Closed Bug 608130 Opened 14 years ago Closed 13 years ago

a few ecma3 tests SegFault with ppc64 jit when compiled with -AS3

Categories

(Tamarin Graveyard :: Baseline JIT (CodegenLIR), defect)

Product:
Tamarin Graveyard
Component:
Baseline JIT (CodegenLIR)
Platform:
PowerPC
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX
Milestone:
Future

People

(Reporter: cpeyer, Assigned: edwsmith)

References

Details

Attachments

(1 file)

gdb stacktrace
5.36 KB, text/plain
Details 
The followin tests segfault on ppc64 non-interp:

ecma3/Boolean/e15_6_4_3_2.abc
ecma3/Boolean/e15_6_4_3_3.abc
ecma3/Expressions/e11_2_1_2.abc
ecma3/Expressions/e11_2_1_5.abc
ecma3/ObjectObjects/e15_2_2_1_rt.abc
ecma3/ObjectObjects/e15_2_1_1_rt.abc
ecma3/TypeConversion/e9_9_1_rt.abc

Result:
Segmentation Fault
exit code: -11

They must be compiled with -AS3.  To do this, move the ecma3/dir.asc_args file to somewhere else temporarily then run the tests using -f.

I can also provide the .abc files if needed.
Flags: flashplayer-triage+
Flags: flashplayer-qrb?
See Also: → 608132
Attached file gdb stacktrace 
This is a stacktrace from running Boolean/e15_6_4_3_2.abc on mac PPC64.

This only happens when the jit is enabled.
This is NOT an injection from the latest NJ merge:
http://hg.mozilla.org/tamarin-redux/rev/12e82003a10d
(In reply to comment #2)
> This is NOT an injection from the latest NJ merge:
> http://hg.mozilla.org/tamarin-redux/rev/12e82003a10d

Same issue also happens in argo version of avmshell (ftp://10.60.48.47/milestones/tamarin-argo/4035-973d551be753/mac/)
These tests are currently passing with the exact-gc patch queue on mac64-ppc. Lars suggested having Edwin take a look at this issue and I will be sending machine/source information to Edwin offlien.

Lars: "That suggests that the bug shows up in part because of heap dynamics, and since those are changing with exact tracing the bug might have hidden itself again.  Might want to ping Edwin about looking for the bug sooner rather than later."
After looking at this some more, it is not true that all of the tests are now passing. They no longer crash the VM, but the vm is now not producing the correct results for all of the tests:

ecma3/Expressions/e11_2_1_2.abc : false.valueOf() =  FAILED! expected: false
  ecma3/Expressions/e11_2_1_2.abc : false.toString() = true FAILED! expected: false
  ecma3/Expressions/e11_2_1_5.abc : false.valueOf() =  FAILED! expected: false
  ecma3/Expressions/e11_2_1_5.abc : false.toString() = true FAILED! expected: false
  ecma3/ObjectObjects/e15_2_1_1_rt.abc : Object(false).valueOf() =  FAILED! expected: false

I have tried to isolate the failing code but it does not appear to fail in the same manner when the code is isolated.
QRB: ping, this needs to be reviewed and targeted as Lars is about to land the exact-gc patch which will alter this issue again.
Assignee: nobody → edwsmith
Status: NEW → ASSIGNED
Flags: flashplayer-qrb? → flashplayer-qrb+
Target Milestone: --- → flash10.x - Serrano
changeset: 5666:0b62f92f7169
user:      Lars T Hansen <lhansen@adobe.com>
summary:   For 608130: skip some tests on non-interp PPC64 because they are simply not stable (r=lhansen)

http://hg.mozilla.org/tamarin-redux/rev/0b62f92f7169
I haven't had any time to look at this, and probably won't for a while.  How important is it?  (its targeted for Serrano, but has no priority set... uh oh).  The looming question is who will be maintaining PPC64.

Do we have good evidence this is PPC64 only and not PPC32?
PPC is no longer supported.
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Flags: flashplayer-injection-
Resolution: --- → WONTFIX
Target Milestone: Q3 11 - Serrano → Future
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: