Closed Bug 614510 Opened 14 years ago Closed 14 years ago

Assertion failure: frame entry NNN wasn't freed

Categories

(Tamarin Graveyard :: Baseline JIT (CodegenLIR), defect, P1)

Product:
Tamarin Graveyard
Component:
Baseline JIT (CodegenLIR)
Platform:
x86_64
Linux
Type:
defect

Tracking

(Not tracked)

Status:
VERIFIED DUPLICATE of bug 609028
Milestone:
flash10.2.x-Spicy

People

(Reporter: jstpierre, Unassigned)

References

Details

Attachments

(1 file)

ABC file
(deleted), application/octet-stream
Details
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:2.0b8pre) Gecko/20101123 Firefox-4.0/4.0b8pre Build Identifier: When running the ABC attached, I get an assertion failure: Assertion failure: frame entry 160 wasn't freed : _entries[i] == __null (/home/jstpierre/Source/tamarin-redux/nanojit/Assembler.cpp:2322) Trace/breakpoint trap Reproducible: Always
Attached file ABC file (deleted) —
It's a nanojit bug: when running with -Dinterp, it works.
Priority: -- → P1
Target Milestone: --- → flash10.2.x-Spicy
The patches of bug 607816 fix this issue, so it appears to be the same root cause. But double checking prior to marking this a dup.
# The following snip-it highlights the issue and was generated by # running a debug debugger version of tamarin with following # flags: -Dverbose=verify,jit,raw,regs # # NOTE due to 'raw' option the code is displayed in reverse order. # i.e. instructions are displayed from physically higher addresses # to lower addresses. # # Looking at the trace below notice how csn is used in B52 (i.e. parameter of callv) # and since control flow from the prior block appears to fall into B52, the # allocator is restoring it along that edge; i.e. lea ecx,-236(ebp) <= restore csn # # This is incorrect since the call to throwAtom from the prior block never # returns and thus there is no fall-through path into B52 or put another # way; we shouldn't have love from that shack. # debugExit1 = callv.all #debugExit ( parami1 csn ) AR 4-144(vars) 148-164(tags) 172-180(methodFrame) 188-236(csn) RR eax(parami1) ecx(csn) 0x... movq -80(ebp),xmm0 std.v vars[64] = i2d1 AR 4-144(vars) 148-164(tags) 172-180(methodFrame) 188-236(csn) RR eax(parami1) ecx(csn) xmm0(i2d1) 0x... cvtsi2sd xmm0,edx 0x... xorpd xmm0,xmm0 i2d1 = i2d icalli2 AR 4-144(vars) 148-164(tags) 172-180(methodFrame) 188-236(csn) RR eax(parami1) ecx(csn) edx(icalli2) 0x... [B52] B52: AR 4-144(vars) 148-164(tags) 172-180(methodFrame) 188-236(csn) RR eax(parami1) ecx(csn) edx(icalli2) 0x... lea ecx,-236(ebp) <= restore csn 0x... mov ebx,-168(ebp) <= restore ebx 0x... mov edx,ebx 0x... mov esi,-184(ebp) <= restore esi 0x... mov eax,esi 0x... add esp,16 0x... call throwAtom 0x... push ...
Marking as duplicate of bug 609028
Status: UNCONFIRMED → RESOLVED
Closed: 14 years ago
Resolution: --- → DUPLICATE
bulk verifying resolved !fixed issues
Status: RESOLVED → VERIFIED
Depends on: 607816
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: