Closed Bug 980371 Opened 7 years ago Closed 7 years ago
Assertion failure: false (MOZ
_ASSUME _UNREACHABLE(Bad input type)), at jit/Ion Builder .cpp:6340 or SIGILL
The following testcase asserts on mozilla-central revision 8122ffa9e1aa (run with --fuzzing-safe --ion-eager): var float32x4 = SIMD.float32x4; var a = float32x4(1, 20, 3, 40); var b = float32x4(10, 2, 30, 4); var c = SIMD.float32x4.min(a, b); for (var i = 2 ; i < 8; i++) f();
Crashes with illegal instruction in an opt-build. SIMD is enabled on nightly only and this could be sec-critical, so marking s-s.
Niko, this is a fuzzblocker, can you take a look?
Whiteboard: [jsbugmon:update,bisect] → [jsbugmon:update,bisect][fuzzblocker]
Not setting myself to assigned or asking of review, as this is just a workaround and just redirects to bug 980400, but it will lower the fury of fuzzers. These SIMD patches seem not complete, as we have MIR nodes that are not implemented in the lowering side.
Whiteboard: [jsbugmon:update,bisect][fuzzblocker] → [fuzzblocker] [jsbugmon:update]
JSBugMon: Bisection requested, result: autoBisect shows this is probably related to the following changeset: The first bad revision is: changeset: http://hg.mozilla.org/mozilla-central/rev/7efaabf97f0c user: Haitao Feng date: Tue Mar 04 20:06:26 2014 -0500 summary: Bug 943769 Part 2 -- Set up SIMD inlining infrastructure r=nmatsakis This iteration took 0.973 seconds to run.
Whiteboard: [fuzzblocker] [jsbugmon:update] → [fuzzblocker] [jsbugmon:update,ignore]
JSBugMon: The testcase found in this bug no longer reproduces (tried revision 0dc1be930880).
Since this doesn't reproduce any more, does it need more investigation? Did some SIMD fix land recently?
Nope, the offending patch was backed out. I don't know if Niko wants to use the test here to prevent this incomplete patch from being landed again.
I think we can just close this. The problem is relatively obvious! The patch was incomplete.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.