[Bug 84232] New: PHINode containing itself causes segfault in LLVM when compiling Blender OpenCL kernel with R600 backend

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Tue Sep 23 02:19:35 PDT 2014 

https://bugs.freedesktop.org/show_bug.cgi?id=84232

          Priority: medium
            Bug ID: 84232
          Assignee: dri-devel at lists.freedesktop.org
           Summary: PHINode containing itself causes segfault in LLVM when
                    compiling Blender OpenCL kernel with R600 backend
          Severity: normal
    Classification: Unclassified
                OS: All
          Reporter: vitalif at yourcmc.ru
          Hardware: Other
            Status: NEW
           Version: XOrg CVS
         Component: DRM/Radeon
           Product: DRI

Created attachment 106717
  --> https://bugs.freedesktop.org/attachment.cgi?id=106717&action=edit
Blender output with R600_DEBUG=compute,fs,vs,gs,ps,cs

I'm trying to run Blender using Mesa OpenCL implementation on a radeonsi  card.
First the kernel didn't want to compile, but that was caused by a  bug in it
(they were using . instead of -> in 1 place), and after fixing  this bug I've
got the kernel to compile...

...But after that, LLVM started to crash during translation of IR into  shader
code with R600 backend.

I've done some investigation and figured out that the crash is caused by a 
PHINode containing itself. SIAnnotateControlFlow::handleLoopCondition()  can't
handle such situation - it recurses into itself, calls  Phi->eraseFromParent()
inside the inner execution, returns into outer one,  gets zeroed out object and
crashes when trying to do something with its  members... for example when
trying to erase it again.

I've tried to understand the semantics of such PHINodes from reading the code
and got a suspicion that the rest of LLVM code just ignores PHINodes equal to
their parent, so I've tried to fix  the bug by making handleLoopCondition()
skip IncomingValues equal to the Phi itself, but the bug didn't go away!
Surprisingly, PHINode may not just contain itself directly, but it also may
contain itself inside another PHINode, i.e.
Phi->getIncomingValue(0)->getIncomingValue(0) == Phi, which results in the same
problem with SIAnnotateControlFlow...

I'll attach Blender output with R600_DEBUG = trace everything and a stack trace
of the crash.

The bug reproduced with llvm 3.5 and snapshot of 3.6; blender is 2.71; Mesa is
from OIBAF's repository.

sudo -E CYCLES_OPENCL_TEST=1 R600_DEBUG=compute,fs,vs,gs,ps,cs blender cup\ of\
coffee\ 5.blend &> kernel-llvm.log

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/dri-devel/attachments/20140923/c40fb431/attachment.html>

More information about the dri-devel mailing list