Closed Bug 1500120 Opened 11 months ago Closed 11 months ago

struct.narrow generates an invalid stack

Categories

(Core :: Javascript: WebAssembly, enhancement, P3)

enhancement

Tracking

()

RESOLVED FIXED
mozilla64
Tracking Status
firefox64 --- fixed

People

(Reporter: lth, Assigned: lth)

References

Details

Attachments

(1 file)

Rabaldr has a hard time expressing advanced control flow because things that are conditionally executed in the generated code are frequently unconditionally executed in the compiler, and the compiler's stack and the run-time stack thus go out of sync.  struct.narrow has this problem, it uses the pattern:

   Reg r = pop()
   push(immediate)
   masm.jump(done)
   masm.bind(around)
   push(some other stuff)
   masm.bind(done)

Here we end up with a stack in the compiler that has /both/ the immedate /and/ the other stuff.

The standard workaround is to instead target a joint result register, at the expense of a little extra data movement.
Actually the code is also wrong because emitStructNarrow calls emitInstanceCall, but only along one path, and so we will sync along one path and not along the other.  I keep meaning to add a AutoDidYouRememberToSyncAlongOtherPaths RIIA class to pass to emitInstanceCall to reduce the chance of this recurring snafu, but who has the time -- we're too busy programming.
Attachment #9018309 - Flags: review?(bbouvier)
Comment on attachment 9018309 [details] [diff] [review]
bug1500120-simplify-narrowing.patch

Review of attachment 9018309 [details] [diff] [review]:
-----------------------------------------------------------------

Oh boy.
Attachment #9018309 - Flags: review?(bbouvier) → review+
Pushed by lhansen@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/a25a1dd8a9f5
fix compiler state for struct.narrow.  r=bbouvier
https://hg.mozilla.org/mozilla-central/rev/a25a1dd8a9f5
Status: ASSIGNED → RESOLVED
Closed: 11 months ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla64
You need to log in before you can comment on or make changes to this bug.