Closed
Bug 595418
Opened 14 years ago
Closed 11 years ago
JM: Implement a PIC verifier
Categories
(Core :: JavaScript Engine, defect)
Core
JavaScript Engine
Tracking
()
RESOLVED
WONTFIX
People
(Reporter: dmandelin, Unassigned)
References
Details
We know that we can get bugs in PICs, and they are hard to find. They might be responsible for the current topcrash. Here is an idea for finding them: Add a build-time mode that does this: - When we generate a PIC in the compiler, save a copy of the inline PIC code, the out-of-line PIC jitcode, and the PIC struct somewhere else. - When we GC and reset the PIC, verify that it was reset to the same as it was at compile time. "The same" will require a little work to define exactly--for example, it is OK if the slot offset is not reset, because it won't be hit until we repatch the inline path. This will catch bugs from resetting the PIC. We can assert on this. To investigate topcrashes, we could turn this feature on and have it crash in an identifiable way when we go wrong. We might be able to extend this to make sure jumps go to reasonable places as well, even in newly generated stubs, but the idea above is enough of a start for now.
Comment 1•11 years ago
|
||
JM was removed.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•