Closed Bug 583731 Opened 14 years ago Closed 14 years ago

misc/testJitOrDie testcase is causing an assert in nanojit::LInsPrinter::formatRef()

Categories

(Tamarin Graveyard :: Baseline JIT (CodegenLIR), defect)

Product:
Tamarin Graveyard
Component:
Baseline JIT (CodegenLIR)
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
VERIFIED FIXED

People

(Reporter: brbaker, Assigned: rreitmai)

Details

Attachments

(2 files)

gdb stacktrace
7.10 KB, text/plain
Details
v1
1.11 KB, patch
edwsmith
: review+
Details | Diff | Splinter Review
Attached file gdb stacktrace 
gdb $AVM misc/testJitordieSwitch.abc

Reason: KERN_INVALID_ADDRESS at address: 0x0000000000000018
0x000000010014b7fb in nanojit::LInsPrinter::formatRef (this=0x0, buf=0x7fff5fbfd3f0, ref=0x101267e40, showImmValue=true) at /Users/brbaker/hg/tamarin-redux/nanojit/LIR.cpp:1680
1680	        const char* name = lirNameMap->lookupName(ref);
Flags: flashplayer-triage+
Flags: flashplayer-qrb?
This failure was injected in recent nanojit merge to d8dccd548db136e88ea1a8be0627088b6a78cc78

Testcase passed in tr rev# 4943 and then failed in the next build after the merge tr# 4956
Marking in-testsuite? so that the testcase is re-enabled in the deep phase once this issue is resolved. Testcase was removed from deep testing in tamarin-redux changeset 4977:e3a2c970a774
Flags: in-testsuite?
Attached patch v1Splinter Review 
This only occurs in debug builds correct?

The problem is that ValidateWriter is trying to complain (i.e. print) about an AccSet (non)issue.  

accSet is set to VARS but CseFilter decided to split the store into 2 instructions since disp > 16bits resulting in a different value of 'base' than what ValidateWriter is checking against.

Patch teaches ValidateWriter.checkAccSet how to peek under the hood for a LIR_addp.
Assignee: nobody → rreitmai
Attachment #468534 - Flags: review?(edwsmith)
Comment on attachment 468534 [details] [diff] [review]
v1

Logically fine, but would be better to use && instead of a conditional:

bool isVars = (base == vars) || 
              (base->opcode() == LIR_addp && base->oprnd1() == vars);

R+ with that fixed.
Attachment #468534 - Flags: review?(edwsmith) → review+
(In reply to comment #3)
> Created attachment 468534 [details] [diff] [review]
> v1
> 
> This only occurs in debug builds correct?
 Yes only seen on debug builds, nondebug builds are still executing cleanly.
http://hg.mozilla.org/tamarin-redux/rev/467cdedf877d
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
Re-enable testcase misc/testJitordieSwitch testcase in changeset 5112:929bfbe908a9
Status: RESOLVED → VERIFIED
Flags: in-testsuite?
Flags: in-testsuite+
Flags: flashplayer-qrb?
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: