Closed
Bug 858083
Opened 12 years ago
Closed 12 years ago
IonMonkey: (ARM) ARMv6 has some issues with baseline
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
FIXED
mozilla23
| Tracking | Status | |
|---|---|---|
| firefox22 | --- | unaffected |
| firefox23 | --- | fixed |
People
(Reporter: mjrosenb, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: crash, regression, topcrash, Whiteboard: [native-crash][startupcrash][ARMv6][fuzzblocker])
Crash Data
Attachments
(1 file)
|
5.54 KB,
patch
|
jbramley
:
review+
|
Details | Diff | Splinter Review |
The baseline compiler currently explicitly uses MOVW/MOVT, which is problematic because armv6 doesn't have these instructions. Due to a minor clerical error on my part, most, if not all armv7 builds think they are armv6 for purposes of asserting if they can generate movw/movt.
STR
echo 'print("hello world");' | ./js --ion-eager
|
||
Updated•12 years ago
|
Severity: normal → critical
Keywords: regression
OS: Linux → Android
Whiteboard: [native-crash][startupcrash][ARMv6]
Version: unspecified → 23 Branch
|
||
Comment 2•12 years ago
|
||
Where does baseline explicitly reference movw/movt instructions? IIRC the MacroAssembler is used for everything, which should abstract over that..
|
|
||
Updated•12 years ago
|
Blocks: BaselineARM
|
|
||
Updated•12 years ago
|
tracking-fennec: --- → ?
status-firefox22:
--- → unaffected
status-firefox23:
--- → affected
tracking-firefox23:
--- → ?
|
Reporter | |
Comment 4•12 years ago
|
||
This doesn't fix BC completely on ARM, expect another bug shortly.
Attachment #733821 -
Flags: review?(Jacob.Bramley)
|
||
Updated•12 years ago
|
Whiteboard: [native-crash][startupcrash][ARMv6] → [native-crash][startupcrash][ARMv6][fuzzblocker]
|
||
Comment 5•12 years ago
|
||
Comment on attachment 733821 [details] [diff] [review]
/home/mjrosenb/patches/fixBC_ARMv6-r0.patch
Review of attachment 733821 [details] [diff] [review]:
-----------------------------------------------------------------
Minor changes only, as discussed.
::: js/src/ion/arm/MacroAssembler-arm.cpp
@@ +3268,2 @@
> addPendingJump(bo, target->raw(), Relocation::IONCODE);
> + ma_movPatchable(Imm32(uint32_t(target->raw())), ScratchRegister, Always, L_LDR);
As discussed, this should use MOVW/T on ARMv7.
::: js/src/ion/arm/MacroAssembler-arm.h
@@ +563,5 @@
> // this instruction.
> CodeOffsetLabel toggledCall(IonCode *target, bool enabled);
>
> static size_t ToggledCallSize() {
> // Size of a movw, movt, nop/blx instruction.
The comment needs to be updated to match.
@@ +564,5 @@
> CodeOffsetLabel toggledCall(IonCode *target, bool enabled);
>
> static size_t ToggledCallSize() {
> // Size of a movw, movt, nop/blx instruction.
> + return 8;
As discussed, this size will change for ARMv7, where MOVW/MOVT is used.
Attachment #733821 -
Flags: review?(Jacob.Bramley) → review+
|
|
Reporter | |
Comment 6•12 years ago
|
||
|
||
Comment 7•12 years ago
|
||
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla23
|
|
||
Updated•12 years ago
|
|
||
Updated•12 years ago
|
|
|
||
Updated•12 years ago
|
tracking-firefox23:
+ → ---
|
||
Updated•11 years ago
|
tracking-fennec: ? → ---
You need to log in
before you can comment on or make changes to this bug.
Description
•