Closed
Bug 1127781
Opened 11 years ago
Closed 9 years ago
MIPS: jasapi-tests crash (null pointer)
Categories
(Core :: JavaScript Engine: JIT, defect, P5)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: lth, Assigned: hev)
References
Details
Create a MIPS debug build (jsshell only) with the simulator.
From the build directory:
cd dist/bin
./jsapi-tests
Crashes:
testProfileStrings_worksWhenEnabledOnTheFly
Assertion failure: from.isMemory(), at /home/lth/moz/mozilla-inbound/js/src/jit/mips/MoveEmitter-mips.cpp:274
Segmentation fault
|
Assignee | |
Comment 1•11 years ago
|
||
Hi, This problem fixed in Bug 1128804.
|
Reporter | |
Comment 2•11 years ago
|
||
(In reply to Heiher from comment #1)
> Hi, This problem fixed in Bug 1128804.
Alas it may not be quite fixed - or at least, something is still broken. Once I fix the compile error described below (this is on this morning's mozilla-inbound), the mips simulator runs a lot of the jsapi-tests but then crashes with a segmentation fault:
testNewRuntime
Test new runtime: started
Segmentation fault
The compilation error:
js/src/jsapi-tests/testJitMoveEmitterCycles-mips.cpp:72:8: error: ‘JitCode’ does not name a type
static JitCode *
^
js/src/jsapi-tests/testJitMoveEmitterCycles-mips.cpp: In member function ‘virtual bool cls_testJitMoveEmitterCycles_simple::run(JS::HandleObject)’:
js/src/jsapi-tests/testJitMoveEmitterCycles-mips.cpp:112:46: error: ‘linkAndAllocate’ was not declared in this scope
JitCode *code = linkAndAllocate(cx, &masm);
That file needs this at the top, or something similar:
using namespace js;
using namespace js::jit;
|
|
Reporter | |
Comment 3•10 years ago
|
||
Just checking in :)
I needed to fix a trivial compile error before I could test. After that:
build-mips$ cd dist/bin
bin$ ./jsapi-tests
...
TEST-PASS | testObjectEmulatingUndefined_truthy | ok
testNewRuntime
Test new runtime: started
Segmentation fault: 11
Appears the simulator is trying to destroy a lock object that is a null pointer, see the call to PR_DestroyLock below:
* thread #1: tid = 0x2297fe, 0x9abaa625 libsystem_platform.dylib`OSSpinLockLock + 11, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x4)
frame #0: 0x9abaa625 libsystem_platform.dylib`OSSpinLockLock + 11
libsystem_platform.dylib`OSSpinLockLock:
-> 0x9abaa625 <+11>: lock
0x9abaa626 <+12>: cmpxchgl %edx, (%ecx)
0x9abaa629 <+15>: testl %eax, %eax
0x9abaa62b <+17>: je 0x9abaa632 ; <+24>
(lldb) bt
* thread #1: tid = 0x2297fe, 0x9abaa625 libsystem_platform.dylib`OSSpinLockLock + 11, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x4)
* frame #0: 0x9abaa625 libsystem_platform.dylib`OSSpinLockLock + 11
frame #1: 0x9706aaf7 libsystem_pthread.dylib`pthread_mutex_destroy + 23
frame #2: 0x0041667f jsapi-tests`PR_DestroyLock(lock=0x00000000) + 31 at PosixNSPR.cpp:249
frame #3: 0x00c0f641 jsapi-tests`js::jit::Simulator::~Simulator(this=0x02625000) + 49 at Simulator-mips32.cpp:1381
frame #4: 0x00c0f6d7 jsapi-tests`js::jit::Simulator::~Simulator(this=0x02625000) + 23 at Simulator-mips32.cpp:1379
frame #5: 0x00c0c2f4 jsapi-tests`void js_delete<js::jit::Simulator>(p=0x02625000) + 36 at Utility.h:254
frame #6: 0x00c0c0a0 jsapi-tests`js::jit::Simulator::Create() + 80 at Simulator-mips32.cpp:526
frame #7: 0x005729b9 jsapi-tests`JSRuntime::init(this=0x02221000, maxbytes=8388608, maxNurseryBytes=16777216) + 1177 at Runtime.cpp:336
frame #8: 0x00c395a5 jsapi-tests`JS_NewRuntime(maxbytes=8388608, maxNurseryBytes=16777216, parentRuntime=0x00000000) + 341 at jsapi.cpp:674
frame #9: 0x000b44eb jsapi-tests`cls_testNewRuntime::run(this=0x00f348c8, global=JS::HandleObject at 0xbffffae4) + 171 at testOOM.cpp:59
frame #10: 0x000e938c jsapi-tests`main(argc=1, argv=0xbffffbb4) + 412 at tests.cpp:124
frame #11: 0x00001c15 jsapi-tests`start + 53
|
|
Reporter | |
Updated•10 years ago
|
Summary: MIPS assembler crashes while compiling for jasapi-tests → MIPS: jasapi-tests crash (null pointer)
|
|
Assignee | |
Updated•10 years ago
|
Assignee: nobody → r
|
|
Reporter | |
Updated•9 years ago
|
Priority: -- → P5
|
|
Reporter | |
Comment 4•9 years ago
|
||
When I run jsapi-tests now this no longer crashes so I will close the bug.
However, there is one failure during the jsapi-tests run (with the 32-bit mips simulator) that should perhaps be investigated, but one assumes this is either a simulator problem or that it will be caught in other testing:
testJitRegisterSet_FPU
/Users/lhansen/moz/mozilla-inbound/js/src/jsapi-tests/testJitRegisterSet.cpp:116:CHECK failed: pool.empty()
TEST-UNEXPECTED-FAIL | testJitRegisterSet_FPU | CHECK failed: pool.empty()
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•