Closed Bug 1001222 Opened 10 years ago Closed 10 years ago

Assertion failure: v.isUndefined(), at jsnum.cpp

Categories

(Core :: JavaScript Engine: JIT, defect)

x86_64
macOS
defect
Not set
critical

Tracking

()

RESOLVED FIXED
mozilla31

People

(Reporter: gkw, Assigned: shu)

References

Details

(Keywords: assertion, regression, testcase, Whiteboard: [jsbugmon:update])

Attachments

(2 files)

Attached file stack
function f(x, y) {
    return +(x ? x : y), y >>> 0
}
f(0, -0)
f(0, 2147483649)

asserts js debug shell on m-c changeset 5ecd532a167e with --ion-parallel-compile=off --ion-eager at Assertion failure: v.isUndefined(), at jsnum.cpp

My configure flags are:

CC="clang -Qunused-arguments" CXX="clang++ -Qunused-arguments" AR=ar sh /Users/skywalker/trees/mozilla-central/js/src/configure --target=x86_64-apple-darwin12.5.0 --enable-optimize --enable-debug --enable-profiling --enable-gczeal --enable-debug-symbols --disable-tests --with-ccache --enable-threadsafe <other NSPR options>

autoBisect shows this is probably related to the following changeset:

The first bad revision is:
changeset:   http://hg.mozilla.org/mozilla-central/rev/d34458e80bcb
user:        Shu-yu Guo
date:        Thu Apr 24 01:59:36 2014 -0700
summary:     Bug 716647 - Part 1: Introduce JS_OPTIMIZED_OUT magic for optimized out slots and teach Debugger about them. (r=jandem)

Shu-yu, is bug 716647 a likely regressor?
Flags: needinfo?(shu)
Ooh, the first real bug found by using a magic value instead of undefined.
Flags: needinfo?(shu)
Preexisting bug.
Attachment #8412332 - Flags: review?(jdemooij)
Assignee: nobody → shu
Status: NEW → ASSIGNED
Comment on attachment 8412332 [details] [diff] [review]
Implicitly use operands to JSOP_POS

Review of attachment 8412332 [details] [diff] [review]:
-----------------------------------------------------------------

Good catch.
Attachment #8412332 - Flags: review?(jdemooij) → review+
https://hg.mozilla.org/mozilla-central/rev/e50c224f30a7
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Flags: in-testsuite+
Resolution: --- → FIXED
Target Milestone: --- → mozilla31
You need to log in before you can comment on or make changes to this bug.