Closed
Bug 965728
Opened 10 years ago
Closed 10 years ago
With jits disabled, analysis can force compilation
Categories
(Core :: JavaScript Engine: JIT, defect)
Tracking
()
RESOLVED
FIXED
mozilla30
People
(Reporter: mjrosenb, Assigned: mjrosenb)
Details
Attachments
(1 file)
1.68 KB,
patch
|
jandem
:
review+
|
Details | Diff | Splinter Review |
(gdb) bt 20 #0 js::jit::Assembler::executableCopy (this=0xbeffb078, buffer=0xb64479d8 "") at /home/mjrosenb/src/central/central-assemblerbuffer/js/src/jit/arm/Assembler-arm.cpp:592 #1 0x0024bef8 in js::jit::JitCode::copyFrom (this=0xb614b1f0, masm=...) at /home/mjrosenb/src/central/central-assemblerbuffer/js/src/jit/Ion.cpp:622 #2 0x0022e5d8 in js::jit::Linker::newCode<(js::AllowGC)1> (this=0xbeffbcd8, cx=0x799d58, execAlloc=0x838e78, kind=JSC::BASELINE_CODE) at /home/mjrosenb/src/central/central-assemblerbuffer/js/src/jit/IonLinker.h:63 #3 0x00216fee in js::jit::Linker::newCode<(js::AllowGC)1> (this=0xbeffbcd8, cx=0x799d58, kind=JSC::BASELINE_CODE) at /home/mjrosenb/src/central/central-assemblerbuffer/js/src/jit/IonLinker.h:81 #4 0x001963fc in js::jit::ICStubCompiler::getStubCode (this=0xbeffbd38) at /home/mjrosenb/src/central/central-assemblerbuffer/js/src/jit/BaselineIC.cpp:592 #5 0x001fe5fe in js::jit::ICNewArray_Fallback::Compiler::getStub (this=0xbeffbd38, space=0xbeffcc00) at /home/mjrosenb/src/central/central-assemblerbuffer/js/src/jit/BaselineIC.h:1838 #6 0x0018fa98 in js::jit::BaselineCompiler::emit_JSOP_NEWARRAY (this=0xbeffbf38) at /home/mjrosenb/src/central/central-assemblerbuffer/js/src/jit/BaselineCompiler.cpp:1543 #7 0x0018d5a8 in js::jit::BaselineCompiler::emitBody (this=0xbeffbf38) at /home/mjrosenb/src/central/central-assemblerbuffer/js/src/jit/BaselineCompiler.cpp:810 #8 0x0018a772 in js::jit::BaselineCompiler::compile (this=0xbeffbf38) at /home/mjrosenb/src/central/central-assemblerbuffer/js/src/jit/BaselineCompiler.cpp:95 #9 0x001b6c32 in js::jit::BaselineCompile (cx=0x799d58, script=...) at /home/mjrosenb/src/central/central-assemblerbuffer/js/src/jit/BaselineJIT.cpp:236 #10 0x00258894 in js::jit::AnalyzeNewScriptProperties (cx=0x799d58, fun=0xb6151180, type=0xb615bde0, baseobj=..., initializerList=0xbeffd658) at /home/mjrosenb/src/central/central-assemblerbuffer/js/src/jit/IonAnalysis.cpp:2169 #11 0x003fa140 in CheckNewScriptProperties (cx=0x799d58, type=0xb615bde0, fun=0xb6151180) at /home/mjrosenb/src/central/central-assemblerbuffer/js/src/jsinfer.cpp:3461 #12 0x003fbc08 in js::ExclusiveContext::getNewType (this=0x799d58, clasp=0x7531d8 <JSObject::class_>, proto=..., fun=0xb6151180) at /home/mjrosenb/src/central/central-assemblerbuffer/js/src/jsinfer.cpp:4042 #13 0x004563e6 in js::CreateThisForFunctionWithProto (cx=0x799d58, callee=..., proto=0xb612d070, newKind=js::GenericObject) at /home/mjrosenb/src/central/central-assemblerbuffer/js/src/jsobj.cpp:1540 #14 0x00456622 in js::CreateThisForFunction (cx=0x799d58, callee=..., newKind=js::GenericObject) at /home/mjrosenb/src/central/central-assemblerbuffer/js/src/jsobj.cpp:1570 #15 0x0057a7e4 in js::StackFrame::prologue (this=0x793a60, cx=0x799d58) at /home/mjrosenb/src/central/central-assemblerbuffer/js/src/vm/Stack.cpp:261 #16 0x00522090 in Interpret (cx=0x799d58, state=...) at /home/mjrosenb/src/central/central-assemblerbuffer/js/src/vm/Interpreter.cpp:2671 #17 0x005161dc in js::RunScript (cx=0x799d58, state=...) at /home/mjrosenb/src/central/central-assemblerbuffer/js/src/vm/Interpreter.cpp:421 #18 0x00516e48 in js::ExecuteKernel (cx=0x799d58, script=..., scopeChainArg=..., thisv=..., type=js::EXECUTE_DIRECT_EVAL, evalInFrame=..., result=0x793088) at /home/mjrosenb/src/central/central-assemblerbuffer/js/src/vm/Interpreter.cpp:618 #19 0x000996c4 in EvalKernel (cx=0x799d58, args=..., evalType=DIRECT_EVAL, caller=..., scopeobj=..., pc=0x843888 "{") at /home/mjrosenb/src/central/central-assemblerbuffer/js/src/builtin/Eval.cpp:329 (More stack frames follow...) (gdb) show args Argument list to give program being debugged when it is started is "--no-asmjs --no-baseline --no-ion ./js/game-setup.js". js::jit::AnalyzeNewScriptProperties seems to be the culprit. Patch should be coming soon.
Assignee | ||
Comment 1•10 years ago
|
||
Attachment #8367859 -
Flags: review?(jdemooij)
Comment 2•10 years ago
|
||
Comment on attachment 8367859 [details] [diff] [review] moreDisableJits-r0.patch Review of attachment 8367859 [details] [diff] [review]: ----------------------------------------------------------------- Good catch! ::: js/src/jit/IonAnalysis.cpp @@ +2153,1 @@ > return true; Style nit: multi-line condition so add {} with { on its own line: if (foo || bar) { return true; }
Attachment #8367859 -
Flags: review?(jdemooij) → review+
Assignee | ||
Comment 3•10 years ago
|
||
landed: https://hg.mozilla.org/integration/mozilla-inbound/rev/6245232c114d
Comment 4•10 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/6245232c114d
Assignee: nobody → mrosenberg
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla30
You need to log in
before you can comment on or make changes to this bug.
Description
•