546435 - Verifier and jit-Debugger don't always agree about variable types

Status: VERIFIED FIXED

(Tamarin Graveyard :: Virtual Machine, defect, P2)

Description

[Edwin Smith]

The basic flow through the code is:

1. verifier models the types of an operator
2. verifier calls CodeWriter interface, sometimes passing type information
3. jit genertates code, and saves result Traits* for debugger to use later
4. verifier calls FrameState.setType with the modelled result type

The types from step (3) and (4) sometimes are different, which will cause the debugger to be confusing, best, or possibly crash.  Moreover, sometimes the jit must recompute or guess a type and assert it's guess, because information in the verifier is not passed through the codeWriter interface in step 2.

Comment 1

[Edwin Smith]

The jit has class DebuggerCheck for sanity checking that the expressions in each variable slot have compatible LIR instruction types with the saved Traits*, but it runs in step 3 before the verifier has called FrameState.setType().

Comment 2

[Edwin Smith]

Attachment: Pass verifier-determined result types down into CodeWriter, and use them in the jit.

Comment 3

[Edwin Smith]

Attachment: (v2) Pass verifier-determined result types down into CodeWriter, and use them in the jit.

Pass verifier type information to CodeWriter so the jit can use it directly instead of second guessing.

In a handful of cases, the JIT was not marking the result of an opcode with the same type as the verifier.  This will cause confusion and crashes when debugging, at best.

This patch is slightly bigger than necessary, for consistency's sake: several additional opcodes were updated to pass type to CodeWriter, even though the jit already was using the correct type.

Comment 4

[Edwin Smith]

pushed
http://hg.mozilla.org/tamarin-redux/rev/431a693e1689

Comment 5

[Chris Peyer]

verified in argo