700189 - Assertion failure: addr % Cell::CellSize == 0, at ../../jsgc.h:711

Status: RESOLVED DUPLICATE of bug 684619

(Core :: JavaScript Engine, defect)

Description

[Christian Holler (:decoder)]

The following test asserts on mozilla-central revision 921e1db5cf11 (options -m -n -a):


function referencesVia(from, edge, to) {
    var edges = findReferences(to);
    var alternatives = [];
    for (var e in edges) {
        if (edges[e].indexOf(from) != -1)
        uneval(alternatives);
    }
}
(function f() {
    (f)(referencesVia(arguments, 'callee', f), true);
})();


Marking this s-s because this involves GC. Unless the issue is a bug in the internal "findReferences" function, this should be sg:critical.

Comment 1

[Christian Holler (:decoder)]

This could be a duplicate of 684619, in that case the problem would be internal to findReferences. Someone needs to investigate this and confirm that.

In any case, this and other bugs that might be internal to findReferences should be fixed so the function can be reliably used during testing.

Comment 2

[Daniel Veditz [:dveditz]]

Assuming the worst pending the invetigation finding out it wasn't.

Comment 3

[Gary Kwong [:gkw] [:nth10sd] (NOT official MoCo now)]

This might be related to bug 684619, which has a patch that just landed on mozilla-inbound.

Comment 4

[David Mandelin [:dmandelin]]

This WFM now. Christian, would you mind retesting just to make sure I'm running it right?

Comment 5

[Christian Holler (:decoder)]

(In reply to David Mandelin from comment #4)
> This WFM now. Christian, would you mind retesting just to make sure I'm
> running it right?

I can confirm the WFM, but the test is also wrongly labeled to be 64 bit while it only works on 32 bit. I did a bisect and found out it's indeed a duplicate of bug 684619 which is not s-s.

Comment 6

[LegNeato]

Tracking original.