Closed Bug 543161 Opened 14 years ago Closed 14 years ago
TM: "Assertion failed: LIR structure error (end of writer pipeline): argument 1 of 'ov' is 'add' (expected located immediately prior, but isn't): 0 (../nanojit/LIR
Assertion failed: LIR structure error (end of writer pipeline): in instruction with opcode: ov argument 1 has opcode: add it should be: located immediately prior, but isn't One way to debug this: change the failing NanoAssertMsgf(0, ...) call to a printf(...) call and rerun with verbose output. If you're lucky, this error message will appear before the block containing the erroneous instruction. : 0 (../nanojit/LIR.cpp:2339) I get this multi-line assertion occasionally in jsfunfuzz but have been unable to get a reproducible testcase. This did not used to happen in previous TM revisions. http://hg.mozilla.org/tracemonkey/file/3c3b005de959/js/src/nanojit/LIR.cpp#l2339
14 years ago
This isn't as bad as it first seems. 1. The bad news is that this problem has probably been around for a while. LIR structure checking was recently added (bug 463137). It didn't introduce the problem, it just gave us a way to identify it. Furthermore, without a test case it's unclear what the effect will be; it could be a correctness bug and/or a performance bug. 'ov' is an overflow check and it must immediately follow an add/sub/mul/neg, otherwise the generated code ends up checking the condition codes when they are in an unknown state, which probably leads to a guard exiting/not exiting more-or-less randomly. This ov-must-immediately-follow-an-arith-op constraint is really nasty and error-prone (see bug 538484 for a similar case). 2. The good news is that 'ov' is slated for removal precisely because it is so error-prone (bug 539874). It's going to be replaced with some less error-prone opcodes. With that change this bug will go away.
Depends on: 539874
14 years ago
Summary: TM: LIR structure error assertion → TM: "Assertion failed: LIR structure error (end of writer pipeline): argument 1 of 'ov' is 'add' (expected located immediately prior, but isn't): 0 (../nanojit/LIR.cpp"
Bug 539874 (which makes this bug go away) is now marked fixed-in-tracemonkey.
Bug 539874 is now RESOLVED FIXED, so this bug is too.
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.