Closed
Bug 615853
Opened 14 years ago
Closed 10 years ago
Intermittent MIPS crash in nanojit::Assembler::nPatchBranch
Categories
(Core Graveyard :: Nanojit, defect)
Tracking
(Not tracked)
RESOLVED
WONTFIX
flash10.2
People
(Reporter: brbaker, Assigned: chris)
Details
Attachments
(1 file)
|
4.30 KB,
text/plain
|
Details |
There is an intermittent crash that is happening on MIPS when running the following tamarin acceptance test:
ecma3/Statements/eregress_74474_002.as
[Switching to Thread 0x78f000 (LWP 26153)]
0x006643fc in nanojit::Assembler::nPatchBranch (branch=0xaee320e,
target=0x2bb8c838)
at /home/build/buildbot/tamarin-redux/linux-mips/repo/nanojit/NativeMIPS.cpp:1814
Full stacktrace is attached.
The version of nanojit in this tamarin is 1f90e61950c44193ea5a1800c06d7dba8240cfd9
|
Reporter | |
Comment 1•14 years ago
|
||
This does not appear to be a recent injection as I rolled back and tested the past 3 nanojit merges into tamarin, and the line of code that is causing the issue has not been touched since the MIPS backend was submitted.
This issue has most likely existed the entire time.
[Switching to Thread 0x775000 (LWP 26242)]
0x006548ec in nanojit::Assembler::nPatchBranch (branch=0xaee320e,
target=0x2bb8c838)
at /home/build/hg/tamarin-redux/nanojit/NativeMIPS.cpp:1814
1814 uint32_t op = (branch[0] >> 26) & 0x3f;
|
Assignee | |
Comment 2•14 years ago
|
||
It seems like an incorrect address that is suspiciously low and not 4 byte aligned is being passed to nPatchBranch. I will try to reproduce the problem.
|
|
Reporter | |
Comment 3•14 years ago
|
||
Looks like the same error occurs in "ecma3/Statements/eregress_74474_003.as"
|
|
Reporter | |
Updated•14 years ago
|
Flags: flashplayer-triage+
Flags: flashplayer-qrb?
|
||
Comment 4•13 years ago
|
||
Is this still happening? Chris, any luck reproducing?
Assignee: nobody → chris
Status: NEW → ASSIGNED
Flags: flashplayer-qrb? → flashplayer-qrb+
Target Milestone: --- → flash10.2
|
|
Assignee | |
Comment 5•13 years ago
|
||
No, I never reproduced this. The "branch" value is supposed to be a GuardRecord->jmp value. The only place I can see this being assigned is in NativeMIPS.c:nFragExit where it gets a value of _nIns and I can't see how _nIns could get an unaligned value like this.
|
||
Updated•10 years ago
|
Product: Core → Core Graveyard
|
||
Comment 6•10 years ago
|
||
Nanojit has been dead for several years. Its Bugzilla component has been moved to the graveyard (bug 984276). I checked all the open bugs. They're all uninteresting, so I'm WONTFIXing them all. Apologies for the bugspam.
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•