Closed
Bug 505416
Opened 15 years ago
Closed 15 years ago
http://www.usatoday.com/ crash on sparc.
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
FIXED
Tracking | Status | |
---|---|---|
status1.9.1 | --- | .2-fixed |
People
(Reporter: leon.sha, Assigned: leon.sha)
References
()
Details
(Keywords: crash, verified1.9.1)
Attachments
(3 files)
13.92 KB,
text/plain
|
Details | |
670 bytes,
patch
|
gal
:
review+
samuel.sidler+old
:
approval1.9.1.2+
|
Details | Diff | Splinter Review |
14.08 KB,
text/plain
|
Details |
Visiting http://www.usatoday.com/ on sparc with the latest firefox, firefox will crash. If visiting this site with jit disabled, firefox will not crash.
The generated code look like this. 0xecce1638: sethi %hi(0xbff00000), %i0 0xecce163c: bset 0x00000000, %i0 ! 0xbff00000 0xecce1640: st %i0, [%fp - 8] 0xecce1644: clr %i0 0xecce1648: st %i0, [%fp - 4] 0xecce164c: ldsw [%fp - 4], %i0 0xecce1650: ld [%fp - 8], %f2 0xecce1654: ld [%fp - 4], %f3 "ldsw [%fp - 4], %i0" is generated by registerAlloc. It will restore $io, but it is destroyed. Memory "%fp - 4" was allocated by "Reservation *rR = getresv(ins);" At that time registerAlloc not happened, so that memory should be free to use. But the same memory should not be accessed after registerAlloc. So in the assembler level it destroyed the memory first and use this memory to restore $i0. Move registerAlloc to the top of asm_quad function can solve this problem. But since we just need a temporal register here, we use L2 instead.
Updated•15 years ago
|
Attachment #389658 -
Flags: review?(gal) → review+
http://hg.mozilla.org/tracemonkey/rev/f43b639eecb8
Status: ASSIGNED → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
Attachment #389658 -
Flags: approval1.9.1.2?
Comment on attachment 389658 [details] [diff] [review] patch This is a NPOTB code change. Should be safe to land mozilla-1.9.1 branch. For sparc it cause crash.
Comment 6•15 years ago
|
||
Comment on attachment 389658 [details] [diff] [review] patch Approved for 1.9.1.2. a=NPOTB, aka ss for release-drivers Please land on mozilla-1.9.1 and use the ".2-fixed" option of the "status1.9.1" flag.
Attachment #389658 -
Flags: approval1.9.1.2? → approval1.9.1.2+
http://hg.mozilla.org/releases/mozilla-1.9.1/rev/38e784acc97d
status1.9.1:
--- → .2-fixed
Keywords: crash
Keywords: verified1.9.1
You need to log in
before you can comment on or make changes to this bug.
Description
•