Closed
Bug 881461
Opened 11 years ago
Closed 11 years ago
Assertion failure: index >= size_t(pcstack.depth()), at jsopcode.cpp
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
FIXED
mozilla24
People
(Reporter: gkw, Assigned: jandem)
References
Details
(Keywords: assertion, regression, testcase, Whiteboard: [jsbugmon:update])
Attachments
(3 files)
for (var n = 0; n < 9; ({ __proto__: z, set c(a) {} }), ++n) { z = Proxy.create({}, (function(){})) } asserts js debug shell on m-c changeset 9115d8b717e1 with --baseline-eager --no-ion at Assertion failure: index >= size_t(pcstack.depth()), at jsopcode.cpp
Updated•11 years ago
|
Whiteboard: [jsbugmon:update,bisect] → [jsbugmon:update]
Comment 1•11 years ago
|
||
JSBugMon: Bisection requested, result: autoBisect shows this is probably related to the following changeset: The first bad revision is: changeset: http://hg.mozilla.org/mozilla-central/rev/005c4f452f1e user: Jan de Mooij date: Thu May 30 18:51:03 2013 +0200 summary: Bug 876670 - Refactor object literal getter/setter bytecode and implement it in the baseline compiler. r=bhackett This iteration took 333.675 seconds to run.
Assignee | ||
Comment 2•11 years ago
|
||
Bleh, INITPROP_GETTER/SETTER and INITELEM_* have to leave the values on the stack for the decompiler.
Assignee: general → jdemooij
Status: NEW → ASSIGNED
Attachment #761347 -
Flags: review?(bhackett1024)
Flags: needinfo?(jdemooij)
Updated•11 years ago
|
Attachment #761347 -
Flags: review?(bhackett1024) → review+
Assignee | ||
Comment 3•11 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/f9e6eb0d5239
Comment 4•11 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/f9e6eb0d5239
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Flags: in-testsuite+
Resolution: --- → FIXED
Target Milestone: --- → mozilla24
Comment 5•11 years ago
|
||
http://www.jetsetter.com/?globalnav_referrer=women shows this assert on windows, linux aurora. mozregression shows nightly was fixed in the time frame this landed on m-c. crashed opt about 5-10% of the time with bad dumps. bp-5b8976c4-9125-47db-a80e-0cbe72130719 bp-cb2c513d-9105-4feb-abaf-cec7f2130719 Is this really fixed on aurora?
Reporter | ||
Comment 6•11 years ago
|
||
> Is this really fixed on aurora? Supposedly, yes: http://hg.mozilla.org/releases/mozilla-aurora/rev/f9e6eb0d5239 shows the patch in comment 4 landed on aurora. Perhaps you're seeing a different bug?
Comment 7•11 years ago
|
||
I saw that. The stack is 'similar' and definitely doesn't involve proxy... A saved version of the page doesn't reproduce unfortunately, so reducing it will be problematic.
You need to log in
before you can comment on or make changes to this bug.
Description
•