Bug 90904 - OSX: EXC_BAD_ACCESS when using translate_sse + gallium + softpipe/llvmpipe
Summary: OSX: EXC_BAD_ACCESS when using translate_sse + gallium + softpipe/llvmpipe
Status: RESOLVED FIXED
Alias: None
Product: Mesa
Classification: Unclassified
Component: Mesa core (show other bugs)
Version: git
Hardware: Other All
: medium normal
Assignee: mesa-dev
QA Contact: mesa-dev
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-06-08 20:29 UTC by Julien Isorce
Modified: 2015-06-09 15:24 UTC (History)
1 user (show)

See Also:
i915 platform:
i915 features:

Attachments

Description Julien Isorce 2015-06-08 20:29:45 UTC 
When running es2gears_x11 it crashes with:

* thread #1: tid = 0xbfbac, 0x0000000100801200, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=2, address=0x100801200)
  * frame #0: 0x0000000100801200
    frame #1: 0x0000000101da4290 swrast_dri.so`draw_pt_emit_linear(emit=0x0000000100405cd0, vert_info=0x00007fff5fbfefa8, prim_info=0x00007fff5fbff058) + 448 at draw_pt_emit.c:238
    frame #2: 0x0000000101f3b012 swrast_dri.so`emit(emit=0x0000000100405cd0, vert_info=0x00007fff5fbfefa8, prim_info=0x00007fff5fbff058) + 50 at draw_pt_fetch_shade_pipeline_llvm.c:331
    frame #3: 0x0000000101f3aa82 swrast_dri.so`llvm_pipeline_generic(middle=0x0000000100405bc0, fetch_info=0x0000000000000000, in_prim_info=0x00007fff5fbff058) + 1586 at draw_pt_fetch_shade_pipeline_llvm.c:466
    frame #4: 0x0000000101f3a2b3 swrast_dri.so`llvm_middle_end_linear_run(middle=0x0000000100405bc0, start=0, count=7, prim_flags=0) + 131 at draw_pt_fetch_shade_pipeline_llvm.c:530
    frame #5: 0x0000000101db4de8 swrast_dri.so`vsplit_segment_simple_linear(vsplit=0x000000010102b800, flags=0, istart=0, icount=7) + 104 at draw_pt_vsplit_tmp.h:240
    frame #6: 0x0000000101db1c69 swrast_dri.so`vsplit_run_linear(frontend=0x000000010102b800, start=0, count=7) + 249 at draw_split_tmp.h:60
    frame #7: 0x0000000101da35ba swrast_dri.so`draw_pt_arrays(draw=0x0000000101016200, prim=5, start=0, count=7) + 842 at draw_pt.c:149
    frame #8: 0x0000000101da2c2c swrast_dri.so`draw_vbo(draw=0x0000000101016200, info=0x00007fff5fbff208) + 668 at draw_pt.c:564
    frame #9: 0x0000000101f9027c swrast_dri.so`llvmpipe_draw_vbo(pipe=0x0000000101013e00, info=0x00007fff5fbff328) + 972 at lp_draw_arrays.c:132
    frame #10: 0x0000000101d82059 swrast_dri.so`cso_draw_vbo(cso=0x00000001010d3e00, info=0x00007fff5fbff328) + 89 at cso_context.c:1515
    frame #11: 0x0000000101ad3c34 swrast_dri.so`st_draw_vbo(ctx=0x00000001002cf000, prims=0x00007fff5fbff440, nr_prims=1, ib=0x0000000000000000, index_bounds_valid='\x01', min_index=0, max_index=6, tfb_vertcount=0x0000000000000000, indirect=0x0000000000000000) + 1108 at st_draw.c:286
    frame #12: 0x0000000101a7883f swrast_dri.so`vbo_draw_arrays(ctx=0x00000001002cf000, mode=5, start=0, count=7, numInstances=1, baseInstance=0) + 767 at vbo_exec_array.c:645
    frame #13: 0x0000000101a75304 swrast_dri.so`vbo_exec_DrawArrays(mode=5, start=0, count=7) + 228 at vbo_exec_array.c:797
    frame #14: 0x000000010000adb8 libGLESv2.2.dylib`glDrawArrays(mode=5, first=0, count=7) + 56 at glapi_mapi_tmp.h:1613
    frame #15: 0x0000000100003485 es2gears_x11`draw_gear + 1637
    frame #16: 0x00000001000020b0 es2gears_x11`gears_draw + 928
    frame #17: 0x00000001000042f7 es2gears_x11`_eglutNativeEventLoop + 455
    frame #18: 0x0000000100001a74 es2gears_x11`main + 676
    frame #19: 0x00007fff886ee5c9 libdyld.dylib`start + 1

(lldb) di -f
-> 0x100801200:  pushq  %rbx
   0x100801201:  pushq  %rbp
   0x100801202:  movl   %edx, %ebp
   0x100801204:  movq   %r9, %rbx
   0x100801207:  xorl   %eax, %eax
   0x100801209:  cmpl   %eax, %ebp
   0x10080120b:  je     0x10080125e
   0x100801211:  movl   %esi, %eax
   0x100801213:  cmpl   0x478(%rdi), %eax
   0x100801219:  cmovael 0x478(%rdi), %eax



   0           push EBX
   1           push EBP
   2            mov EBP, EDX
   4          mov64 EBX, 
   7            xor EAX, EAX
   9            cmp EBP, EAX
   b    jcc_forward 4
  11            mov EAX, ESI
  13            cmp EAX, [EDI+1144]
  19         cmovcc EAX, [EDI+1144], 3
  20            mov EDX, [EDI+1136]
  27           imul EAX, EDX
  2b            add EAX, [EDI+1128]
  31            cmp EBP, EAX
  34            mov ESI, EAX
  36         movdqu XMM0, [ESI]
  3a         movdqu [EBX], XMM0
  3e         movdqu XMM0, [ESI+16]
  43         movdqu [EBX+16], XMM0
  49            lea EBX, [EBX+32]
  4d            add ESI, [EDI+1136]
  53    prefetchnta [ESI+192]
  5a            dec EBP
  5c            jcc 5
  5e            pop EBP
  5f            pop EBX
  60            ret 

   0           push EBX
   1           push EBP
   2            mov EBP, EDX
   4          mov64 EBX, 
   7            xor EAX, EAX
   9            cmp EBP, EAX
   b    jcc_forward 4
  11            mov ECX, [ESI]
  13            cmp ECX, [EDI+1144]
  19         cmovcc ECX, [EDI+1144], 3
  20            mov EDX, [EDI+1136]
  27           imul ECX, EDX
  2b            add ECX, [EDI+1128]
  31         movdqu XMM0, [ECX]
  35         movdqu [EBX], XMM0
  39         movdqu XMM0, [ECX+16]
  3e         movdqu [EBX+16], XMM0
  44            lea EBX, [EBX+32]
  48            lea ESI, [ESI+4]
  4b            dec EBP
  4d            jcc 5
  4f            pop EBP
  50            pop EBX
  51            ret 

   0           push EBX
   1           push EBP
   2            mov EBP, EDX
   4          mov64 EBX, 
   7            xor EAX, EAX
   9            cmp EBP, EAX
   b    jcc_forward 4
  11        movzx16 ECX, [ESI]
  14            cmp ECX, [EDI+1144]
  1a         cmovcc ECX, [EDI+1144], 3
  21            mov EDX, [EDI+1136]
  28           imul ECX, EDX
  2c            add ECX, [EDI+1128]
  32         movdqu XMM0, [ECX]
  36         movdqu [EBX], XMM0
  3a         movdqu XMM0, [ECX+16]
  3f         movdqu [EBX+16], XMM0
  45            lea EBX, [EBX+32]
  49            lea ESI, [ESI+2]
  4c            dec EBP
  4e            jcc 5
  50            pop EBP
  51            pop EBX
  52            ret 

