0x7CFE
commented
11 years ago Check is required to prove that crash is not related to strict aliasing.
Closed 0x7CFE closed 9 years ago
0x7CFE
commented
11 years ago Check is required to prove that crash is not related to strict aliasing.
kpp
commented
11 years ago c97026e2c27dc5cfd06e790a2771dd86ec0be061 proves that the problem is in -O3 + -march=native or -mtune=native.
kpp
commented
10 years ago The code works fine with:
-fno-tree-vectorizevoid TObject::putField(uint32_t index, TObject* value) __attribute__ ((noinline)) { fields[index] = value; }0x7CFE
commented
9 years ago It seem that the actual cause is related to the way JIT handles deferred values. In particular, method List>>insert:onCondition: contains the following bytecode sequence:
0075 PushTemporary 0
0076 PushLiteral 9
0077 PushArgument 1
0078 PushConstant nil
0079 MarkArguments 3
0080 SendMessage value:next:
0081 MarkArguments 2
0082 SendMessage next:
0083 DoSpecial popTop
0084 PushArgument 1Naïve implementation of value deferring may distort the effective value of the PushTemporary at offset 75. That stack value is used in the MarkArguments at offset 81, i.e. after SendMessage which may store different value to the temporary 0. Therefore, deferred load in such context is illegal and should be avoided.
Prior to defer the value we must prove that actual variable value is not changed on the execution path between logic store site and actual load. This is possible only after full type inference of all affected methods.
0x7CFE
commented
9 years ago Oops, missed the fact that the bug appears in the soft VM mode. Still, recently discovered problem should have it's issue declared.
This happens when sort benchmark is run in soft VM mode compiled with -O3 -march=native -mtune=native.
Affected Revision: 6bb30af Base Revision: unknown