Closed
Bug 516107
Opened 15 years ago
Closed 15 years ago
TM: partial merge causes bad ARM codegen [nanojit]
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
FIXED
Tracking | Status | |
---|---|---|
status1.9.2 | --- | beta1-fixed |
People
(Reporter: gal, Assigned: vlad)
References
Details
Attachments
(1 file)
1.82 KB,
patch
|
gal
:
review+
|
Details | Diff | Splinter Review |
No description provided.
Reporter | ||
Updated•15 years ago
|
Reporter | ||
Comment 1•15 years ago
|
||
We ended up taking only part of this patch, breaking code generation on arm. http://hg.mozilla.org/tamarin-redux/diff/8f05ae1c7a08/nanojit/NativeARM.cpp
Assignee | ||
Comment 2•15 years ago
|
||
Problem (we think) is that mSlot was being pre-incremented here, which was the case with the previous semantics, whereas now it should be post incremented. We only call underrunProtect(8), but we actually wrote 12 bytes -- 4 bytes for a slot that we just skipped over, 4 bytes to write the slot itself, and then 4 bytes for the instruction. There may be other theories of what went wrong here, but that seems to be the most likely one.
Assignee: general → vladimir
Attachment #400222 -
Flags: review?(gal)
Assignee | ||
Updated•15 years ago
|
Flags: blocking1.9.2? → blocking1.9.2+
Reporter | ||
Comment 3•15 years ago
|
||
Comment on attachment 400222 [details] [diff] [review] fixed merge Matches adobe's code now.
Attachment #400222 -
Flags: review?(gal) → review+
Assignee | ||
Comment 4•15 years ago
|
||
http://hg.mozilla.org/mozilla-central/rev/17dddefd1501 http://hg.mozilla.org/releases/mozilla-1.9.2/rev/3b1b11642a45 http://hg.mozilla.org/tracemonkey/rev/28a3eef2aed6
Comment 5•15 years ago
|
||
I'm very glad you managed to work out the right way to do this, if it is now working! At the time I found that "taking Adobe's version verbatim" was causing it to crash, presumably due to conflicts with other bits of not-yet-resolved ARM or Assembler assumptions I was unable to track down. So I tried to get something that "wasn't as crashy" by adjusting with the assumed boundary condition. As Jacob pointed out, what I wound up committing didn't really make a lot of sense, and was likely working by accident. It just happened to crash less :( If that's all fixed now, hurrah!
Updated•11 years ago
|
tracking-fennec: ? → ---
You need to log in
before you can comment on or make changes to this bug.
Description
•