Closed
Bug 1976799
Opened 4 months ago
Closed 4 months ago
MacroAssembler-riscv64: "Assertion failure: IsAddi(*reinterpret_cast<Instr*>(inst1))" in MacroAssembler::patchSub32FromStackPtr
Categories
(Core :: JavaScript Engine: JIT, defect, P3)
Core
JavaScript Engine: JIT
Tracking
()
RESOLVED
FIXED
142 Branch
| Tracking | Status | |
|---|---|---|
| firefox142 | --- | fixed |
People
(Reporter: csmantle, Assigned: csmantle)
References
(Blocks 1 open bug)
Details
Attachments
(1 file)
When running jit-test "wasm/spec/spec/ref_test.wast.js", an assert is fired in MacroAssembler::patchSub32FromStackPtr. This is most likely due to the pointer arithmetic here and here. AssemblerBuffers are made up of slices and not contiguous. Invoking AssemblerBuffer::getInst is necessary to get the correct instruction, but not raw pointer arithmetic.
[16548] Assertion failure: IsAddi(*reinterpret_cast<Instr*>(inst1)), at D:/Workspace/gecko-dev/js/src\jit/riscv64/MacroAssembler-riscv64-inl.h:1866
#01: js::jit::MacroAssembler::patchSub32FromStackPtr (D:\Workspace\gecko-dev\js\src\jit\riscv64\MacroAssembler-riscv64-inl.h:1866)
#02: js::wasm::ModuleGenerator::linkCompiledCode (D:\Workspace\gecko-dev\js\src\wasm\WasmGenerator.cpp:569)
#03: js::wasm::ModuleGenerator::finishTask (D:\Workspace\gecko-dev\js\src\wasm\WasmGenerator.cpp:728)
#04: js::wasm::ModuleGenerator::finishFuncDefs (D:\Workspace\gecko-dev\js\src\wasm\WasmGenerator.cpp:849)
#05: DecodeCodeSection<js::wasm::Decoder,js::wasm::ModuleGenerator> (D:\Workspace\gecko-dev\js\src\wasm\WasmCompile.cpp:952)
#06: js::wasm::CompileBuffer (D:\Workspace\gecko-dev\js\src\wasm\WasmCompile.cpp:1001)
#07: js::WasmModuleObject::construct (D:\Workspace\gecko-dev\js\src\wasm\WasmJS.cpp:1655)
#08: CallJSNative (D:\Workspace\gecko-dev\js\src\vm\Interpreter.cpp:501)
#09: CallJSNativeConstructor (D:\Workspace\gecko-dev\js\src\vm\Interpreter.cpp:519)
#10: InternalConstruct (D:\Workspace\gecko-dev\js\src\vm\Interpreter.cpp:725)
#11: js::Interpret (D:\Workspace\gecko-dev\js\src\vm\Interpreter.cpp:3272)
#12: js::RunScript (D:\Workspace\gecko-dev\js\src\vm\Interpreter.cpp:471)
#13: js::ExecuteKernel (D:\Workspace\gecko-dev\js\src\vm\Interpreter.cpp:866)
#14: js::Execute (D:\Workspace\gecko-dev\js\src\vm\Interpreter.cpp:895)
#15: ExecuteScript (D:\Workspace\gecko-dev\js\src\vm\CompilationAndEvaluation.cpp:593)
#16: JS_ExecuteScript (D:\Workspace\gecko-dev\js\src\vm\CompilationAndEvaluation.cpp:618)
#17: RunFile (D:\Workspace\gecko-dev\js\src\shell\js.cpp:1316)
#18: Process (D:\Workspace\gecko-dev\js\src\shell\js.cpp:2043)
#19: Shell (D:\Workspace\gecko-dev\js\src\shell\js.cpp:12074)
#20: main (D:\Workspace\gecko-dev\js\src\shell\js.cpp:12477)
#21: __scrt_common_main_seh (D:\a\_work\1\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:288)
#22: BaseThreadInitThunk[C:\WINDOWS\System32\KERNEL32.DLL +0x2e8d7]
#23: RtlUserThreadStart[C:\WINDOWS\SYSTEM32\ntdll.dll +0x3c34c]
Exit code: 2147483651
FAIL - wasm\spec\spec\ref_test.wast.js
[11721| 4| 1| 703] 91% ==================================> | 209.5s
[19668] Assertion failure: IsAddi(*reinterpret_cast<Instr*>(inst1)), at D:/Workspace/gecko-dev/js/src\jit/riscv64/MacroAssembler-riscv64-inl.h:1866
#01: js::jit::MacroAssembler::patchSub32FromStackPtr (D:\Workspace\gecko-dev\js\src\jit\riscv64\MacroAssembler-riscv64-inl.h:1866)
#02: js::wasm::ModuleGenerator::linkCompiledCode (D:\Workspace\gecko-dev\js\src\wasm\WasmGenerator.cpp:569)
#03: js::wasm::ModuleGenerator::finishTask (D:\Workspace\gecko-dev\js\src\wasm\WasmGenerator.cpp:728)
#04: js::wasm::ModuleGenerator::finishFuncDefs (D:\Workspace\gecko-dev\js\src\wasm\WasmGenerator.cpp:849)
#05: DecodeCodeSection<js::wasm::Decoder,js::wasm::ModuleGenerator> (D:\Workspace\gecko-dev\js\src\wasm\WasmCompile.cpp:952)
#06: js::wasm::CompileBuffer (D:\Workspace\gecko-dev\js\src\wasm\WasmCompile.cpp:1001)
#07: js::WasmModuleObject::construct (D:\Workspace\gecko-dev\js\src\wasm\WasmJS.cpp:1655)
#08: CallJSNative (D:\Workspace\gecko-dev\js\src\vm\Interpreter.cpp:501)
#09: CallJSNativeConstructor (D:\Workspace\gecko-dev\js\src\vm\Interpreter.cpp:519)
#10: InternalConstruct (D:\Workspace\gecko-dev\js\src\vm\Interpreter.cpp:725)
#11: js::Interpret (D:\Workspace\gecko-dev\js\src\vm\Interpreter.cpp:3272)
#12: js::RunScript (D:\Workspace\gecko-dev\js\src\vm\Interpreter.cpp:471)
#13: js::ExecuteKernel (D:\Workspace\gecko-dev\js\src\vm\Interpreter.cpp:866)
#14: js::Execute (D:\Workspace\gecko-dev\js\src\vm\Interpreter.cpp:895)
#15: ExecuteScript (D:\Workspace\gecko-dev\js\src\vm\CompilationAndEvaluation.cpp:593)
#16: JS_ExecuteScript (D:\Workspace\gecko-dev\js\src\vm\CompilationAndEvaluation.cpp:618)
#17: RunFile (D:\Workspace\gecko-dev\js\src\shell\js.cpp:1316)
#18: Process (D:\Workspace\gecko-dev\js\src\shell\js.cpp:2043)
#19: Shell (D:\Workspace\gecko-dev\js\src\shell\js.cpp:12074)
#20: main (D:\Workspace\gecko-dev\js\src\shell\js.cpp:12477)
#21: __scrt_common_main_seh (D:\a\_work\1\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:288)
#22: BaseThreadInitThunk[C:\WINDOWS\System32\KERNEL32.DLL +0x2e8d7]
#23: RtlUserThreadStart[C:\WINDOWS\SYSTEM32\ntdll.dll +0x3c34c]
Exit code: 2147483651
FAIL - wasm\spec\spec\ref_test.wast.js
[11721| 5| 1| 703] 91% ==================================> | 209.5s
[26432] Assertion failure: IsAddi(*reinterpret_cast<Instr*>(inst1)), at D:/Workspace/gecko-dev/js/src\jit/riscv64/MacroAssembler-riscv64-inl.h:1866
#01: js::jit::MacroAssembler::patchSub32FromStackPtr (D:\Workspace\gecko-dev\js\src\jit\riscv64\MacroAssembler-riscv64-inl.h:1866)
#02: js::wasm::ModuleGenerator::linkCompiledCode (D:\Workspace\gecko-dev\js\src\wasm\WasmGenerator.cpp:569)
#03: js::wasm::ModuleGenerator::finishTask (D:\Workspace\gecko-dev\js\src\wasm\WasmGenerator.cpp:728)
#04: js::wasm::ModuleGenerator::finishFuncDefs (D:\Workspace\gecko-dev\js\src\wasm\WasmGenerator.cpp:849)
#05: DecodeCodeSection<js::wasm::Decoder,js::wasm::ModuleGenerator> (D:\Workspace\gecko-dev\js\src\wasm\WasmCompile.cpp:952)
#06: js::wasm::CompileBuffer (D:\Workspace\gecko-dev\js\src\wasm\WasmCompile.cpp:1001)
#07: js::WasmModuleObject::construct (D:\Workspace\gecko-dev\js\src\wasm\WasmJS.cpp:1655)
#08: CallJSNative (D:\Workspace\gecko-dev\js\src\vm\Interpreter.cpp:501)
#09: CallJSNativeConstructor (D:\Workspace\gecko-dev\js\src\vm\Interpreter.cpp:519)
#10: InternalConstruct (D:\Workspace\gecko-dev\js\src\vm\Interpreter.cpp:725)
#11: js::Interpret (D:\Workspace\gecko-dev\js\src\vm\Interpreter.cpp:3272)
#12: js::RunScript (D:\Workspace\gecko-dev\js\src\vm\Interpreter.cpp:471)
#13: js::ExecuteKernel (D:\Workspace\gecko-dev\js\src\vm\Interpreter.cpp:866)
#14: js::Execute (D:\Workspace\gecko-dev\js\src\vm\Interpreter.cpp:895)
#15: ExecuteScript (D:\Workspace\gecko-dev\js\src\vm\CompilationAndEvaluation.cpp:593)
#16: JS_ExecuteScript (D:\Workspace\gecko-dev\js\src\vm\CompilationAndEvaluation.cpp:618)
#17: RunFile (D:\Workspace\gecko-dev\js\src\shell\js.cpp:1316)
#18: Process (D:\Workspace\gecko-dev\js\src\shell\js.cpp:2043)
#19: Shell (D:\Workspace\gecko-dev\js\src\shell\js.cpp:12074)
#20: main (D:\Workspace\gecko-dev\js\src\shell\js.cpp:12477)
#21: __scrt_common_main_seh (D:\a\_work\1\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:288)
#22: BaseThreadInitThunk[C:\WINDOWS\System32\KERNEL32.DLL +0x2e8d7]
#23: RtlUserThreadStart[C:\WINDOWS\SYSTEM32\ntdll.dll +0x3c34c]
Exit code: 2147483651
FAIL - wasm\spec\spec\ref_test.wast.js
[12765| 6| 1| 1192] 100% ======================================>| 271.3s
|
Assignee | |
Comment 1•4 months ago
|
||
|
||
Updated•4 months ago
|
Assignee: nobody → webmaster
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Pushed by jdemooij@mozilla.com:
https://github.com/mozilla-firefox/firefox/commit/8a5c59595e8f
https://hg.mozilla.org/integration/autoland/rev/ffaa95081f00
[riscv64] Use AssemblerBuffer::getInst in MacroAssembler::patchSub32FromStackPtr instead of broken pointer arithmetic. r=jandem
|
||
Updated•4 months ago
|
|
||
Comment 3•4 months ago
|
||
| bugherder | ||
Status: ASSIGNED → RESOLVED
Closed: 4 months ago
status-firefox142:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 142 Branch
|
||
Updated•4 months ago
|
QA Whiteboard: [qa-triage-done-c143/b142]
You need to log in
before you can comment on or make changes to this bug.
Description
•