Closed Bug 524694 Opened 15 years ago Closed 15 years ago

Assertion failed: config.vfp || ins->isop(LIR_icall) (c:/mobilla/js/src/nanojit/NativeARM.cpp:829)

Categories

(Core :: JavaScript Engine, defect)

ARM
Windows Mobile 6 Standard
defect
Not set
normal

Tracking

()

RESOLVED DUPLICATE of bug 524587

People

(Reporter: crowderbt, Unassigned)

Details

Attachments

(1 file)

Running a debug build in Windows Mobile, I am hitting this assertion today. Here is the callstack: > mozjs.dll!NanoAssertFail(void) Line: 64, Byte Offsets: 0x04 C++ mozjs.dll!nanojit::Assembler::asm_call(nanojit::LIns* ins = 0x5b9db4f0) Line: 835, Byte Offsets: 0xc4 C++ mozjs.dll!nanojit::Assembler::gen(nanojit::LirFilter* reader = 0x23bc6d64) Line: 1415, Byte Offsets: 0xf00 C++ mozjs.dll!nanojit::Assembler::assemble(nanojit::Fragment* frag = 0x5bbce250) Line: 751, Byte Offsets: 0x3ac C++ mozjs.dll!nanojit::compile(nanojit::Assembler* assm = 0x5b866048, nanojit::Fragment* frag = 0x5bbce250, nanojit::Allocator& alloc = {...}, nanojit::LabelMap* labels = 0x5b866808) Line: 1973, Byte Offsets: 0x1e4 C++ mozjs.dll!TraceRecorder::compile(JSTraceMonitor* tm = 0x5b9d3078) Line: 4299, Byte Offsets: 0x174 C++ mozjs.dll!TraceRecorder::closeLoop(SlotMap& slotMap = {...}, VMSideExit* exit = 0x5bbcf448) Line: 4703, Byte Offsets: 0x7d0 C++ mozjs.dll!TraceRecorder::closeLoop(VMSideExit* exit = 0x5bbcf448) Line: 4596, Byte Offsets: 0x5c C++ mozjs.dll!TraceRecorder::closeLoop(void) Line: 4588, Byte Offsets: 0x2c C++ mozjs.dll!TraceRecorder::checkTraceEnd(unsigned char* pc = 0x5ba457e8) Line: 5125, Byte Offsets: 0x20c C++ mozjs.dll!TraceRecorder::relational(nanojit::LOpcode op = 0x0000001c, bool tryBranchAfterCond = true) Line: 8815, Byte Offsets: 0x95c C++ mozjs.dll!TraceRecorder::record_JSOP_LT(void) Line: 10021, Byte Offsets: 0x20 C++ mozjs.dll!TraceRecorder::monitorRecording(JSContext* cx = 0x5b81ce00, TraceRecorder* tr = 0x5e28d000, JSOp op = 0x00000014) Line: 139, Byte Offsets: 0x998 C++ mozjs.dll!js_Interpret(JSContext* cx = 0x5b81ce00) Line: 79, Byte Offsets: 0xa58 C++ mozjs.dll!js_Invoke(JSContext* cx = 0x5b81ce00, unsigned int argc = 0x00000002, int* vp = 0x5e42b160, unsigned int flags = 0x00000000) Line: 1371, Byte Offsets: 0xbc0 C++ xul.dll!nsXPCWrappedJSClass::CallMethod(nsXPCWrappedJS* wrapper = 0x5d632200, unsigned short methodIndex = 0x0009, XPTMethodDescriptor* info = 0x5baadd40, nsXPTCMiniVariant* nativeParams = 0x23bc9b88) Line: 1696, Byte Offsets: 0x1338 C++ xul.dll!nsXPCWrappedJS::CallMethod(unsigned short methodIndex = 0x0009, XPTMethodDescriptor* info = 0x5baadd40, nsXPTCMiniVariant* params = 0x23bc9b88) Line: 570, Byte Offsets: 0x7c C++ xul.dll!PrepareAndDispatch(nsXPTCStubBase* self = 0x5e2fd5d0, unsigned int methodIndex = 0x00000009, unsigned int* args = 0x23bc9c74) Line: 109, Byte Offsets: 0x400 C++ 0x7b4eff20
If I enable TMFLAGS=full (trying to collect the output for the LIR being generated here), I get a separate crash: > mozjs.dll!RegExpNativeCompiler::compile(void) Line: 3243, Byte Offsets: 0xa50 C++ mozjs.dll!CompileRegExpToNative(JSContext* cx = 0x5b81ce00, JSRegExp* re = 0x5d682040, nanojit::Fragment* fragment = 0x5b866da8) Line: 3266, Byte Offsets: 0xc8 C++ mozjs.dll!GetNativeRegExp(JSContext* cx = 0x5b81ce00, JSRegExp* re = 0x5d682040) Line: 3289, Byte Offsets: 0xcc C++ mozjs.dll!MatchRegExp(REGlobalData* gData = 0x23bc7280, REMatchState* x = 0x5e46a8b8) Line: 4697, Byte Offsets: 0x68 C++ mozjs.dll!js_ExecuteRegExp(JSContext* cx = 0x5b81ce00, JSRegExp* re = 0x5d682040, JSString* str = 0x5d7e4b30, unsigned int* indexp = 0x23bc73dc, int test = 0x00000001, int* rval = 0x5d6ef278) Line: 4879, Byte Offsets: 0x210 C++ mozjs.dll!DoMatch(JSContext* cx = 0x5b81ce00, int* vp = 0x5d6ef278, JSString* str = 0x5d7e4b30, RegExpGuard& g = {...}, bool (JSContext*, unsigned int, void*)* callback = 0x7960a324, void* data = 0x23bc7450, MatchControlFlags flags = 0x00000007) Line: 1448, Byte Offsets: 0xe0 C++ mozjs.dll!str_replace(JSContext* cx = 0x5b81ce00, unsigned int argc = 0x00000002, int* vp = 0x5d6ef278) Line: 1907, Byte Offsets: 0x330 C++ mozjs.dll!js_Interpret(JSContext* cx = 0x5b81ce00) Line: 2257, Byte Offsets: 0x15fb4 C++ mozjs.dll!js_Invoke(JSContext* cx = 0x5b81ce00, unsigned int argc = 0x00000002, int* vp = 0x5d6ef160, unsigned int flags = 0x00000000) Line: 1371, Byte Offsets: 0xbc0 C++ xul.dll!nsXPCWrappedJSClass::CallMethod(nsXPCWrappedJS* wrapper = 0x5d7e7340, unsigned short methodIndex = 0x0009, XPTMethodDescriptor* info = 0x5baadd40, nsXPTCMiniVariant* nativeParams = 0x23bc9b58) Line: 1696, Byte Offsets: 0x1338 C++ xul.dll!nsXPCWrappedJS::CallMethod(unsigned short methodIndex = 0x0009, XPTMethodDescriptor* info = 0x5baadd40, nsXPTCMiniVariant* params = 0x23bc9b58) Line: 570, Byte Offsets: 0x7c C++ xul.dll!PrepareAndDispatch(nsXPTCStubBase* self = 0x5e42e440, unsigned int methodIndex = 0x00000009, unsigned int* args = 0x23bc9c44) Line: 109, Byte Offsets: 0x400 C++ 0x7b4eff20
This fix might need its own bug?
Here is the LIR we were generating when we hit the initial assertion: Trace has unstable loop variable with no stable peer, compiling anyway. ================================================================================ === BEGIN LIR::compile(5B866048, 5BBCFA80) === === Results of liveness analysis: === Live instruction count 75, total 108, max pressure 8 Side exits 8 Showing LIR instructions with live-after variables state = iparam 0 r0 state label2: state label2 sp = ld state[0] state sp rp = ld state[4] state sp rp cx = ld state[8] state sp rp cx $var0 = ld sp[-24] $var0 state sp rp cx ld1 = ld sp[-16] $var0 state ld1 sp rp cx i2f1 = fcall #i2f ( ld1 ) $var0 state sp rp i2f1 cx callh1 = callh i2f1 $var0 state sp rp i2f1 callh1 cx qjoin (i2f1 = fcall #i2f ( ld1 )), callh1 $var0 state sp rp $var1 cx ld2 = ld sp[-8] ld2 $var0 state sp rp $var1 cx i2f2 = fcall #i2f ( ld2 ) i2f2 $var0 state sp rp $var1 cx callh2 = callh i2f2 i2f2 callh2 $var0 state sp rp $var1 cx qjoin (i2f2 = fcall #i2f ( ld2 )), callh2 $var2 $var0 state sp rp $var1 cx ld3 = ld cx[0] $var2 ld3 $var0 state sp rp $var1 cx eq1 = eq ld3, NULL $var2 $var0 eq1 state sp rp $var1 cx xf1: xf eq1 -> pc=5BA457BE imacpc=00000000 sp+0 rp+0 (GuardID=001) $var2 $var0 state sp rp $var1 cx ld4 = ld cx[148] $var2 $var0 state sp ld4 rp $var1 ld5 = ld ld4[56] $var2 $var0 state sp rp ld5 $var1 sti sp[0] = PCVAL_TO_OBJECT(pcval) $var2 $var0 state sp rp ld5 $var1 sti sp[8] = ld5 $var2 $var0 state sp rp $var1 sti sp[16] = $var0 $var2 $var0 state sp rp $var1 map = ld obj[0] $var2 $var0 map state sp rp $var1 ops = ldc map[0] $var2 $var0 map state ops sp rp $var1 ldc1 = ldc ops[12] $var2 $var0 map state sp ldc1 rp $var1 guard(native-map) = eq ldc1, ptr $var2 $var0 map state sp rp guard(native-map) $var1 xf2: xf guard(native-map) -> pc=5BA457C5 imacpc=00000000 sp+24 rp+0 (GuardID=002) $var2 $var0 map state sp rp $var1 shape = ld map[4] shape $var2 $var0 state sp rp $var1 guard_kshape = eq shape, #00003891 guard_kshape $var2 $var0 state sp rp $var1 xf3: xf guard_kshape -> pc=5BA457C5 imacpc=00000000 sp+24 rp+0 (GuardID=003) $var2 $var0 state sp rp $var1 js_String_p_charCodeAt1 = fcall #js_String_p_charCodeAt ( $var0 $var1 ) $var2 state sp rp $var1 js_String_p_charCodeAt1 callh3 = callh js_String_p_charCodeAt1 $var2 state sp rp $var1 js_String_p_charCodeAt1 callh3 qjoin (js_String_p_charCodeAt1 = fcall #js_String_p_charCodeAt ( $var0 $var1 )), callh3 qjoin1 $var2 state sp rp $var1 stqi sp[16] = qjoin1 qjoin1 $var2 state sp rp $var1 sti rp[0] = fi qjoin1 $var2 state sp $var1 sti sp[24] = NULL qjoin1 $var2 state sp $var1 stqi sp[32] = qjoin1 qjoin1 $var2 state sp $var1 qhi1 = qhi 0 qjoin1 $var2 state sp $var1 qhi1 qlo1 = qlo 0 qjoin1 qlo1 $var2 state sp $var1 qhi1 qjoin (qlo1 = qlo 0), qhi1 qjoin1 qjoin2 $var2 state sp $var1 fcmpge1 = icall #fcmpge ( qjoin1 qjoin2 ) qjoin1 $var2 fcmpge1 state sp $var1 eq2 = eq fcmpge1, 1 qjoin1 $var2 eq2 state sp $var1 sti sp[32] = eq2 qjoin1 $var2 eq2 state sp $var1 eq3 = eq eq2, 1 qjoin1 $var2 state sp eq3 $var1 xf4: xf eq3 -> pc=5D68837E imacpc=00000000 sp+40 rp+4 (GuardID=004) qjoin1 $var2 state sp $var1 stqi sp[32] = qjoin1 qjoin1 $var2 state sp $var1 qhi2 = qhi 31 qjoin1 $var2 qhi2 state sp $var1 qlo2 = qlo 31 qjoin1 $var2 qhi2 qlo2 state sp $var1 qjoin (qlo2 = qlo 31), qhi2 qjoin1 $var2 qjoin3 state sp $var1 fcmple1 = icall #fcmple ( qjoin1 qjoin3 ) qjoin1 $var2 state fcmple1 sp $var1 eq4 = eq fcmple1, 1 qjoin1 $var2 state sp eq4 $var1 sti sp[32] = eq4 qjoin1 $var2 state sp eq4 $var1 eq5 = eq eq4, 1 qjoin1 $var2 state sp $var1 eq5 xt1: xt eq5 -> pc=5D688387 imacpc=00000000 sp+40 rp+4 (GuardID=005) qjoin1 $var2 state sp $var1 qhi3 = qhi 127 qjoin1 $var2 qhi3 state sp $var1 qlo3 = qlo 127 qjoin1 $var2 qhi3 state qlo3 sp $var1 qjoin (qlo3 = qlo 127), qhi3 qjoin1 $var2 state qjoin4 sp $var1 fcmpeq1 = icall #fcmpeq ( qjoin1 qjoin4 ) $var2 state sp $var1 fcmpeq1 eq6 = eq fcmpeq1, 1 $var2 state sp $var1 eq6 sti sp[0] = eq6 $var2 state sp $var1 eq6 eq7 = eq eq6, 1 $var2 eq7 state sp $var1 xt2: xt eq7 -> pc=5BA457D3 imacpc=00000000 sp+8 rp+0 (GuardID=006) $var2 state sp $var1 qhi4 = qhi 1 $var2 state qhi4 sp $var1 qlo4 = qlo 1 $var2 state qhi4 qlo4 sp $var1 qjoin (qlo4 = qlo 1), qhi4 $var2 state sp qjoin5 $var1 fadd1 = fcall #fadd ( $var1 qjoin5 ) $var2 state sp fadd1 callh4 = callh fadd1 $var2 state sp fadd1 callh4 qjoin (fadd1 = fcall #fadd ( $var1 qjoin5 )), callh4 qjoin6 $var2 state sp stqi sp[-16] = qjoin6 qjoin6 $var2 state sp stqi sp[0] = qjoin6 qjoin6 $var2 state sp stqi sp[8] = $var2 qjoin6 $var2 state fcmplt1 = icall #fcmplt ( qjoin6 $var2 ) state fcmplt1 eq8 = eq fcmplt1, 1 state eq8 xf5: xf eq8 -> pc=5BA457E7 imacpc=00000000 sp+16 rp+0 (GuardID=007) state x2: x -> pc=5BA457BE imacpc=00000000 sp+0 rp+0 (GuardID=008) state === Translating LIR fragments into assembly: === -- Compile trunk 5BBCFA80: begin Assertion failed: config.vfp || ins->isop(LIR_icall) (c:/mobilla/js/src/nanojit/NativeARM.cpp:829)
cc:ing jorendorff since he helped with the first fix... :)
OS: Windows XP → Windows Mobile 6 Standard
Hardware: x86 → ARM
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: