Closed Bug 945860 Opened 12 years ago Closed 12 years ago

Assertion failure: mir->canBeDivideByZero() || (!mir->isUnsigned() && mir->canBeNegativeDividend()), at jit/shared/CodeGenerator-x86-shared.cpp

Categories

(Core :: JavaScript Engine: JIT, defect)

Product:
Core
Component:
JavaScript Engine: JIT
Platform:
x86_64
macOS
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla28

People

(Reporter: gkw, Assigned: sunfish)

References

Details

(Keywords: assertion, regression, testcase)

Attachments

(2 files)

stack
4.19 KB, text/plain
Details
bug945860.patch
1.76 KB, patch
bhackett1024
: review+
Details | Diff | Splinter Review
Attached file stack
function f(x) { x(x % x) } for (var i = 0; i < 9999; i++) { try { (function() { f(1) })() } catch (e) {} } asserts js debug shell on m-c changeset 4bf430d990e5 with --ion-gvn=off at Assertion failure: mir->canBeDivideByZero() || (!mir->isUnsigned() && mir->canBeNegativeDividend()), at jit/shared/CodeGenerator-x86-shared.cpp My configure flags are: CC="clang -Qunused-arguments" AR=ar CXX="clang++ -Qunused-arguments" sh ./configure --target=x86_64-apple-darwin12.5.0 --enable-optimize --enable-debug --enable-profiling --enable-gczeal --enable-debug-symbols --enable-methodjit --enable-type-inference --disable-tests --with-ccache --disable-threadsafe autoBisect shows this is probably related to the following changeset: The first bad revision is: changeset: http://hg.mozilla.org/mozilla-central/rev/6787bcb8ea7e user: Dan Gohman date: Mon Dec 02 13:41:54 2013 -0800 summary: Bug 944963 - IonMonkey: Add a ModSelf operator to fix an x86 constraint problem with x%x. r=bhackett Dan, is bug 944963 a likely regressor?
Flags: needinfo?(sunfish)
(In reply to Gary Kwong [:gkw] [:nth10sd] from comment #0) > Dan, is bug 944963 a likely regressor? Yes. The assert is indicating that an optimization opportunity was missed. The code is using LModSelf when it could use a constant value.
Assignee: general → sunfish
Flags: needinfo?(sunfish)
Attached patch bug945860.patchSplinter Review
For bug 946478, LModSelf and LDivSelf will have to be replaced. For now, this patch fixes a minor issue with LModSelfI: it avoids creating an LModSelfI in a case where it can be avoided, to harmonize with later code that asserts that this has been done.
Attachment #8343118 - Flags: review?(bhackett1024)
Attachment #8343118 - Flags: review?(bhackett1024) → review+
https://hg.mozilla.org/mozilla-central/rev/d648a922f82b
Status: NEW → RESOLVED
Closed: 12 years ago
Flags: in-testsuite+
Resolution: --- → FIXED
Target Milestone: --- → mozilla28
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: