Re: [webkit-dev] want to port JIT to MIPS - cti_op_mod(STUB_ARGS) seg fault

Wed, 22 Apr 2009 11:58:07 -0700 

The cause details are below:
1. original C funtion:
JSValueEncodedAsPointer* JITStubs::cti_op_mod(STUB_ARGS)
{
    BEGIN_STUB_FUNCTION();   //causes seg fault

    JSValuePtr dividendValue = ARG_src1;
    JSValuePtr divisorValue = ARG_src2;

    CallFrame* callFrame = ARG_callFrame;
    double d = dividendValue.toNumber(callFrame);
    JSValuePtr result = jsNumber(ARG_globalData, fmod(d, 
divisorValue.toNumber(callFrame)));
    CHECK_FOR_EXCEPTION_AT_END();
    return JSValuePtr::encode(result);
}
2. On X86:
Dump of assembler code for function _ZN3JSC8JITStubs10cti_op_modEPvz:
0x08141b12 <_ZN3JSC8JITStubs10cti_op_modEPvz+0>:        push   %ebp
0x08141b13 <_ZN3JSC8JITStubs10cti_op_modEPvz+1>:        mov    %esp,%ebp
0x08141b15 <_ZN3JSC8JITStubs10cti_op_modEPvz+3>:        push   %esi
0x08141b16 <_ZN3JSC8JITStubs10cti_op_modEPvz+4>:        push   %ebx
0x08141b17 <_ZN3JSC8JITStubs10cti_op_modEPvz+5>:        sub    $0x70,%esp
0x08141b1a <_ZN3JSC8JITStubs10cti_op_modEPvz+8>:        call   0x80577bc 
<__i686.get_pc_thunk.bx>   //this system call is not exist in MIPS compiled code
0x08141b1f <_ZN3JSC8JITStubs10cti_op_modEPvz+13>:       add    $0xee049,%ebx
0x08141b25 <_ZN3JSC8JITStubs10cti_op_modEPvz+19>:       lea    0xc(%ebp),%eax   
        //1677      BEGIN_STUB_FUNCTION();
0x08141b28 <_ZN3JSC8JITStubs10cti_op_modEPvz+22>:       mov    %eax,-0x1c(%ebp)
0x08141b2b <_ZN3JSC8JITStubs10cti_op_modEPvz+25>:       mov    -0x1c(%ebp),%eax
0x08141b2e <_ZN3JSC8JITStubs10cti_op_modEPvz+28>:       sub    $0x8,%eax
0x08141b31 <_ZN3JSC8JITStubs10cti_op_modEPvz+31>:       mov    %eax,0x4(%esp)
0x08141b35 <_ZN3JSC8JITStubs10cti_op_modEPvz+35>:       lea    -0x24(%ebp),%eax
0x08141b38 <_ZN3JSC8JITStubs10cti_op_modEPvz+38>:       mov    %eax,(%esp)
0x08141b3b <_ZN3JSC8JITStubs10cti_op_modEPvz+41>:       call   0x8148e76 
<StackHack>    //242       ALWAYS_INLINE StackHack(void** location), MIPS 
disasm has no symbols at all
3. On MIPS
Dump of assembler code for function _ZN3JSC8JITStubs10cti_op_modEPvz:
0x006abdb8 <_ZN3JSC8JITStubs10cti_op_modEPvz+0>:        lui     gp,0xf96        
//this segment used on other routines and works
0x006abdbc <_ZN3JSC8JITStubs10cti_op_modEPvz+4>:        addiu   gp,gp,6776
0x006abdc0 <_ZN3JSC8JITStubs10cti_op_modEPvz+8>:        addu    gp,gp,t9
0x006abdc4 <_ZN3JSC8JITStubs10cti_op_modEPvz+12>:       addiu   sp,sp,-88
0x006abdc8 <_ZN3JSC8JITStubs10cti_op_modEPvz+16>:       sw      ra,80(sp)
0x006abdcc <_ZN3JSC8JITStubs10cti_op_modEPvz+20>:       sw      s8,76(sp)
0x006abdd0 <_ZN3JSC8JITStubs10cti_op_modEPvz+24>:       sw      s0,72(sp)
0x006abdd4 <_ZN3JSC8JITStubs10cti_op_modEPvz+28>:       move    s8,sp
0x006abdd8 <_ZN3JSC8JITStubs10cti_op_modEPvz+32>:       sw      gp,16(sp)
0x006abddc <_ZN3JSC8JITStubs10cti_op_modEPvz+36>:       sw      a1,92(s8)
0x006abde0 <_ZN3JSC8JITStubs10cti_op_modEPvz+40>:       sw      a2,96(s8)
0x006abde4 <_ZN3JSC8JITStubs10cti_op_modEPvz+44>:       sw      a3,100(s8)
0x006abde8 <_ZN3JSC8JITStubs10cti_op_modEPvz+48>:       sw      a0,88(s8)
0x006abdec <_ZN3JSC8JITStubs10cti_op_modEPvz+52>:       addiu   v0,s8,92
0x006abdf0 <_ZN3JSC8JITStubs10cti_op_modEPvz+56>:       sw      v0,24(s8)
0x006abdf4 <_ZN3JSC8JITStubs10cti_op_modEPvz+60>:       addiu   v1,s8,32
0x006abdf8 <_ZN3JSC8JITStubs10cti_op_modEPvz+64>:       lw      v0,24(s8)
0x006abdfc <_ZN3JSC8JITStubs10cti_op_modEPvz+68>:       addiu   v0,v0,-8
0x006abe00 <_ZN3JSC8JITStubs10cti_op_modEPvz+72>:       move    a0,v1
0x006abe04 <_ZN3JSC8JITStubs10cti_op_modEPvz+76>:       move    a1,v0
0x006abe08 <_ZN3JSC8JITStubs10cti_op_modEPvz+80>:       lw      t9,-19028(gp)   
  //seg fault here, -19028(gp) not accesible
0x006abe0c <_ZN3JSC8JITStubs10cti_op_modEPvz+84>:       jalr    t9
... no label in MIPS. <StackHack> label shown on X86 but on mips are all 
xxx(gp), may be compiler/gdb not as good as X86 version?

thanks for look at it,
joe


--- On Wed, 4/22/09, x yz <last...@yahoo.com> wrote:

> From: x yz <last...@yahoo.com>
> Subject: Re: [webkit-dev] want to port JIT to MIPS - cti_op_mod(STUB_ARGS) 
> seg fault
> To: "WebKit Development" <webkit-dev@lists.webkit.org>, "Gavin Barraclough" 
> <barraclo...@apple.com>
> Date: Wednesday, April 22, 2009, 8:31 AM
> I use MIPS32EL, VA_LIST call, MIPS pushes function argument
> from left to right. I wrote a simple VA_LIST test it works
> on my box.
> 
> BEGIN_STUB_FUNCTION() cause seg fault due to MIPS uses gp
> reg to read sth.
> I treied to rewrite the code like that:
> JSObject* JITStubs::cti_op_new_func_exp(STUB_ARGS)
> {
>     va_list vl_args; 
>     va_start(vl_args, args);
>     StackHack stackHack(&STUB_RETURN_ADDRESS_SLOT);
>     JSValuePtr dividendValue = va_arg(vl_args, JSC::JSCell*
> );
>     JSValuePtr divisorValue = va_arg(vl_args, JSC::JSCell*
> );
> ...
> }
> 
> Still fail in stackHack(), if I comment out stackHack()
> then fails at va_arg.
> 
> gp is a global register for common/public variables, the
> same usage before I call cti_op_mod() works fine.
> 
> I also tried not use VA_LIST but REGISTER calling
> convention, still fail:
> (gdb) x/2i $at
> 0x6ab500
> <_ZN3JSC8JITStubs10cti_op_modEPPv>:   lui     gp,0xf96
> 0x6ab504
> <_ZN3JSC8JITStubs10cti_op_modEPPv+4>: addiu   gp,gp,9008
> (gdb) x/20i $at
> 0x6ab500
> <_ZN3JSC8JITStubs10cti_op_modEPPv>:   lui     gp,0xf96
> 0x6ab504
> <_ZN3JSC8JITStubs10cti_op_modEPPv+4>: addiu   gp,gp,9008
> 0x6ab508
> <_ZN3JSC8JITStubs10cti_op_modEPPv+8>: addu    gp,gp,t9
> 0x6ab50c
> <_ZN3JSC8JITStubs10cti_op_modEPPv+12>:        addiu   sp,sp,-80
> 0x6ab510
> <_ZN3JSC8JITStubs10cti_op_modEPPv+16>:        sw      ra,72(sp)
> 0x6ab514
> <_ZN3JSC8JITStubs10cti_op_modEPPv+20>:        sw      s8,68(sp)
> 0x6ab518
> <_ZN3JSC8JITStubs10cti_op_modEPPv+24>:        sw      s0,64(sp)
> 0x6ab51c
> <_ZN3JSC8JITStubs10cti_op_modEPPv+28>:        move    s8,sp
> 0x6ab520
> <_ZN3JSC8JITStubs10cti_op_modEPPv+32>:        sw      gp,16(sp)
> 0x6ab524
> <_ZN3JSC8JITStubs10cti_op_modEPPv+36>:        sw      a0,80(s8)
> 0x6ab528
> <_ZN3JSC8JITStubs10cti_op_modEPPv+40>:        lw      v0,80(s8)
> 0x6ab52c
> <_ZN3JSC8JITStubs10cti_op_modEPPv+44>:        addiu   v0,v0,-4
> 0x6ab530
> <_ZN3JSC8JITStubs10cti_op_modEPPv+48>:        addiu   a0,s8,24
> 0x6ab534
> <_ZN3JSC8JITStubs10cti_op_modEPPv+52>:        move    a1,v0
> 0x6ab538
> <_ZN3JSC8JITStubs10cti_op_modEPPv+56>:        lw      t9,-19012(gp)
> 0x6ab53c
> <_ZN3JSC8JITStubs10cti_op_modEPPv+60>:        jalr    t9
> 0x6ab540 <_ZN3JSC8JITStubs10cti_op_modEPPv+64>:       nop
> 0x6ab544
> <_ZN3JSC8JITStubs10cti_op_modEPPv+68>:        lw      gp,16(s8)
> 0x6ab548
> <_ZN3JSC8JITStubs10cti_op_modEPPv+72>:        addiu   v0,s8,32
> 0x6ab54c
> <_ZN3JSC8JITStubs10cti_op_modEPPv+76>:        lw      v1,80(s8)
> (gdb) stepi 14
> 
> Program received signal SIGSEGV, Segmentation fault.
> 0x006ab538 in JSC::JITStubs::cti_op_mod (args=0x2aac9500)
> at
> /home/jdai/depot/mp/mediabase/head/libs/webkit-1.1.1/JavaScriptCore/jit/JITStubs.cpp:1685
> 1685      BEGIN_STUB_FUNCTION();
> 
> another question is that there is no matched va_end() and
> it is a bug.
> thanks a lot for help,
> joe


      
_______________________________________________
webkit-dev mailing list
webkit-dev@lists.webkit.org
http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev

Reply via email to