Bug 70920 - [GLSL compiler] SIGSEGV for shaders/glsl-fs-inline-explosion
Summary: [GLSL compiler] SIGSEGV for shaders/glsl-fs-inline-explosion
Alias: None
Product: Mesa
Classification: Unclassified
Component: glsl-compiler (show other bugs)
Version: git
Hardware: x86-64 (AMD64) Linux (All)
: medium normal
Assignee: Ian Romanick
QA Contact: Intel 3D Bugs Mailing List
: 84215 (view as bug list)
Depends on:
Reported: 2013-10-27 15:52 UTC by Kai
Modified: 2019-09-18 19:45 UTC (History)
3 users (show)

See Also:
i915 platform:
i915 features:

Full GDB backtrace and register dump (7.61 KB, text/plain)
2013-10-27 15:52 UTC, Kai
Full GDB backtrace and register dump (7.56 KB, text/plain)
2013-11-19 13:45 UTC, Kai
error-checking in glsl-compiler (2.46 KB, text/plain)
2014-09-15 20:18 UTC, Erik Faye-Lund
error-checking in glsl-compiler (3.21 KB, patch)
2014-09-15 20:57 UTC, Erik Faye-Lund
Details | Splinter Review

Description Kai 2013-10-27 15:52:32 UTC
Created attachment 88181 [details]
Full GDB backtrace and register dump

While running Piglit on radeonsi (full graphics stack detailed below) I encountered an crash in "shaders/glsl-fs-inline-explosion". See the attached GDB backtrace and register dump for more details.

GPU: "PITCAIRN" (ChipID = 0x6819)
Linux: 3.11.6
libdrm: 2.4.47
LLVM: SVN:trunk/r193475
libclc: Git:master/4c18120c1a
Mesa: Git:master/64c081e8b7
GLAMOR: Git:master/ba209eeef2
DDX: Git:master/f1dc677e79

Let me know if you need further information.
Comment 1 Kai 2013-11-19 13:45:35 UTC
Created attachment 89466 [details]
Full GDB backtrace and register dump

Still an issue with current Mesa HEAD (21ae5135dd30bbd2ec7d2b44e07b6cb1d6425d9e).
Comment 2 Kai 2013-11-19 13:47:29 UTC
Adding mesa-dev, since I'm pretty sure others besides the fine people at Intel might have an idea what the cause is. ;-)
Comment 3 Ian Romanick 2013-11-19 20:58:23 UTC
The cause has been known since the tests were added in 2010:

commit 656cc65b2d3782c078d36342d0deec9886514520
Author: Luca Barbieri <luca@luca-barbieri.com>
Date:   Mon Sep 6 04:56:05 2010 +0200

    add GLSL inlining/unroll limit tests, currently failing
    The current GLSL compiler inlines everything indiscriminately,
    and unrolls all loops that have a small iteration count.
    This is a bad idea, because it can lead to exponential growth of
    the code, as these test cases illustrate.
    On a naive implementation (like current Mesa) these tests will
    attempt to allocate more than 2^64 bytes of RAM, ensuring failure.
    A smart implementation will instead generate actual calls/loops, and the
    test passes, since the branch protecting the functions/loops is not taken.
    Currently they aren't added to any profile since they obviously cause
    piglit to hang until memory is exhausted, possibly causing lots of
    swap thrashing.
Comment 4 Kai 2014-03-22 18:40:47 UTC
Not sure, whether this should be closed or not, but I don't see the test in todays Piglit run. And certainly not among the three crashed tests.
Comment 5 Erik Faye-Lund 2014-09-15 20:18:37 UTC
Created attachment 106343 [details]
error-checking in glsl-compiler

What's going on here, seems to be that we're running out of memory while linking the shader (during optimizations, but that's probably just dumb luck). This makes ralloc_size return a NULL-pointer, which gets dereferenced because the only guards against NULL-pointers in the compiler seems to be asserts.

The attached patch fixes *that* issue for me, but it doesn't make the test pass, nor fail gracefully either; all that happens is that piglit itself runs out of memory, triggering an assert.

Besides, it doesn't seem like exceptions is exactly good style in this project. So I dunno...
Comment 6 Erik Faye-Lund 2014-09-15 20:57:13 UTC
Created attachment 106345 [details] [review]
error-checking in glsl-compiler

Adding a try-catch block around the lifespan around mem_ctx seems to have helped, now the test plain fails instead of crashing.
Comment 7 Ian Romanick 2014-09-29 16:41:33 UTC
*** Bug 84215 has been marked as a duplicate of this bug. ***
Comment 8 GitLab Migration User 2019-09-18 19:45:02 UTC
-- GitLab Migration Automatic Message --

This bug has been migrated to freedesktop.org's GitLab instance and has been closed from further activity.

You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.freedesktop.org/mesa/mesa/issues/798.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.