Closed
Bug 1495916
Opened 6 years ago
Closed 6 years ago
Fix Bailouts in ARM64
Categories
(Core :: JavaScript Engine: JIT, defect, P2)
Tracking
()
RESOLVED
FIXED
mozilla64
Tracking | Status | |
---|---|---|
firefox64 | --- | fixed |
People
(Reporter: sstangl, Assigned: sstangl)
References
(Blocks 1 open bug)
Details
Attachments
(1 file, 1 obsolete file)
9.21 KB,
patch
|
sstangl
:
review+
|
Details | Diff | Splinter Review |
The bailout code in ARM64 was broken, which manifested as a failure on every test that uses "--ion-eager --ion-offthread-compile=off" -- roughly 12,000 jit-test failures. There were a number of problems. Discovering them took a while. The general strategy used was to place sentinel values on the stack and see how they mismatch with expected locations in the Bailout() handler. The problems this fixes are: 1. The ARM64 code wasn't actually pushing all the registers, causing an off-by-32 error. 2. The ARM64 code wasn't pushing frameSize_. 3. The bailout handler return code was just wrong. For testing, it looks like this behaves correctly for basic/FPQuadCmp.js, but unfortunately that test still fails for other reasons that should be addressed elsewhere. I attempted to leave comments that would be helpful to myself in the case of having to reverse-engineer how this works again.
Attachment #9013859 -
Flags: review?(jdemooij)
Assignee | ||
Comment 1•6 years ago
|
||
The #ifdef DEBUG code in PushBailoutFrame() isn't needed anymore, since the number of registers pushed is static.
Updated•6 years ago
|
Attachment #9013859 -
Flags: review?(jdemooij) → review+
Updated•6 years ago
|
Priority: -- → P2
Assignee | ||
Comment 2•6 years ago
|
||
Attachment #9013859 -
Attachment is obsolete: true
Attachment #9015690 -
Flags: review+
Assignee | ||
Updated•6 years ago
|
Keywords: checkin-needed
Pushed by ryanvm@gmail.com: https://hg.mozilla.org/integration/autoland/rev/acf3ccc27e1e Fix bailouts in ARM64. r=jandem
Keywords: checkin-needed
Comment 4•6 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/acf3ccc27e1e
Status: NEW → RESOLVED
Closed: 6 years ago
status-firefox64:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla64
You need to log in
before you can comment on or make changes to this bug.
Description
•