Bug 97420

Summary: "#version 0" crashes glsl_compiler
Product: Mesa Reporter: Karol Herbst <karolherbst>
Component: glsl-compilerAssignee: Ian Romanick <idr>
Status: RESOLVED FIXED QA Contact: Intel 3D Bugs Mailing List <intel-3d-bugs>
Severity: normal    
Priority: medium CC: idr
Version: gitKeywords: bisected, regression
Hardware: All   
OS: All   
i915 platform: i915 features:
Attachments: vertex shader

Description Karol Herbst 2016-08-20 16:25:37 UTC
Created attachment 125920 [details]
vertex shader


attached vertex shader crashes glsl_compiler with SIGSEGV

#0  glcpp_error (locp=locp@entry=0x0, parser=parser@entry=0x9b8290, fmt=fmt@entry=0x743998 "Redefinition of macro %s\n") at ../../../src/compiler/glsl/glcpp/pp.c:35
#1  0x000000000064ffda in _define_object_macro (replacements=0x9b89c0, identifier=0x7439b2 "__VERSION__", loc=0x0, parser=0x9b8290) at ../../../src/compiler/glsl/glcpp/glcpp-parse.y:2104
#2  add_builtin_define (parser=parser@entry=0x9b8290, name=name@entry=0x7439b2 "__VERSION__", value=value@entry=110) at ../../../src/compiler/glsl/glcpp/glcpp-parse.y:1334
#3  0x000000000065599e in _glcpp_parser_handle_version_declaration (explicitly_set=false, es_identifier=0x0, version=110, parser=0x9b8290) at ../../../src/compiler/glsl/glcpp/glcpp-parse.y:2312
#4  glcpp_parser_resolve_implicit_version (parser=0x9b8290) at ../../../src/compiler/glsl/glcpp/glcpp-parse.y:2356
#5  0x00000000005e6a8c in glcpp_preprocess (ralloc_ctx=ralloc_ctx@entry=0x9b7610, shader=shader@entry=0x7fffffffd3a8, info_log=info_log@entry=0x9b78b8, 
    extensions=extensions@entry=0x44de40 <add_builtin_defines(_mesa_glsl_parse_state*, void (*)(glcpp_parser*, char const*, int), glcpp_parser*, unsigned int, bool)>, state=state@entry=0x9b7610, 
    gl_ctx=gl_ctx@entry=0x979aa0 <standalone_compile_shader::local_ctx>) at ../../../src/compiler/glsl/glcpp/pp.c:233
#6  0x000000000045b9d0 in _mesa_glsl_compile_shader (ctx=ctx@entry=0x979aa0 <standalone_compile_shader::local_ctx>, shader=shader@entry=0x9b6910, dump_ast=<optimized out>, dump_hir=<optimized out>)
    at ../../../src/compiler/glsl/glsl_parser_extras.cpp:1846
#7  0x000000000040e170 in compile_shader (shader=0x9b6910, ctx=0x979aa0 <standalone_compile_shader::local_ctx>) at ../../../src/compiler/glsl/standalone.cpp:282
#8  standalone_compile_shader (_options=_options@entry=0x979a50 <options>, num_files=num_files@entry=1, files=<optimized out>) at ../../../src/compiler/glsl/standalone.cpp:386
#9  0x0000000000409045 in main (argc=<optimized out>, argv=0x7fffffffd598) at ../../../src/compiler/glsl/main.cpp:91
Comment 1 Karol Herbst 2016-08-22 21:37:14 UTC
seems to be a regression

eda6349346616f3a45ca2d03e2c1a3da956df6b3 is the first bad commit
commit eda6349346616f3a45ca2d03e2c1a3da956df6b3
Author: Ian Romanick <ian.d.romanick@intel.com>
Date:   Tue Aug 9 14:31:49 2016 -0700

    glcpp: Track the actual version instead of just the version_resolved flag
    Signed-off-by: Ian Romanick <ian.d.romanick@intel.com>
    Reviewed-by: Timothy Arceri <timothy.arceri@collabora.com>
    Cc: mesa-stable@lists.freedesktop.org

:040000 040000 973a1b5a08715081d374a6fbdfda60c537195d33 fbe8d2e45f4f1e6755e70b6e6f8fa971701e3ae8 M      src

git bisect log:
git bisect start
# bad: [de2ac3e3f1ab899114dc7971eb5174e40cb76d1a] glsl_compiler: more versions
git bisect bad de2ac3e3f1ab899114dc7971eb5174e40cb76d1a
# good: [85d807f2e04eb4f096fa619bc61c65cdcef446c8] st/va: add functions for VAAPI encode
git bisect good 85d807f2e04eb4f096fa619bc61c65cdcef446c8
# good: [29e1c4a8a9f26ce41aa53dc9bf39852a8530adc6] swr: [rasterizer core] allow override of KNOB thread settings
git bisect good 29e1c4a8a9f26ce41aa53dc9bf39852a8530adc6
# bad: [b82de88008ddfef051eeccfbc4b36e0e7d47daf3] i965/blorp: Create the isl_surf up-front
git bisect bad b82de88008ddfef051eeccfbc4b36e0e7d47daf3
# bad: [09dff7ae2e179d5a3490481762c6bd3d50430c9f] st/vdpau: change the order in which filters are applied(v3)
git bisect bad 09dff7ae2e179d5a3490481762c6bd3d50430c9f
# bad: [a7d33315a76efaa8943dbe439f5538ce6d76ff41] st/mesa: remove TES/TCS/GS state dirtying optimization
git bisect bad a7d33315a76efaa8943dbe439f5538ce6d76ff41
# good: [ac6966360fc2f31b5e862624c6ef0048e11148e7] mesa: Use a temporary set to track whether we've added a resource yet.
git bisect good ac6966360fc2f31b5e862624c6ef0048e11148e7
# bad: [16627fc87d2e5a7cd6068d0337ea2c68b40a1b51] appveyor: Install pywin32 extensions.
git bisect bad 16627fc87d2e5a7cd6068d0337ea2c68b40a1b51
# good: [549222f5f8ef4616f5e6ddeb5c29ea6446684e5e] glsl: use UniformHash to find storage location
git bisect good 549222f5f8ef4616f5e6ddeb5c29ea6446684e5e
# bad: [eda6349346616f3a45ca2d03e2c1a3da956df6b3] glcpp: Track the actual version instead of just the version_resolved flag
git bisect bad eda6349346616f3a45ca2d03e2c1a3da956df6b3
# good: [30e5ff706789823145c51313870c87bffab6943f] glsl: remove remaining tabs in link_uniform_initializers.cpp
git bisect good 30e5ff706789823145c51313870c87bffab6943f
# first bad commit: [eda6349346616f3a45ca2d03e2c1a3da956df6b3] glcpp: Track the actual version instead of just the version_resolved flag
Comment 2 Timothy Arceri 2016-08-23 04:33:55 UTC
Looks like version is set twice. Once explicitly by the shader and once by glcpp_parser_resolve_implicit_version() as we no longer set a bool to skip the implicit call but check the version which is zero in this case.

_glcpp_parser_handle_version_declaration(glcpp_parser_t *parser, intmax_t versio
                                          const char *es_identifier,
                                          bool explicitly_set)
-   if (parser->version_resolved)
+   if (parser->version != 0)
Comment 3 Tapani Pälli 2016-08-23 04:39:40 UTC
There's also a small problem in '_define_object_macro' (which causes crash). It can be called with 'loc' being NULL, there's 2 usages of 'loc' but only one of them takes NULL in to account.
Comment 4 Ian Romanick 2016-08-24 19:33:01 UTC
I've just sent some piglit tests that reproduce this crash:

Comment 5 Juan A. Suarez 2016-11-11 08:55:30 UTC
This has been fixed with the patches Ian sent.
Comment 6 Matt Turner 2016-11-11 16:42:16 UTC
When you close a bug, please leave a comment with the commit that fixed it.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct.