Bug 91226

Summary: Crash in glLinkProgram (NEW)
Product: Mesa Reporter: x414e54
Component: Mesa coreAssignee: mesa-dev
Status: RESOLVED FIXED QA Contact: mesa-dev
Severity: normal    
Priority: medium    
Version: 10.6   
Hardware: All   
OS: All   
Whiteboard:
i915 platform: i915 features:
Attachments: Shader Crash Sample

Description x414e54 2015-07-04 11:49:11 UTC 
Created attachment 116940 [details]
Shader Crash Sample

I am getting a crash in glLinkProgram with the following stack trace:

Program received signal SIGSEGV, Segmentation fault.
ir_algebraic_visitor::handle_expression (this=<optimized out>, 
    ir=<optimized out>) at ../../../../src/glsl/ir.h:179
179	../../../../src/glsl/ir.h: No such file or directory.
(gdb) backtrace
#0  ir_algebraic_visitor::handle_expression (this=<optimized out>, 
    ir=<optimized out>) at ../../../../src/glsl/ir.h:179
#1  0x00007ffff1720ec4 in ir_algebraic_visitor::handle_rvalue (
    this=<optimized out>, rvalue=<optimized out>)
    at ../../../../src/glsl/opt_algebraic.cpp:962
#2  0x00007ffff16f6756 in ir_rvalue_base_visitor::rvalue_visit (
    this=0x7fffffffd2b0, ir=0x138ebe8)
    at ../../../../src/glsl/ir_rvalue_visitor.cpp:43
#3  0x00007ffff16f4668 in ir_assignment::accept (this=<optimized out>, 
    v=<optimized out>) at ../../../../src/glsl/ir_hv_accept.cpp:302
#4  0x00007ffff16f407f in visit_list_elements (v=<optimized out>, 
    l=<optimized out>, statement_list=<optimized out>)
    at ../../../../src/glsl/ir_hv_accept.cpp:55
#5  0x00007ffff16f41e9 in ir_function_signature::accept (this=<optimized out>, 
    v=<optimized out>) at ../../../../src/glsl/ir_hv_accept.cpp:115
#6  0x00007ffff16f407f in visit_list_elements (v=<optimized out>, 
    l=<optimized out>, statement_list=<optimized out>)
    at ../../../../src/glsl/ir_hv_accept.cpp:55
#7  0x00007ffff16f425f in ir_function::accept (this=<optimized out>, 
    v=<optimized out>) at ../../../../src/glsl/ir_hv_accept.cpp:127
#8  0x00007ffff16f407f in visit_list_elements (v=<optimized out>, 
    l=<optimized out>, statement_list=<optimized out>)
    at ../../../../src/glsl/ir_hv_accept.cpp:55
---Type <return> to continue, or q <return> to quit---
#9  0x00007ffff1720fc2 in do_algebraic (instructions=<optimized out>, 
    native_integers=<optimized out>, options=<optimized out>)
    at ../../../../src/glsl/opt_algebraic.cpp:981
#10 0x00007ffff16e56e4 in do_common_optimization (ir=<optimized out>, 
    linked=<optimized out>, uniform_locations_assigned=<optimized out>, 
    options=<optimized out>, native_integers=<optimized out>)
    at ../../../../src/glsl/glsl_parser_extras.cpp:1677
#11 0x00007ffff1705089 in link_shaders (ctx=<optimized out>, 
    prog=<optimized out>) at ../../../../src/glsl/linker.cpp:3031
#12 0x00007ffff167598b in _mesa_glsl_link_shader (ctx=<optimized out>, 
    prog=<optimized out>) at ../../../../src/mesa/program/ir_to_mesa.cpp:2972
#13 0x00007ffff15b61ab in link_program (ctx=0xefbae0, program=<optimized out>)
    at ../../../../src/mesa/main/shaderapi.c:946

This appears to occur in 1.6.0 and also git but not on 1.5.8. 
Some users are using Ubuntu with oibaf ppa and I am trying to sort out a work around for them.

Below is a simplification of the shaders which cause the issue all shaders have validated and linked in glslangValidator.
 
The issue (appears) to be in the fragment shader but I have not yet tracked down the exact issue.


#version 120

attribute vec3 in_position;
attribute vec2 in_texcoord;

uniform mat4 mw;
uniform mat4 mv;
uniform mat4 vc;

varying vec2 texcoord;

void main()
{
        vec4 w = mw * vec4(in_position, 1.0);
        vec4 v = mv * w;
        vec4 c = vc * v;

        gl_Position = c;
        texcoord  = in_texcoord;
}

#version 120

uniform vec2 uvbias;
varying vec2 texcoord;

void main()
{
        vec2 tmp = texcoord;
        vec2 uv = tmp * uvbias;
        tmp = (sign(uv) * floor(abs(uv))) + vec2(0.5, 0.5);
        tmp = tmp / uvbias;
}

Attached is a sample application using the code from James Legg in the related bug:
https://bugs.freedesktop.org/show_bug.cgi?id=89590
Comment 1 Neil Roberts 2015-07-04 21:49:23 UTC 
It looks this is a bug in Mesa. I've filed a patch for it here:

http://lists.freedesktop.org/archives/mesa-dev/2015-July/088138.html

The buggy code looks like it is trying to match expressions that look like this:

floor(abs(x) + 0.5) * sign(x)

However the check for the + in the middle is broken so I think it will crash with anything that looks like this

floor(<any unary operation>) * sign(x)

Maybe if you want to make a workaround you could rearrange the expression so that it doesn't match that somehow?
Comment 2 Neil Roberts 2015-07-06 18:55:11 UTC 
I've pushed the patch here:

http://cgit.freedesktop.org/mesa/mesa/commit/?id=18039078e0254c7cb5e15b7186be

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.