Closed Bug 695652 Opened 13 years ago Closed 13 years ago

Float4 addition across function boundary looses type information when jitted

Categories

(Tamarin Graveyard :: Virtual Machine, defect)

Product:
Tamarin Graveyard
Component:
Virtual Machine
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
VERIFIED FIXED

People

(Reporter: brbaker, Assigned: virgilp)

References

Details

I am not really sure how to describe this bug or what the title should be but here is the code that is not working correctly.

Code:
var typedFoo:float4 = new float4(0f);
var untypedFoo = new float4(0f);

function fooAdd(val) { return val+=float4(1f); }

print(fooAdd(typedFoo));
print(fooAdd(untypedFoo));


Output with rev 224 -Dinterp
   1,1,1,1
   1,1,1,1
   
rev 224 -Ojit
   0,0,1.401298464324817e-45,0
   2.9428725101224056e-38,1.401298464324817e-45,27660106156705055000,4.591634678053128e-41


rev 223 -Dinterp and -Ojit
   1,1,1,1
   1,1,1,1
Flags: in-testsuite+
Flags: flashplayer-triage+
Flags: flashplayer-qrb?
Flags: flashplayer-bug-
Running this sample code in a debug build produces the following assert:

Assertion failed: "((type == (core->traits.object_itraits) || type == (core->traits.numeric_itraits)))" ("../core/CodegenLIR.cpp":2533)

#0  0x00007fff80c080b6 in __kill ()
#1  0x000000010000abde in VMPI_debugBreak () at ../VMPI/MacDebugUtils.cpp:55
#2  0x000000010000aa4c in avmplus::AvmDebugMsg (p=0x10022e4e8 "Assertion failed: \"((type == (core->traits.object_itraits) || type == (core->traits.numeric_itraits)))\" (\"../core/CodegenLIR.cpp\":2533)\n", debugBreak=true) at ../AVMPI/AvmAssert.cpp:69
#3  0x000000010000316e in avmplus::AvmAssertFail (message=0x10022e4e8 "Assertion failed: \"((type == (core->traits.object_itraits) || type == (core->traits.numeric_itraits)))\" (\"../core/CodegenLIR.cpp\":2533)\n") at AvmAssert.h:66
#4  0x000000010000318e in avmplus::_AvmAssertMsg (condition=0, message=0x10022e4e8 "Assertion failed: \"((type == (core->traits.object_itraits) || type == (core->traits.numeric_itraits)))\" (\"../core/CodegenLIR.cpp\":2533)\n") at AvmAssert.h:72
#5  0x00000001000d22c8 in avmplus::CodegenLIR::emitAdd (this=0x7fff5fbfe620, i=3, j=4, type=0x1010b1b68) at ../core/CodegenLIR.cpp:2533
#6  0x00000001000d4564 in avmplus::CodegenLIR::write (this=0x7fff5fbfe620, state=0x1010473b0, pc=0x1012419a2 "?*ւ??\b\002H", opcode=avmplus::ActionBlockConstants::OP_add, type=0x1010b1b68) at ../core/CodegenLIR.cpp:2874
#7  0x000000010015fa79 in avmplus::ScopeWriter::write (this=0x7fff5fbfe330, state=0x1010473b0, pc=0x1012419a2 "?*ւ??\b\002H", opcode=avmplus::ActionBlockConstants::OP_add, type=0x1010b1b68) at ../core/Verifier.cpp:142
#8  0x000000010015cdd0 in avmplus::Verifier::verifyBlock (this=0x7fff5fbfe4b0, start_pos=0x10124199f "?T\001?*ւ??\b\002H") at ../core/Verifier.cpp:2296
#9  0x000000010015eabb in avmplus::Verifier::verify (this=0x7fff5fbfe4b0, emitter=0x7fff5fbfe620) at ../core/Verifier.cpp:862
#10 0x00000001000f0025 in avmplus::BaseExecMgr::verifyCommon (this=0x10103a098, m=0x1012355e8, ms=0x1012cb128, toplevel=0x10100c068, abc_env=0x10126e0a8, coder=0x7fff5fbfe620) at ../core/exec.cpp:459
#11 0x00000001000f2dc6 in avmplus::BaseExecMgr::verifyJit (this=0x10103a098, m=0x1012355e8, ms=0x1012cb128, toplevel=0x10100c068, abc_env=0x10126e0a8, osr=0x0) at ../core/exec-jit.cpp:253
#12 0x00000001000f042e in avmplus::BaseExecMgr::verifyMethod (this=0x10103a098, m=0x1012355e8, toplevel=0x10100c068, abc_env=0x10126e0a8) at ../core/exec.cpp:399
#13 0x00000001000f04c3 in avmplus::BaseExecMgr::verifyOnCall (env=0x1012dfe28) at ../core/exec.cpp:376
#14 0x00000001000f0504 in avmplus::BaseExecMgr::verifyInvoke (env=0x1012dfe28, argc=1, args=0x7fff5fbfeb28) at ../core/exec.cpp:361
#15 0x00000001000dff9c in avmplus::MethodEnv::coerceEnter (this=0x1012dfe28, argc=1, args=0x7fff5fbfeb28) at MethodEnv-inlines.h:154
#16 0x00000001000f971c in avmplus::FunctionObject::call (this=0x1012bfb88, argc=1, argv=0x7fff5fbfeb28) at ../core/FunctionClass.cpp:179
#17 0x00000001000de47f in avmplus::op_call<avmplus::MethodEnv*> (env=0x101220fb8, func=4314626953, argc=1, atomv=0x7fff5fbfeb28) at instr-inlines.h:116
#18 0x00000001012fee8d in ?? ()
#19 0x00000001000eeb77 in avmplus::BaseExecMgr::endCoerce (env=0x101220fb8, argc=0, ap=0x7fff5fbfecd0, ms=0x10126c408) at ../core/exec.cpp:852
#20 0x00000001000efd9f in avmplus::BaseExecMgr::invokeGeneric (env=0x101220fb8, argc=0, atomv=0x7fff5fbfedd0) at ../core/exec.cpp:1053
...
...
Fixed in changelist 228:95ea6249e9c7; you were right after all to reopen the previous bug (this one is caused by an incomplete bugfix)
Virgil, it looks like change 228 is NOT the correct fix, if I rolback to 227 then things work correctly.

Code: 
var flt4:float4 = new float4(1.125f);
var flt4_plus_1:float4 = flt4 + float4(1.0f);

Results -Dinterp and -Ojit:
-Dinterp: VerifyError: Error #1024: Stack underflow occurred.
Fixed in changeset 229:4606f22c5396
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Looks like we are back to normal, marking verified fixed.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.