Closed Bug 526356 Opened 15 years ago Closed 14 years ago

invalid debug memset of global native frame in ExecutreTree

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: luke, Assigned: luke)

Details

(Whiteboard: fixed-in-tracemonkey)

Attachments

(1 file)

remove offending memset
1.13 KB, patch
dvander
: review+
Details | Diff | Splinter Review 
Bug 525120 changes the way we allocate native stack and globals to reuse a single buffer.  With deep aborts, we can have nested ExecuteTree invocations, which is fine except that

#ifdef DEBUG
memset(global, 0xCD, GLOBAL_SLOTS_BUFFER_SIZE * sizeof(double));
#endif

will overwrite the outer ExecuteTree's 0xdeadbeefdeadbeef end-of-global-frame marker.  This causes an assertion if the inner ExecuteTree has a different globalFrameSize than the outer tree.  This shows up in js_1_8_1/trace/trace-test.js.

The solution is just to remove the memset.
Attachment #410063 - Flags: review?(dvander)
Attachment #410063 - Flags: review?(dvander) → review+
http://hg.mozilla.org/tracemonkey/rev/24b4d2efe0b4
Whiteboard: fixed-in-tracemonkey
I guess I should be more specific and say that the bug fixed by this patch causes the assertion:

Assertion failure: *(uint64*)&global[globalFrameSize] == 0xdeadbeefdeadbeefLL, at ../jstracer.cpp:6481
Flags: in-testsuite+
Status: ASSIGNED → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: