Bug 70920 - [GLSL compiler] SIGSEGV for shaders/glsl-fs-inline-explosion
Summary: [GLSL compiler] SIGSEGV for shaders/glsl-fs-inline-explosion
Status: NEW
Alias: None
Product: Mesa
Classification: Unclassified
Component: glsl-compiler (show other bugs)
Version: git
Hardware: x86-64 (AMD64) Linux (All)
: medium normal
Assignee: Ian Romanick
QA Contact: Intel 3D Bugs Mailing List
: 84215 (view as bug list)
Depends on:
Reported: 2013-10-27 15:52 UTC by Kai
Modified: 2016-12-25 11:44 UTC (History)
3 users (show)

See Also:
i915 platform:
i915 features:

Full GDB backtrace and register dump (7.61 KB, text/plain)
2013-10-27 15:52 UTC, Kai
Full GDB backtrace and register dump (7.56 KB, text/plain)
2013-11-19 13:45 UTC, Kai
error-checking in glsl-compiler (2.46 KB, text/plain)
2014-09-15 20:18 UTC, Erik Faye-Lund
error-checking in glsl-compiler (3.21 KB, patch)
2014-09-15 20:57 UTC, Erik Faye-Lund
Details | Splinter Review

Note You need to log in before you can comment on or make changes to this bug.
Description Kai 2013-10-27 15:52:32 UTC
Created attachment 88181 [details]
Full GDB backtrace and register dump

While running Piglit on radeonsi (full graphics stack detailed below) I encountered an crash in "shaders/glsl-fs-inline-explosion". See the attached GDB backtrace and register dump for more details.

GPU: "PITCAIRN" (ChipID = 0x6819)
Linux: 3.11.6
libdrm: 2.4.47
LLVM: SVN:trunk/r193475
libclc: Git:master/4c18120c1a
Mesa: Git:master/64c081e8b7
GLAMOR: Git:master/ba209eeef2
DDX: Git:master/f1dc677e79

Let me know if you need further information.
Comment 1 Kai 2013-11-19 13:45:35 UTC
Created attachment 89466 [details]
Full GDB backtrace and register dump

Still an issue with current Mesa HEAD (21ae5135dd30bbd2ec7d2b44e07b6cb1d6425d9e).
Comment 2 Kai 2013-11-19 13:47:29 UTC
Adding mesa-dev, since I'm pretty sure others besides the fine people at Intel might have an idea what the cause is. ;-)
Comment 3 Ian Romanick 2013-11-19 20:58:23 UTC
The cause has been known since the tests were added in 2010:

commit 656cc65b2d3782c078d36342d0deec9886514520
Author: Luca Barbieri <luca@luca-barbieri.com>
Date:   Mon Sep 6 04:56:05 2010 +0200

    add GLSL inlining/unroll limit tests, currently failing
    The current GLSL compiler inlines everything indiscriminately,
    and unrolls all loops that have a small iteration count.
    This is a bad idea, because it can lead to exponential growth of
    the code, as these test cases illustrate.
    On a naive implementation (like current Mesa) these tests will
    attempt to allocate more than 2^64 bytes of RAM, ensuring failure.
    A smart implementation will instead generate actual calls/loops, and the
    test passes, since the branch protecting the functions/loops is not taken.
    Currently they aren't added to any profile since they obviously cause
    piglit to hang until memory is exhausted, possibly causing lots of
    swap thrashing.
Comment 4 Kai 2014-03-22 18:40:47 UTC
Not sure, whether this should be closed or not, but I don't see the test in todays Piglit run. And certainly not among the three crashed tests.
Comment 5 Erik Faye-Lund 2014-09-15 20:18:37 UTC
Created attachment 106343 [details]
error-checking in glsl-compiler

What's going on here, seems to be that we're running out of memory while linking the shader (during optimizations, but that's probably just dumb luck). This makes ralloc_size return a NULL-pointer, which gets dereferenced because the only guards against NULL-pointers in the compiler seems to be asserts.

The attached patch fixes *that* issue for me, but it doesn't make the test pass, nor fail gracefully either; all that happens is that piglit itself runs out of memory, triggering an assert.

Besides, it doesn't seem like exceptions is exactly good style in this project. So I dunno...
Comment 6 Erik Faye-Lund 2014-09-15 20:57:13 UTC
Created attachment 106345 [details] [review]
error-checking in glsl-compiler

Adding a try-catch block around the lifespan around mem_ctx seems to have helped, now the test plain fails instead of crashing.
Comment 7 Ian Romanick 2014-09-29 16:41:33 UTC
*** Bug 84215 has been marked as a duplicate of this bug. ***

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.