Closed
Bug 477228
Opened 16 years ago
Closed 16 years ago
Attempting to modify read-only Number.NEGATIVE_INFINITY crashes vm
Categories
(Tamarin Graveyard :: Baseline JIT (CodegenLIR), defect, P3)
Tamarin Graveyard
Baseline JIT (CodegenLIR)
ARM
Windows Mobile 6 Professional
Tracking
(Not tracked)
VERIFIED
FIXED
flash10.1
People
(Reporter: brbaker, Assigned: rreitmai)
References
Details
Attachments
(2 files)
|
617 bytes,
patch
|
edwsmith
:
review+
|
Details | Diff | Splinter Review |
|
6.34 KB,
patch
|
edwsmith
:
review+
|
Details | Diff | Splinter Review |
ecma3/Number/e15_7_3_5_3_rt should produce a runtime error that you can't write to a ready-only property but instead is now crashing the VM.
This is a nanojit issue as it produces the proper error when running in -Dinterp
Number.NEGATIVE_INFINITY=0;
Flags: in-testsuite+
Flags: flashplayer-triage+
Flags: flashplayer-qrb?
|
Reporter | |
Comment 1•16 years ago
|
||
Added expectedfail to the acceptance/testconfig.txt (1407:0c0f3cf40ad0)
|
||
Updated•16 years ago
|
Assignee: nobody → edwsmith
Status: NEW → ASSIGNED
Flags: flashplayer-qrb? → flashplayer-qrb+
Priority: -- → P3
Target Milestone: --- → flash10.x
|
|
||
Comment 2•16 years ago
|
||
not a blocking issue for 469836; arm nanojit is new so this is not a regression for this platform.
No longer blocks: 469836
|
||
Updated•16 years ago
|
Assignee: edwsmith → rreitmai
|
Assignee | |
Comment 3•16 years ago
|
||
not easy to isolate out of test scripts...
|
|
Reporter | |
Comment 4•16 years ago
|
||
Agreed, issue is NOT with Number.NEGATIVE_INFINITY=0; but is some combination in the entire abc file. I can run chunks of the test no problem, but running the entire thing on ARM with the JIT is crashing, but using -Dinterp will execute properly....
|
|
Assignee | |
Comment 5•16 years ago
|
||
Turns out that we were releasing the stack slot prior to obtaining the temp register for the load portion of asm_mmq(). A subsequent findRegFor() triggered a spill (since all regs were used in this example; hence we now see why it was hard to repro) and the same stack slot was given for the spill instruction. Blamo!
Moving the release of the stack slot to the bottom of the method clears up the issue, although technically we can probably just free the used register. Better to be more conservative for now.
Attachment #367139 -
Flags: review?(edwsmith)
|
|
Assignee | |
Comment 6•16 years ago
|
||
In the course of debugging this issue, I cleaned up printActivationState() so it actually works and also tweaked the jitmax code so that it takes an optional range of methods to be jit'd. So you can now specify things like -jitmax 2- or -jitmax 5-6 or -jitmax -5.
Both of which proved quite handy in tracking the bug down.
Attachment #367140 -
Flags: review?(edwsmith)
|
|
||
Comment 7•16 years ago
|
||
Comment on attachment 367139 [details] [diff] [review]
ver 1 - fix for bug
please add your comments for the attachment into the code (adjusted so a month from now we'll know whats going on in the code)
Attachment #367139 -
Flags: review?(edwsmith) → review+
|
|
||
Updated•16 years ago
|
Attachment #367140 -
Flags: review?(edwsmith) → review+
|
|
Assignee | |
Comment 8•16 years ago
|
||
pushed dbb0fa875f22: bug 477228 (ARM jit) and jitmax enhancements - rev 1593
Status: ASSIGNED → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
|
|
Reporter | |
Comment 9•16 years ago
|
||
Removed the expected fail, pushed as 1596:74e23e3686ef
|
|
Reporter | |
Updated•15 years ago
|
Status: RESOLVED → VERIFIED
You need to log in
before you can comment on or make changes to this bug.
Description
•