Bug 79202 - valgrind errors in glsl-fs-uniform-array-loop-unroll.shader_test; random code generation
Summary: valgrind errors in glsl-fs-uniform-array-loop-unroll.shader_test; random code...
Status: RESOLVED FIXED
Alias: None
Product: Mesa
Classification: Unclassified
Component: Drivers/DRI/i965 (show other bugs)
Version: git
Hardware: Other All
: medium normal
Assignee: Ian Romanick
QA Contact: Intel 3D Bugs Mailing List
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-05-25 07:57 UTC by Kenneth Graunke
Modified: 2015-03-11 09:14 UTC (History)
1 user (show)

See Also:
i915 platform:
i915 features:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Kenneth Graunke 2014-05-25 07:57:10 UTC
Running glsl-fs-uniform-array-loop-unroll.shader_test on either Haswell or Crestline, I see a random offset used for the pull constant buffer.  valgrind reports that it's reading out of bounds.

I haven't bisected to see if this was introduced recently.
Comment 1 Iago Toral 2015-03-10 10:06:45 UTC
I am looking into this
Comment 2 Iago Toral 2015-03-10 10:38:19 UTC
We are not checking out-of-bounds accesses into the pull_constant_loc array.
I sent a patch for review that fixes this:
http://lists.freedesktop.org/archives/mesa-dev/2015-March/079009.html
Comment 3 Iago Toral 2015-03-10 10:40:20 UTC
BTW, this is the error that gets fixed, as reported by Valgrind:

==18969== Invalid read of size 4
==18969==    at 0xA8FA80D: fs_visitor::demote_pull_constants() (brw_fs.cpp:1966)
==18969==    by 0xA8FDEAB: fs_visitor::run() (brw_fs.cpp:3044)
==18969==    by 0xA8FE3BB: brw_wm_fs_emit (brw_fs.cpp:3169)
==18969==    by 0xA97E219: do_wm_prog (brw_wm.c:183)
==18969==    by 0xA8FEC88: brw_fs_precompile(gl_context*, gl_shader_program*) (brw_fs.cpp:3294)
==18969==    by 0xA93F2BA: brw_shader_precompile(gl_context*, gl_shader_program*) (brw_shader.cpp:72)
==18969==    by 0xA93FB51: brw_link_shader (brw_shader.cpp:274)
==18969==    by 0xA7B03C7: _mesa_glsl_link_shader (ir_to_mesa.cpp:3092)
==18969==    by 0xA64AC43: link_program (shaderapi.c:915)
==18969==    by 0xA64BDC4: _mesa_LinkProgram (shaderapi.c:1383)
==18969==    by 0x81DA11E: shared_dispatch_stub_509 (glapi_mapi_tmp.h:17831)
==18969==    by 0x4EDE27D: stub_glLinkProgram (piglit-dispatch-gen.c:31514)
Comment 4 Iago Toral 2015-03-11 09:14:33 UTC
Fixed with:

commit 6ac1bc90c4a7a6f32901a9782e14b090f6fe5270
Author: Iago Toral Quiroga <itoral@igalia.com>
Date:   Tue Mar 10 11:36:43 2015 +0100

    i965: Fix out-of-bounds accesses into pull_constant_loc array
    
    The piglit test glsl-fs-uniform-array-loop-unroll.shader_test was designed
    to do an out of bounds access into an uniform array to make sure that we
    handle that situation gracefully inside the driver, however, as Ken describes
    in bug 79202, Valgrind reports that this is leading to an out-of-bounds access
    in fs_visitor::demote_pull_constants().
    
    Before accessing the pull_constant_loc array we should make sure that
    the uniform we are trying to access is valid.
    
    Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=79202
    Reviewed-by: Matt Turner <mattst88@gmail.com>


Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct.