Bug 29722 - [glsl] Unigine Sanctuary v2.2 assertion failed
Summary: [glsl] Unigine Sanctuary v2.2 assertion failed
Status: RESOLVED FIXED
Alias: None
Product: Mesa
Classification: Unclassified
Component: Mesa core (show other bugs)
Version: git
Hardware: Other All
: medium normal
Assignee: Eric Anholt
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on:
Blocks: 28294
  Show dependency treegraph
 
Reported: 2010-08-21 04:04 UTC by Pavel Ondračka
Modified: 2010-08-23 17:26 UTC (History)
2 users (show)

See Also:
i915 platform:
i915 features:

Attachments

Description Pavel Ondračka 2010-08-21 04:04:15 UTC 
After recent glsl2 merge, Unigine Sanctuary asserts on start. This is with r300g driver, RV530, Kernel 2.6.35, and latest mesa git.

Sanctuary: ir_variable.cpp:84: void add_builtin_variable(const builtin_variable*, exec_list*, glsl_symbol_table*): Assertion `type != __null' failed.

Program received signal SIGABRT, Aborted.
0xb7fff424 in __kernel_vsyscall ()
Missing separate debuginfos, use: debuginfo-install openal-soft-1.12.854-1.fc13.i686
(gdb) bt full
#0  0xb7fff424 in __kernel_vsyscall ()
No symbol table info available.
#1  0x476aad11 in raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
        resultvar = <value optimized out>
        resultvar = <value optimized out>
        pid = 1199603700
        selftid = 17428
#2  0x476ac5ea in abort () at abort.c:92
        save_stage = 2
        act = {__sigaction_handler = {sa_handler = 0x478093a0 <main_arena>, 
            sa_sigaction = 0x478093a0 <main_arena>}, sa_mask = {__val = {
              1199603700, 160, 1, 3221174432, 3221174220, 0, 304, 151, 
              1199608736, 1199603700, 151, 150, 3221174392, 1198422242, 
              140685016, 151, 3221174432, 140684912, 0, 4222451712, 140685016, 
              140685117, 140685016, 140685016, 140685166, 140685316, 
              140685016, 140685316, 0, 0, 0, 0}}, sa_flags = 0, 
          sa_restorer = 0x2}
        sigs = {__val = {32, 0 <repeats 31 times>}}
#3  0x476a3d98 in __assert_fail (assertion=0xb7251c24 "type != __null", 
    file=0xb72c45ef "ir_variable.cpp", line=84, 
    function=0xb72c4900 "void add_builtin_variable(const builtin_variable*, exec_list*, glsl_symbol_table*)") at assert.c:81
        buf = 0x862aed8 "Sanctuary: ir_variable.cpp:84: void add_builtin_variabl
e(const builtin_variable*, exec_list*, glsl_symbol_table*): Assertion `type != __null' failed.\n"
#4  0xb70f2e77 in add_builtin_variable (proto=0xb72eea20, 
    instructions=<value optimized out>, symtab=0x860a568) at ir_variable.cpp:84
        type = 0x4414
        __PRETTY_FUNCTION__ = "void add_builtin_variable(const builtin_variable*, exec_list*, glsl_symbol_table*)"
#5  0xb70f355f in generate_110_vs_variables (instructions=0x862ae60, 
    state=0x862a4a8) at ir_variable.cpp:199
        i = 0
        vec4_array_type = <value optimized out>
#6  0xb70c5cc6 in _mesa_ast_to_hir (instructions=0x862ae60, state=0x862a4a8)
    at ast_to_hir.cpp:63
No locals.
#7  0xb70bce6f in _mesa_glsl_compile_shader (ctx=0x81bb918, shader=0x860a4b0)
    at program/ir_to_mesa.cpp:2666
        state = 0x862a4a8
        source = 0x863ef68 "uniform vec4 s_viewport;\nuniform vec4 s_depth_range;\nuniform vec4 s_solid_color;\nuniform vec4 s_ambient_color;\nuniform mat4 s_projection;\nuniform mat4 s_modelview;\nuniform mat4 s_modelviewprojection;\n"...
#8  0xb705cf91 in compile_shader (ctx=0x81bb918, shaderObj=1)
    at main/shaderapi.c:803
        sh = 0x860a4b0
#9  0xb705d7a4 in _mesa_CompileShaderARB (shaderObj=1) at main/shaderapi.c:1091
        ctx = 0x81bb918
#10 0x44d3f92b in glCompileShaderARB (shader=1)
    at ../../src/mesa/glapi/glapitemp.h:3472
No locals.
#11 0xb7ca082d in GLShader::loadVertex(char const*, char const*) ()
   from ./libUnigine_x86.so
No symbol table info available.
#12 0xb7bbe720 in Material::create_shader(Material::MShader*) ()
   from ./libUnigine_x86.so
No symbol table info available.
#13 0xb7bbea16 in Material::get_shader(Material::MShader*) ()
   from ./libUnigine_x86.so
No symbol table info available.
#14 0xb7bbeb35 in Material::get_shader(int, int, Material const*) ()
   from ./libUnigine_x86.so
No symbol table info available.
#15 0xb7bbebc8 in Material::getShader(int, int) () from ./libUnigine_x86.so
No symbol table info available.
#16 0xb7bc65b4 in MaterialManager::warmShaders() () from ./libUnigine_x86.so
No symbol table info available.
#17 0xb7a2fd37 in World::loadWorld(char const*) () from ./libUnigine_x86.so
No symbol table info available.
#18 0xb7a30185 in World::world_load(int, char**) () from ./libUnigine_x86.so
No symbol table info available.
#19 0xb7a31504 in ConsoleCommand_Args<World>::operator()(int, char**, void*) const () from ./libUnigine_x86.so
No symbol table info available.
#20 0xb78fd3da in Console::update() () from ./libUnigine_x86.so
No symbol table info available.
#21 0xb77d314b in Engine::init(int, char**, char const*, char const*) ()
   from ./libUnigine_x86.so
No symbol table info available.
#22 0xb77d36eb in Engine::Engine(int, char**, char const*, char const*) ()
   from ./libUnigine_x86.so
No symbol table info available.
#23 0xb77e30a2 in Unigine::Engine::init(int, int, char**, char const*, char const*) () from ./libUnigine_x86.so
No symbol table info available.
#24 0x0804860b in ?? ()
No symbol table info available.
#25 0x47696cc6 in __libc_start_main (main=0x80485d4, argc=1, 
    ubp_av=0xbffff324, init=0x8048640, fini=0x8048630, 
    rtld_fini=0x4766d220 <_dl_fini>, stack_end=0xbffff31c) at libc-start.c:226
        result = <value optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {1199603700, 0, 0, 
                -1073745160, 456373363, 906994562}, mask_was_saved = 0}}, 
          priv = {pad = {0x0, 0x0, 0x1, 0x8048520}, data = {prev = 0x0, 
              cleanup = 0x0, canceltype = 1}}}
        not_first_call = <value optimized out>
#26 0x08048541 in ?? ()
Comment 1 Eric Anholt 2010-08-23 16:33:17 UTC 
This doesn't happen with LIBGL_ALWAYS_SOFTWARE=1 and the 2.3 version, though it does produce a bunch of bogus shaders trying to use EXT_texture_array samplers without enabling the extension and 140 shaders without asking if 140 exists.

By smashing in EXT_framebuffer_multisample support to 965, I do see the failure.  Names of types are talloc_strdup()ed into the types memory context on their creation, so that they're freed at types destruction when tearing down the GL.  However, the static types also get their names talloced into the types context at dlopen, and so once the free happens at last dri context close, the names of those static types point off into freed memory.  Later attempts to re-add those builtin types to the new symbol table fail with bad memory references.

Working on a testcase to reproduce the problem (since this probably won't be the last instance of it).  For now, disabling the freeing of the types context in _mesa_glsl_release_types works around the problem.
Comment 2 Eric Anholt 2010-08-23 17:26:44 UTC 
commit 8dd619ba6825e673a357336b69c96accaa96a7ef
Author: Eric Anholt <eric@anholt.net>
Date:   Mon Aug 23 17:16:25 2010 -0700

    glsl: Rely on talloc_autofree_context() instead of trying to free on our own
    
    Because the static types talloc their names at dlopen time,
    talloc_freeing the types at DRI driver screen teardown means that if
    the screen gets brought back up again, the names will point at freed
    memory.  talloc_autofree_context() exists to do just what we want
    here: Free memory referenced across the program's lifetime so that we
    avoid noise in memory leak checkers.
    
    Fixes: bug #29722 (assertion failure in unigine).

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.