search

google / amber

Amber is a multi-API shader test framework
Apache License 2.0
188 stars 63 forks source link

[SPIRVSmith] Segmentation Fault in amber with a Swiftshader backend on MacOS #990

Closed rayanht closed 2 years ago

rayanht commented 2 years ago

Consider the following Amber file:

#!amber
SHADER compute shader SPIRV-ASM TARGET_ENV spv1.3
; Magic:     0x07230203 (SPIR-V)
; Version:   0x00010700 (Version: 1.7.0)
; Generator: 0x00220001 (SPIRVSmith)
; Bound:     3340
; Schema:    0
OpCapability Shader
OpCapability Matrix
%1 = OpExtInstImport "GLSL.std.450"
OpMemoryModel Logical GLSL450
OpEntryPoint GLCompute %2 "main"
OpExecutionMode %2 LocalSize 1 1 1
OpDecorate %_struct_5 Block
OpDecorate %6 DescriptorSet 0
OpDecorate %6 Binding 1
OpMemberDecorate %_struct_5 0 Offset 32
%void = OpTypeVoid
%8 = OpTypeFunction %void
%uint = OpTypeInt 32 0
%float = OpTypeFloat 32
%_struct_5 = OpTypeStruct %float
%float_6_79287386 = OpConstant %float 6.79287386
%_ptr_StorageBuffer__struct_5 = OpTypePointer StorageBuffer %_struct_5
%6 = OpVariable %_ptr_StorageBuffer__struct_5 StorageBuffer
%uint_0 = OpConstant %uint 0
%_ptr_StorageBuffer_float = OpTypePointer StorageBuffer %float
%2 = OpFunction %void None %8
%163 = OpLabel
%3340 = OpInBoundsAccessChain %_ptr_StorageBuffer_float %6 %uint_0
OpStore %3340 %float_6_79287386
OpReturn
OpFunctionEnd
END
STRUCT struct0
float var0
END
BUFFER struct0 DATA_TYPE struct0 STD430 DATA
37.54753072149286
END
PIPELINE compute pipeline
ATTACH shader
BIND BUFFER struct0 AS storage DESCRIPTOR_SET 0 BINDING 1
END
RUN pipeline 1 1 1

MacOS + MoltenVK:

$ bin/amber -t spv1.3 -v 1.1 test.amber

Summary: 1 pass, 0 fail

MacOS + Swiftshader:

$ lldb -- bin/amber -t spv1.3 -v 1.1 test.amber
(lldb) env VK_ICD_FILENAMES="/Users/rayan/swiftshader/build/Darwin/vk_swiftshader_icd.json"
(lldb) run
(lldb) bt

* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x140d95f41)
  * frame #0: 0x000000010052ca7c amber`amber::vulkan::EngineVulkan::PipelineInfo::~PipelineInfo() + 108
    frame #1: 0x000000010052d20f amber`std::__1::__tree<std::__1::__value_type<amber::Pipeline*, amber::vulkan::EngineVulkan::PipelineInfo>, std::__1::__map_value_compare<amber::Pipeline*, std::__1::__value_type<amber::Pipeline*, amber::vulkan::EngineVulkan::PipelineInfo>, std::__1::less<amber::Pipeline*>, true>, std::__1::allocator<std::__1::__value_type<amber::Pipeline*, amber::vulkan::EngineVulkan::PipelineInfo> > >::destroy(std::__1::__tree_node<std::__1::__value_type<amber::Pipeline*, amber::vulkan::EngineVulkan::PipelineInfo>, void*>*) + 47
    frame #2: 0x0000000100527297 amber`amber::vulkan::EngineVulkan::~EngineVulkan() + 343
    frame #3: 0x000000010052740e amber`amber::vulkan::EngineVulkan::~EngineVulkan() + 14
    frame #4: 0x0000000100017637 amber`amber::Amber::ExecuteWithShaderData(amber::Recipe const*, amber::Options*, std::__1::map<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, std::__1::vector<unsigned int, std::__1::allocator<unsigned int> >, std::__1::less<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > >, std::__1::allocator<std::__1::pair<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const, std::__1::vector<unsigned int, std::__1::allocator<unsigned int> > > > > const&) + 2775
    frame #5: 0x0000000100016b2d amber`amber::Amber::Execute(amber::Recipe const*, amber::Options*) + 45
    frame #6: 0x0000000100005ecb amber`main + 11787
    frame #7: 0x00007fff203c2f3d libdyld.dylib`start + 1
    frame #8: 0x00007fff203c2f3d libdyld.dylib`start + 1

Once in a while, I still get a segfault but this time in the Vulkan Validation layers rather than in amber so I'm not too sure what's going on here:

(lldb) env VK_ICD_FILENAMES="/Users/rayan/swiftshader/build/Darwin/vk_swiftshader_icd.json"
(lldb) run
(lldb) bt
* thread #1, queue = 'com.apple.main-thread', stop reason = signal SIGABRT
  * frame #0: 0x00007fff2037892e libsystem_kernel.dylib`__pthread_kill + 10
    frame #1: 0x00007fff203a75bd libsystem_pthread.dylib`pthread_kill + 263
    frame #2: 0x00007fff202fc406 libsystem_c.dylib`abort + 125
    frame #3: 0x00007fff201dc165 libsystem_malloc.dylib`malloc_vreport + 548
    frame #4: 0x00007fff201f07e9 libsystem_malloc.dylib`malloc_zone_error + 183
    frame #5: 0x00007fff201d42e1 libsystem_malloc.dylib`tiny_free_list_remove_ptr + 690
    frame #6: 0x00007fff201d3601 libsystem_malloc.dylib`tiny_free_no_lock + 1014
    frame #7: 0x00007fff201d30c9 libsystem_malloc.dylib`free_tiny + 442
    frame #8: 0x00000001049f4f9f libVkLayer_khronos_validation.dylib`DispatchFreeMemory(VkDevice_T*, VkDeviceMemory_T*, VkAllocationCallbacks const*) + 95
    frame #9: 0x000000010493bf91 libVkLayer_khronos_validation.dylib`vulkan_layer_chassis::FreeMemory(VkDevice_T*, VkDeviceMemory_T*, VkAllocationCallbacks const*) + 193
    frame #10: 0x000000010053b974 amber`amber::vulkan::TransferBuffer::~TransferBuffer() + 196
    frame #11: 0x000000010053ba1e amber`amber::vulkan::TransferBuffer::~TransferBuffer() + 14
    frame #12: 0x0000000100537e9a amber`amber::vulkan::Pipeline::ReadbackDescriptorsToHostDataQueue() + 906
    frame #13: 0x0000000100501bc4 amber`amber::vulkan::ComputePipeline::Compute(unsigned int, unsigned int, unsigned int) + 1028
    frame #14: 0x000000010052bef5 amber`amber::vulkan::EngineVulkan::DoCompute(amber::ComputeCommand const*) + 485
    frame #15: 0x0000000100051d32 amber`amber::Executor::ExecuteCommand(amber::Engine*, amber::Command*) + 482
    frame #16: 0x00000001000518d1 amber`amber::Executor::Execute(amber::Engine*, amber::Script const*, std::__1::map<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, std::__1::vector<unsigned int, std::__1::allocator<unsigned int> >, std::__1::less<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > >, std::__1::allocator<std::__1::pair<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const, std::__1::vector<unsigned int, std::__1::allocator<unsigned int> > > > > const&, amber::Options*, amber::Delegate*) + 1809
    frame #17: 0x0000000100016c0d amber`amber::Amber::ExecuteWithShaderData(amber::Recipe const*, amber::Options*, std::__1::map<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, std::__1::vector<unsigned int, std::__1::allocator<unsigned int> >, std::__1::less<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > >, std::__1::allocator<std::__1::pair<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const, std::__1::vector<unsigned int, std::__1::allocator<unsigned int> > > > > const&) + 173
    frame #18: 0x0000000100016b2d amber`amber::Amber::Execute(amber::Recipe const*, amber::Options*) + 45
    frame #19: 0x0000000100005ecb amber`main + 11787
    frame #20: 0x00007fff203c2f3d libdyld.dylib`start + 1
    frame #21: 0x00007fff203c2f3d libdyld.dylib`start + 1

The above does not repro on Linux.

This bug was automatically detected SPIRVSmith

rayanht commented 2 years ago

Need to further investigate exact steps to repro, it doesn't segfault every single time