projects / mesa.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
pan/decode: Use GLSL style formats/swizzles
[mesa.git] / src / panfrost / pandecode / decode.c
diff --git a/src/panfrost/pandecode/decode.c b/src/panfrost/pandecode/decode.c
index 4eaf09fd3426d4d4461fc7903886b76f66e19855..11de8494e235c8d3ccef2980bccd868c315edae6 100644 (file)
--- a/src/panfrost/pandecode/decode.c
+++ b/src/panfrost/pandecode/decode.c
@@ -29,13 +29,17 @@
 #include <memory.h>
 #include <stdbool.h>
 #include <stdarg.h>
+#include <ctype.h>
 #include "decode.h"
+#include "util/macros.h"
 #include "util/u_math.h"
 
 #include "pan_pretty_print.h"
 #include "midgard/disassemble.h"
 #include "bifrost/disassemble.h"
 
+#include "pan_encoder.h"
+
 int pandecode_jc(mali_ptr jc_gpu_va, bool bifrost);
 
 #define MEMORY_PROP(obj, p) {\
@@ -54,11 +58,6 @@ int pandecode_jc(mali_ptr jc_gpu_va, bool bifrost);
         } \
 }
 
-#define DYN_MEMORY_PROP(obj, no, p) { \
-       if (obj->p) \
-               pandecode_prop("%s = %s_%d_p", #p, #p, no); \
-}
-
 /* Semantic logging type.
  *
  * Raw: for raw messages to be printed as is.
@@ -117,6 +116,44 @@ pandecode_log_cont(const char *format, ...)
         va_end(ap);
 }
 
+/* To check for memory safety issues, validates that the given pointer in GPU
+ * memory is valid, containing at least sz bytes. The goal is to eliminate
+ * GPU-side memory bugs (NULL pointer dereferences, buffer overflows, or buffer
+ * overruns) by statically validating pointers.
+ */
+
+static void
+pandecode_validate_buffer(mali_ptr addr, size_t sz)
+{
+        if (!addr) {
+                pandecode_msg("XXX: null pointer deref");
+                return;
+        }
+
+        /* Find a BO */
+
+        struct pandecode_mapped_memory *bo =
+                pandecode_find_mapped_gpu_mem_containing(addr);
+
+        if (!bo) {
+                pandecode_msg("XXX: invalid memory dereference\n");
+                return;
+        }
+
+        /* Bounds check */
+
+        unsigned offset = addr - bo->gpu_va;
+        unsigned total = offset + sz;
+
+        if (total > bo->length) {
+                pandecode_msg("XXX: buffer overrun."
+                                "Chunk of size %d at offset %d in buffer of size %d. "
+                                "Overrun by %d bytes.",
+                                sz, offset, bo->length, total - bo->length);
+                return;
+        }
+}
+
 struct pandecode_flag_info {
         u64 flag;
         const char *name;
@@ -245,6 +282,16 @@ static const struct pandecode_flag_info mfbd_flag_info [] = {
 };
 #undef FLAG_INFO
 
+#define FLAG_INFO(flag) { MALI_SAMP_##flag, "MALI_SAMP_" #flag }
+static const struct pandecode_flag_info sampler_flag_info [] = {
+        FLAG_INFO(MAG_NEAREST),
+        FLAG_INFO(MIN_NEAREST),
+        FLAG_INFO(MIP_LINEAR_1),
+        FLAG_INFO(MIP_LINEAR_2),
+        FLAG_INFO(NORM_COORDS),
+        {}
+};
+#undef FLAG_INFO
 
 extern char *replace_fragment;
 extern char *replace_vertex;
@@ -294,7 +341,8 @@ pandecode_draw_mode(enum mali_draw_mode mode)
                 DEFINE_CASE(QUAD_STRIP);
 
         default:
-                return "MALI_TRIANGLES /* XXX: Unknown GL mode, check dump */";
+                pandecode_msg("XXX: invalid draw mode %X\n", mode);
+                return "";
         }
 
 #undef DEFINE_CASE
@@ -315,7 +363,8 @@ pandecode_func(enum mali_func mode)
                 DEFINE_CASE(ALWAYS);
 
         default:
-                return "MALI_FUNC_NEVER /* XXX: Unknown function, check dump */";
+                pandecode_msg("XXX: invalid func %X\n", mode);
+                return "";
         }
 }
 #undef DEFINE_CASE
@@ -336,7 +385,8 @@ pandecode_alt_func(enum mali_alt_func mode)
                 DEFINE_CASE(ALWAYS);
 
         default:
-                return "MALI_FUNC_NEVER /* XXX: Unknown function, check dump */";
+                pandecode_msg("XXX: invalid alt func %X\n", mode);
+                return "";
         }
 }
 #undef DEFINE_CASE
@@ -356,7 +406,8 @@ pandecode_stencil_op(enum mali_stencil_op op)
                 DEFINE_CASE(DECR);
 
         default:
-                return "MALI_STENCIL_KEEP /* XXX: Unknown stencil op, check dump */";
+                pandecode_msg("XXX: invalid stencil op %X\n", op);
+                return "";
         }
 }
 
@@ -371,33 +422,16 @@ static char *pandecode_attr_mode(enum mali_attr_mode mode)
                 DEFINE_CASE(POT_DIVIDE);
                 DEFINE_CASE(MODULO);
                 DEFINE_CASE(NPOT_DIVIDE);
+                DEFINE_CASE(IMAGE);
+                DEFINE_CASE(INTERNAL);
         default:
-                return "MALI_ATTR_UNUSED /* XXX: Unknown stencil op, check dump */";
+                pandecode_msg("XXX: invalid attribute mode %X\n", mode);
+                return "";
         }
 }
 
 #undef DEFINE_CASE
 
-#define DEFINE_CASE(name) case MALI_CHANNEL_## name: return "MALI_CHANNEL_" #name
-static char *
-pandecode_channel(enum mali_channel channel)
-{
-        switch (channel) {
-                DEFINE_CASE(RED);
-                DEFINE_CASE(GREEN);
-                DEFINE_CASE(BLUE);
-                DEFINE_CASE(ALPHA);
-                DEFINE_CASE(ZERO);
-                DEFINE_CASE(ONE);
-                DEFINE_CASE(RESERVED_0);
-                DEFINE_CASE(RESERVED_1);
-
-        default:
-                return "MALI_CHANNEL_ZERO /* XXX: Unknown channel, check dump */";
-        }
-}
-#undef DEFINE_CASE
-
 #define DEFINE_CASE(name) case MALI_WRAP_## name: return "MALI_WRAP_" #name
 static char *
 pandecode_wrap_mode(enum mali_wrap_mode op)
@@ -409,7 +443,8 @@ pandecode_wrap_mode(enum mali_wrap_mode op)
                 DEFINE_CASE(MIRRORED_REPEAT);
 
         default:
-                return "MALI_WRAP_REPEAT /* XXX: Unknown wrap mode, check dump */";
+                pandecode_msg("XXX: invalid wrap mode %X\n", op);
+                return "";
         }
 }
 #undef DEFINE_CASE
@@ -446,31 +481,127 @@ pandecode_mfbd_block_format(enum mali_mfbd_block_format fmt)
 }
 #undef DEFINE_CASE
 
+#define DEFINE_CASE(name) case MALI_EXCEPTION_ACCESS_## name: return ""#name
+static char *
+pandecode_exception_access(enum mali_exception_access access)
+{
+        switch (access) {
+                DEFINE_CASE(NONE);
+                DEFINE_CASE(EXECUTE);
+                DEFINE_CASE(READ);
+                DEFINE_CASE(WRITE);
+
+        default:
+                unreachable("Invalid case");
+        }
+}
+#undef DEFINE_CASE
+
 /* Midgard's tiler descriptor is embedded within the
  * larger FBD */
 
 static void
-pandecode_midgard_tiler_descriptor(const struct midgard_tiler_descriptor *t)
+pandecode_midgard_tiler_descriptor(
+                const struct midgard_tiler_descriptor *t,
+                unsigned width,
+                unsigned height,
+                bool is_fragment)
 {
         pandecode_log(".tiler = {\n");
         pandecode_indent++;
 
-        pandecode_prop("hierarchy_mask = 0x%" PRIx16, t->hierarchy_mask);
-        pandecode_prop("flags = 0x%" PRIx16, t->flags);
-        pandecode_prop("polygon_list_size = 0x%x", t->polygon_list_size);
+        if (t->hierarchy_mask == MALI_TILER_DISABLED)
+                pandecode_prop("hierarchy_mask = MALI_TILER_DISABLED");
+        else
+                pandecode_prop("hierarchy_mask = 0x%" PRIx16, t->hierarchy_mask);
+
+        /* We know this name from the kernel, but we never see it nonzero */
+
+        if (t->flags)
+                pandecode_msg("XXX: unexpected tiler flags 0x%" PRIx16, t->flags);
 
         MEMORY_PROP(t, polygon_list);
-        MEMORY_PROP(t, polygon_list_body);
+
+        /* The body is offset from the base of the polygon list */
+        assert(t->polygon_list_body > t->polygon_list);
+        unsigned body_offset = t->polygon_list_body - t->polygon_list;
+
+        /* It needs to fit inside the reported size */
+        assert(t->polygon_list_size >= body_offset);
+
+        /* Check that we fit */
+        struct pandecode_mapped_memory *plist =
+                pandecode_find_mapped_gpu_mem_containing(t->polygon_list);
+
+        assert(t->polygon_list_size <= plist->length);
+
+        /* Now that we've sanity checked, we'll try to calculate the sizes
+         * ourselves for comparison */
+
+        unsigned ref_header = panfrost_tiler_header_size(width, height, t->hierarchy_mask);
+        unsigned ref_size = panfrost_tiler_full_size(width, height, t->hierarchy_mask);
+
+        if (!((ref_header == body_offset) && (ref_size == t->polygon_list_size))) {
+                pandecode_msg("XXX: bad polygon list size (expected %d / 0x%x)\n",
+                                ref_header, ref_size);
+                pandecode_prop("polygon_list_size = 0x%x", t->polygon_list_size);
+                pandecode_msg("body offset %d\n", body_offset);
+        }
+
+        /* The tiler heap has a start and end specified -- it should be
+         * identical to what we have in the BO. The exception is if tiling is
+         * disabled. */
 
         MEMORY_PROP(t, heap_start);
+        assert(t->heap_end >= t->heap_start);
 
-        {
-                /* Points to the end of a buffer */
-                char *a = pointer_as_memory_reference(t->heap_end - 1);
-                pandecode_prop("heap_end = %s + 1", a);
-                free(a);
+        struct pandecode_mapped_memory *heap =
+                pandecode_find_mapped_gpu_mem_containing(t->heap_start);
+
+        unsigned heap_size = t->heap_end - t->heap_start;
+
+        /* Tiling is enabled with a special flag */
+        unsigned hierarchy_mask = t->hierarchy_mask & MALI_HIERARCHY_MASK;
+        unsigned tiler_flags = t->hierarchy_mask ^ hierarchy_mask;
+
+        bool tiling_enabled = hierarchy_mask;
+
+        if (tiling_enabled) {
+                /* When tiling is enabled, the heap should be a tight fit */
+                unsigned heap_offset = t->heap_start - heap->gpu_va;
+                if ((heap_offset + heap_size) != heap->length) {
+                        pandecode_msg("XXX: heap size %d (expected %d)\n",
+                                        heap_size, heap->length - heap_offset);
+                }
+
+                /* We should also have no other flags */
+                if (tiler_flags)
+                        pandecode_msg("XXX: unexpected tiler %X\n", tiler_flags);
+        } else {
+                /* When tiling is disabled, we should have that flag and no others */
+
+                if (tiler_flags != MALI_TILER_DISABLED) {
+                        pandecode_msg("XXX: unexpected tiler flag %X, expected MALI_TILER_DISABLED\n",
+                                        tiler_flags);
+                }
+
+                /* We should also have an empty heap */
+                if (heap_size) {
+                        pandecode_msg("XXX: tiler heap size %d given, expected empty\n",
+                                        heap_size);
+                }
+
+                /* Disabled tiling is used only for clear-only jobs, which are
+                 * purely FRAGMENT, so we should never see this for
+                 * non-FRAGMENT descriptors. */
+
+                if (!is_fragment)
+                        pandecode_msg("XXX: tiler disabled for non-FRAGMENT job\n");
         }
 
+        /* We've never seen weights used in practice, but we know from the
+         * kernel these fields is there */
+
         bool nonzero_weights = false;
 
         for (unsigned w = 0; w < ARRAY_SIZE(t->weights); ++w) {
@@ -492,7 +623,7 @@ pandecode_midgard_tiler_descriptor(const struct midgard_tiler_descriptor *t)
 }
 
 static void
-pandecode_sfbd(uint64_t gpu_va, int job_no)
+pandecode_sfbd(uint64_t gpu_va, int job_no, bool is_fragment)
 {
         struct pandecode_mapped_memory *mem = pandecode_find_mapped_gpu_mem_containing(gpu_va);
         const struct mali_single_framebuffer *PANDECODE_PTR_VAR(s, mem, (mali_ptr) gpu_va);
@@ -550,7 +681,7 @@ pandecode_sfbd(uint64_t gpu_va, int job_no)
 
         MEMORY_PROP(s, unknown_address_0);
         const struct midgard_tiler_descriptor t = s->tiler;
-        pandecode_midgard_tiler_descriptor(&t);
+        pandecode_midgard_tiler_descriptor(&t, s->width + 1, s->height + 1, is_fragment);
 
         pandecode_indent--;
         pandecode_log("};\n");
@@ -604,14 +735,118 @@ pandecode_compute_fbd(uint64_t gpu_va, int job_no)
         printf("},\n");
 }
 
+/* Extracts the number of components associated with a Mali format */
+
+static unsigned
+pandecode_format_component_count(enum mali_format fmt)
+{
+        /* Mask out the format class */
+        unsigned top = fmt & 0b11100000;
+
+        switch (top) {
+        case MALI_FORMAT_SNORM:
+        case MALI_FORMAT_UINT:
+        case MALI_FORMAT_UNORM:
+        case MALI_FORMAT_SINT:
+                return ((fmt >> 3) & 3) + 1;
+        default:
+                /* TODO: Validate */
+                return 4;
+        }
+}
+
+/* Extracts a mask of accessed components from a 12-bit Mali swizzle */
+
+static unsigned
+pandecode_access_mask_from_channel_swizzle(unsigned swizzle)
+{
+        unsigned mask = 0;
+        assert(MALI_CHANNEL_RED == 0);
+
+        for (unsigned c = 0; c < 4; ++c) {
+                enum mali_channel chan = (swizzle >> (3*c)) & 0x7;
+
+                if (chan <= MALI_CHANNEL_ALPHA)
+                        mask |= (1 << chan);
+        }
+
+        return mask;
+}
+
+/* Validates that a (format, swizzle) pair is valid, in the sense that the
+ * swizzle doesn't access any components that are undefined in the format.
+ * Returns whether the swizzle is trivial (doesn't do any swizzling) and can be
+ * omitted */
+
+static bool
+pandecode_validate_format_swizzle(enum mali_format fmt, unsigned swizzle)
+{
+        unsigned nr_comp = pandecode_format_component_count(fmt);
+        unsigned access_mask = pandecode_access_mask_from_channel_swizzle(swizzle);
+        unsigned valid_mask = (1 << nr_comp) - 1;
+        unsigned invalid_mask = ~valid_mask;
+
+        if (access_mask & invalid_mask) {
+                pandecode_msg("XXX: invalid components accessed\n");
+                return false;
+        }
+
+        /* Check for the default non-swizzling swizzle so we can suppress
+         * useless printing for the defaults */
+
+        unsigned default_swizzles[4] = {
+                MALI_CHANNEL_RED | (MALI_CHANNEL_ZERO  << 3) | (MALI_CHANNEL_ZERO << 6) | (MALI_CHANNEL_ONE   << 9),
+                MALI_CHANNEL_RED | (MALI_CHANNEL_GREEN << 3) | (MALI_CHANNEL_ZERO << 6) | (MALI_CHANNEL_ONE   << 9),
+                MALI_CHANNEL_RED | (MALI_CHANNEL_GREEN << 3) | (MALI_CHANNEL_BLUE << 6) | (MALI_CHANNEL_ONE   << 9),
+                MALI_CHANNEL_RED | (MALI_CHANNEL_GREEN << 3) | (MALI_CHANNEL_BLUE << 6) | (MALI_CHANNEL_ALPHA << 9)
+        };
+
+        return (swizzle == default_swizzles[nr_comp - 1]);
+}
+
+/* Maps MALI_RGBA32F to rgba32f, etc */
+
 static void
-pandecode_swizzle(unsigned swizzle)
+pandecode_format_short(enum mali_format fmt)
 {
-        pandecode_prop("swizzle = %s | (%s << 3) | (%s << 6) | (%s << 9)",
-                       pandecode_channel((swizzle >> 0) & 0x7),
-                       pandecode_channel((swizzle >> 3) & 0x7),
-                       pandecode_channel((swizzle >> 6) & 0x7),
-                       pandecode_channel((swizzle >> 9) & 0x7));
+        /* We want a type-like format, so cut off the initial MALI_ */
+        char *format = pandecode_format(fmt);
+        format += strlen("MALI_");
+
+        unsigned len = strlen(format);
+        char *lower_format = calloc(1, len + 1);
+
+        for (unsigned i = 0; i < len; ++i)
+                lower_format[i] = tolower(format[i]);
+
+        pandecode_log_cont("%s", lower_format);
+        free(lower_format);
+}
+
+static void
+pandecode_swizzle(unsigned swizzle, enum mali_format format)
+{
+        /* First, do some validation */
+        bool trivial_swizzle = pandecode_validate_format_swizzle(
+                        format, swizzle);
+
+        if (trivial_swizzle)
+                return;
+
+        /* Next, print the swizzle */
+        pandecode_log_cont(".");
+
+        static const char components[] = "rgba01";
+
+        for (unsigned c = 0; c < 4; ++c) {
+                enum mali_channel chan = (swizzle >> (3 * c)) & 0x7;
+
+                if (chan >= MALI_CHANNEL_RESERVED_0) {
+                        pandecode_log("XXX: invalid swizzle channel %d\n", chan);
+                        continue;
+                }
+                pandecode_log_cont("%c", components[chan]);
+        }
 }
 
 static void
@@ -627,6 +862,11 @@ pandecode_rt_format(struct mali_rt_format format)
         pandecode_prop("block = %s",
                        pandecode_mfbd_block_format(format.block));
 
+        /* TODO: Map formats so we can check swizzles and print nicely */
+        pandecode_log("swizzle");
+        pandecode_swizzle(format.swizzle, MALI_RGBA8_UNORM);
+        pandecode_log_cont(",\n");
+
         pandecode_prop("nr_channels = MALI_POSITIVE(%d)",
                        MALI_NEGATIVE(format.nr_channels));
 
@@ -634,9 +874,19 @@ pandecode_rt_format(struct mali_rt_format format)
         pandecode_log_decoded_flags(mfbd_fmt_flag_info, format.flags);
         pandecode_log_cont(",\n");
 
-        pandecode_swizzle(format.swizzle);
+        /* In theory, the no_preload bit can be cleared to enable MFBD preload,
+         * which is a faster hardware-based alternative to the wallpaper method
+         * to preserve framebuffer contents across frames. In practice, MFBD
+         * preload is buggy on Midgard, and so this is a chicken bit. If this
+         * bit isn't set, most likely something broke unrelated to preload */
 
-        pandecode_prop("unk4 = 0x%" PRIx32, format.unk4);
+        if (!format.no_preload) {
+                pandecode_msg("XXX: buggy MFBD preload enabled - chicken bit should be clear\n");
+                pandecode_prop("no_preload = 0x%" PRIx32, format.no_preload);
+        }
+
+        if (format.zero)
+                pandecode_prop("zero = 0x%" PRIx32, format.zero);
 
         pandecode_indent--;
         pandecode_log("},\n");
@@ -672,18 +922,11 @@ pandecode_render_target(uint64_t gpu_va, unsigned job_no, const struct bifrost_f
 
                         pandecode_indent--;
                         pandecode_log("},\n");
-                } else {
-                        pandecode_log(".chunknown = {\n");
-                        pandecode_indent++;
-
-                        pandecode_prop("unk = 0x%" PRIx64, rt->chunknown.unk);
-
-                        char *a = pointer_as_memory_reference(rt->chunknown.pointer);
-                        pandecode_prop("pointer = %s", a);
-                        free(a);
-
-                        pandecode_indent--;
-                        pandecode_log("},\n");
+                } else if (rt->afbc.metadata || rt->afbc.stride || rt->afbc.unk) {
+                        pandecode_msg("XXX: AFBC disabled but AFBC field set (0x%lX, 0x%x, 0x%x)\n",
+                                        rt->afbc.metadata,
+                                        rt->afbc.stride,
+                                        rt->afbc.unk);
                 }
 
                 MEMORY_PROP(rt, framebuffer);
@@ -697,7 +940,7 @@ pandecode_render_target(uint64_t gpu_va, unsigned job_no, const struct bifrost_f
                 }
 
                 if (rt->zero1 || rt->zero2 || rt->zero3) {
-                        pandecode_msg("render target zeros tripped\n");
+                        pandecode_msg("XXX: render target zeros tripped\n");
                         pandecode_prop("zero1 = 0x%" PRIx64, rt->zero1);
                         pandecode_prop("zero2 = 0x%" PRIx32, rt->zero2);
                         pandecode_prop("zero3 = 0x%" PRIx32, rt->zero3);
@@ -712,7 +955,7 @@ pandecode_render_target(uint64_t gpu_va, unsigned job_no, const struct bifrost_f
 }
 
 static unsigned
-pandecode_mfbd_bfr(uint64_t gpu_va, int job_no, bool with_render_targets)
+pandecode_mfbd_bfr(uint64_t gpu_va, int job_no, bool is_fragment)
 {
         struct pandecode_mapped_memory *mem = pandecode_find_mapped_gpu_mem_containing(gpu_va);
         const struct bifrost_framebuffer *PANDECODE_PTR_VAR(fb, mem, (mali_ptr) gpu_va);
@@ -770,16 +1013,23 @@ pandecode_mfbd_bfr(uint64_t gpu_va, int job_no, bool with_render_targets)
         pandecode_log_decoded_flags(mfbd_flag_info, fb->mfbd_flags);
         pandecode_log_cont(",\n");
 
-        pandecode_prop("clear_stencil = 0x%x", fb->clear_stencil);
-        pandecode_prop("clear_depth = %f", fb->clear_depth);
+        if (fb->clear_stencil)
+                pandecode_prop("clear_stencil = 0x%x", fb->clear_stencil);
+
+        if (fb->clear_depth)
+                pandecode_prop("clear_depth = %f", fb->clear_depth);
+
+        /* TODO: What is this? Let's not blow up.. */
+        if (fb->unknown2 != 0x1F)
+                pandecode_prop("unknown2 = 0x%x", fb->unknown2);
 
         pandecode_prop("unknown2 = 0x%x", fb->unknown2);
         MEMORY_PROP(fb, scratchpad);
         const struct midgard_tiler_descriptor t = fb->tiler;
-        pandecode_midgard_tiler_descriptor(&t);
+        pandecode_midgard_tiler_descriptor(&t, fb->width1 + 1, fb->height1 + 1, is_fragment);
 
         if (fb->zero3 || fb->zero4) {
-                pandecode_msg("framebuffer zeros tripped\n");
+                pandecode_msg("XXX: framebuffer zeros tripped\n");
                 pandecode_prop("zero3 = 0x%" PRIx32, fb->zero3);
                 pandecode_prop("zero4 = 0x%" PRIx32, fb->zero4);
         }
@@ -789,7 +1039,7 @@ pandecode_mfbd_bfr(uint64_t gpu_va, int job_no, bool with_render_targets)
 
         gpu_va += sizeof(struct bifrost_framebuffer);
 
-        if ((fb->mfbd_flags & MALI_MFBD_EXTRA) && with_render_targets) {
+        if ((fb->mfbd_flags & MALI_MFBD_EXTRA) && is_fragment) {
                 mem = pandecode_find_mapped_gpu_mem_containing(gpu_va);
                 const struct bifrost_fb_extra *PANDECODE_PTR_VAR(fbx, mem, (mali_ptr) gpu_va);
 
@@ -815,7 +1065,7 @@ pandecode_mfbd_bfr(uint64_t gpu_va, int job_no, bool with_render_targets)
                         MEMORY_PROP_DIR(fbx->ds_afbc, depth_stencil);
 
                         if (fbx->ds_afbc.zero1 || fbx->ds_afbc.padding) {
-                                pandecode_msg("Depth/stencil AFBC zeros tripped\n");
+                                pandecode_msg("XXX: Depth/stencil AFBC zeros tripped\n");
                                 pandecode_prop("zero1 = 0x%" PRIx32,
                                                fbx->ds_afbc.zero1);
                                 pandecode_prop("padding = 0x%" PRIx64,
@@ -843,7 +1093,7 @@ pandecode_mfbd_bfr(uint64_t gpu_va, int job_no, bool with_render_targets)
                         if (fbx->ds_linear.depth_stride_zero ||
                             fbx->ds_linear.stencil_stride_zero ||
                             fbx->ds_linear.zero1 || fbx->ds_linear.zero2) {
-                                pandecode_msg("Depth/stencil zeros tripped\n");
+                                pandecode_msg("XXX: Depth/stencil zeros tripped\n");
                                 pandecode_prop("depth_stride_zero = 0x%x",
                                                fbx->ds_linear.depth_stride_zero);
                                 pandecode_prop("stencil_stride_zero = 0x%x",
@@ -859,7 +1109,7 @@ pandecode_mfbd_bfr(uint64_t gpu_va, int job_no, bool with_render_targets)
                 }
 
                 if (fbx->zero3 || fbx->zero4) {
-                        pandecode_msg("fb_extra zeros tripped\n");
+                        pandecode_msg("XXX: fb_extra zeros tripped\n");
                         pandecode_prop("zero3 = 0x%" PRIx64, fbx->zero3);
                         pandecode_prop("zero4 = 0x%" PRIx64, fbx->zero4);
                 }
@@ -870,7 +1120,7 @@ pandecode_mfbd_bfr(uint64_t gpu_va, int job_no, bool with_render_targets)
                 gpu_va += sizeof(struct bifrost_fb_extra);
         }
 
-        if (with_render_targets)
+        if (is_fragment)
                 pandecode_render_target(gpu_va, job_no, fb);
 
         /* Passback the render target count */
@@ -934,6 +1184,7 @@ pandecode_padded_vertices(unsigned shift, unsigned k)
 static void
 pandecode_magic_divisor(uint32_t magic, unsigned shift, unsigned orig_divisor, unsigned extra)
 {
+#if 0
         /* Compute the modular inverse of `magic` with respect to 2^(32 -
          * shift) the most lame way possible... just repeatedly add.
          * Asymptoptically slow but nobody cares in practice, unless you have
@@ -969,6 +1220,7 @@ pandecode_magic_divisor(uint32_t magic, unsigned shift, unsigned orig_divisor, u
         unsigned padded_num_vertices = inverse / orig_divisor;
 
         pandecode_msg("padded_num_vertices = %d\n", padded_num_vertices);
+#endif
 }
 
 static void
@@ -978,6 +1230,11 @@ pandecode_attributes(const struct pandecode_mapped_memory *mem,
 {
         char *prefix = varying ? "varyings" : "attributes";
 
+        if (!addr) {
+                pandecode_msg("no %s\n", prefix);
+                return;
+        }
+
         union mali_attr *attr = pandecode_fetch_gpu_mem(mem, addr, sizeof(union mali_attr) * count);
 
         char base[128];
@@ -1032,7 +1289,7 @@ pandecode_attributes(const struct pandecode_mapped_memory *mem,
                         pandecode_prop("unk = 0x%x", attr[i].unk);
                         pandecode_prop("magic_divisor = 0x%08x", attr[i].magic_divisor);
                         if (attr[i].zero != 0)
-                                pandecode_prop("zero = 0x%x /* XXX zero tripped */", attr[i].zero);
+                                pandecode_prop("XXX: zero tripped (0x%x)\n", attr[i].zero);
                         pandecode_prop("divisor = %d", attr[i].divisor);
                         pandecode_magic_divisor(attr[i].magic_divisor, attr[i - 1].shift, attr[i].divisor, attr[i - 1].extra_flags);
                         pandecode_indent--;
@@ -1081,7 +1338,7 @@ pandecode_stencil(const char *name, const struct mali_stencil_test *stencil)
         const char *dppass = pandecode_stencil_op(stencil->dppass);
 
         if (stencil->zero)
-                pandecode_msg("Stencil zero tripped: %X\n", stencil->zero);
+                pandecode_msg("XXX: stencil zero tripped: %X\n", stencil->zero);
 
         pandecode_log(".stencil_%s = {\n", name);
         pandecode_indent++;
@@ -1099,7 +1356,7 @@ static void
 pandecode_blend_equation(const struct mali_blend_equation *blend)
 {
         if (blend->zero1)
-                pandecode_msg("Blend zero tripped: %X\n", blend->zero1);
+                pandecode_msg("XXX: blend zero tripped: %X\n", blend->zero1);
 
         pandecode_log(".equation = {\n");
         pandecode_indent++;
@@ -1197,6 +1454,11 @@ pandecode_midgard_blend_mrt(void *descs, int job_no, int rt_no)
         return shader;
 }
 
+/* Attributes and varyings have descriptor records, which contain information
+ * about their format and ordering with the attribute/varying buffers. We'll
+ * want to validate that the combinations specified are self-consistent.
+ */
+
 static int
 pandecode_attribute_meta(int job_no, int count, const struct mali_vertex_tiler_postfix *v, bool varying, char *suffix)
 {
@@ -1217,27 +1479,67 @@ pandecode_attribute_meta(int job_no, int count, const struct mali_vertex_tiler_p
                 attr_meta = pandecode_fetch_gpu_mem(attr_mem, p,
                                                     sizeof(*attr_mem));
 
-                pandecode_log("{\n");
-                pandecode_indent++;
-                pandecode_prop("index = %d", attr_meta->index);
+                /* If the record is discard, it should be zero for everything else */
+
+                if (attr_meta->format == MALI_VARYING_DISCARD) {
+                        uint64_t zero =
+                                attr_meta->index |
+                                attr_meta->unknown1 |
+                                attr_meta->unknown3 |
+                                attr_meta->src_offset;
+
+                        if (zero)
+                                pandecode_msg("XXX: expected empty record for varying discard\n");
+
+                        /* We want to look for a literal 0000 swizzle -- this
+                         * is not encoded with all zeroes, however */
+
+                        enum mali_channel z = MALI_CHANNEL_ZERO;
+                        unsigned zero_swizzle = z | (z << 3) | (z << 6) | (z << 9);
+                        bool good_swizzle = attr_meta->swizzle == zero_swizzle;
+
+                        if (!good_swizzle)
+                                pandecode_msg("XXX: expected zero swizzle for discard\n");
+
+                        if (!varying)
+                                pandecode_msg("XXX: cannot discard attribute\n");
+
+                        /* If we're all good, omit the record */
+                        if (!zero && varying && good_swizzle) {
+                                pandecode_log("/* discarded varying */\n");
+                                continue;
+                        }
+                }
 
                 if (attr_meta->index > max_index)
                         max_index = attr_meta->index;
-                pandecode_swizzle(attr_meta->swizzle);
-                pandecode_prop("format = %s", pandecode_format(attr_meta->format));
 
-                pandecode_prop("unknown1 = 0x%" PRIx64, (u64) attr_meta->unknown1);
-                pandecode_prop("unknown3 = 0x%" PRIx64, (u64) attr_meta->unknown3);
-                pandecode_prop("src_offset = %d", attr_meta->src_offset);
-                pandecode_indent--;
-                pandecode_log("},\n");
+                if (attr_meta->unknown1 != 0x2) {
+                        pandecode_msg("XXX: expected unknown1 = 0x2\n");
+                        pandecode_prop("unknown1 = 0x%" PRIx64, (u64) attr_meta->unknown1);
+                }
+
+                if (attr_meta->unknown3) {
+                        pandecode_msg("XXX: unexpected unknown3 set\n");
+                        pandecode_prop("unknown3 = 0x%" PRIx64, (u64) attr_meta->unknown3);
+                }
+
+                pandecode_make_indent();
+                pandecode_format_short(attr_meta->format);
+                pandecode_log_cont(" %s_%u", prefix, attr_meta->index);
 
+                if (attr_meta->src_offset)
+                        pandecode_log_cont("[%u]", attr_meta->src_offset);
+
+                pandecode_swizzle(attr_meta->swizzle, attr_meta->format);
+
+                pandecode_log_cont(";\n");
         }
 
         pandecode_indent--;
         pandecode_log("};\n");
 
-        return max_index;
+        return count ? (max_index + 1) : 0;
 }
 
 static void
@@ -1275,34 +1577,67 @@ bits(u32 word, u32 lo, u32 hi)
 }
 
 static void
-pandecode_vertex_tiler_prefix(struct mali_vertex_tiler_prefix *p, int job_no)
+pandecode_vertex_tiler_prefix(struct mali_vertex_tiler_prefix *p, int job_no, bool noninstanced)
 {
         pandecode_log_cont("{\n");
         pandecode_indent++;
 
-        pandecode_prop("invocation_count = 0x%" PRIx32, p->invocation_count);
-        pandecode_prop("size_y_shift = %d", p->size_y_shift);
-        pandecode_prop("size_z_shift = %d", p->size_z_shift);
-        pandecode_prop("workgroups_x_shift = %d", p->workgroups_x_shift);
-        pandecode_prop("workgroups_y_shift = %d", p->workgroups_y_shift);
-        pandecode_prop("workgroups_z_shift = %d", p->workgroups_z_shift);
-        pandecode_prop("workgroups_x_shift_2 = 0x%" PRIx32, p->workgroups_x_shift_2);
-
         /* Decode invocation_count. See the comment before the definition of
          * invocation_count for an explanation.
          */
-        pandecode_msg("size: (%d, %d, %d)\n",
-                      bits(p->invocation_count, 0, p->size_y_shift) + 1,
-                      bits(p->invocation_count, p->size_y_shift, p->size_z_shift) + 1,
-                      bits(p->invocation_count, p->size_z_shift,
-                           p->workgroups_x_shift) + 1);
-        pandecode_msg("workgroups: (%d, %d, %d)\n",
-                      bits(p->invocation_count, p->workgroups_x_shift,
-                           p->workgroups_y_shift) + 1,
-                      bits(p->invocation_count, p->workgroups_y_shift,
-                           p->workgroups_z_shift) + 1,
-                      bits(p->invocation_count, p->workgroups_z_shift,
-                           32) + 1);
+
+        unsigned size_x = bits(p->invocation_count, 0, p->size_y_shift) + 1;
+        unsigned size_y = bits(p->invocation_count, p->size_y_shift, p->size_z_shift) + 1;
+        unsigned size_z = bits(p->invocation_count, p->size_z_shift, p->workgroups_x_shift) + 1;
+
+        unsigned groups_x = bits(p->invocation_count, p->workgroups_x_shift, p->workgroups_y_shift) + 1;
+        unsigned groups_y = bits(p->invocation_count, p->workgroups_y_shift, p->workgroups_z_shift) + 1;
+        unsigned groups_z = bits(p->invocation_count, p->workgroups_z_shift, 32) + 1;
+
+        /* Even though we have this decoded, we want to ensure that the
+         * representation is "unique" so we don't lose anything by printing only
+         * the final result. More specifically, we need to check that we were
+         * passed something in canonical form, since the definition per the
+         * hardware is inherently not unique. How? Well, take the resulting
+         * decode and pack it ourselves! If it is bit exact with what we
+         * decoded, we're good to go. */
+
+        struct mali_vertex_tiler_prefix ref;
+        panfrost_pack_work_groups_compute(&ref, groups_x, groups_y, groups_z, size_x, size_y, size_z, noninstanced);
+
+        bool canonical =
+                (p->invocation_count == ref.invocation_count) &&
+                (p->size_y_shift == ref.size_y_shift) &&
+                (p->size_z_shift == ref.size_z_shift) &&
+                (p->workgroups_x_shift == ref.workgroups_x_shift) &&
+                (p->workgroups_y_shift == ref.workgroups_y_shift) &&
+                (p->workgroups_z_shift == ref.workgroups_z_shift) &&
+                (p->workgroups_x_shift_2 == ref.workgroups_x_shift_2);
+
+        if (!canonical) {
+                pandecode_msg("XXX: non-canonical workgroups packing\n");
+                pandecode_msg("expected: %X, %d, %d, %d, %d, %d\n",
+                                ref.invocation_count,
+                                ref.size_y_shift,
+                                ref.size_z_shift,
+                                ref.workgroups_x_shift,
+                                ref.workgroups_y_shift,
+                                ref.workgroups_z_shift,
+                                ref.workgroups_x_shift_2);
+
+                pandecode_prop("invocation_count = 0x%" PRIx32, p->invocation_count);
+                pandecode_prop("size_y_shift = %d", p->size_y_shift);
+                pandecode_prop("size_z_shift = %d", p->size_z_shift);
+                pandecode_prop("workgroups_x_shift = %d", p->workgroups_x_shift);
+                pandecode_prop("workgroups_y_shift = %d", p->workgroups_y_shift);
+                pandecode_prop("workgroups_z_shift = %d", p->workgroups_z_shift);
+                pandecode_prop("workgroups_x_shift_2 = %d", p->workgroups_x_shift_2);
+        }
+
+        /* Regardless, print the decode */
+        pandecode_msg("size (%d, %d, %d), count (%d, %d, %d)\n",
+                        size_x, size_y, size_z,
+                        groups_x, groups_y, groups_z);
 
         /* TODO: Decode */
         if (p->unknown_draw)
@@ -1310,22 +1645,19 @@ pandecode_vertex_tiler_prefix(struct mali_vertex_tiler_prefix *p, int job_no)
 
         pandecode_prop("workgroups_x_shift_3 = 0x%" PRIx32, p->workgroups_x_shift_3);
 
-        pandecode_prop("draw_mode = %s", pandecode_draw_mode(p->draw_mode));
+        if (p->draw_mode != MALI_DRAW_NONE)
+                pandecode_prop("draw_mode = %s", pandecode_draw_mode(p->draw_mode));
 
         /* Index count only exists for tiler jobs anyway */
 
         if (p->index_count)
                 pandecode_prop("index_count = MALI_POSITIVE(%" PRId32 ")", p->index_count + 1);
 
-        if (p->negative_start)
-                pandecode_prop("negative_start = %d", p->negative_start);
+        if (p->offset_bias_correction)
+                pandecode_prop("offset_bias_correction = %d", p->offset_bias_correction);
 
-        DYN_MEMORY_PROP(p, job_no, indices);
-
-        if (p->zero1) {
-                pandecode_msg("Zero tripped\n");
-                pandecode_prop("zero1 = 0x%" PRIx32, p->zero1);
-        }
+        /* TODO: Figure out what this is. It's not zero */
+        pandecode_prop("zero1 = 0x%" PRIx32, p->zero1);
 
         pandecode_indent--;
         pandecode_log("},\n");
@@ -1335,38 +1667,8 @@ static void
 pandecode_uniform_buffers(mali_ptr pubufs, int ubufs_count, int job_no)
 {
         struct pandecode_mapped_memory *umem = pandecode_find_mapped_gpu_mem_containing(pubufs);
-
         struct mali_uniform_buffer_meta *PANDECODE_PTR_VAR(ubufs, umem, pubufs);
 
-        for (int i = 0; i < ubufs_count; i++) {
-                mali_ptr ptr = ubufs[i].ptr << 2;
-                struct pandecode_mapped_memory *umem2 = pandecode_find_mapped_gpu_mem_containing(ptr);
-                uint32_t *PANDECODE_PTR_VAR(ubuf, umem2, ptr);
-                char name[50];
-                snprintf(name, sizeof(name), "ubuf_%d", i);
-                /* The blob uses ubuf 0 to upload internal stuff and
-                 * uniforms that won't fit/are accessed indirectly, so
-                 * it puts it in the batchbuffer.
-                 */
-                pandecode_log("uint32_t %s_%d[] = {\n", name, job_no);
-                pandecode_indent++;
-
-                for (int j = 0; j <= ubufs[i].size; j++) {
-                        for (int k = 0; k < 4; k++) {
-                                if (k == 0)
-                                        pandecode_log("0x%"PRIx32", ", ubuf[4 * j + k]);
-                                else
-                                        pandecode_log_cont("0x%"PRIx32", ", ubuf[4 * j + k]);
-
-                        }
-
-                        pandecode_log_cont("\n");
-                }
-
-                pandecode_indent--;
-                pandecode_log("};\n");
-        }
-
         pandecode_log("struct mali_uniform_buffer_meta uniform_buffers_%"PRIx64"_%d[] = {\n",
                       pubufs, job_no);
         pandecode_indent++;
@@ -1374,10 +1676,18 @@ pandecode_uniform_buffers(mali_ptr pubufs, int ubufs_count, int job_no)
         for (int i = 0; i < ubufs_count; i++) {
                 pandecode_log("{\n");
                 pandecode_indent++;
-                pandecode_prop("size = MALI_POSITIVE(%d)", ubufs[i].size + 1);
-                pandecode_prop("ptr = ubuf_%d_%d_p >> 2", i, job_no);
+
+                unsigned size = (ubufs[i].size + 1) * 16;
+                mali_ptr addr = ubufs[i].ptr << 2;
+
+                pandecode_validate_buffer(addr, size);
+
+                char *ptr = pointer_as_memory_reference(ubufs[i].ptr << 2);
+                pandecode_prop("size = %u", size);
+                pandecode_prop("ptr = (%s) >> 2", ptr);
                 pandecode_indent--;
                 pandecode_log("},\n");
+                free(ptr);
         }
 
         pandecode_indent--;
@@ -1392,8 +1702,10 @@ pandecode_scratchpad(uintptr_t pscratchpad, int job_no, char *suffix)
 
         struct bifrost_scratchpad *PANDECODE_PTR_VAR(scratchpad, mem, pscratchpad);
 
-        if (scratchpad->zero)
-                pandecode_msg("XXX scratchpad zero tripped");
+        if (scratchpad->zero) {
+                pandecode_msg("XXX: scratchpad zero tripped");
+                pandecode_prop("zero = 0x%x\n", scratchpad->zero);
+        }
 
         pandecode_log("struct bifrost_scratchpad scratchpad_%"PRIx64"_%d%s = {\n", pscratchpad, job_no, suffix);
         pandecode_indent++;
@@ -1405,9 +1717,11 @@ pandecode_scratchpad(uintptr_t pscratchpad, int job_no, char *suffix)
         pandecode_log("};\n");
 }
 
+static unsigned shader_id = 0;
+
 static void
 pandecode_shader_disassemble(mali_ptr shader_ptr, int shader_no, int type,
-                             bool is_bifrost)
+                             bool is_bifrost, unsigned nr_regs)
 {
         struct pandecode_mapped_memory *mem = pandecode_find_mapped_gpu_mem_containing(shader_ptr);
         uint8_t *PANDECODE_PTR_VAR(code, mem, shader_ptr);
@@ -1420,10 +1734,16 @@ pandecode_shader_disassemble(mali_ptr shader_ptr, int shader_no, int type,
 
         printf("\n\n");
 
+        char prefix[512];
+
+        snprintf(prefix, sizeof(prefix) - 1, "shader%d - %s shader: ",
+                        shader_id++,
+                        (type == JOB_TYPE_TILER) ? "FRAGMENT" : "VERTEX");
+
         if (is_bifrost) {
                 disassemble_bifrost(code, sz, false);
         } else {
-                disassemble_midgard(code, sz);
+                disassemble_midgard(code, sz, true, nr_regs, prefix);
         }
 
         printf("\n\n");
@@ -1451,7 +1771,7 @@ pandecode_vertex_tiler_postfix_pre(const struct mali_vertex_tiler_postfix *p,
         else if (job_type == JOB_TYPE_COMPUTE)
                 pandecode_compute_fbd((u64) (uintptr_t) p->framebuffer, job_no);
         else
-                pandecode_sfbd((u64) (uintptr_t) p->framebuffer, job_no);
+                pandecode_sfbd((u64) (uintptr_t) p->framebuffer, job_no, false);
 
         int varying_count = 0, attribute_count = 0, uniform_count = 0, uniform_buffer_count = 0;
         int texture_count = 0, sampler_count = 0;
@@ -1473,7 +1793,7 @@ pandecode_vertex_tiler_postfix_pre(const struct mali_vertex_tiler_postfix *p,
                         uniform_count = s->bifrost2.uniform_count;
                         uniform_buffer_count = s->bifrost1.uniform_buffer_count;
                 } else {
-                        uniform_count = s->midgard1.uniform_count;
+                        uniform_count = s->midgard1.uniform_buffer_count;
                         uniform_buffer_count = s->midgard1.uniform_buffer_count;
                 }
 
@@ -1484,6 +1804,8 @@ pandecode_vertex_tiler_postfix_pre(const struct mali_vertex_tiler_postfix *p,
                 pandecode_prop("attribute_count = %" PRId16, s->attribute_count);
                 pandecode_prop("varying_count = %" PRId16, s->varying_count);
 
+                unsigned nr_registers = 0;
+
                 if (is_bifrost) {
                         pandecode_log(".bifrost1 = {\n");
                         pandecode_indent++;
@@ -1500,6 +1822,7 @@ pandecode_vertex_tiler_postfix_pre(const struct mali_vertex_tiler_postfix *p,
                         pandecode_prop("uniform_count = %" PRId16, s->midgard1.uniform_count);
                         pandecode_prop("uniform_buffer_count = %" PRId16, s->midgard1.uniform_buffer_count);
                         pandecode_prop("work_count = %" PRId16, s->midgard1.work_count);
+                        nr_registers = s->midgard1.work_count;
 
                         pandecode_log(".flags = ");
                         pandecode_log_decoded_flags(shader_midgard1_flag_info, s->midgard1.flags);
@@ -1603,12 +1926,13 @@ pandecode_vertex_tiler_postfix_pre(const struct mali_vertex_tiler_postfix *p,
                                 else
                                         shader = pandecode_midgard_blend_mrt(blend_base, job_no, i);
 
-                                if (shader)
-                                        pandecode_shader_disassemble(shader, job_no, job_type, false);
+                                if (shader & ~0xF)
+                                        pandecode_shader_disassemble(shader, job_no, job_type, false, 0);
                         }
                 }
 
-                pandecode_shader_disassemble(shader_ptr, job_no, job_type, is_bifrost);
+                if (shader_ptr & ~0xF)
+                   pandecode_shader_disassemble(shader_ptr, job_no, job_type, is_bifrost, nr_registers);
         } else
                 pandecode_msg("<no shader>\n");
 
@@ -1642,81 +1966,44 @@ pandecode_vertex_tiler_postfix_pre(const struct mali_vertex_tiler_postfix *p,
                 unsigned max_attr_index = pandecode_attribute_meta(job_no, attribute_count, p, false, suffix);
 
                 attr_mem = pandecode_find_mapped_gpu_mem_containing(p->attributes);
-                pandecode_attributes(attr_mem, p->attributes, job_no, suffix, max_attr_index + 1, false);
+                pandecode_attributes(attr_mem, p->attributes, job_no, suffix, max_attr_index, false);
         }
 
         /* Varyings are encoded like attributes but not actually sent; we just
          * pass a zero buffer with the right stride/size set, (or whatever)
          * since the GPU will write to it itself */
 
+        if (p->varying_meta) {
+                varying_count = pandecode_attribute_meta(job_no, varying_count, p, true, suffix);
+        }
+
         if (p->varyings) {
                 attr_mem = pandecode_find_mapped_gpu_mem_containing(p->varyings);
 
                 /* Number of descriptors depends on whether there are
                  * non-internal varyings */
 
-                pandecode_attributes(attr_mem, p->varyings, job_no, suffix, varying_count > 1 ? 4 : 1, true);
-        }
-
-        if (p->varying_meta) {
-                pandecode_attribute_meta(job_no, varying_count, p, true, suffix);
-        }
-
-        bool is_compute = job_type == JOB_TYPE_COMPUTE;
-
-        if (p->uniforms && !is_compute) {
-                int rows = uniform_count, width = 4;
-                size_t sz = rows * width * sizeof(float);
-
-                struct pandecode_mapped_memory *uniform_mem = pandecode_find_mapped_gpu_mem_containing(p->uniforms);
-                pandecode_fetch_gpu_mem(uniform_mem, p->uniforms, sz);
-                u32 *PANDECODE_PTR_VAR(uniforms, uniform_mem, p->uniforms);
-
-                pandecode_log("u32 uniforms_%d%s[] = {\n", job_no, suffix);
-
-                pandecode_indent++;
-
-                for (int row = 0; row < rows; row++) {
-                        for (int i = 0; i < width; i++) {
-                                u32 v = uniforms[i];
-                                float f;
-                                memcpy(&f, &v, sizeof(v));
-                                pandecode_log_cont("%X /* %f */, ", v, f);
-                        }
-
-                        pandecode_log_cont("\n");
-
-                        uniforms += width;
-                }
-
-                pandecode_indent--;
-                pandecode_log("};\n");
-        } else if (p->uniforms) {
-                int rows = uniform_count * 2;
-                size_t sz = rows * sizeof(mali_ptr);
-
-                struct pandecode_mapped_memory *uniform_mem = pandecode_find_mapped_gpu_mem_containing(p->uniforms);
-                pandecode_fetch_gpu_mem(uniform_mem, p->uniforms, sz);
-                mali_ptr *PANDECODE_PTR_VAR(uniforms, uniform_mem, p->uniforms);
-
-                pandecode_log("mali_ptr uniforms_%d%s[] = {\n", job_no, suffix);
-
-                pandecode_indent++;
-
-                for (int row = 0; row < rows; row++) {
-                        char *a = pointer_as_memory_reference(uniforms[row]);
-                        pandecode_log("%s,\n", a);
-                        free(a);
-                }
-
-                pandecode_indent--;
-                pandecode_log("};\n");
-
+                pandecode_attributes(attr_mem, p->varyings, job_no, suffix, varying_count, true);
         }
 
         if (p->uniform_buffers) {
-                pandecode_uniform_buffers(p->uniform_buffers, uniform_buffer_count, job_no);
-        }
+                if (uniform_buffer_count)
+                        pandecode_uniform_buffers(p->uniform_buffers, uniform_buffer_count, job_no);
+                else
+                        pandecode_msg("XXX: UBOs specified but not referenced\n");
+        } else if (uniform_buffer_count)
+                pandecode_msg("XXX: UBOs referenced but not specified\n");
+
+        /* We don't want to actually dump uniforms, but we do need to validate
+         * that the counts we were given are sane */
+
+        if (p->uniforms) {
+                if (uniform_count)
+                        pandecode_validate_buffer(p->uniforms, uniform_count * 16);
+                else
+                        pandecode_msg("XXX: Uniforms specified but not referenced");
+        } else if (uniform_count)
+                pandecode_msg("XXX: UBOs referenced but not specified\n");
 
         if (p->texture_trampoline) {
                 struct pandecode_mapped_memory *mmem = pandecode_find_mapped_gpu_mem_containing(p->texture_trampoline);
@@ -1761,8 +2048,11 @@ pandecode_vertex_tiler_postfix_pre(const struct mali_vertex_tiler_postfix *p,
                                         pandecode_log(".format = {\n");
                                         pandecode_indent++;
 
-                                        pandecode_swizzle(f.swizzle);
-                                        pandecode_prop("format = %s", pandecode_format(f.format));
+                                        pandecode_log(".format = ");
+                                        pandecode_format_short(f.format);
+                                        pandecode_swizzle(f.swizzle, f.format);
+                                        pandecode_log_cont(",\n");
+
                                         pandecode_prop("type = %s", pandecode_texture_type(f.type));
                                         pandecode_prop("srgb = %" PRId32, f.srgb);
                                         pandecode_prop("unknown1 = %" PRId32, f.unknown1);
@@ -1771,11 +2061,9 @@ pandecode_vertex_tiler_postfix_pre(const struct mali_vertex_tiler_postfix *p,
                                         pandecode_indent--;
                                         pandecode_log("},\n");
 
-                                        pandecode_swizzle(t->swizzle);
-
                                         if (t->swizzle_zero) {
                                                 /* Shouldn't happen */
-                                                pandecode_msg("Swizzle zero tripped but replay will be fine anyway");
+                                                pandecode_msg("XXX: swizzle zero tripped\n");
                                                 pandecode_prop("swizzle_zero = %d", t->swizzle_zero);
                                         }
 
@@ -1812,12 +2100,7 @@ pandecode_vertex_tiler_postfix_pre(const struct mali_vertex_tiler_postfix *p,
                                         int max_count = sizeof(t->payload) / sizeof(t->payload[0]);
                                         assert (bitmap_count <= max_count);
 
-                                        /* Dump more to be safe, but not _that_ much more */
-                                        int safe_count = MIN2(bitmap_count * 2, max_count);
-
-                                        for (int i = 0; i < safe_count; ++i) {
-                                                char *prefix = (i >= bitmap_count) ? "// " : "";
-
+                                        for (int i = 0; i < bitmap_count; ++i) {
                                                 /* How we dump depends if this is a stride or a pointer */
 
                                                 if ((f.usage2 & MALI_TEX_MANUAL_STRIDE) && (i & 1)) {
@@ -1826,10 +2109,10 @@ pandecode_vertex_tiler_postfix_pre(const struct mali_vertex_tiler_postfix *p,
                                                         uint32_t clamped_stride = stride_set;
                                                         int32_t stride = clamped_stride;
                                                         assert(stride_set == clamped_stride);
-                                                        pandecode_log("%s(mali_ptr) %d /* stride */, \n", prefix, stride);
+                                                        pandecode_log("(mali_ptr) %d /* stride */, \n", stride);
                                                 } else {
                                                         char *a = pointer_as_memory_reference(t->payload[i]);
-                                                        pandecode_log("%s%s, \n", prefix, a);
+                                                        pandecode_log("%s, \n", a);
                                                         free(a);
                                                 }
                                         }
@@ -1858,11 +2141,9 @@ pandecode_vertex_tiler_postfix_pre(const struct mali_vertex_tiler_postfix *p,
                                 pandecode_log("struct mali_sampler_descriptor sampler_descriptor_%"PRIx64"_%d_%d = {\n", d + sizeof(*s) * i, job_no, i);
                                 pandecode_indent++;
 
-                                /* Only the lower two bits are understood right now; the rest we display as hex */
-                                pandecode_log(".filter_mode = MALI_TEX_MIN(%s) | MALI_TEX_MAG(%s) | 0x%" PRIx32",\n",
-                                              MALI_FILTER_NAME(s->filter_mode & MALI_TEX_MIN_MASK),
-                                              MALI_FILTER_NAME(s->filter_mode & MALI_TEX_MAG_MASK),
-                                              s->filter_mode & ~3);
+                                pandecode_log(".filter_mode = ");
+                                pandecode_log_decoded_flags(sampler_flag_info, s->filter_mode);
+                                pandecode_log_cont(",\n");
 
                                 pandecode_prop("min_lod = FIXED_16(%f)", DECODE_FIXED_16(s->min_lod));
                                 pandecode_prop("max_lod = FIXED_16(%f)", DECODE_FIXED_16(s->max_lod));
@@ -1874,7 +2155,7 @@ pandecode_vertex_tiler_postfix_pre(const struct mali_vertex_tiler_postfix *p,
                                 pandecode_prop("compare_func = %s", pandecode_alt_func(s->compare_func));
 
                                 if (s->zero || s->zero2) {
-                                        pandecode_msg("Zero tripped\n");
+                                        pandecode_msg("XXX: sampler zero tripped\n");
                                         pandecode_prop("zero = 0x%X, 0x%X\n", s->zero, s->zero2);
                                 }
 
@@ -1896,28 +2177,17 @@ pandecode_vertex_tiler_postfix_pre(const struct mali_vertex_tiler_postfix *p,
 static void
 pandecode_vertex_tiler_postfix(const struct mali_vertex_tiler_postfix *p, int job_no, bool is_bifrost)
 {
-        pandecode_log_cont("{\n");
+        if (!(p->position_varying || p->occlusion_counter || p->flags))
+                return;
+
+        pandecode_log(".postfix = {\n");
         pandecode_indent++;
 
         MEMORY_PROP(p, position_varying);
-        DYN_MEMORY_PROP(p, job_no, uniform_buffers);
-        DYN_MEMORY_PROP(p, job_no, texture_trampoline);
-        DYN_MEMORY_PROP(p, job_no, sampler_descriptor);
-        DYN_MEMORY_PROP(p, job_no, uniforms);
-        DYN_MEMORY_PROP(p, job_no, attributes);
-        DYN_MEMORY_PROP(p, job_no, attribute_meta);
-        DYN_MEMORY_PROP(p, job_no, varyings);
-        DYN_MEMORY_PROP(p, job_no, varying_meta);
-        DYN_MEMORY_PROP(p, job_no, viewport);
-        DYN_MEMORY_PROP(p, job_no, occlusion_counter);
+        MEMORY_PROP(p, occlusion_counter);
 
-        if (is_bifrost)
-                pandecode_prop("framebuffer = scratchpad_%d_p", job_no);
-        else
-                pandecode_prop("framebuffer = framebuffer_%d_p | %s", job_no, p->framebuffer & MALI_MFBD ? "MALI_MFBD" : "0");
-
-        pandecode_prop("_shader_upper = (shader_meta_%d_p) >> 4", job_no);
-        pandecode_prop("flags = %d", p->flags);
+        if (p->flags)
+                pandecode_prop("flags = %d", p->flags);
 
         pandecode_indent--;
         pandecode_log("},\n");
@@ -1932,7 +2202,7 @@ pandecode_vertex_only_bfr(struct bifrost_vertex_only *v)
         pandecode_prop("unk2 = 0x%x", v->unk2);
 
         if (v->zero0 || v->zero1) {
-                pandecode_msg("vertex only zero tripped");
+                pandecode_msg("XXX: vertex only zero tripped");
                 pandecode_prop("zero0 = 0x%" PRIx32, v->zero0);
                 pandecode_prop("zero1 = 0x%" PRIx64, v->zero1);
         }
@@ -1952,13 +2222,13 @@ pandecode_tiler_heap_meta(mali_ptr gpu_va, int job_no)
         pandecode_indent++;
 
         if (h->zero) {
-                pandecode_msg("tiler heap zero tripped\n");
+                pandecode_msg("XXX: tiler heap zero tripped\n");
                 pandecode_prop("zero = 0x%x", h->zero);
         }
 
         for (int i = 0; i < 12; i++) {
                 if (h->zeros[i] != 0) {
-                        pandecode_msg("tiler heap zero %d tripped, value %x\n",
+                        pandecode_msg("XXX: tiler heap zero %d tripped, value %x\n",
                                       i, h->zeros[i]);
                 }
         }
@@ -1969,11 +2239,16 @@ pandecode_tiler_heap_meta(mali_ptr gpu_va, int job_no)
 
