1214121 - Failing with generic baseline getprop stub

Status: RESOLVED INVALID

(Core :: JavaScript Engine: JIT, defect)

Description

[Hannes Verschore [:h4writer]]

When I was looking into making shared stubs out of getprop I tried using only the generic getprop stub. Somehow this gives me errors?
Assertion failure: fop->runtime()->gc.nursery.isEmpty(), at /home/h4writer/Build/mozilla-inbound/js/src/jit/BaselineJIT.cpp:472
Are we certain that the generic getprop stub works in all conditions?

h4writer@h4writer-ThinkPad-W530:~/Build/mozilla-inbound/js/src$ JIT_OPTION_forceinlineCaches=true JIT_OPTION_disableSharedStubs=false gdb --args $JS/dist/bin/js --baseline-eager jit-test/tests/basic/testBug895774.js
GNU gdb (Ubuntu 7.7.1-0ubuntu5~14.04.2) 7.7.1
Copyright (C) 2014 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "i686-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /home/h4writer/Build/mozilla-inbound/js/src/build-32-debug-opt/dist/bin/js...done.
rwarning: File "/home/h4writer/Build/mozilla-inbound/js/src/build-32-debug-opt/js/src/shell/js-gdb.py" auto-loading has been declined by your `auto-load safe-path' set to "$debugdir:$datadir/auto-load".
To enable execution of this file add
        add-auto-load-safe-path /home/h4writer/Build/mozilla-inbound/js/src/build-32-debug-opt/js/src/shell/js-gdb.py
line to your configuration file "/home/h4writer/.gdbinit".
To completely disable this security protection add
        set auto-load safe-path /
line to your configuration file "/home/h4writer/.gdbinit".
For more information about this security protection see the
"Auto-loading safe path" section in the GDB manual.  E.g., run from the shell:
        info "(gdb)Auto-loading safe path"
(gdb) run
Starting program: /home/h4writer/Build/mozilla-inbound/js/src/build-32-debug-opt/dist/bin/js --baseline-eager jit-test/tests/basic/testBug895774.js
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
Traceback (most recent call last):
  File "/usr/share/gdb/auto-load/usr/lib/i386-linux-gnu/libstdc++.so.6.0.19-gdb.py", line 63, in <module>
    from libstdcxx.v6.printers import register_libstdcxx_printers
ImportError: No module named 'libstdcxx'
[New Thread 0xb76ceb40 (LWP 29752)]
[New Thread 0xb74cdb40 (LWP 29753)]
[New Thread 0xb72ccb40 (LWP 29754)]
[New Thread 0xb70cbb40 (LWP 29755)]
[New Thread 0xb6ecab40 (LWP 29756)]
[New Thread 0xb6cc9b40 (LWP 29757)]
[New Thread 0xb6ac8b40 (LWP 29758)]
[New Thread 0xb68c7b40 (LWP 29759)]
[New Thread 0xb66c6b40 (LWP 29760)]
[New Thread 0xb64c5b40 (LWP 29761)]
[New Thread 0xb62c4b40 (LWP 29762)]
[New Thread 0xb60c3b40 (LWP 29763)]
Assertion failure: fop->runtime()->gc.nursery.isEmpty(), at /home/h4writer/Build/mozilla-inbound/js/src/jit/BaselineJIT.cpp:472

Program received signal SIGSEGV, Segmentation fault.
0x080a48c6 in js::jit::BaselineScript::Destroy (script=<optimized out>, fop=<optimized out>) at /home/h4writer/Build/mozilla-inbound/js/src/jit/BaselineJIT.cpp:472
472         MOZ_ASSERT(fop->runtime()->gc.nursery.isEmpty());

Comment 1

[Hannes Verschore [:h4writer]]

Attachment: Patch to force issue

This is the patch I used to always use the generic stub.

Comment 2

[Hannes Verschore [:h4writer]]

The patch caused the ICGetProp_Generic::Compiler to not be in a scope, getting hoisted. As a result the ICStubCompiler::AutoSuppressGC was enabled for the whole function.