[Webkit-unassigned] [Bug 149061] [ARM] REGRESSION(r189575): It made 2860 tests fail/crash on AArch64 Linux
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Sep 15 02:59:46 PDT 2015
https://bugs.webkit.org/show_bug.cgi?id=149061
--- Comment #5 from Csaba Osztrogonác <ossy at webkit.org> ---
(In reply to comment #3)
> While debugging the callee saves work, I would run into failures on release
> builds that wouldn't reproduce with debug builds. Typically this was due to
> the optimizer making use of callee saves registers in the compiled C++ code.
> If JSC inadvertently stepped on one of those registers, it would only cause
> a problem on release builds.
>
> The first place I would look is in the FTL code. For example, I didn't test
> any of the changes to the Linux specific code in FTLUnwindInfo.cpp. See if
> failing tests work when the FTL is turned off.
>
> One technique that I used to track down these kinds of problems was to add
> back in the saving and restoring of callee saves to the pushCalleeSaves() /
> popCalleeSaves() macros in LowLevelInterpreter.asm and then in
> LowLEvelInterpreter64.asm:doVMEntry, write sentinel numeric values to the
> callee saves registers, e.g. 0x1019 to x19, 0x1020 to x20, ... After
> "makeCall()" in doVMEntry and at the beginning of _handleUncaughtException,
> compare the values with a breakpoint on mismatch. I made a macro to do the
> testing. That did 2 things, first it allowed building with debug. But
> probably more useful was that at any point executing in the JavaScript VMs I
> could look at the registers to see that they had the sentinel values were
> they should. I could also check the CallFrames that we saved the sentinel
> values where appropriate. I'll post a patch with this technique that I used
> for X86-64 debugging.
Thanks for the ideas and the patch for debugging.
I didn't check the FTL code yet, because it is disabled by default on Linux.
I don't know if it works at all, I didn't check it in the latest 4-5 months.
But it seems the bug is in the DFG tier somewhere, because tests pass with
(build time) disabled DFG. (except ~20 tests) And I already managed to catch
register mismatches with the idea you suggested. I'll continue debugging in
the near future.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20150915/0d3b7598/attachment.html>
More information about the webkit-unassigned
mailing list