Bug 69155 - [NV50 gallium] [piglit] bin/varying-packing-simple triggers memory corruption/failures
Summary: [NV50 gallium] [piglit] bin/varying-packing-simple triggers memory corruption...
Status: RESOLVED FIXED
Alias: None
Product: Mesa
Classification: Unclassified
Component: Drivers/DRI/nouveau (show other bugs)
Version: git
Hardware: x86-64 (AMD64) Linux (All)
: medium critical
Assignee: Nouveau Project
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-09-10 00:45 UTC by Vinson Lee
Modified: 2013-12-10 10:50 UTC (History)
0 users

See Also:
i915 platform:
i915 features:

Attachments

Description Vinson Lee 2013-09-10 00:45:15 UTC 
System environment: 
-- chipset: NVA8
-- system architecture: x86_64
-- xserver-xorg-video-nouveau: 1:1.0.7-0ubuntu1
-- mesa: 395b9410860371a64d6b5f2d50679f29eb41729e (master)
-- libdrm version: 2.4.43
-- kernel version: 3.8.0-30-generic
-- Linux distribution: Ubuntu 13.04 amd64

Run piglit test varying-packing-simple.

$ ./bin/varying-packing-simple float separate -auto
WARNING: out of code space, evicting all shaders.
nv50_program_upload_code:401 - shader too large (0xc40) to fit in code space ?
codegen/nv50_ir_emit_nv50.cpp:169:srcAddr8: Assertion `(offset <= 0x1fc || offset == 0x3fc) && !(offset & 0x3)' failed.
Trace/breakpoint trap (core dumped)

(gdb) bt
#0  0x00007f54bac25e1e in _debug_assert_fail (expr=0x7f54baf08560 "(offset <= 0x1fc || offset == 0x3fc) && !(offset & 0x3)", 
    file=0x7f54baf084c1 "codegen/nv50_ir_emit_nv50.cpp", line=169, 
    function=0x7f54baf09151 <nv50_ir::CodeEmitterNV50::srcAddr8(nv50_ir::ValueRef const&, int)::__FUNCTION__> "srcAddr8") at util/u_debug.c:278
#1  0x00007f54bad5e420 in nv50_ir::CodeEmitterNV50::srcAddr8 (this=0x1f94360, src=..., pos=16) at codegen/nv50_ir_emit_nv50.cpp:169
#2  0x00007f54bad5995e in nv50_ir::CodeEmitterNV50::emitINTERP (this=0x1f94360, i=0x1ece3f0) at codegen/nv50_ir_emit_nv50.cpp:814
#3  0x00007f54bad5cae9 in nv50_ir::CodeEmitterNV50::emitInstruction (this=0x1f94360, insn=0x1ece3f0) at codegen/nv50_ir_emit_nv50.cpp:1625
#4  0x00007f54bad9d7a8 in nv50_ir::Program::emitBinary (this=0x1a82550, info=0x1a9b4f0) at codegen/nv50_ir_target.cpp:374
#5  0x00007f54bad444e9 in nv50_ir_generate_code (info=0x1a9b4f0) at codegen/nv50_ir.cpp:1212
#6  0x00007f54bad32a40 in nv50_program_translate (prog=0x1a7f800, chipset=168) at nv50_program.c:341
#7  0x00007f54bad33865 in nv50_program_validate (nv50=0x1873350, prog=0x1a7f800) at nv50_shader_state.c:115
#8  0x00007f54bad33b8c in nv50_fragprog_validate (nv50=0x1873350) at nv50_shader_state.c:173
#9  0x00007f54bad24dfd in nv50_state_validate (nv50=0x1873350, mask=4294967295, words=8) at nv50_state_validate.c:394
#10 0x00007f54bad31170 in nv50_draw_vbo (pipe=0x1873350, info=0x7fffb533a150) at nv50_vbo.c:755
#11 0x00007f54babb2a0e in cso_draw_vbo (cso=0x18ec9d0, info=0x7fffb533a150) at cso_cache/cso_context.c:1413
#12 0x00007f54baa97f9a in st_draw_vbo (ctx=0x7f54bf129010, prims=0x7fffb533a210, nr_prims=1, ib=0x0, index_bounds_valid=1 '\001', min_index=0, 
    max_index=3, tfb_vertcount=0x0) at ../../src/mesa/state_tracker/st_draw.c:286
#13 0x00007f54baa5419a in vbo_draw_arrays (ctx=0x7f54bf129010, mode=5, start=0, count=4, numInstances=1, baseInstance=0)
    at ../../src/mesa/vbo/vbo_exec_array.c:660
#14 0x00007f54baa54beb in vbo_exec_DrawArrays (mode=5, start=0, count=4) at ../../src/mesa/vbo/vbo_exec_array.c:812
#15 0x00007f54bed3c4bc in stub_glDrawArrays (mode=5, first=0, count=4) at piglit/tests/util/generated_dispatch.c:6223
#16 0x00007f54bed2b6b8 in piglit_draw_rect_from_arrays (verts=0x7fffb533a2f0, tex=0x0)
    at piglit/tests/util/piglit-util-gl-common.c:645
#17 0x00007f54bed2ba36 in piglit_draw_rect (x=-1, y=-1, w=2, h=2) at piglit/tests/util/piglit-util-gl-common.c:754
#18 0x0000000000401e39 in piglit_display () at piglit/tests/spec/glsl-1.10/execution/varying-packing/simple.c:405
#19 0x00007f54bed2e018 in display () at piglit/tests/util/piglit-framework-gl/piglit_glut_framework.c:60
#20 0x00007f54be4c8fc4 in fghRedrawWindow (window=0x1848140) at freeglut_main.c:210
#21 fghcbDisplayWindow (window=0x1848140, enumerator=0x7fffb533a420) at freeglut_main.c:227
#22 0x00007f54be4cc719 in fgEnumWindows (enumCallback=enumCallback@entry=0x7f54be4c8f20 <fghcbDisplayWindow>, 
    enumerator=enumerator@entry=0x7fffb533a420) at freeglut_structure.c:394
#23 0x00007f54be4c945c in fghDisplayAll () at freeglut_main.c:249
#24 glutMainLoopEvent () at freeglut_main.c:1450
#25 0x00007f54be4c9d81 in glutMainLoop () at freeglut_main.c:1498
#26 0x00007f54bed2e247 in run_test (gl_fw=0x7f54bf01b320 <glut_fw>, argc=3, argv=0x7fffb533a7d8)
    at piglit/tests/util/piglit-framework-gl/piglit_glut_framework.c:142
#27 0x00007f54bed2c189 in piglit_gl_test_run (argc=3, argv=0x7fffb533a7d8, config=0x7fffb533a6c0)
    at piglit/tests/util/piglit-framework-gl.c:141
#28 0x0000000000401423 in main (argc=3, argv=0x7fffb533a7d8)
    at piglit/tests/spec/glsl-1.10/execution/varying-packing/simple.c:106
(gdb) frame 1
#1  0x00007f54bad5e420 in nv50_ir::CodeEmitterNV50::srcAddr8 (this=0x1f94360, src=..., pos=16) at codegen/nv50_ir_emit_nv50.cpp:169
169	   assert((offset <= 0x1fc || offset == 0x3fc) && !(offset & 0x3));
(gdb) print /x offset
$1 = 0x200
Comment 1 Ilia Mirkin 2013-12-01 08:03:21 UTC 
OK, so there are a few problems here, not the least of which is that there's memory corruption in the program logic because nv50_program only has 16 in/out varyings, but it reports support for a lot more than that.

