Crash at weird memory address involving -D

RESOLVED FIXED in mozilla34

Status

()

--
critical
RESOLVED FIXED
4 years ago
4 years ago

People

(Reporter: gkw, Assigned: bhackett)

Tracking

(Blocks: 1 bug, {crash, regression, testcase})

Trunk
mozilla34
x86_64
Mac OS X
crash, regression, testcase
Points:
---
Dependency tree / graph
Bug Flags:
qe-verify -

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Reporter)

Description

4 years ago
if (a) {}

crashes js debug shell with --ion-offthread-compile=off --ion-eager -D from https://hg.mozilla.org/mozilla-central/rev/afcb3af79d09 at:

https://ftp.mozilla.org/pub/mozilla.org/firefox/tinderbox-builds/mozilla-central-macosx64-debug/1407382344/jsshell-mac64.zip

===

Process 4186 stopped
* thread #1: tid = 0x19af6, 0x000000010023aa83 js`___lldb_unnamed_function4614$$js + 371, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x30)
    frame #0: 0x000000010023aa83 js`___lldb_unnamed_function4614$$js + 371
js`___lldb_unnamed_function4614$$js + 371:
-> 0x10023aa83:  movq   0x30(%rcx), %rax
   0x10023aa87:  testq  %rax, %rax
   0x10023aa8a:  jne    0x10023aa80               ; ___lldb_unnamed_function4614$$js + 368
   0x10023aa8c:  movq   0x18(%rdx), %rax
(lldb)

(tbpl shells lack symbols)

=== Tinderbox Build Bisection Results by autoBisect ===

The "good" changeset has the timestamp "20140806142715" and the hash "9ff7c80c4790".
The "bad" changeset has the timestamp "20140806143118" and the hash "d052b9190a4c".

Likely regression window: https://hg.mozilla.org/integration/mozilla-inbound/pushloghtml?fromchange=9ff7c80c4790&tochange=d052b9190a4c


This completely blocks fuzzing with -D.

Brian, is bug 1045749 a likely regressor?
Flags: needinfo?(bhackett1024)
(Assignee)

Comment 1

4 years ago
Created attachment 8469331 [details] [diff] [review]
patch
Assignee: nobody → bhackett1024
Attachment #8469331 - Flags: review?(nicolas.b.pierron)
Flags: needinfo?(bhackett1024)
Attachment #8469331 - Flags: review?(nicolas.b.pierron) → review+
https://hg.mozilla.org/mozilla-central/rev/aecbc658ac41
Status: NEW → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla34
Flags: qe-verify-
You need to log in before you can comment on or make changes to this bug.