Closed Bug 491084 Opened 16 years ago Closed 15 years ago

assertion when jitting null % (modulo) null

Categories

(Tamarin Graveyard :: Baseline JIT (CodegenLIR), defect, P1)

Product:
Tamarin Graveyard
Component:
Baseline JIT (CodegenLIR)
Platform:
x86
All
Type:
defect

Tracking

(Not tracked)

Status:
VERIFIED FIXED
Milestone:
flash10.1

People

(Reporter: cpeyer, Assigned: tharwood)

References

Details

Attachments

(1 file)

Testcase for bug
1.20 KB, patch
brbaker
: review+
Details | Diff | Splinter Review
as: null % null; or with abcasm: pushnull pushnull modulo Run with -Ojit. Result: Assertion failed: (_allocator.active[FST0] && _fpuStkDepth == -1) || (!_allocator.active[FST0] && _fpuStkDepth == 0) (/Users/build/buildbot/tamarin-redux/mac-intel-10_5/tamarin-redux/nanojit/Assembler.cpp:436) Abort trap
Flags: in-testsuite?
Flags: flashplayer-triage+
Flags: flashplayer-qrb?
Component: Tracing Virtual Machine → JIT Compiler (NanoJIT)
QA Contact: tracing-vm → nanojit
Assignee: nobody → tharwood
Flags: flashplayer-qrb? → flashplayer-qrb+
Priority: -- → P3
Target Milestone: --- → flash10.x
Cannot repro on Win32, Linux/IA32 or Beagleboard Linux/ARM. Chris, are you still seeing this? If so, xfer back to me, I will have a Mac in a week or so.
Assignee: tharwood → cpeyer
Chris, Please confirm.
Flags: flashplayer-triage+ → flashplayer-triage?
Repro'd with TR 2622 on OSX 10.5 intel - slightly different line number: $ avmshell_sd -Ojit t.abc Assertion failed: (_allocator.active[FST0] && _fpuStkDepth == -1) || (!_allocator.active[FST0] && _fpuStkDepth == 0) (/Users/build/buildbot/tamarin-redux/mac-intel-10_5/tamarin-redux/nanojit/Assembler.cpp:271) Abort trap
Assignee: cpeyer → tharwood
Status: NEW → ASSIGNED
Flags: flashplayer-triage? → flashplayer-triage+
Priority: P3 → P1
i'm 90% certian i've seen the fix for this in tracemonkey's nanojit, it was originally found by jsfunfuz and i think the bug is in asm_call when pushing the same FPU value twice as an argument to fmod(), when the value is in x87 FPU register st(0). (we try to pop the value twice). see also: bug 506146, bug 465484
OS: Mac OS X → All
Blocks: 506146
Blocks: 503556
No longer blocks: 506146
fixed by http://hg.mozilla.org/tamarin-redux/rev/6e89a44f87de
Status: ASSIGNED → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
Attached patch Testcase for bugSplinter Review
Add testcases for null to test/acceptance/ecma3/Expressions/e11_5_3.as
Attachment #409340 - Flags: review?(brbaker)
Verified fixed redux 2951
Status: RESOLVED → VERIFIED
Attachment #409340 - Flags: review?(brbaker) → review+
Testcase pushed redux changeset 2957 e0ea1d43a025
Flags: in-testsuite? → in-testsuite+
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: