Closed
Bug 658389
Opened 13 years ago
Closed 13 years ago
MIPS JIT occasionally generates invalid epilogue code
Categories
(Tamarin Graveyard :: Baseline JIT (CodegenLIR), defect, P2)
Tracking
(Not tracked)
RESOLVED
FIXED
Q3 11 - Serrano
People
(Reporter: chris, Assigned: wmaddox)
Details
(Whiteboard: fixed-in-nanojit,fixed-in-tamarin-redux,fixed-in-tracemonkey)
Attachments
(1 file)
407 bytes,
patch
|
wmaddox
:
review+
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.17) Gecko/20110422 Ubuntu/10.10 (maverick) Firefox/3.6.17 Build Identifier: A missing underunProtect allows the jit to generate a jr instruction with a jump instruction in the branch delay slot. Reproducible: Sometimes Steps to Reproduce: Noticed when running the spidermonkey/js1_5/Array/regress-108440.abc acceptance tests, but it could happen any time the code page is switched while the jit is emitting the last 2 instructions of the epilogue code Actual Results: -sh-4.0# $AVM -Ojit spidermonkey/js1_5/Array/regress-108440.abc STATUS: Shouldn't crash trying to add an array as an element of itself Illegal instruction Expected Results: -sh-4.0# $AVM -Ojit spidermonkey/js1_5/Array/regress-108440.abc STATUS: Shouldn't crash trying to add an array as an element of itself = No Crash PASSED!
Reporter | ||
Comment 1•13 years ago
|
||
Reporter | ||
Updated•13 years ago
|
Attachment #533798 -
Flags: review?(wmaddox)
Assignee | ||
Comment 2•13 years ago
|
||
Comment on attachment 533798 [details] [diff] [review] avoid switching code pages when generating epilogue code Review of attachment 533798 [details] [diff] [review]: ----------------------------------------------------------------- This looks good, but please audit the code for other instances of delay slots if you have not done so already.
Attachment #533798 -
Flags: review?(wmaddox) → review+
Assignee | ||
Comment 3•13 years ago
|
||
Assigning to myself, as I don't believe Chris has commit privileges.
Assignee: nobody → wmaddox
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Assignee | ||
Updated•13 years ago
|
Target Milestone: --- → Q3 11 - Serrano
Reporter | ||
Comment 4•13 years ago
|
||
I did check before submitting the patch, but I've looked over it again and think that all of the other cases are covered.
Comment 5•13 years ago
|
||
Bill: Can we land the patch and close the bug?
Assignee | ||
Comment 6•13 years ago
|
||
Pushed to nanojit-central: http://hg.mozilla.org/projects/nanojit-central/rev/9ffbe7d3623c
Whiteboard: fixed-in-nanojit
Comment 7•13 years ago
|
||
changeset: 6335:56cf56416096 user: William Maddox <wmaddox@adobe.com> summary: Bug 658389 - Make sure branch and delay slot remain contiguous in function epilogue [chris@mips.com] (r=wmaddox) http://hg.mozilla.org/tamarin-redux/rev/56cf56416096
Assignee | ||
Updated•13 years ago
|
Whiteboard: fixed-in-nanojit → fixed-in-nanojit,fixed-in-tamarin
Whiteboard: fixed-in-nanojit,fixed-in-tamarin → fixed-in-nanojit,fixed-in-tamarin-redux
Assignee | ||
Comment 8•13 years ago
|
||
Pushed to tamarin-redux-serrano: http://asteam.macromedia.com/hg/tamarin-redux-serrano/rev/52df40f50a27
This can be closed, yes?
Flags: flashplayer-qrb+
Flags: flashplayer-injection-
Flags: flashplayer-bug+
Priority: -- → P2
Whiteboard: fixed-in-nanojit,fixed-in-tamarin-redux → fixed-in-nanojit,fixed-in-tamarin-redux, loose-end
Assignee | ||
Comment 10•13 years ago
|
||
(In reply to Dan Smith from comment #9) > This can be closed, yes? The bug is awaiting confirmation that the nanojit changes have been pulled into Tracemonkey. With respect to Tamarin, the issue is resolved.
Comment 11•13 years ago
|
||
How can we move this along? The patch was submitted in May in Tamarin.
Assignee | ||
Comment 12•13 years ago
|
||
Confirmed patch is in Tracemonkey: http://hg.mozilla.org/tracemonkey/rev/35706009a1e4
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Whiteboard: fixed-in-nanojit,fixed-in-tamarin-redux, loose-end → fixed-in-nanojit,fixed-in-tamarin-redux,fixed-in-tracemonkey
You need to log in
before you can comment on or make changes to this bug.
Description
•