Closed Bug 595418 Opened 14 years ago Closed 11 years ago

JM: Implement a PIC verifier

Categories

(Core :: JavaScript Engine, defect)

defect
Not set
normal

Tracking

()

RESOLVED WONTFIX

People

(Reporter: dmandelin, Unassigned)

References

Details

We know that we can get bugs in PICs, and they are hard to find. They might be responsible for the current topcrash. Here is an idea for finding them:

Add a build-time mode that does this:

- When we generate a PIC in the compiler, save a copy of the inline PIC code, the out-of-line PIC jitcode, and the PIC struct somewhere else.

- When we GC and reset the PIC, verify that it was reset to the same as it was at compile time. "The same" will require a little work to define exactly--for example, it is OK if the slot offset is not reset, because it won't be hit until we repatch the inline path.

This will catch bugs from resetting the PIC. We can assert on this. To investigate topcrashes, we could turn this feature on and have it crash in an identifiable way when we go wrong.

We might be able to extend this to make sure jumps go to reasonable places as well, even in newly generated stubs, but the idea above is enough of a start for now.
JM was removed.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.