
Missing separate debuginfo for /usr/lib64/osgPlugins-3.0.1/osgdb_freetype.so
Try: zypper install -C "debuginfo(build-id)=462971b0ab27e0a7e0e887d5a49071eda4dd3258"
Missing separate debuginfo for /usr/lib64/libfreetype.so.6
Try: zypper install -C "debuginfo(build-id)=0d930f71e40c49e05024dd84de90ec2bbd703a02"
KMA20 audio panel initialized
KI266 dme indicator #0 initialized
Missing separate debuginfo for /usr/lib64/libXcursor.so.1
Try: zypper install -C "debuginfo(build-id)=36dc7be208365a4e9d2c4e6e67bf20c04907fe97"
[New Thread 0x7fffc673e700 (LWP 4495)]
[New Thread 0x7fffc5f3d700 (LWP 4496)]
[Thread 0x7fffe5eca700 (LWP 4489) exited]
Electrical system initialized

Program received signal SIGSEGV, Segmentation fault.
0x00007fffea71f024 in r600_sb::bc_decoder::decode_alu(unsigned int&, r600_sb::bc_alu&) () from /usr/lib64/dri/r600_dri.so
(gdb) bt
#0  0x00007fffea71f024 in r600_sb::bc_decoder::decode_alu(unsigned int&, r600_sb::bc_alu&) () from /usr/lib64/dri/r600_dri.so
#1  0x00007fffea725982 in r600_sb::bc_parser::decode_alu_group(r600_sb::cf_node*, unsigned int&, unsigned int&) ()
   from /usr/lib64/dri/r600_dri.so
#2  0x00007fffea725bbb in r600_sb::bc_parser::decode_alu_clause(r600_sb::cf_node*) () from /usr/lib64/dri/r600_dri.so
#3  0x00007fffea725d2b in r600_sb::bc_parser::decode_cf(unsigned int&, bool&) () from /usr/lib64/dri/r600_dri.so
#4  0x00007fffea725d94 in r600_sb::bc_parser::decode_shader() () from /usr/lib64/dri/r600_dri.so
#5  0x00007fffea725e8b in r600_sb::bc_parser::decode() () from /usr/lib64/dri/r600_dri.so
#6  0x00007fffea72993f in r600_sb_bytecode_process () from /usr/lib64/dri/r600_dri.so
#7  0x00007fffea7006e2 in ?? () from /usr/lib64/dri/r600_dri.so
#8  0x00007fffea7153cd in ?? () from /usr/lib64/dri/r600_dri.so
#9  0x00007fffea71555a in ?? () from /usr/lib64/dri/r600_dri.so
#10 0x00007fffea456864 in ?? () from /usr/lib64/dri/r600_dri.so
#11 0x00007fffea457386 in ?? () from /usr/lib64/dri/r600_dri.so
#12 0x00007fffea416ad7 in ?? () from /usr/lib64/dri/r600_dri.so
#13 0x00007fffea412e9f in ?? () from /usr/lib64/dri/r600_dri.so
#14 0x00007fffea429712 in ?? () from /usr/lib64/dri/r600_dri.so
#15 0x00007fffea4125db in ?? () from /usr/lib64/dri/r600_dri.so
#16 0x00007fffea2862c2 in ?? () from /usr/lib64/dri/r600_dri.so
#17 0x00007fffea2a51f8 in ?? () from /usr/lib64/dri/r600_dri.so
#18 0x00007ffff6a44364 in osgUtil::RenderLeaf::render(osg::RenderInfo&, osgUtil::RenderLeaf*) () from /usr/lib64/libosgUtil.so.80
#19 0x00007ffff6a3e7e5 in osgUtil::RenderBin::drawImplementation(osg::RenderInfo&, osgUtil::RenderLeaf*&) ()
   from /usr/lib64/libosgUtil.so.80
#20 0x00007ffff6a3e824 in osgUtil::RenderBin::drawImplementation(osg::RenderInfo&, osgUtil::RenderLeaf*&) ()
   from /usr/lib64/libosgUtil.so.80
#21 0x00007ffff6a457c3 in osgUtil::RenderStage::drawImplementation(osg::RenderInfo&, osgUtil::RenderLeaf*&) ()
   from /usr/lib64/libosgUtil.so.80
#22 0x00007ffff6a48c96 in osgUtil::RenderStage::drawInner(osg::RenderInfo&, osgUtil::RenderLeaf*&, bool&) ()
   from /usr/lib64/libosgUtil.so.80
#23 0x00007ffff6a488ba in osgUtil::RenderStage::draw(osg::RenderInfo&, osgUtil::RenderLeaf*&) () from /usr/lib64/libosgUtil.so.80
#24 0x00007ffff6a524a5 in osgUtil::SceneView::draw() () from /usr/lib64/libosgUtil.so.80
#25 0x00007ffff66743f5 in osgViewer::Renderer::cull_draw() () from /usr/lib64/libosgViewer.so.80
#26 0x00007ffff60075f9 in osg::GraphicsContext::runOperations() () from /usr/lib64/libosg.so.80
#27 0x00007ffff66a9964 in osgViewer::ViewerBase::renderingTraversals() () from /usr/lib64/libosgViewer.so.80
#28 0x0000000000b2d7a5 in fgOSMainLoop() ()
#29 0x000000000064317a in fgMainInit(int, char**) ()
#30 0x000000000060a474 in main ()
(gdb)


workaround patch:
--- a/lib/Target/R600/R600Instructions.td
+++ b/lib/Target/R600/R600Instructions.td
@@ -1165,6 +1165,8 @@ let Predicates = [isR600] in {
   def UINT_TO_FLT_r600 : UINT_TO_FLT_Common<0x6d>;
   def SIN_r600 : SIN_Common<0x6E>;
   def COS_r600 : COS_Common<0x6F>;
+  def : Pat<(fcos f32:$src),(COS_r600 $src)>;
+  def : Pat<(fsin f32:$src),(SIN_r600 $src)>;
   def ASHR_r600 : ASHR_Common<0x70>;
   def LSHR_r600 : LSHR_Common<0x71>;
   def LSHL_r600 : LSHL_Common<0x72>;
Comment 1 Marc Dietrich 2013-09-25 11:08:22 UTC
sorry, backtrace with debug info this time:

sb/sb_bc_parser.cpp:231:decode_alu_clause: Assertion `gcnt <= cnt' failed.

Program received signal SIGTRAP, Trace/breakpoint trap.
0x00007fffea45167c in _debug_assert_fail (expr=0x7fffea744065 "gcnt <= cnt", file=0x7fffea744015 "sb/sb_bc_parser.cpp", line=231, 
    function=0x7fffea7457f0 <r600_sb::bc_parser::decode_alu_clause(r600_sb::cf_node*)::__FUNCTION__> "decode_alu_clause")
    at util/u_debug.c:278
278           os_abort();
(gdb) bt
#0  0x00007fffea45167c in _debug_assert_fail (expr=0x7fffea744065 "gcnt <= cnt", file=0x7fffea744015 "sb/sb_bc_parser.cpp", line=231, 
    function=0x7fffea7457f0 <r600_sb::bc_parser::decode_alu_clause(r600_sb::cf_node*)::__FUNCTION__> "decode_alu_clause")
    at util/u_debug.c:278
#1  0x00007fffea5a8f70 in r600_sb::bc_parser::decode_alu_clause (this=0x7fffffffadb0, cf=0xd2a03b8) at sb/sb_bc_parser.cpp:231
#2  0x00007fffea5a8d34 in r600_sb::bc_parser::decode_cf (this=0x7fffffffadb0, i=@0x7ffffffface8: 72, eop=@0x7ffffffface7: false)
    at sb/sb_bc_parser.cpp:196
#3  0x00007fffea5a87ed in r600_sb::bc_parser::decode_shader (this=0x7fffffffadb0) at sb/sb_bc_parser.cpp:94
#4  0x00007fffea5a873b in r600_sb::bc_parser::decode (this=0x7fffffffadb0) at sb/sb_bc_parser.cpp:75
#5  0x00007fffea5afc18 in r600_sb_bytecode_process (rctx=0x13076f0, bc=0xd0e6f08, pshader=0xd0e6f00, dump_bytecode=0, optimize=1)
    at sb/sb_core.cpp:114
#6  0x00007fffea5633ee in r600_pipe_shader_create (ctx=0x13076f0, shader=0xd0e6ef0, key=...) at r600_shader.c:179
#7  0x00007fffea58d67a in r600_shader_select (ctx=0x13076f0, sel=0xd01be70, dirty=0x0) at r600_state_common.c:750
#8  0x00007fffea58d879 in r600_create_shader_state (ctx=0x13076f0, state=0xd265820, pipe_shader_type=1) at r600_state_common.c:797
#9  0x00007fffea58d8b7 in r600_create_ps_state (ctx=0x13076f0, state=0xd265820) at r600_state_common.c:807
#10 0x00007fffea2e7a0c in st_translate_fragment_program (st=0x13d39a0, stfp=0xd272870, key=0x7fffffffc280)
    at ../../src/mesa/state_tracker/st_program.c:768
#11 0x00007fffea2e7b22 in st_get_fp_variant (st=0x13d39a0, stfp=0xd272870, key=0x7fffffffc280)
    at ../../src/mesa/state_tracker/st_program.c:805
#12 0x00007fffea2ab513 in update_fp (st=0x13d39a0) at ../../src/mesa/state_tracker/st_atom_shader.c:92
#13 0x00007fffea2a5fba in st_validate_state (st=0x13d39a0) at ../../src/mesa/state_tracker/st_atom.c:201
#14 0x00007fffea2c4bcb in st_draw_vbo (ctx=0x13e8cd0, prims=0xc6db758, nr_prims=1, ib=0x0, index_bounds_valid=1 '\001', min_index=0, 
    max_index=203, tfb_vertcount=0x0) at ../../src/mesa/state_tracker/st_draw.c:210
#15 0x00007fffea2a5611 in vbo_save_playback_vertex_list (ctx=0x13e8cd0, data=0xc79d918) at ../../src/mesa/vbo/vbo_save_draw.c:309
#16 0x00007fffea14c6db in ext_opcode_execute (ctx=0x13e8cd0, node=0xc79d910) at ../../src/mesa/main/dlist.c:598
#17 0x00007fffea160239 in execute_list (ctx=0x13e8cd0, list=67) at ../../src/mesa/main/dlist.c:7334
#18 0x00007fffea165c43 in _mesa_CallList (list=67) at ../../src/mesa/main/dlist.c:8734
#19 0x00007ffff6a44364 in osgUtil::RenderLeaf::render(osg::RenderInfo&, osgUtil::RenderLeaf*) () from /usr/lib64/libosgUtil.so.80
#20 0x00007ffff6a3e7e5 in osgUtil::RenderBin::drawImplementation(osg::RenderInfo&, osgUtil::RenderLeaf*&) ()
   from /usr/lib64/libosgUtil.so.80
#21 0x00007ffff6a3e824 in osgUtil::RenderBin::drawImplementation(osg::RenderInfo&, osgUtil::RenderLeaf*&) ()
   from /usr/lib64/libosgUtil.so.80
#22 0x00007ffff6a457c3 in osgUtil::RenderStage::drawImplementation(osg::RenderInfo&, osgUtil::RenderLeaf*&) ()
   from /usr/lib64/libosgUtil.so.80
#23 0x00007ffff6a48c96 in osgUtil::RenderStage::drawInner(osg::RenderInfo&, osgUtil::RenderLeaf*&, bool&) ()
   from /usr/lib64/libosgUtil.so.80
#24 0x00007ffff6a488ba in osgUtil::RenderStage::draw(osg::RenderInfo&, osgUtil::RenderLeaf*&) () from /usr/lib64/libosgUtil.so.80
#25 0x00007ffff6a524a5 in osgUtil::SceneView::draw() () from /usr/lib64/libosgUtil.so.80
#26 0x00007ffff66743f5 in osgViewer::Renderer::cull_draw() () from /usr/lib64/libosgViewer.so.80
#27 0x00007ffff60075f9 in osg::GraphicsContext::runOperations() () from /usr/lib64/libosg.so.80
#28 0x00007ffff66a9964 in osgViewer::ViewerBase::renderingTraversals() () from /usr/lib64/libosgViewer.so.80
#29 0x0000000000b2d7a5 in fgOSMainLoop() ()
#30 0x000000000064317a in fgMainInit(int, char**) ()
#31 0x000000000060a474 in main ()
Comment 2 Vadim Girlin 2013-09-25 12:08:54 UTC
Crash occurs in SB's bytecode parser, so possibly it's not related to llvm, on the other hand it may be caused by the bad code produced by llvm backend. Does it work with llvm backend if you disable sb (R600_DEBUG=nosb)?

Please also attach the output (with enabled llvm and sb) with "R600_DEBUG=ps,vs".
Comment 3 Marc Dietrich 2013-09-25 13:07:59 UTC
Created attachment 86558 [details]
output of R600_DEBUG=vs,fs
Comment 4 Marc Dietrich 2013-09-25 13:08:28 UTC
does not crash with R600_DEBUG=nosb
Comment 5 Vadim Girlin 2013-09-25 14:00:33 UTC
The assert in SB seems to be caused by incorrect alu clause size in the bytecode.

LLVM with enabled asserts also fails to compile that shader for me with the following message:

llc: R600ControlFlowFinalizer.cpp:259: ClauseFile <anonymous namespace>::R600Con
trolFlowFinalizer::MakeALUClause(llvm::MachineBasicBlock &, MachineBasicBlock::i
terator &) const: Assertion `ClauseContent.size() < 128 && "ALU clause is too bi
g"' failed.

So this looks like a bug in LLVM backend.
Comment 6 Marc Dietrich 2013-09-25 14:23:04 UTC
you are right, I didn't compiled llvm with assertions. Here's an updated bt

KMA20 audio panel initialized
KI266 dme indicator #0 initialized
Missing separate debuginfo for /usr/lib64/libXcursor.so.1
Try: zypper install -C "debuginfo(build-id)=36dc7be208365a4e9d2c4e6e67bf20c04907fe97"
[New Thread 0x7fffc5306700 (LWP 2810)]
[New Thread 0x7fffc4b05700 (LWP 2811)]
[Thread 0x7fffe4a19700 (LWP 2804) exited]
Electrical system initialized
fgfs: R600ControlFlowFinalizer.cpp:259: {anonymous}::R600ControlFlowFinalizer::ClauseFile {anonymous}::R600ControlFlowFinalizer::MakeALUClause(llvm::MachineBasicBlock&, llvm::MachineBasicBlock::iterator&) const: Assertion `ClauseContent.size() < 128 && "ALU clause is too big"' failed.

Program received signal SIGABRT, Aborted.
0x00007ffff3c8d3d5 in raise () from /lib64/libc.so.6
(gdb) bt
#0  0x00007ffff3c8d3d5 in raise () from /lib64/libc.so.6
#1  0x00007ffff3c8e858 in abort () from /lib64/libc.so.6
#2  0x00007ffff3c862e2 in __assert_fail_base () from /lib64/libc.so.6
#3  0x00007ffff3c86392 in __assert_fail () from /lib64/libc.so.6
#4  0x00007fffe81d4ca7 in (anonymous namespace)::R600ControlFlowFinalizer::MakeALUClause (this=0xe192e30, MBB=..., I=...)
    at R600ControlFlowFinalizer.cpp:259
#5  0x00007fffe81d5808 in (anonymous namespace)::R600ControlFlowFinalizer::runOnMachineFunction (this=0xe192e30, MF=...)
    at R600ControlFlowFinalizer.cpp:375
#6  0x00007fffe8733d1d in llvm::MachineFunctionPass::runOnFunction (this=0xe192e30, F=...) at MachineFunctionPass.cpp:33
#7  0x00007fffe83d17bd in llvm::FPPassManager::runOnFunction (this=0xe273470, F=...) at PassManager.cpp:1530
#8  0x00007fffe83d19ae in llvm::FPPassManager::runOnModule (this=0xe273470, M=...) at PassManager.cpp:1550
#9  0x00007fffe83d1d0b in llvm::MPPassManager::runOnModule (this=0xe1d6c30, M=...) at PassManager.cpp:1608
#10 0x00007fffe83d230d in llvm::PassManagerImpl::run (this=0xdff41f0, M=...) at PassManager.cpp:1703
#11 0x00007fffe83d251f in llvm::PassManager::run (this=0x7fffffff20a0, M=...) at PassManager.cpp:1738
#12 0x00007fffe891abe9 in LLVMTargetMachineEmit (T=0xe20c0b0, M=0xe1880e0, OS=..., codegen=LLVMObjectFile, ErrorMessage=0x7fffffff2278)
    at TargetMachineC.cpp:194
#13 0x00007fffe891adda in LLVMTargetMachineEmitToMemoryBuffer (T=0xe20c0b0, M=0xe1880e0, codegen=LLVMObjectFile, 
    ErrorMessage=0x7fffffff2278, OutMemBuf=0x7fffffff2270) at TargetMachineC.cpp:220
#14 0x00007fffea601f32 in radeon_llvm_compile (M=0xe1880e0, binary=0x7fffffff2340, gpu_family=0x7fffea72e5e9 "rs880", dump=0)
    at radeon_llvm_emit.c:124
#15 0x00007fffea5fd5a0 in r600_llvm_compile (mod=0xe1880e0, family=CHIP_RS880, bc=0xe226e98, use_kill=0x7fffffffacdf "", dump=0)
    at r600_llvm.c:617
#16 0x00007fffea565d08 in r600_shader_from_tgsi (rscreen=0x13263c0, pipeshader=0xe226e80, key=...) at r600_shader.c:1143
#17 0x00007fffea5632ac in r600_pipe_shader_create (ctx=0x139cb50, shader=0xe226e80, key=...) at r600_shader.c:156
#18 0x00007fffea58d67a in r600_shader_select (ctx=0x139cb50, sel=0xe2228f0, dirty=0x0) at r600_state_common.c:750
#19 0x00007fffea58d879 in r600_create_shader_state (ctx=0x139cb50, state=0xe1c93a0, pipe_shader_type=1) at r600_state_common.c:797
#20 0x00007fffea58d8b7 in r600_create_ps_state (ctx=0x139cb50, state=0xe1c93a0) at r600_state_common.c:807
#21 0x00007fffea2e7a0c in st_translate_fragment_program (st=0x13daa90, stfp=0xe22cc10, key=0x7fffffffc280)
    at ../../src/mesa/state_tracker/st_program.c:768
#22 0x00007fffea2e7b22 in st_get_fp_variant (st=0x13daa90, stfp=0xe22cc10, key=0x7fffffffc280)
    at ../../src/mesa/state_tracker/st_program.c:805
#23 0x00007fffea2ab513 in update_fp (st=0x13daa90) at ../../src/mesa/state_tracker/st_atom_shader.c:92
#24 0x00007fffea2a5fba in st_validate_state (st=0x13daa90) at ../../src/mesa/state_tracker/st_atom.c:201
#25 0x00007fffea2c4bcb in st_draw_vbo (ctx=0x13e9390, prims=0xd6cd598, nr_prims=1, ib=0x0, index_bounds_valid=1 '\001', min_index=0, 
    max_index=23, tfb_vertcount=0x0) at ../../src/mesa/state_tracker/st_draw.c:210
#26 0x00007fffea2a5611 in vbo_save_playback_vertex_list (ctx=0x13e9390, data=0xb5262f8) at ../../src/mesa/vbo/vbo_save_draw.c:309
#27 0x00007fffea14c6db in ext_opcode_execute (ctx=0x13e9390, node=0xb5262f0) at ../../src/mesa/main/dlist.c:598
#28 0x00007fffea160239 in execute_list (ctx=0x13e9390, list=74) at ../../src/mesa/main/dlist.c:7334
#29 0x00007fffea165c43 in _mesa_CallList (list=74) at ../../src/mesa/main/dlist.c:8734
#30 0x00007ffff6a44364 in osgUtil::RenderLeaf::render(osg::RenderInfo&, osgUtil::RenderLeaf*) () from /usr/lib64/libosgUtil.so.80
#31 0x00007ffff6a3e7e5 in osgUtil::RenderBin::drawImplementation(osg::RenderInfo&, osgUtil::RenderLeaf*&) ()
   from /usr/lib64/libosgUtil.so.80
#32 0x00007ffff6a3e824 in osgUtil::RenderBin::drawImplementation(osg::RenderInfo&, osgUtil::RenderLeaf*&) ()
   from /usr/lib64/libosgUtil.so.80
#33 0x00007ffff6a457c3 in osgUtil::RenderStage::drawImplementation(osg::RenderInfo&, osgUtil::RenderLeaf*&) ()
   from /usr/lib64/libosgUtil.so.80
#34 0x00007ffff6a48c96 in osgUtil::RenderStage::drawInner(osg::RenderInfo&, osgUtil::RenderLeaf*&, bool&) ()
   from /usr/lib64/libosgUtil.so.80
#35 0x00007ffff6a488ba in osgUtil::RenderStage::draw(osg::RenderInfo&, osgUtil::RenderLeaf*&) () from /usr/lib64/libosgUtil.so.80
---Type <return> to continue, or q <return> to quit---
#36 0x00007ffff6a524a5 in osgUtil::SceneView::draw() () from /usr/lib64/libosgUtil.so.80
#37 0x00007ffff66743f5 in osgViewer::Renderer::cull_draw() () from /usr/lib64/libosgViewer.so.80
#38 0x00007ffff60075f9 in osg::GraphicsContext::runOperations() () from /usr/lib64/libosg.so.80
#39 0x00007ffff66a9964 in osgViewer::ViewerBase::renderingTraversals() () from /usr/lib64/libosgViewer.so.80
#40 0x0000000000b2d7a5 in fgOSMainLoop() ()
#41 0x000000000064317a in fgMainInit(int, char**) ()
#42 0x000000000060a474 in main ()
Comment 7 Tom Stellard 2013-09-26 15:12:59 UTC
At first glance, this looks to me like a bug I've run into before where the IfConverter merges two ALU clauses and ends up creating one that is too big.
Comment 8 vincent 2013-09-27 23:45:44 UTC
I submited a patch to llvm commits ML that should fix the issue, it's the first one in this serie : 
http://lists.cs.uiuc.edu/pipermail/llvm-commits/Week-of-Mon-20130916/188650.html
Comment 9 Marc Dietrich 2013-10-01 09:16:58 UTC
this hasn't landed in the llvm 3.4 yet, so I applied all four patches manually. Unfortunately, it still crashes the same way (Mesa from ~ 25th Sept). Todays Mesa crashes even sooner (and needs a compile fix) but lets fix this one first ;-)
Comment 10 vincent 2013-10-01 20:31:47 UTC
There was a typo in the second patch, but I pushed them (except the last one) to master : can you report if the crash if fixed with latest llvm master please ?
Comment 11 Marc Dietrich 2013-10-01 21:21:07 UTC
yup, this one is fixed - thanks!

what about the next one? This must have been introduced last week. I can bisect if you wish. And/Or should I file a new bug and close this one?

util/u_blitter.c:1728:util_blitter_clear_buffer: Assertion `!"Streamout unsupported in util_blitter_clear_buffer()"' failed.

Program received signal SIGTRAP, Trace/breakpoint trap.
0x00007fffea44d194 in _debug_assert_fail (expr=0x7fffea6c1290 "!\"Streamout unsupported in util_blitter_clear_buffer()\"", 
    file=0x7fffea6c0f57 "util/u_blitter.c", line=1728, function=0x7fffea6c1340 <__func__.8464> "util_blitter_clear_buffer")
    at util/u_debug.c:278
278           os_abort();
(gdb)
Comment 12 vincent 2013-10-02 21:11:07 UTC
Does the bug persist with R600_LLVM=0 ?
If not, I suggest you open a new bugzilla entry.
Comment 13 Marc Dietrich 2013-10-03 11:17:51 UTC
even happens  with R600_LLVM=0, will file a new one...

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.