         /* this might point to the beginning of another buffer, when it's
          * really the end of the tiler heap buffer, so we have to be careful
-         * here.
+         * here. but for zero length, we need the same pointer.
          */
-        char *a = pointer_as_memory_reference(h->tiler_heap_end - 1);
-        pandecode_prop("tiler_heap_end = %s + 1", a);
-        free(a);
+
+        if (h->tiler_heap_end == h->tiler_heap_start) {
+                MEMORY_PROP(h, tiler_heap_start);
+        } else {
+                char *a = pointer_as_memory_reference(h->tiler_heap_end - 1);
+                pandecode_prop("tiler_heap_end = %s + 1", a);
+                free(a);
+        }
 
         pandecode_indent--;
         pandecode_log("};\n");
@@ -1991,7 +2266,7 @@ pandecode_tiler_meta(mali_ptr gpu_va, int job_no)
         pandecode_indent++;
 
         if (t->zero0 || t->zero1) {
-                pandecode_msg("tiler meta zero tripped");
+                pandecode_msg("XXX: tiler meta zero tripped\n");
                 pandecode_prop("zero0 = 0x%" PRIx64, t->zero0);
                 pandecode_prop("zero1 = 0x%" PRIx64, t->zero1);
         }
@@ -2001,11 +2276,10 @@ pandecode_tiler_meta(mali_ptr gpu_va, int job_no)
 
         pandecode_prop("width = MALI_POSITIVE(%d)", t->width + 1);
         pandecode_prop("height = MALI_POSITIVE(%d)", t->height + 1);
-        DYN_MEMORY_PROP(t, job_no, tiler_heap_meta);
 
         for (int i = 0; i < 12; i++) {
                 if (t->zeros[i] != 0) {
-                        pandecode_msg("tiler heap zero %d tripped, value %" PRIx64 "\n",
+                        pandecode_msg("XXX: tiler heap zero %d tripped, value %" PRIx64 "\n",
                                       i, t->zeros[i]);
                 }
         }
@@ -2052,12 +2326,11 @@ pandecode_tiler_only_bfr(const struct bifrost_tiler_only *t, int job_no)
         /* TODO: gl_PointSize on Bifrost */
         pandecode_primitive_size(t->primitive_size, true);
 
-        DYN_MEMORY_PROP(t, job_no, tiler_meta);
         pandecode_gl_enables(t->gl_enables, JOB_TYPE_TILER);
 
         if (t->zero1 || t->zero2 || t->zero3 || t->zero4 || t->zero5
             || t->zero6 || t->zero7 || t->zero8) {
-                pandecode_msg("tiler only zero tripped");
+                pandecode_msg("XXX: tiler only zero tripped\n");
                 pandecode_prop("zero1 = 0x%" PRIx64, t->zero1);
                 pandecode_prop("zero2 = 0x%" PRIx64, t->zero2);
                 pandecode_prop("zero3 = 0x%" PRIx64, t->zero3);
@@ -2085,12 +2358,11 @@ pandecode_vertex_job_bfr(const struct mali_job_descriptor_header *h,
         pandecode_indent++;
 
         pandecode_log(".prefix = ");
-        pandecode_vertex_tiler_prefix(&v->prefix, job_no);
+        pandecode_vertex_tiler_prefix(&v->prefix, job_no, false);
 
         pandecode_log(".vertex = ");
         pandecode_vertex_only_bfr(&v->vertex);
 
-        pandecode_log(".postfix = ");
         pandecode_vertex_tiler_postfix(&v->postfix, job_no, true);
 
         pandecode_indent--;
@@ -2115,12 +2387,11 @@ pandecode_tiler_job_bfr(const struct mali_job_descriptor_header *h,
         pandecode_indent++;
 
         pandecode_log(".prefix = ");
-        pandecode_vertex_tiler_prefix(&t->prefix, job_no);
+        pandecode_vertex_tiler_prefix(&t->prefix, job_no, false);
 
         pandecode_log(".tiler = ");
         pandecode_tiler_only_bfr(&t->tiler, job_no);
 
-        pandecode_log(".postfix = ");
         pandecode_vertex_tiler_postfix(&t->postfix, job_no, true);
 
         pandecode_indent--;
@@ -2146,8 +2417,11 @@ pandecode_vertex_or_tiler_job_mdg(const struct mali_job_descriptor_header *h,
         bool has_primitive_pointer = v->prefix.unknown_draw & MALI_DRAW_VARYING_SIZE;
         pandecode_primitive_size(v->primitive_size, !has_primitive_pointer);
 
+        bool instanced = v->instance_shift || v->instance_odd;
+        bool is_graphics = (h->job_type == JOB_TYPE_VERTEX) || (h->job_type == JOB_TYPE_TILER);
+
         pandecode_log(".prefix = ");
-        pandecode_vertex_tiler_prefix(&v->prefix, job_no);
+        pandecode_vertex_tiler_prefix(&v->prefix, job_no, !instanced && is_graphics);
 
         pandecode_gl_enables(v->gl_enables, h->job_type);
 
@@ -2160,15 +2434,14 @@ pandecode_vertex_or_tiler_job_mdg(const struct mali_job_descriptor_header *h,
                 pandecode_padded_vertices(v->instance_shift, v->instance_odd);
         }
 
-        if (v->draw_start)
-                pandecode_prop("draw_start = %d", v->draw_start);
+        if (v->offset_start)
+                pandecode_prop("offset_start = %d", v->offset_start);
 
         if (v->zero5) {
-                pandecode_msg("Zero tripped\n");
+                pandecode_msg("XXX: midgard payload zero tripped\n");
                 pandecode_prop("zero5 = 0x%" PRIx64, v->zero5);
         }
 
-        pandecode_log(".postfix = ");
         pandecode_vertex_tiler_postfix(&v->postfix, job_no, false);
 
         pandecode_indent--;
@@ -2195,7 +2468,7 @@ pandecode_fragment_job(const struct pandecode_mapped_memory *mem,
                  * including Gxx). In any event, there's some field shuffling
                  * that we haven't looked into yet. */
 
-                pandecode_sfbd(s->framebuffer & FBD_MASK, job_no);
+                pandecode_sfbd(s->framebuffer & FBD_MASK, job_no, true);
                 fbd_dumped = true;
         } else if ((s->framebuffer & FBD_TYPE) == MALI_MFBD) {
                 /* We don't know if Bifrost supports SFBD's at all, since the
@@ -2233,10 +2506,15 @@ pandecode_fragment_job(const struct pandecode_mapped_memory *mem,
 
         const char *fbd_type = s->framebuffer & MALI_MFBD ? "MALI_MFBD" : "MALI_SFBD";
 
+        /* TODO: Decode */
+        unsigned extra_flags = (s->framebuffer & ~FBD_MASK) & ~MALI_MFBD;
+
         if (fbd_dumped)
-                pandecode_prop("framebuffer = framebuffer_%d_p | %s", job_no, fbd_type);
+                pandecode_prop("framebuffer = framebuffer_%d_p | %s | 0x%X", job_no,
+                                fbd_type, extra_flags);
         else
-                pandecode_prop("framebuffer = %s | %s", pointer_as_memory_reference(p), fbd_type);
+                pandecode_prop("framebuffer = %s | %s | 0x%X", pointer_as_memory_reference(p),
+                                fbd_type, extra_flags);
 
         pandecode_indent--;
         pandecode_log("};\n");
@@ -2291,11 +2569,11 @@ pandecode_jc(mali_ptr jc_gpu_va, bool bifrost)
                 if (h->job_descriptor_size)
                         pandecode_prop("job_descriptor_size = %d", h->job_descriptor_size);
 
-                if (h->exception_status != 0x1)
-                        pandecode_prop("exception_status = %x (source ID: 0x%x access: 0x%x exception: 0x%x)",
+                if (h->exception_status && h->exception_status != 0x1)
+                        pandecode_prop("exception_status = %x (source ID: 0x%x access: %s exception: 0x%x)",
                                        h->exception_status,
                                        (h->exception_status >> 16) & 0xFFFF,
-                                       (h->exception_status >> 8) & 0x3,
+                                       pandecode_exception_access((h->exception_status >> 8) & 0x3),
                                        h->exception_status  & 0xFF);
 
                 if (h->first_incomplete_task)