Closed
Bug 609393
Opened 14 years ago
Closed 13 years ago
resourceConsistencyCheck x87 stack assert can fire
Categories
(Tamarin Graveyard :: Virtual Machine, defect, P3)
Tracking
(Not tracked)
RESOLVED
FIXED
Q4 11 - Anza
People
(Reporter: stejohns, Assigned: wmaddox)
Details
(Whiteboard: WE:2801964,assertion-failure,fixed-in-nanojit,fixed-in-tamarin,fixed-in-tracemonkey)
Attachments
(1 file, 3 obsolete files)
5.93 KB,
patch
|
Details | Diff | Splinter Review |
Steps: -- use tamarin-redux in a Flash Win32 Standalone Debug non-Debugger build -- open http://help.adobe.com/en_US/flex/using/movies/SparkTextAreaControl.swf -- get an assert, fpuStckChk == -2 while jitting flashx.textLayout.property::NumberOrPercentProperty/computeActualPropertyValue
Reporter | ||
Comment 1•14 years ago
|
||
Note that I inserted extra output for FPU_PSH and FPU_POP to show where push/pop occurs.
Reporter | ||
Comment 2•14 years ago
|
||
Observation: we always do fpu_push/fpu_pop around CALL() if the return type is "d", but this is really only correct if the calling convention returns in FST0; in at least one case here we are getting the return in xmm0, which shouldn't trigger the push/pop. (Not sure if this is causing the assert.)
Comment 3•14 years ago
|
||
Michelle is seeing the following fire: NanoAssert((_allocator.active[FST0] && _fpuStkDepth == -1) || (!_allocator.active[FST0] && _fpuStkDepth == 0)); NanoAssertMsgf(_fpuStkDepth == 0,"_fpuStkDepth %d\n",_fpuStkDepth); against; http://www.google.com/finance?q=NYSE:RIG
Comment 4•13 years ago
|
||
also reported http://watsonexp.corp.adobe.com/#bug=2801964
Targeting for Serrano. Fixing failing assertions is a priority so we can enable assertions during all Player testing.
Depends on: Andre
Flags: flashplayer-qrb?
Flags: flashplayer-injection-
Flags: flashplayer-bug+
Priority: -- → P3
Whiteboard: WE:2801964, assertion-failure
Target Milestone: --- → Q3 11 - Serrano
Updated•13 years ago
|
Assignee: nobody → rreitmai
Updated•13 years ago
|
Assignee: rreitmai → wmaddox
Comment 6•13 years ago
|
||
We believe the assert is firing due to bad accounting and that there is not an issue with the underlying code that the assert is attempting to protect. This is not a given, so it probably doesn't make sense to completely defeat the assert. So instead this patch restricts it to fire only on architectures where we are actually generating non-sse2 (i.e. fpu) instructions, then at least we're clearing out some of the false-positive noise.
Attachment #533429 -
Flags: review?(wmaddox)
Assignee | ||
Comment 7•13 years ago
|
||
Comment on attachment 533429 [details] [diff] [review] disable assert on sse2 machines Review of attachment 533429 [details] [diff] [review]: ----------------------------------------------------------------- This looks good to me. It is unlikely that any routine engineering or testing is being done on non-sse2 capable machines anymore. Note that it would be wise to continue avmshell testing with the assertion in place, which can be done with the -nosse flag on the avmshell command line. Are we testing a -nosse configuration in our automated testing?
Attachment #533429 -
Flags: review?(wmaddox) → review+
Comment 8•13 years ago
|
||
Note that we don't need old hardware to test this code, you just have to turn off sse2 support. plus, sse2-capable x86-32 machines still use FST(0) for return values, and so this logic should be fixed asap.
Comment 9•13 years ago
|
||
Analysis showed that the assert in resourceConsistencyCheck() was firing due to the code not resetting fpuStkDepth in the case of LIR_ret (see asm_jmp for a similar treatment).
Assignee: wmaddox → rreitmai
Attachment #488011 -
Attachment is obsolete: true
Attachment #533429 -
Attachment is obsolete: true
Status: NEW → ASSIGNED
Attachment #534132 -
Flags: review?(wmaddox)
Assignee | ||
Comment 10•13 years ago
|
||
Comment on attachment 534132 [details] [diff] [review] ver1 Review of attachment 534132 [details] [diff] [review]: ----------------------------------------------------------------- The substance of the fix is treating the unreachability of the code following a return in the same way as code following an unconditional branch, which is clearly needed and uncontroversial. It's also nice to see some more platform-specific code migrate out of Assembler.cpp, with another #ifdef biting the dust.
Attachment #534132 -
Flags: review?(wmaddox) → review+
Comment 11•13 years ago
|
||
what actually landed for posterity.
Attachment #534132 -
Attachment is obsolete: true
Comment 12•13 years ago
|
||
rreitmai http://hg.mozilla.org/projects/nanojit-central/rev/87a15611dc19
Whiteboard: WE:2801964, assertion-failure → WE:2801964,assertion-failure,fixed-in-nanojit
Comment 13•13 years ago
|
||
changeset: 6333:2fec52cc4356 user: Rick Reitmaier <rreitmai@adobe.com> summary: Bug 609393 - resourceConsistencyCheck x87 stack assert can fire (r+wmaddox) http://hg.mozilla.org/tamarin-redux/rev/2fec52cc4356
Assignee | ||
Updated•13 years ago
|
Whiteboard: WE:2801964,assertion-failure,fixed-in-nanojit → WE:2801964,assertion-failure,fixed-in-nanojit,fixed-in-tamarin
Comment 14•13 years ago
|
||
Bill, can we close this bug? Removing Andre blocker.
Assignee: rreitmai → wmaddox
No longer depends on: Andre
Assignee | ||
Comment 15•13 years ago
|
||
The issue is resolved for Tamarin. We keep nanojit bugs open until Mozilla has confirmed that fix has made it into Tracemonkey. I've added Nick to the CC list.
Comment 16•13 years ago
|
||
Oh, I must have missed marking this one: http://hg.mozilla.org/tracemonkey/rev/a163ff4b8bf1
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Whiteboard: WE:2801964,assertion-failure,fixed-in-nanojit,fixed-in-tamarin → WE:2801964,assertion-failure,fixed-in-nanojit,fixed-in-tamarin,fixed-in-tracemonkey
You need to log in
before you can comment on or make changes to this bug.
Description
•