Closed
Bug 494013
Opened 15 years ago
Closed 15 years ago
Interpreter and jit use invalid method for determining code context
Categories
(Tamarin Graveyard :: Virtual Machine, defect)
Tracking
(Not tracked)
VERIFIED
FIXED
People
(Reporter: jasowill, Assigned: stejohns)
References
Details
Attachments
(2 files)
4.36 KB,
patch
|
edwsmith
:
review+
|
Details | Diff | Splinter Review |
4.62 KB,
patch
|
edwsmith
:
review-
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.0.10) Gecko/2009042315 Firefox/3.0.10 Build Identifier: In the interpreter.cpp and CodeGenLIR.cpp test the pool's domain's base to determine if code is builtin (e.g. pool->domain->base). These should instead check pool->isBuiltin. In addition the namespace should be emitted when we are not using a default namespace regardless of a change in the code context change. Reproducible: Always
Reporter | ||
Comment 1•15 years ago
|
||
This is a patch generated from CL#525765 on flashruntime mainline
Attachment #378662 -
Flags: review?(stejohns)
Assignee | ||
Updated•15 years ago
|
Attachment #378662 -
Flags: review?(stejohns) → review?(edwsmith)
Assignee | ||
Comment 2•15 years ago
|
||
Comment on attachment 378662 [details] [diff] [review] Patch from flashruntime mainline rerouting to edwin. what's up with the change in nativegen.py?
Reporter | ||
Comment 3•15 years ago
|
||
The current nativegen.py cleverly restricts access of method and class entries for the native init code to the file that it generates. A command line option was added so that in certain circumstances those definitions can be reached from outside the generated file.
Updated•15 years ago
|
Attachment #378662 -
Flags: review?(edwsmith) → review+
Assignee | ||
Comment 4•15 years ago
|
||
I'm going to take the liberty of pushing this (since it's been approved) since some current Flash/AIR work is much happier with it in place.
Assignee | ||
Comment 5•15 years ago
|
||
pushed to redux as changeset: 1978:df1583f8776c
Status: UNCONFIRMED → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
Assignee | ||
Comment 6•15 years ago
|
||
This bug needs to be re-opened: the patch has uncovered a latent bug, where a ScopeChain that is pointed to by dxnsAddr can be collected, leading to a crash.
Status: RESOLVED → VERIFIED
Assignee | ||
Comment 7•15 years ago
|
||
Not sure if this is this optimal/correct fix... this adds dxnsAddrOwner to AvmCore so that dxnsAddr values that belong to a ScopeChain can rely on the ScopeChain being pinned. This fixes the crash, but it's not clear to me whether or not this indicates an underlying flaw elsewhere in our dxns save/restore code: I thought functions were responsible for saving/restoring dxnsAddr, but CodegenLIR::emitSetCodeContext will generate emitSetDxns() without any thought to restoring it later. Is this the correct behavior?
Assignee: nobody → stejohns
Status: VERIFIED → REOPENED
Ever confirmed: true
Attachment #381198 -
Flags: review?(edwsmith)
Resolution: FIXED → ---
Comment 8•15 years ago
|
||
it's correct as designed, but the design has flaws. the goal is for core->dxnsAddr to be pointing to the active one at the point any builtin code looks at it. CodegenLIR does this by setting it before calls that could go into such builtin code. Interpreter does it by saving/restoring in the method prolog boundaries. It has come to light that these dueling strategies need to be fixed; cleanest least fragile fix is for jit'd code to save/restore dxnsAddr in its prolog/epilog, just like the interpreter. (same story for codeContext). The new pinning code seems very heavy. to pin something, it should be sufficient to write its address to the stack; then it will be seen by the GC. I dont think we need the new field in core, or the new save/restore logic, just for pinning.
Updated•15 years ago
|
Attachment #381198 -
Flags: review?(edwsmith) → review-
Comment 9•15 years ago
|
||
for pinning, here's a sketch: in interpreter, add a scope field in aux_memory, then in the prolog just: aux_memory.scope = scope; // pin the scope object, dxnsAddr points into it and in the jit: prolog: pinnedScope = insAlloc(sizeof(Scope*)); lirout->insStore( /* pinnedScope = scope */ ); epilog: Ins(LIR_live, pinnedScope);
Assignee | ||
Comment 10•15 years ago
|
||
(In reply to comment #8) > It has come to light that these dueling strategies need to be fixed; cleanest > least fragile fix is for jit'd code to save/restore dxnsAddr in its > prolog/epilog, just like the interpreter. > (same story for codeContext). indeed, that explains a lot. think this constitutes an outright bug or merely a backlog item? > The new pinning code seems very heavy. to pin something, it should be > sufficient to write its address to the stack; then it will be seen by the GC. Ah yes, a better/simpler idea. I'll try that and offer a new patch.
Assignee | ||
Comment 11•15 years ago
|
||
It appears there is a different underlying bug here -- Interpreter and LIR take different approaches to maintaining dxns (and codeContext), which can cause a "stale" dxns to remain active longer than it should. Opening new bug https://bugzilla.mozilla.org/show_bug.cgi?id=496473 to track this.
Assignee | ||
Comment 12•15 years ago
|
||
fyi, this patch definitely isn't ready for Flash/AIR, as they assume EnterCodeContext can be used when there is no currentMethodFrame. I'll work on a revised patch.
Comment 13•15 years ago
|
||
Lets add some docs for EnterCodeContext, specifically what the expected contract is. sounds like it intends to mimic a full MethodFrame? If that's the case then the dxns logic might need adjusting (the other fields won't be valid)
Assignee | ||
Comment 14•15 years ago
|
||
(In reply to comment #13) > Lets add some docs for EnterCodeContext, specifically what the expected > contract is. sounds like it intends to mimic a full MethodFrame? If that's > the case then the dxns logic might need adjusting (the other fields won't be > valid) this comment (and the one prior) really apply to bug 496473, moving comment there
Assignee | ||
Comment 15•15 years ago
|
||
I think this bug is now defunct and should be closed as obsolete
Updated•15 years ago
|
Status: REOPENED → RESOLVED
Closed: 15 years ago → 15 years ago
Resolution: --- → FIXED
Comment 16•15 years ago
|
||
Resolved fixed engineering / work item that has been pushed. Setting status to verified.
Status: RESOLVED → VERIFIED
You need to log in
before you can comment on or make changes to this bug.
Description
•