Closed Bug 505416 Opened 11 years ago Closed 11 years ago

http://www.usatoday.com/ crash on sparc.

Categories

(Core :: JavaScript Engine, defect)

Sun
Solaris
defect
Not set

Tracking

()

RESOLVED FIXED
Tracking Status
status1.9.1 --- .2-fixed

People

(Reporter: leon.sha, Assigned: leon.sha)

References

()

Details

(Keywords: crash, verified1.9.1)

Attachments

(3 files)

Attached file stack
Visiting http://www.usatoday.com/ on sparc with the latest firefox, firefox will crash. If visiting this site with jit disabled, firefox will not crash.
leon sha: could you try to use c++filt in the future? :)
Attached patch patchSplinter Review
The generated code look like this.
0xecce1638:	sethi    %hi(0xbff00000), %i0
0xecce163c:	bset     0x00000000, %i0	! 0xbff00000
0xecce1640:	st       %i0, [%fp - 8]
0xecce1644:	clr      %i0
0xecce1648:	st       %i0, [%fp - 4]
0xecce164c:	ldsw     [%fp - 4], %i0
0xecce1650:	ld       [%fp - 8], %f2
0xecce1654:	ld       [%fp - 4], %f3

"ldsw     [%fp - 4], %i0" is generated by registerAlloc. It will restore $io, but it is destroyed. Memory "%fp - 4" was allocated by "Reservation *rR = getresv(ins);" At that time registerAlloc not happened, so that memory should be free to use. But the same memory should not be accessed after registerAlloc. So in the assembler level it destroyed the memory first and use this memory to restore $i0.
Move registerAlloc to the top of asm_quad function can solve this problem. But since we just need a temporal register here, we use L2 instead.
Assignee: general → leon.sha
Status: NEW → ASSIGNED
Attachment #389658 - Flags: review?(gal)
Attached file stack with c++filt
Attachment #389658 - Flags: review?(gal) → review+
http://hg.mozilla.org/tracemonkey/rev/f43b639eecb8
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Attachment #389658 - Flags: approval1.9.1.2?
Comment on attachment 389658 [details] [diff] [review]
patch

This is a NPOTB code change. Should be safe to land mozilla-1.9.1 branch. For sparc it cause crash.
Comment on attachment 389658 [details] [diff] [review]
patch

Approved for 1.9.1.2. a=NPOTB, aka ss for release-drivers

Please land on mozilla-1.9.1 and use the ".2-fixed" option of the "status1.9.1" flag.
Attachment #389658 - Flags: approval1.9.1.2? → approval1.9.1.2+
Keywords: verified1.9.1
You need to log in before you can comment on or make changes to this bug.