   0           push EBX
   1           push EBP
   2            mov EBP, EDX
   4          mov64 EBX, 
   7            xor EAX, EAX
   9            cmp EBP, EAX
   b    jcc_forward 4
  11         movzx8 ECX, [ESI]
  14            cmp ECX, [EDI+1144]
  1a         cmovcc ECX, [EDI+1144], 3
  21            mov EDX, [EDI+1136]
  28           imul ECX, EDX
  2c            add ECX, [EDI+1128]
  32         movdqu XMM0, [ECX]
  36         movdqu [EBX], XMM0
  3a         movdqu XMM0, [ECX+16]
  3f         movdqu [EBX+16], XMM0
  45            lea EBX, [EBX+32]
  49            lea ESI, [ESI+1]
  4c            dec EBP
  4e            jcc 5
  50            pop EBP
  51            pop EBX
  52            ret 
disassemble 0x100801200 0x100801261

disassemble 0x100843600 0x100843652

disassemble 0x1010c4200 0x1010c4253

disassemble 0x100843a00 0x100843a53

It crashes when calling:

translate->run(translate,
                  0,
                  count,
                  draw->start_instance,
                  draw->instance_id,
                  hw_verts);


If it fails "on -> 0x100801200:  pushq  %rbx" I guess something went wrong before.
Comment 1 Julien Isorce 2015-06-08 20:33:25 UTC 
It works fine if I add deactivate sse, i.e. setting GALLIUM_NOSSE=1 and with either GALLIUM_DRIVER=softpipe or llvmpipe.

Configure options:
CFLAGS="-g -O0" CXXFLAGS="-g -O0" ./configure --disable-vdpau --disable-va --enable-asm --with-gallium-drivers=swrast --enable-dri3 --enable-gles2 --enable-gles1 --enable-glx --enable-opengl --enable-gallium-osmesa --with-egl-platforms=x11 --enable-debug --prefix=/usr/local --enable-gallium-llvm --disable-omx --disable-llvm-shared-libs

es2_info:
EGL_VERSION: 1.4 (DRI2)
EGL_VENDOR: Mesa Project
EGL_EXTENSIONS:
    EGL_MESA_configless_context, EGL_KHR_get_all_proc_addresses, 
    EGL_KHR_surfaceless_context
EGL_CLIENT_APIS: OpenGL OpenGL_ES OpenGL_ES2 OpenGL_ES3 
GL_VERSION: OpenGL ES 3.0 Mesa 10.7.0-devel (git-950728c)
GL_RENDERER: Gallium 0.4 on llvmpipe (LLVM 3.4, 128 bits)
GL_EXTENSIONS:
    GL_EXT_blend_minmax, GL_EXT_multi_draw_arrays, 
    GL_EXT_texture_format_BGRA8888, GL_OES_compressed_ETC1_RGB8_texture, 
    GL_OES_depth24, GL_OES_element_index_uint, GL_OES_fbo_render_mipmap, 
    GL_OES_mapbuffer, GL_OES_rgb8_rgba8, GL_OES_standard_derivatives, 
    GL_OES_stencil8, GL_OES_texture_3D, GL_OES_texture_npot, 
    GL_OES_EGL_image, GL_OES_depth_texture, GL_OES_packed_depth_stencil, 
    GL_EXT_texture_type_2_10_10_10_REV, GL_OES_get_program_binary, 
    GL_APPLE_texture_max_level, GL_EXT_discard_framebuffer, 
    GL_EXT_read_format_bgra, GL_NV_fbo_color_attachments, 
    GL_OES_EGL_image_external, GL_OES_EGL_sync, GL_OES_vertex_array_object, 
    GL_EXT_texture_rg, GL_EXT_unpack_subimage, GL_NV_draw_buffers, 
    GL_NV_read_buffer, GL_EXT_draw_buffers, GL_EXT_map_buffer_range, 
    GL_OES_depth_texture_cube_map, GL_OES_surfaceless_context, 
    GL_EXT_color_buffer_float, GL_EXT_separate_shader_objects, 
    GL_EXT_shader_integer_mix, GL_KHR_context_flush_control
Comment 2 Jose Fonseca 2015-06-08 20:56:43 UTC 
Probably the old (non-LLVM) JIT machine code generator doesn't support MacOSX.

This patch should work around it:

diff --git a/src/gallium/auxiliary/translate/translate_sse.c b/src/gallium/auxiliary/translate/translate_sse.c
index c7b6c36..24da890 100644
--- a/src/gallium/auxiliary/translate/translate_sse.c
+++ b/src/gallium/auxiliary/translate/translate_sse.c
@@ -35,7 +35,7 @@
 #include "translate.h"
 
 
-#if (defined(PIPE_ARCH_X86) || defined(PIPE_ARCH_X86_64)) && !defined(PIPE_SUBSYSTEM_EMBEDDED)
+#if (defined(PIPE_ARCH_X86) || defined(PIPE_ARCH_X86_64)) && !defined(PIPE_SUBSYSTEM_EMBEDDED) && !defined(PIPE_OS_APPLE)
 
 #include "rtasm/rtasm_cpu.h"
 #include "rtasm/rtasm_x86sse.h"


But I suspect the real problem is in src/gallium/auxiliary/rtasm/rtasm_execmem.c . Instead of the above patch, maybe this one will fix it:

diff --git a/src/gallium/auxiliary/rtasm/rtasm_execmem.c b/src/gallium/auxiliary/rtasm/rtasm_execmem.c
index 8c3dbef..f935879 100644
--- a/src/gallium/auxiliary/rtasm/rtasm_execmem.c
+++ b/src/gallium/auxiliary/rtasm/rtasm_execmem.c
@@ -49,7 +49,7 @@
 #include <windows.h>
 #endif
 
-#if defined(PIPE_OS_LINUX) || defined(PIPE_OS_BSD) || defined(PIPE_OS_SOLARIS) || defined(PIPE_OS_HAIKU) || defined(PIPE_OS_CYGWIN)
+#if defined(PIPE_OS_LINUX) || defined(PIPE_OS_BSD) || defined(PIPE_OS_SOLARIS) || defined(PIPE_OS_HAIKU) || defined(PIPE_OS_CYGWIN) || defined(PIPE_OS_APPLE)
 
 
 /*
Comment 3 Julien Isorce 2015-06-08 21:48:12 UTC 
(In reply to José Fonseca from comment #2)
> diff --git a/src/gallium/auxiliary/rtasm/rtasm_execmem.c
> b/src/gallium/auxiliary/rtasm/rtasm_execmem.c
> index 8c3dbef..f935879 100644
> --- a/src/gallium/auxiliary/rtasm/rtasm_execmem.c
> +++ b/src/gallium/auxiliary/rtasm/rtasm_execmem.c
> @@ -49,7 +49,7 @@
>  #include <windows.h>
>  #endif
>  
> -#if defined(PIPE_OS_LINUX) || defined(PIPE_OS_BSD) ||
> defined(PIPE_OS_SOLARIS) || defined(PIPE_OS_HAIKU) || defined(PIPE_OS_CYGWIN)
> +#if defined(PIPE_OS_LINUX) || defined(PIPE_OS_BSD) ||
> defined(PIPE_OS_SOLARIS) || defined(PIPE_OS_HAIKU) ||
> defined(PIPE_OS_CYGWIN) || defined(PIPE_OS_APPLE)
>  

Ah great I see now, I tested your later solution and it works! Thx
Comment 4 Jose Fonseca 2015-06-09 15:24:05 UTC 
Fix pushed as commit 65bd4159b35c7213e0ac27c6299495e08a105ab4

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.