Hi, this patch series enables the use of gcc's -fsanitize=undefined in Mesa and fixes the bulk of reported issues in basic examples like glxgears. However, many issues remain, and some of them in the GLSL compiler look like they could be real - see below for a sampling.
By "enables the use" I mean that (a) it fixes a compiler error that only happens with ubsan enabled, at least on gcc 5.3.1 and (b) it fixes a bunch of undefined behaviour (bad casts) that causes ubsan runs to crash with a segfault in the implementation of dynamic_cast. The bulk of the other fixes in this series are benign "left-shift into sign bit" fixes. In particular, that's what the giant gallium/radeon patch (7/9, probably too big for the mailing list) is about - that patch was generated mechanically. If you want to try this out yourself, you need to add -fsanitize=undefined to CFLAGS, CXXFLAGS, and LDFLAGS. You need a fairly recent libtool as well (the one that comes with Ubuntu 16.04 works for me, but I had to re-autogen), otherwise the option will be "helpfully" removed from the linker flags and linking will fail. You can find the entire series at https://cgit.freedesktop.org/~nh/mesa/log/?h=ubsan Please review! Thanks, Nicolai -- Here are a bunch of issues reported when running piglit's arb_shader_image_load_store-level - all of them are about objects being cast to the wrong type, and subsequent consequences: ../../../../mesa/src/compiler/glsl/ir_function.cpp:376:40: runtime error: downcast of address 0x0000026c3e00 which does not point to an object of type 'ir_variable' 0x0000026c3e00: note: object is of type 'ir_dereference_variable' 00 00 00 00 28 4a d9 c3 66 7f 00 00 28 93 cd 64 ff 7f 00 00 20 93 cd 64 ff 7f 00 00 02 00 00 00 ^~~~~~~~~~~~~~~~~~~~~~~ vptr for 'ir_dereference_variable' ../../../../mesa/src/compiler/glsl/ir_function.cpp:381:25: runtime error: member access within address 0x0000026c3e00 which does not point to an object of type 'ir_variable' 0x0000026c3e00: note: object is of type 'ir_dereference_variable' 00 00 00 00 28 4a d9 c3 66 7f 00 00 28 93 cd 64 ff 7f 00 00 20 93 cd 64 ff 7f 00 00 02 00 00 00 ^~~~~~~~~~~~~~~~~~~~~~~ vptr for 'ir_dereference_variable' ../../../../mesa/src/compiler/glsl/opt_dead_builtin_variables.cpp:38:32: runtime error: downcast of address 0x00000230eeb0 which does not point to an object of type 'ir_variable' 0x00000230eeb0: note: object is of type 'ir_function' 00 00 00 00 70 4c d9 c3 66 7f 00 00 48 e6 76 02 00 00 00 00 08 2b 77 02 00 00 00 00 0a 00 00 00 ^~~~~~~~~~~~~~~~~~~~~~~ vptr for 'ir_function' ../../../../mesa/src/compiler/glsl/ir_function.cpp:65:53: runtime error: downcast of address 0x00000230bf80 which does not point to an object of type 'ir_rvalue' 0x00000230bf80: note: object is of type 'ir_variable' 00 00 00 00 e0 47 d9 c3 66 7f 00 00 48 c0 30 02 00 00 00 00 28 c4 30 02 00 00 00 00 07 00 00 00 ^~~~~~~~~~~~~~~~~~~~~~~ vptr for 'ir_variable' ../../../../mesa/src/compiler/glsl/ir_function.cpp:67:34: runtime error: member access within address 0x00000230bf80 which does not point to an object of type 'ir_rvalue' 0x00000230bf80: note: object is of type 'ir_variable' 00 00 00 00 e0 47 d9 c3 66 7f 00 00 48 c0 30 02 00 00 00 00 28 c4 30 02 00 00 00 00 07 00 00 00 ^~~~~~~~~~~~~~~~~~~~~~~ vptr for 'ir_variable' ../../../../mesa/src/mesa/state_tracker/st_glsl_to_tgsi.cpp:3525:26: runtime error: downcast of address 0x0000022eaa40 which does not point to an object of type 'ir_dereference' 0x0000022eaa40: note: object is of type 'ir_swizzle' 00 00 00 00 20 48 d9 c3 66 7f 00 00 08 20 31 02 00 00 00 00 f8 1e 31 02 00 00 00 00 05 00 00 00 ^~~~~~~~~~~~~~~~~~~~~~~ vptr for 'ir_swizzle' ../../../../mesa/src/mesa/state_tracker/st_glsl_to_tgsi.cpp:3548:29: runtime error: downcast of address 0x0000045a7d00 which does not point to an object of type 'ir_dereference' 0x0000045a7d00: note: object is of type 'ir_constant' 00 00 00 00 f0 4c d9 c3 66 7f 00 00 28 86 59 04 00 00 00 00 18 85 59 04 00 00 00 00 03 00 00 00 ^~~~~~~~~~~~~~~~~~~~~~~ vptr for 'ir_constant' ../../../../mesa/src/mesa/state_tracker/st_glsl_to_tgsi.cpp:3554:29: runtime error: downcast of address 0x000004a47d10 which does not point to an object of type 'ir_dereference' 0x000004a47d10: note: object is of type 'ir_swizzle' 00 00 00 00 20 48 d9 c3 66 7f 00 00 58 bf 9c 04 00 00 00 00 08 60 a5 04 00 00 00 00 05 00 00 00 ^~~~~~~~~~~~~~~~~~~~~~~ vptr for 'ir_swizzle' -- src/compiler/glsl/ir.cpp | 5 +- src/compiler/glsl/list.h | 122 +- src/compiler/glsl/opt_dead_code_local.cpp | 7 +- src/compiler/glsl/opt_tree_grafting.cpp | 5 +- src/gallium/auxiliary/tgsi/tgsi_ureg.c | 2 +- src/gallium/auxiliary/util/u_pack_color.h | 2 +- src/gallium/auxiliary/util/u_pstipple.c | 2 +- src/gallium/drivers/r600/eg_sq.h | 316 +- src/gallium/drivers/r600/evergreend.h | 1104 ++--- src/gallium/drivers/r600/r600_opcodes.h | 12 +- src/gallium/drivers/r600/r600_pipe.h | 6 +- src/gallium/drivers/r600/r600_sq.h | 246 +- src/gallium/drivers/r600/r600d.h | 1804 +++---- src/gallium/drivers/r600/r700_sq.h | 246 +- .../drivers/radeon/r600_pipe_common.h | 8 +- src/gallium/drivers/radeon/r600d_common.h | 108 +- src/gallium/drivers/radeon/radeon_uvd.h | 6 +- src/gallium/drivers/radeonsi/si_state.c | 6 +- .../drivers/radeonsi/si_state_shaders.c | 4 +- src/gallium/drivers/radeonsi/sid.h | 4122 ++++++++-------- .../drivers/softpipe/sp_quad_stipple.c | 4 +- src/mesa/main/mtypes.h | 60 +- src/mesa/main/uniforms.c | 2 +- src/mesa/state_tracker/st_mesa_to_tgsi.c | 2 +- src/mesa/state_tracker/st_program.c | 4 +- 25 files changed, 4117 insertions(+), 4088 deletions(-) _______________________________________________ mesa-dev mailing list mesa-dev@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/mesa-dev
