Closed Bug 504043 Opened 15 years ago Closed 15 years ago

Firefox will crash on sparc platform when some website.

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Version:
1.9.1 Branch
Platform:
Sun
Solaris
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED
Tracking Flags:
Tracking Status
status1.9.1 --- .2-fixed

People

(Reporter: leon.sha, Assigned: leon.sha)

References

(
URL
)

Details

(Keywords: crash, verified1.9.1)

Attachments

(2 files)

Stack trace of this crash
15.38 KB, text/plain
Details
patch
1.80 KB, patch
gal
: review+
samuel.sidler+old
: approval1.9.1.2+
Details | Diff | Splinter Review 
Visiting http://coastalmap.marine.usgs.gov/ArcIms/Website/usa/eastcoast/atlanticcoast/viewer.htm on sparc, firefox will crash. If jit is disabled, no crash.
Attached patch patchSplinter Review 
Normally functions are executed one by one. In javascript engine with JIT enabled, there is a possibility that two functions are joint. The code can jump from one function to another. On sparc, the stack size is fixed when a function is generated. This bug happened when jumping from a small stack function (FUNC A) to a bug stack function(FUNC B). When this happened, the code running is belong to FUNC B, but actually it is still running in this FUNC A because there is no call or return happened. In the FUNC B there maybe some stack written activity happen which destroy the FUNC A's stack. The solution here is we do the same as X86 did. Add another line to decrease stack point after save. Every time we join the two functions we will re-calculate the stack point to meet the requirement. The code is much more like x86 now. The difference is that we don't need to restore the stack point before jump since we get the stack point directly from frame point. I have tested this patch to pass the trace-test.js and tamarin-redux acceptance test.
Assignee: general → leon.sha
Status: NEW → ASSIGNED
Attachment #388440 - Flags: review?(gal)
Severity: normal → critical
Keywords: crash
Version: unspecified → 1.9.1 Branch
Attachment #388440 - Flags: review?(gal) → review+
http://hg.mozilla.org/tracemonkey/rev/22313a951d50
Status: ASSIGNED → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
Comment on attachment 388440 [details] [diff] [review]
patch

This is a NPOTB code change. Should be safe to land mozilla-1.9.1 branch. This bug will crash firefox on sparc.
Attachment #388440 - Flags: approval1.9.1.2?
Comment on attachment 388440 [details] [diff] [review]
patch

Approved for 1.9.1.2. a=NPOTB, aka ss.

Please land on mozilla-1.9.1 and use the ".2-fixed" option of the "status1.9.1" flag.
Attachment #388440 - Flags: approval1.9.1.2? → approval1.9.1.2+
Keywords: verified1.9.1
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: