Set frame pointer correctly in arm64 EnterJit trampoline
Categories
(Core :: JavaScript Engine: JIT, task, P3)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox103 | --- | fixed |
People
(Reporter: jandem, Assigned: jandem)
References
Details
Attachments
(1 file)
|
(deleted),
text/x-phabricator-request
|
Details |
masm.push(r29, r30);
masm.moveStackPtrTo(r29);
This is incorrect because it ends up pushing r29 first and r30 second:
stp x30, x29, [sp, #-16]!
mov x29, sp
|
Assignee | |
Comment 1•2 years ago
|
||
We were generating:
stp x30, x29, [sp, #-16]!
mov x29, sp
The standard frame prologue has x29 and x30 reversed.
|
|
Assignee | |
Comment 2•2 years ago
|
||
Markus, I'm curious if this patch makes a difference for you? Should probably disable Ion/Warp until bug 1770366 is in.
I can also just land this patch first if that's easier for you.
|
||
Comment 3•2 years ago
|
||
I just kicked off a local build with this patch, will let you know once it's done!
|
|
||
Comment 4•2 years ago
|
||
No, this patch does not appear to fix it. Profile with javascript.options.ion set to false and this bug's patch applied on top of c2f2df823a07: https://share.firefox.dev/3H5m5Yc
If you expand the sidebar, select the "start" frame at the bottom of the "good" stacks, and then expand the JavaScript category in the sidebar, you can see that there is no time spent in Baseline under the good stacks.
|
|
Assignee | |
Comment 5•2 years ago
|
||
As mentioned on Matrix, I updated the patch: we were clobbering the frame pointer elsewhere in EnterJit :/
|
|
||
Comment 6•2 years ago
|
||
It works!! 🎉🎉🎉
|
|
Assignee | |
Comment 7•2 years ago
|
||
(In reply to Markus Stange [:mstange] from comment #6)
It works!! 🎉🎉🎉
Thanks for testing! Hopefully this will also give us much better stack traces for crashes/debugging :)
|
||
Comment 9•2 years ago
|
||
| bugherder | ||
Description
•