Closed
Bug 1046688
Opened 10 years ago
Closed 10 years ago
Assertion failure: *ptr == (uintptr_t)expectedData.value, at jit/shared/Assembler-x86-shared.h:1673
Categories
(Core :: JavaScript Engine: JIT, defect)
Tracking
()
RESOLVED
FIXED
mozilla34
Tracking | Status | |
---|---|---|
firefox34 | --- | affected |
People
(Reporter: decoder, Assigned: luke)
Details
(Keywords: assertion, testcase, Whiteboard: [jsbugmon:update,bisect])
Attachments
(2 files)
671 bytes,
text/plain
|
Details | |
5.43 KB,
patch
|
dougc
:
review+
|
Details | Diff | Splinter Review |
The following testcase asserts on mozilla-central revision 005424a764da (run with --fuzzing-safe): enableSPSProfiling(); for (var j = 0; j < 1000; ++j) { (function(stdlib) { "use asm"; var pow = stdlib.Math.pow; function f() { return +pow(.0, .0) } return f; })(this)() }
Reporter | ||
Comment 1•10 years ago
|
||
Reporter | ||
Updated•10 years ago
|
status-firefox34:
--- → affected
Whiteboard: [jsbugmon:update,bisect]
Reporter | ||
Comment 2•10 years ago
|
||
Marked this s-s because of the assertion, Ccing luke because it involves asm.js.
Assignee | ||
Comment 3•10 years ago
|
||
This is just an assertion that became invalid with the addition of the new 'profiling' state: the patched value now has two possible original values.
Group: core-security
Assignee | ||
Comment 4•10 years ago
|
||
Kindof a bit of trouble to find the right original value, but I guess it's worth it and easier than adding a PatchDataWithoutValueCheck.
Comment 5•10 years ago
|
||
Comment on attachment 8465495 [details] [diff] [review] fix-assert Review of attachment 8465495 [details] [diff] [review]: ----------------------------------------------------------------- Looks good.
Attachment #8465495 -
Flags: review?(dtc-moz) → review+
Assignee | ||
Comment 6•10 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/34df51f6221e
Comment 7•10 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/34df51f6221e
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla34
Updated•10 years ago
|
Flags: qe-verify-
You need to log in
before you can comment on or make changes to this bug.
Description
•