Closed
Bug 1096651
Opened 10 years ago
Closed 10 years ago
Wrong CPU features detection on some x86 CPUs
Categories
(Core :: JavaScript Engine: JIT, defect)
Core
JavaScript Engine: JIT
Tracking
()
RESOLVED
FIXED
mozilla36
People
(Reporter: glandium, Assigned: glandium)
Details
Attachments
(2 files)
|
1.19 KB,
patch
|
luke
:
review+
lmandel
:
approval-mozilla-aurora+
lmandel
:
approval-mozilla-beta+
|
Details | Diff | Splinter Review |
|
2.19 KB,
patch
|
luke
:
review+
bkerensa
:
approval-mozilla-esr31+
|
Details | Diff | Splinter Review |
I got a report from a Debian user that was getting JIT illegal instruction crashes on a very old CPU since he upgraded from esr24 to esr31.
After some investigation, it turns out the JIT thinks his CPU has support for SSE3, which it doesn't. It doesn't even have SSE. I suspect his CPU's cpuid reports something that doesn't quite match the current spec. My guess is that this would be worked around by making SSE3 only detected if SSE2 is detected as well.
I'm waiting for the exact values cpuid is returning on his CPU. /proc/cpuinfo reads:
processor : 0
vendor_id : CyrixInstead
cpu family : 6
model : 2
model name : M II 3x Core/Bus Clock
stepping : 4
cpu MHz : 225.016
fdiv_bug : no
hlt_bug : no
f00f_bug : no
coma_bug : no
fpu : yes
fpu_exception : yes
cpuid level : 1
wp : yes
flags : fpu de tsc msr cx8 pge cmov mmx cyrix_arr
bogomips : 450.03
clflush size : 32
cache_alignment : 32
address sizes : 32 bits physical, 32 bits virtual
power management:
|
Assignee | |
Comment 1•10 years ago
|
||
Attachment #8520997 -
Flags: review?(luke)
|
|
Assignee | |
Updated•10 years ago
|
Assignee: nobody → mh+mozilla
Status: NEW → ASSIGNED
|
|
Assignee | |
Comment 2•10 years ago
|
||
Attachment #8521011 -
Flags: review?(luke)
|
||
Comment 3•10 years ago
|
||
As a heads up, :sunfish also has a patch for this on try: https://hg.mozilla.org/try/rev/100c6b5c69e4
I don't know whether it also solves the problem reported here, since it's just based on the description in comment #0.
|
|
Assignee | |
Comment 4•10 years ago
|
||
(In reply to Emanuel Hoogeveen [:ehoogeveen] from comment #3)
> As a heads up, :sunfish also has a patch for this on try:
> https://hg.mozilla.org/try/rev/100c6b5c69e4
>
> I don't know whether it also solves the problem reported here, since it's
> just based on the description in comment #0.
That patch would still misidentify avx support, since the root problem is that ecx is containing random bits.
|
|
Assignee | |
Comment 5•10 years ago
|
||
Ah no, it would work because of the && maxSSEVersion >= SSE. Clobbering ecx is easier, though.
|
||
Comment 6•10 years ago
|
||
Comment on attachment 8520997 [details] [diff] [review]
Avoid using random bits when determining SSE3/SSE4 availability for the JIT
Nice job tracking that down.
Attachment #8520997 -
Flags: review?(luke) → review+
|
|
||
Updated•10 years ago
|
Attachment #8521011 -
Flags: review?(luke) → review+
|
||
Comment 7•10 years ago
|
||
Cool; this is a better patch than mine.
|
|
Assignee | |
Comment 8•10 years ago
|
||
|
|
Assignee | |
Comment 9•10 years ago
|
||
Comment on attachment 8520997 [details] [diff] [review]
Avoid using random bits when determining SSE3/SSE4 availability for the JIT
Approval Request Comment
[User impact if declined]: Crashes with "illegal instruction" on machines using old CPUs.
[Risks and why]: None. The only change is to reset a CPU register before calling the cpuid instruction, which doesn't use that register as input but as output. The problem being fixed is that some CPU's cpuid instruction doesn't set that register at all, so we get whatever the value of the register was before calling cpuid. With this patch, the value is fixed and doesn't have the side effect to enable features that the CPU won't support, like SSE3. If it builds, it can't break anything.
[String/UUID change made/needed]: None
Attachment #8520997 -
Flags: approval-mozilla-beta?
Attachment #8520997 -
Flags: approval-mozilla-aurora?
|
|
Assignee | |
Comment 10•10 years ago
|
||
Comment on attachment 8521011 [details] [diff] [review]
Backport for esr31
[Approval Request Comment]
See beta/aurora approval request. There is an additional risk with this patch, though, in that the patch is different. The worst that can happen is that it fails to build because of a typo. Specifically, I'm not entirely sure there shouldn't be a ; in the first patch hunk.
Attachment #8521011 -
Flags: approval-mozilla-esr31?
|
||
Updated•10 years ago
|
Attachment #8521011 -
Flags: approval-mozilla-esr31? → approval-mozilla-esr31+
|
|
||
Updated•10 years ago
|
status-firefox-esr31:
--- → affected
tracking-firefox-esr31:
--- → 34+
|
||
Comment 11•10 years ago
|
||
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla36
|
||
Comment 12•10 years ago
|
||
|
||
Comment 13•10 years ago
|
||
Comment on attachment 8520997 [details] [diff] [review]
Avoid using random bits when determining SSE3/SSE4 availability for the JIT
Beta+
Aurora+
Attachment #8520997 -
Flags: approval-mozilla-beta?
Attachment #8520997 -
Flags: approval-mozilla-beta+
Attachment #8520997 -
Flags: approval-mozilla-aurora?
Attachment #8520997 -
Flags: approval-mozilla-aurora+
|
|
||
Comment 14•10 years ago
|
||
|
||
Comment 15•10 years ago
|
||
I'm going to mark this as qe‑verify- as this issue needs a specific CPU that only supports Streaming SIMD Extensions 2 (SSE2) which unfortunately I don't have :/ I tried searching to see if I could some how emulate a SSE2 CPU via VMware Fusion but it seems like fusion doesn't emulate CPU's.. (you need the higher end enterprise software for that capability)
Mike, if there's any other way I can test this to see if it's been fixed, please let me know and I'll gladly take another look! Perhaps we can get the original reporter to try it on his Debian machine and see if the issue is fixed for him?
Flags: qe-verify-
|
|
Assignee | |
Comment 16•10 years ago
|
||
(In reply to Kamil Jozwiak [:kjozwiak] from comment #15)
> I'm going to mark this as qe‑verify- as this issue needs a specific CPU that
> only supports Streaming SIMD Extensions 2 (SSE2) which unfortunately I don't
> have :/ I tried searching to see if I could some how emulate a SSE2 CPU via
> VMware Fusion but it seems like fusion doesn't emulate CPU's.. (you need the
> higher end enterprise software for that capability)
Worse than that, you need a specific CPU that doesn't set ecx with its cpuid instruction.
> Mike, if there's any other way I can test this to see if it's been fixed,
> please let me know and I'll gladly take another look! Perhaps we can get the
> original reporter to try it on his Debian machine and see if the issue is
> fixed for him?
I got confirmation that this fixed it for him.
|
|
||
Comment 17•10 years ago
|
||
> I got confirmation that this fixed it for him.
Awesome, thanks!
|
||
Comment 18•9 years ago
|
||
Why wasn't the same fix applied to the windows branch of the conditional? Just asking so that I can determine how to apply this to bug 1263495.
Flags: needinfo?(mh+mozilla)
|
|
||
Comment 19•9 years ago
|
||
Sorry, my bad, I'm not reading this right, the JS_CODEGEN_X64 branch doesn't have the fix, but that's still gcc.
Flags: needinfo?(mh+mozilla)
|
|
Assignee | |
Comment 20•9 years ago
|
||
Presumably, x64 CPUs are well-behaved.
You need to log in
before you can comment on or make changes to this bug.
Description
•