Closed Bug 1724716 Opened 4 years ago Closed 4 years ago

jsshell fails to start if Wasm SIMD is disabled

Categories

(Core :: JavaScript: WebAssembly, defect, P3)

Product:
Core
Component:
JavaScript: WebAssembly
Platform:
x86_64
Unspecified
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
93 Branch
Tracking Flags:
Tracking Status
firefox93 --- fixed

People

(Reporter: yury, Assigned: yury)

Details

Attachments

(1 file)

Bug 1724716 - Reduce set in PushRegsInMaskSizeInBytes. r?jseward
48 bytes, text/x-phabricator-request
Details | Review

There is

Assertion failure: framePushed() - framePushedInitial == PushRegsInMaskSizeInBytes(set), at ./mozilla-unified/js/src/jit/x86-shared/MacroAssembler-x86-shared.cpp:445

when ac_add_options --disable-wasm-simd is used

Well, "defect". I guess so :-)

Severity: -- → S4
Priority: -- → P3

The invariants around stack-dump layout are fragile and are documented
at jit/MacroAssembler.h:393 and after. Can you give some background here
about why the failure occurs and why the fix is correct? And does the fix
observe those documented invariants?

The problem is that in the PushRegsInMask the push size is calculated based on the reduced FPU set of registers. Though the assert is using PushRegsInMaskSizeInBytes, which calculates size based on non-reduced FPU set. The patch changes logic of PushRegsInMaskSizeInBytes to make asserts in PushRegsInMask and friends happy, and that is what required by invariant documented in MacroAssembler.h.

Thanks for the clarifications.

Pushed by ydelendik@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/417d86db010f Reduce set in PushRegsInMaskSizeInBytes. r=jseward

https://hg.mozilla.org/mozilla-central/rev/417d86db010f

Status: NEW → RESOLVED
Closed: 4 years ago
status-firefox93: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 93 Branch
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: