If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

invalid debug memset of global native frame in ExecutreTree

RESOLVED FIXED

Status

()

Core
JavaScript Engine
RESOLVED FIXED
8 years ago
7 years ago

People

(Reporter: luke, Assigned: luke)

Tracking

unspecified
x86
Linux
Points:
---
Bug Flags:
in-testsuite +

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: fixed-in-tracemonkey)

Attachments

(1 attachment)

(Assignee)

Description

8 years ago
Created attachment 410063 [details] [diff] [review]
remove offending memset

Bug 525120 changes the way we allocate native stack and globals to reuse a single buffer.  With deep aborts, we can have nested ExecuteTree invocations, which is fine except that

#ifdef DEBUG
memset(global, 0xCD, GLOBAL_SLOTS_BUFFER_SIZE * sizeof(double));
#endif

will overwrite the outer ExecuteTree's 0xdeadbeefdeadbeef end-of-global-frame marker.  This causes an assertion if the inner ExecuteTree has a different globalFrameSize than the outer tree.  This shows up in js_1_8_1/trace/trace-test.js.

The solution is just to remove the memset.
(Assignee)

Updated

8 years ago
Attachment #410063 - Flags: review?(dvander)
Attachment #410063 - Flags: review?(dvander) → review+
(Assignee)

Comment 1

8 years ago
http://hg.mozilla.org/tracemonkey/rev/24b4d2efe0b4
Whiteboard: fixed-in-tracemonkey
(Assignee)

Comment 2

8 years ago
I guess I should be more specific and say that the bug fixed by this patch causes the assertion:

Assertion failure: *(uint64*)&global[globalFrameSize] == 0xdeadbeefdeadbeefLL, at ../jstracer.cpp:6481

Updated

8 years ago
Flags: in-testsuite+
(Assignee)

Updated

7 years ago
Status: ASSIGNED → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.