66184 – src/mesa/state_tracker/st_glsl_to_tgsi.cpp:3216:simplify_cmp: Assertion `inst->dst.index < 4096' failed.

Bug 66184 - src/mesa/state_tracker/st_glsl_to_tgsi.cpp:3216:simplify_cmp: Assertion `inst->dst.index < 4096' failed.

Summary: src/mesa/state_tracker/st_glsl_to_tgsi.cpp:3216:simplify_cmp: Assertion `inst...

Status:	RESOLVED FIXED

Alias:	None

Product:	Mesa
Classification:	Unclassified
Component:	Mesa core (show other bugs)
Version:	git
Hardware:	x86-64 (AMD64) Linux (All)

Importance:	medium critical
Assignee:	mesa-dev
QA Contact:

URL:
Whiteboard:
Keywords:	have-backtrace

Depends on:
Blocks:

Reported:	2013-06-26 03:16 UTC by Vinson Lee
Modified:	2014-09-01 19:08 UTC (History)
CC List:	1 user (show)

See Also:
i915 platform:
i915 features:

Attachments
shaders reproducing the issue (16.88 KB, text/plain) 2014-08-23 18:47 UTC, prg	Details
View All

Description Vinson Lee 2013-06-26 03:16:19 UTC

mesa: 0b994961ff58654f330c51caacf9698f7dafd6b6

Run WebGL Conformance Test glsl bugs tests on softpipe.

(gdb) bt
#0  0x00007f73bb1af05e in _debug_assert_fail (expr=0x7f73bb2f1d01 "inst->dst.index < 4096", 
    file=0x7f73bb2f11e8 "../../src/mesa/state_tracker/st_glsl_to_tgsi.cpp", line=3216, 
    function=0x7f73bb2f27d1 <glsl_to_tgsi_visitor::simplify_cmp()::__FUNCTION__> "simplify_cmp") at util/u_debug.c:278
#1  0x00007f73bb06574c in glsl_to_tgsi_visitor::simplify_cmp (this=0x7f73c6382800)
    at ../../src/mesa/state_tracker/st_glsl_to_tgsi.cpp:3216
#2  0x00007f73bb06b383 in get_mesa_program (ctx=0x7f73abd9f000, shader_program=0x7f73abffc320, shader=0x7f73cbe99830)
    at ../../src/mesa/state_tracker/st_glsl_to_tgsi.cpp:5091
#3  0x00007f73bb06ba32 in st_link_shader (ctx=0x7f73abd9f000, prog=0x7f73abffc320)
    at ../../src/mesa/state_tracker/st_glsl_to_tgsi.cpp:5271
#4  0x00007f73bb10b8e3 in _mesa_glsl_link_shader (ctx=0x7f73abd9f000, prog=0x7f73abffc320)
    at ../../../src/mesa/program/ir_to_mesa.cpp:3124
#5  0x00007f73baf917d3 in link_program (ctx=0x7f73abd9f000, program=29) at ../../src/mesa/main/shaderapi.c:819
#6  0x00007f73baf9295b in _mesa_LinkProgram (programObj=29) at ../../src/mesa/main/shaderapi.c:1302
#7  0x00007f73f4255fd5 in fLinkProgram (this=<optimized out>, program=29) at ../../../dist/include/GLContext.h:2093
#8  mozilla::WebGLContext::LinkProgram (this=this@entry=0x7f73cd19a800, program=program@entry=0x7f73e3b9b4c0)
    at /build/buildd/firefox-22.0~b6+build1/content/canvas/src/WebGLContextGL.cpp:3069
#9  0x00007f73f4aa91f0 in mozilla::dom::WebGLRenderingContextBinding::linkProgram (cx=0x7f73d9abafe0, obj=..., 
    self=0x7f73cd19a800, argc=<optimized out>, vp=0x7f73e5235188)
    at /build/buildd/firefox-22.0~b6+build1/obj-x86_64-linux-gnu/dom/bindings/WebGLRenderingContextBinding.cpp:7154
#10 0x00007f73f4aad204 in mozilla::dom::WebGLRenderingContextBinding::genericMethod (cx=0x7f73d9abafe0, argc=1, 
    vp=0x7f73e5235188)
    at /build/buildd/firefox-22.0~b6+build1/obj-x86_64-linux-gnu/dom/bindings/WebGLRenderingContextBinding.cpp:10325
#11 0x00007f73f505d2d5 in CallJSNative (args=..., native=<optimized out>, cx=0x7f73d9abafe0)
    at /build/buildd/firefox-22.0~b6+build1/js/src/jscntxtinlines.h:338
#12 js::InvokeKernel (cx=cx@entry=0x7f73d9abafe0, args=..., construct=construct@entry=js::NO_CONSTRUCT)
    at /build/buildd/firefox-22.0~b6+build1/js/src/jsinterp.cpp:390
#13 0x00007f73f5051f5b in js::Interpret (cx=cx@entry=0x7f73d9abafe0, entryFrame=entryFrame@entry=0x7f73e5235038, 
    interpMode=js::JSINTERP_NORMAL) at /build/buildd/firefox-22.0~b6+build1/js/src/jsinterp.cpp:2369
#14 0x00007f73f505d04d in js::RunScript (cx=cx@entry=0x7f73d9abafe0, fp=0x7f73e5235038)
    at /build/buildd/firefox-22.0~b6+build1/js/src/jsinterp.cpp:341
#15 0x00007f73f505d3bd in js::InvokeKernel (cx=cx@entry=0x7f73d9abafe0, args=..., construct=construct@entry=js::NO_CONSTRUCT)
    at /build/buildd/firefox-22.0~b6+build1/js/src/jsinterp.cpp:404
#16 0x00007f73f505d6c4 in Invoke (construct=js::NO_CONSTRUCT, args=..., cx=0x7f73d9abafe0)
    at /build/buildd/firefox-22.0~b6+build1/js/src/jsinterp.h:135
#17 js::Invoke (cx=cx@entry=0x7f73d9abafe0, thisv=..., fval=..., argc=0, argv=<optimized out>, rval=0x7fffaf640fe8)
    at /build/buildd/firefox-22.0~b6+build1/js/src/jsinterp.cpp:437
#18 0x00007f73f4fc6214 in JS_CallFunctionValue (cx=0x7f73d9abafe0, objArg=<optimized out>, fval=..., argc=<optimized out>, 
    argv=<optimized out>, rval=rval@entry=0x7fffaf640fe8) at /build/buildd/firefox-22.0~b6+build1/js/src/jsapi.cpp:5823
#19 0x00007f73f43a76d6 in nsJSContext::CallEventHandler (this=0x7f73d89d5320, aTarget=<optimized out>, 
    aScope=<optimized out>, aHandler=<optimized out>, aargv=0x7f739695a460, arv=0x7fffaf6411a8)
    at /build/buildd/firefox-22.0~b6+build1/dom/base/nsJSEnvironment.cpp:1559
#20 0x00007f73f43bfbf9 in nsGlobalWindow::RunTimeoutHandler (this=this@entry=0x7f73c4fc8c00, 
    aTimeout=aTimeout@entry=0x7f73e3e96160, aScx=0x7f73d89d5320)
    at /build/buildd/firefox-22.0~b6+build1/dom/base/nsGlobalWindow.cpp:10171
#21 0x00007f73f43c03d6 in nsGlobalWindow::RunTimeout (this=0x7f73c4fc8c00, aTimeout=0x7f73e3e96160)
    at /build/buildd/firefox-22.0~b6+build1/dom/base/nsGlobalWindow.cpp:10414
#22 0x00007f73f43c05e0 in nsGlobalWindow::TimerCallback (aTimer=<optimized out>, aClosure=<optimized out>)
    at /build/buildd/firefox-22.0~b6+build1/dom/base/nsGlobalWindow.cpp:10683
#23 0x00007f73f4b1814a in nsTimerImpl::Fire (this=0x7f7396959420)
    at /build/buildd/firefox-22.0~b6+build1/xpcom/threads/nsTimerImpl.cpp:539
#24 0x00007f73f4b18205 in nsTimerEvent::Run (this=0x7f73bb3f86ca)
    at /build/buildd/firefox-22.0~b6+build1/xpcom/threads/nsTimerImpl.cpp:623
#25 0x00007f73f4b1548e in nsThread::ProcessNextEvent (this=0x7f73f7c28840, mayWait=<optimized out>, result=0x7fffaf64142f)
    at /build/buildd/firefox-22.0~b6+build1/xpcom/threads/nsThread.cpp:627
#26 0x00007f73f4aea145 in NS_ProcessNextEvent (thread=<optimized out>, mayWait=mayWait@entry=false)
    at /build/buildd/firefox-22.0~b6+build1/obj-x86_64-linux-gnu/xpcom/build/nsThreadUtils.cpp:238
#27 0x00007f73f48b548a in mozilla::ipc::MessagePump::Run (this=0x7f73ea033f00, aDelegate=0x7f73ea0400b0)
    at /build/buildd/firefox-22.0~b6+build1/ipc/glue/MessagePump.cpp:82
#28 0x00007f73f4b38ad1 in RunHandler (this=0x7f73ea0400b0)
    at /build/buildd/firefox-22.0~b6+build1/ipc/chromium/src/base/message_loop.cc:209
#29 MessageLoop::Run (this=0x7f73ea0400b0) at /build/buildd/firefox-22.0~b6+build1/ipc/chromium/src/base/message_loop.cc:183
#30 0x00007f73f4807c07 in nsBaseAppShell::Run (this=0x7f73e82b3160)
    at /build/buildd/firefox-22.0~b6+build1/widget/xpwidgets/nsBaseAppShell.cpp:163
#31 0x00007f73f46e322f in nsAppStartup::Run (this=0x7f73e69088d0)
    at /build/buildd/firefox-22.0~b6+build1/toolkit/components/startup/nsAppStartup.cpp:288
#32 0x00007f73f3e72649 in XREMain::XRE_mainRun (this=this@entry=0x7fffaf6416a0)
    at /build/buildd/firefox-22.0~b6+build1/toolkit/xre/nsAppRunner.cpp:3868
#33 0x00007f73f3e728bc in XREMain::XRE_main (this=this@entry=0x7fffaf6416a0, argc=argc@entry=1, 
    argv=argv@entry=0x7fffaf642b98, aAppData=aAppData@entry=0x7fffaf6418a0)
    at /build/buildd/firefox-22.0~b6+build1/toolkit/xre/nsAppRunner.cpp:3935
#34 0x00007f73f3e72b15 in XRE_main (argc=1, argv=0x7fffaf642b98, aAppData=0x7fffaf6418a0, aFlags=<optimized out>)
    at /build/buildd/firefox-22.0~b6+build1/toolkit/xre/nsAppRunner.cpp:4140
#35 0x00007f73f8f8afc4 in do_main (argc=argc@entry=1, argv=argv@entry=0x7fffaf642b98, xreDirectory=0x7f73f7c2c780)
    at /build/buildd/firefox-22.0~b6+build1/browser/app/nsBrowserApp.cpp:273
#36 0x00007f73f8f8a7f3 in main (argc=1, argv=0x7fffaf642b98)
    at /build/buildd/firefox-22.0~b6+build1/browser/app/nsBrowserApp.cpp:583
(gdb) frame 1
#1  0x00007f73bb06574c in glsl_to_tgsi_visitor::simplify_cmp (this=0x7f73c6382800)
    at ../../src/mesa/state_tracker/st_glsl_to_tgsi.cpp:3216
3216	         assert(inst->dst.index < MAX_TEMPS);
(gdb) print inst->dst
$1 = {file = PROGRAM_TEMPORARY, index = 4096, writemask = 15, cond_mask = 8, type = 2, reladdr = 0x0}

Comment 1 Vinson Lee 2014-03-02 04:18:48 UTC

mesa: fc25956badb8e1932cc19d8c97b4be16e92dfc65 (master 10.2.0-devel)

This crash can still be reproduced.

(gdb) bt
#0  0x00007fa45c191a1b in _debug_assert_fail (expr=0x7fa45c2d4c69 "inst->dst.index < 4096", 
    file=0x7fa45c2d40d0 "state_tracker/st_glsl_to_tgsi.cpp", line=3245, 
    function=0x7fa45c2d5711 <glsl_to_tgsi_visitor::simplify_cmp()::__FUNCTION__> "simplify_cmp")
    at util/u_debug.c:278
#1  0x00007fa45c008a45 in glsl_to_tgsi_visitor::simplify_cmp (this=0x7fa468b89000)
    at state_tracker/st_glsl_to_tgsi.cpp:3245
#2  0x00007fa45c00f0b7 in get_mesa_program (ctx=0x7fa4398c5000, shader_program=0x7fa4234fc4b0, 
    shader=0x7fa4538c8800) at state_tracker/st_glsl_to_tgsi.cpp:5190
#3  0x00007fa45c00f7eb in st_link_shader (ctx=0x7fa4398c5000, prog=0x7fa4234fc4b0)
    at state_tracker/st_glsl_to_tgsi.cpp:5376
#4  0x00007fa45c0253ec in _mesa_glsl_link_shader (ctx=0x7fa4398c5000, prog=0x7fa4234fc4b0)
    at program/ir_to_mesa.cpp:3093
#5  0x00007fa45bf20b97 in link_program (ctx=0x7fa4398c5000, program=571) at main/shaderapi.c:913
#6  0x00007fa45bf21cd1 in _mesa_LinkProgram (programObj=571) at main/shaderapi.c:1377
#7  0x00007fa48fbe1fc1 in fLinkProgram (this=<optimized out>, program=571)
    at ../../../dist/include/GLContext.h:1315
#8  mozilla::WebGLContext::LinkProgram (this=this@entry=0x7fa41c8fd800, program=program@entry=0x7fa45b5f8380)
    at /build/buildd/firefox-28.0~b2+build1/content/canvas/src/WebGLContextGL.cpp:2129
#9  0x00007fa48f8b791b in mozilla::dom::WebGLRenderingContextBinding::linkProgram (cx=0x7fa4693bef00, obj=..., 
    self=0x7fa41c8fd800, args=...)
    at /build/buildd/firefox-28.0~b2+build1/obj-x86_64-linux-gnu/dom/bindings/WebGLRenderingContextBinding.cpp:9458
#10 0x00007fa48f8b529c in mozilla::dom::WebGLRenderingContextBinding::genericMethod (cx=0x7fa4693bef00, 
    argc=<optimized out>, vp=0x7fa4805901a8)
    at /build/buildd/firefox-28.0~b2+build1/obj-x86_64-linux-gnu/dom/bindings/WebGLRenderingContextBinding.cpp:12673
#11 0x00007fa49079d963 in CallJSNative (args=..., 
    native=0x7fa48f8b518a <mozilla::dom::WebGLRenderingContextBinding::genericMethod(JSContext*, unsigned int, JS::Value*)>, cx=0x7fa4693bef00) at /build/buildd/firefox-28.0~b2+build1/js/src/jscntxtinlines.h:220
#12 js::Invoke (cx=cx@entry=0x7fa4693bef00, args=..., construct=construct@entry=js::NO_CONSTRUCT)
    at /build/buildd/firefox-28.0~b2+build1/js/src/vm/Interpreter.cpp:463
#13 0x00007fa490790bc0 in Interpret (cx=cx@entry=0x7fa4693bef00, state=...)
    at /build/buildd/firefox-28.0~b2+build1/js/src/vm/Interpreter.cpp:2511
#14 0x00007fa49079d61d in js::RunScript (cx=cx@entry=0x7fa4693bef00, state=...)
    at /build/buildd/firefox-28.0~b2+build1/js/src/vm/Interpreter.cpp:420
#15 0x00007fa49079d86a in js::Invoke (cx=cx@entry=0x7fa4693bef00, args=..., 
    construct=construct@entry=js::NO_CONSTRUCT)
    at /build/buildd/firefox-28.0~b2+build1/js/src/vm/Interpreter.cpp:482
#16 0x00007fa49079ddcd in js::Invoke (cx=cx@entry=0x7fa4693bef00, thisv=..., fval=..., argc=0, 
    argv=<optimized out>, rval=...) at /build/buildd/firefox-28.0~b2+build1/js/src/vm/Interpreter.cpp:519
#17 0x00007fa49068ec77 in JS_CallFunctionValue (cx=cx@entry=0x7fa4693bef00, objArg=<optimized out>, fval=..., 
    argc=argc@entry=0, argv=<optimized out>, rval=rval@entry=0x7fff4efbe420)
    at /build/buildd/firefox-28.0~b2+build1/js/src/jsapi.cpp:5001
#18 0x00007fa48f722786 in mozilla::dom::Function::Call (this=this@entry=0x7fa425af6140, cx=0x7fa4693bef00, 
    aThisObj=..., aThisObj@entry=..., arguments=..., aRv=...)
    at /build/buildd/firefox-28.0~b2+build1/obj-x86_64-linux-gnu/dom/bindings/FunctionBinding.cpp:35
#19 0x00007fa48fa417b8 in mozilla::dom::Function::Call<nsCOMPtr<nsISupports> > (
    this=this@entry=0x7fa425af6140, thisObj=..., arguments=..., aRv=...,     aExceptionHandling=aExceptionHandling@entry=mozilla::dom::CallbackObject::eReportExceptions)
    at ../../dist/include/mozilla/dom/FunctionBinding.h:55
#20 0x00007fa48fa418f4 in nsGlobalWindow::RunTimeoutHandler (this=this@entry=0x7fa42aaf6000, 
    aTimeout=aTimeout@entry=0x7fa4487723c0, aScx=<optimized out>)
    at /build/buildd/firefox-28.0~b2+build1/dom/base/nsGlobalWindow.cpp:11723
#21 0x00007fa48fa42137 in nsGlobalWindow::RunTimeout (this=0x7fa42aaf6000, aTimeout=0x7fa4487723c0)
    at /build/buildd/firefox-28.0~b2+build1/dom/base/nsGlobalWindow.cpp:11947
#22 0x00007fa48fa42336 in nsGlobalWindow::TimerCallback (aTimer=<optimized out>, aClosure=<optimized out>)
    at /build/buildd/firefox-28.0~b2+build1/dom/base/nsGlobalWindow.cpp:12193
#23 0x00007fa48f2e11ec in nsTimerImpl::Fire (this=0x7fa46a15fb50)
    at /build/buildd/firefox-28.0~b2+build1/xpcom/threads/nsTimerImpl.cpp:551
#24 0x00007fa48f2e12a7 in nsTimerEvent::Run (this=0x7fa45c328ea2)
    at /build/buildd/firefox-28.0~b2+build1/xpcom/threads/nsTimerImpl.cpp:635
#25 0x00007fa48f2deec4 in nsThread::ProcessNextEvent (this=0x7fa493328c00, mayWait=<optimized out>, 
    result=0x7fff4efbe8df) at /build/buildd/firefox-28.0~b2+build1/xpcom/threads/nsThread.cpp:612
#26 0x00007fa48f2a310c in NS_ProcessNextEvent (thread=<optimized out>, mayWait=mayWait@entry=false)
    at /build/buildd/firefox-28.0~b2+build1/xpcom/glue/nsThreadUtils.cpp:263
#27 0x00007fa48f45c0b4 in mozilla::ipc::MessagePump::Run (this=0x7fa484b58140, aDelegate=0x7fa49335f360)
    at /build/buildd/firefox-28.0~b2+build1/ipc/glue/MessagePump.cpp:85
#28 0x00007fa48f45094d in RunHandler (this=0x7fa49335f360)
    at /build/buildd/firefox-28.0~b2+build1/ipc/chromium/src/base/message_loop.cc:215
#29 MessageLoop::Run (this=0x7fa49335f360)
    at /build/buildd/firefox-28.0~b2+build1/ipc/chromium/src/base/message_loop.cc:189
#30 0x00007fa48f981691 in nsBaseAppShell::Run (this=0x7fa480589a90)
    at /build/buildd/firefox-28.0~b2+build1/widget/xpwidgets/nsBaseAppShell.cpp:161
#31 0x00007fa4901f9f2e in nsAppStartup::Run (this=0x7fa480535060)
    at /build/buildd/firefox-28.0~b2+build1/toolkit/components/startup/nsAppStartup.cpp:276
#32 0x00007fa4901bdfa5 in XREMain::XRE_mainRun (this=this@entry=0x7fff4efbeb50)
    at /build/buildd/firefox-28.0~b2+build1/toolkit/xre/nsAppRunner.cpp:4059
#33 0x00007fa4901be225 in XREMain::XRE_main (this=this@entry=0x7fff4efbeb50, argc=argc@entry=1, 
    argv=argv@entry=0x7fff4efc0048, aAppData=aAppData@entry=0x7fff4efbed50)
    at /build/buildd/firefox-28.0~b2+build1/toolkit/xre/nsAppRunner.cpp:4127
#34 0x00007fa4901be48a in XRE_main (argc=1, argv=0x7fff4efc0048, aAppData=0x7fff4efbed50, 
    aFlags=<optimized out>) at /build/buildd/firefox-28.0~b2+build1/toolkit/xre/nsAppRunner.cpp:4337
#35 0x00007fa4946413c1 in do_main (argc=1, argv=0x7fff4efc0048, xreDirectory=0x7fa49332c6c0)
    at /build/buildd/firefox-28.0~b2+build1/browser/app/nsBrowserApp.cpp:280
#36 0x00007fa494640b7c in main (argc=1, argv=0x7fff4efc0048)
    at /build/buildd/firefox-28.0~b2+build1/browser/app/nsBrowserApp.cpp:648
(gdb) frame 1
#1  0x00007fa45c008a45 in glsl_to_tgsi_visitor::simplify_cmp (this=0x7fa468b89000)
    at state_tracker/st_glsl_to_tgsi.cpp:3245
3245	         assert(inst->dst.index < MAX_TEMPS);
(gdb) print inst->dst.index
$1 = 4096

Comment 2 prg 2014-08-23 18:47:25 UTC

Created attachment 105171 [details]
shaders reproducing the issue

I'm still hitting this bug when running some game (miasmata) in wine
src/mesa/state_tracker/st_glsl_to_tgsi.cpp:3333:simplify_cmp: Assertion `inst->dst.index < 4096' failed.
This is with a nve6 (gtx660) on nouveau.
imirkin on #nouveau claims the attached shaders reproduce the issue.

Comment 3 Marek Olšák 2014-09-01 19:08:05 UTC

Fixed by 482def592fede9c4c2f1e6944df42e8319dd6b78. Closing.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.