Bug 111449 - SPIR-V shaders that cause segmentation faults in nir_from_ssa
Summary: SPIR-V shaders that cause segmentation faults in nir_from_ssa
Status: RESOLVED MOVED
Alias: None
Product: Mesa
Classification: Unclassified
Component: Drivers/Vulkan/intel (show other bugs)
Version: git
Hardware: Other All
: medium normal
Assignee: andrii simiklit
QA Contact: Intel 3D Bugs Mailing List
URL:
Whiteboard:
Keywords: bisected, regression
Depends on:
Blocks:
 
Reported: 2019-08-21 06:26 UTC by Alastair Donaldson
Modified: 2019-09-18 19:50 UTC (History)
3 users (show)

See Also:
i915 platform:
i915 features:


Attachments
Amber test exposing the problem (10.02 KB, text/plain)
2019-08-21 06:26 UTC, Alastair Donaldson
Details
Another Amber test that exposes the problem (4.76 KB, text/plain)
2019-08-21 06:27 UTC, Alastair Donaldson
Details

Description Alastair Donaldson 2019-08-21 06:26:59 UTC
Created attachment 145109 [details]
Amber test exposing the problem

Running:

catchsegv amber write-red-in-loop-nest.amber

leads to a segmentation fault, with a backtrace that ends in nir_from_ssa, e.g.:

src/compiler/nir/nir_from_ssa.c:835

or sometimes in ralloc.

Build: Mesa 19.2.0-devel (git-861c2b8d31) (Debug)
Device: Intel(R) HD Graphics 630 (Kaby Lake GT2)
Comment 1 Alastair Donaldson 2019-08-21 06:27:54 UTC
Created attachment 145110 [details]
Another Amber test that exposes the problem
Comment 3 Denis 2019-08-21 12:50:12 UTC
hi, bisect results lead me to:

8d8222461f9d7f497d657c2c0eff70820986429b is the first bad commit
commit 8d8222461f9d7f497d657c2c0eff70820986429b
Author: Jason Ekstrand <jason.ekstrand@intel.com>
Date: Mon Jul 23 22:20:41 2018 -0700

intel/nir: Enable nir_opt_find_array_copies


With a patch from Danylo current test becomes Passed.


[den@den-pc Debug]$ ./amber '/home/den/Downloads/write-red-in-loop-nest.amber' 
Summary: 1 pass, 0 fail
Comment 4 Denis 2019-08-21 13:09:14 UTC
I am sorry, I mixed up bisection results between issues.

Correct bisected commit is:

8fb8ebfbb05d3323481c8ba6d320b3a3580bad99 is the first bad commit
commit 8fb8ebfbb05d3323481c8ba6d320b3a3580bad99
Author: Ian Romanick <ian.d.romanick@intel.com>
Date: Tue May 22 18:56:41 2018 -0700

intel/compiler: More peephole select
Comment 5 Juan A. Suarez 2019-08-26 17:19:27 UTC
https://gitlab.freedesktop.org/mesa/mesa/merge_requests/1717 fixes this issue.
Comment 6 andrii simiklit 2019-09-09 15:12:01 UTC
The bug is still reproducible on the latest master but now it is not "segmentation fault" it is an infinite compilation. Looks like the following patch fixes this issue (not sure that it is a good solution because I am not familiar with this part of the code):

diff --git a/src/compiler/nir/nir_repair_ssa.c b/src/compiler/nir/nir_repair_ssa.c
index 757afff490d..901aec90a07 100644
--- a/src/compiler/nir/nir_repair_ssa.c
+++ b/src/compiler/nir/nir_repair_ssa.c
@@ -132,8 +132,9 @@ repair_ssa_def(nir_ssa_def *def, void *void_state)
             block_def = &cast->dest.ssa;
          }
 
-         nir_instr_rewrite_src(src->parent_instr, src,
-                               nir_src_for_ssa(block_def));
+         if(def != block_def)
+            nir_instr_rewrite_src(src->parent_instr, src,
+                                 nir_src_for_ssa(block_def));
       }
    }

The root cause is that we infinite remove a first element of the list 'def->uses' and add this element to the end of this list.
Comment 7 Jason Ekstrand 2019-09-09 19:01:18 UTC
That's pretty much the correct patch as far as I can tell.  I poked at it a bit and wrote something a bit longer which also prevents any such issues with ifs:

https://gitlab.freedesktop.org/mesa/mesa/merge_requests/1911
Comment 8 GitLab Migration User 2019-09-18 19:50:06 UTC
-- GitLab Migration Automatic Message --

This bug has been migrated to freedesktop.org's GitLab instance and has been closed from further activity.

You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.freedesktop.org/mesa/mesa/issues/847.


Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.