Once you fix that, there's another incorrect assert. Fixing that makes the test run, but it fails. For posterity, here is the patch that makes the test not-completely-die. I'll look into what the test is doing and why it's failing later.

diff --git a/src/gallium/drivers/nouveau/nv50/nv50_screen.c b/src/gallium/drivers/nouveau/nv50/nv50_screen.c
index 762b48f..167d228 100644
--- a/src/gallium/drivers/nouveau/nv50/nv50_screen.c
+++ b/src/gallium/drivers/nouveau/nv50/nv50_screen.c
@@ -223,9 +223,7 @@ nv50_screen_get_shader_param(struct pipe_screen *pscreen, unsigned shader,
    case PIPE_SHADER_CAP_MAX_CONTROL_FLOW_DEPTH:
       return 4;
    case PIPE_SHADER_CAP_MAX_INPUTS:
-      if (shader == PIPE_SHADER_VERTEX)
-         return 32;
-      return 0x300 / 16;
+      return 16;
    case PIPE_SHADER_CAP_MAX_CONSTS:
       return 65536 / 16;
    case PIPE_SHADER_CAP_MAX_CONST_BUFFERS:
diff --git a/src/gallium/drivers/nouveau/nv50/nv50_shader_state.c b/src/gallium/drivers/nouveau/nv50/nv50_shader_state.c
index ba4f592..a7f7a36 100644
--- a/src/gallium/drivers/nouveau/nv50/nv50_shader_state.c
+++ b/src/gallium/drivers/nouveau/nv50/nv50_shader_state.c
@@ -443,14 +443,15 @@ nv50_fp_linkage_validate(struct nv50_context *nv50)
    }
 
    n = (m + 3) / 4;
-   assert(m <= 64);
 
    if (unlikely(nv50->gmtyprog)) {
+      assert(n <= 33);
       BEGIN_NV04(push, NV50_3D(GP_RESULT_MAP_SIZE), 1);
       PUSH_DATA (push, m);
       BEGIN_NV04(push, NV50_3D(GP_RESULT_MAP(0)), n);
       PUSH_DATAp(push, map, n);
    } else {
+      assert(n <= 17); // XXX use the nva3+ ALT version?
       BEGIN_NV04(push, NV50_3D(VP_GP_BUILTIN_ATTR_EN), 1);
       PUSH_DATA (push, vp->vp.attrs[2]);
Comment 2 Ilia Mirkin 2013-12-01 09:03:21 UTC 
Looks like making it report 15 instead of 0x300/16 makes piglit (and valgrind) happy. Just sent a patch that did that.
Comment 3 Ilia Mirkin 2013-12-10 10:50:14 UTC 
OK, a patch to make it return 15 has been checked in. This corresponds to returning 60 for the max varying floats thing, which in turn is what the blob reports on my hardware.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.