Closed
Bug 945860
Opened 11 years ago
Closed 11 years ago
Assertion failure: mir->canBeDivideByZero() || (!mir->isUnsigned() && mir->canBeNegativeDividend()), at jit/shared/CodeGenerator-x86-shared.cpp
Categories
(Core :: JavaScript Engine: JIT, defect)
Tracking
()
RESOLVED
FIXED
mozilla28
People
(Reporter: gkw, Assigned: sunfish)
References
Details
(Keywords: assertion, regression, testcase)
Attachments
(2 files)
4.19 KB,
text/plain
|
Details | |
1.76 KB,
patch
|
bhackett1024
:
review+
|
Details | Diff | Splinter Review |
function f(x) { x(x % x) } for (var i = 0; i < 9999; i++) { try { (function() { f(1) })() } catch (e) {} } asserts js debug shell on m-c changeset 4bf430d990e5 with --ion-gvn=off at Assertion failure: mir->canBeDivideByZero() || (!mir->isUnsigned() && mir->canBeNegativeDividend()), at jit/shared/CodeGenerator-x86-shared.cpp My configure flags are: CC="clang -Qunused-arguments" AR=ar CXX="clang++ -Qunused-arguments" sh ./configure --target=x86_64-apple-darwin12.5.0 --enable-optimize --enable-debug --enable-profiling --enable-gczeal --enable-debug-symbols --enable-methodjit --enable-type-inference --disable-tests --with-ccache --disable-threadsafe autoBisect shows this is probably related to the following changeset: The first bad revision is: changeset: http://hg.mozilla.org/mozilla-central/rev/6787bcb8ea7e user: Dan Gohman date: Mon Dec 02 13:41:54 2013 -0800 summary: Bug 944963 - IonMonkey: Add a ModSelf operator to fix an x86 constraint problem with x%x. r=bhackett Dan, is bug 944963 a likely regressor?
Flags: needinfo?(sunfish)
Assignee | ||
Comment 1•11 years ago
|
||
(In reply to Gary Kwong [:gkw] [:nth10sd] from comment #0) > Dan, is bug 944963 a likely regressor? Yes. The assert is indicating that an optimization opportunity was missed. The code is using LModSelf when it could use a constant value.
Assignee: general → sunfish
Flags: needinfo?(sunfish)
Assignee | ||
Comment 2•11 years ago
|
||
For bug 946478, LModSelf and LDivSelf will have to be replaced. For now, this patch fixes a minor issue with LModSelfI: it avoids creating an LModSelfI in a case where it can be avoided, to harmonize with later code that asserts that this has been done.
Attachment #8343118 -
Flags: review?(bhackett1024)
Updated•11 years ago
|
Attachment #8343118 -
Flags: review?(bhackett1024) → review+
Assignee | ||
Comment 3•11 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/d648a922f82b
Comment 4•11 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/d648a922f82b
Status: NEW → RESOLVED
Closed: 11 years ago
Flags: in-testsuite+
Resolution: --- → FIXED
Target Milestone: --- → mozilla28
You need to log in
before you can comment on or make changes to this bug.
Description
•