1067984 - crash in js::jit::LazyLinkTopActivation(JSContext*)

Status: RESOLVED FIXED

(Core :: JavaScript Engine: JIT, defect)

Description

[Aaron Train [:aaronmt]]

This bug was filed from the Socorro interface and is 
report bp-1739cc53-a4da-4a67-8c91-2f0652140915.
=============================================================

Comment 1

[Hannes Verschore [:h4writer]]

This is caused by landing of bug 1047346.

Comment 2

[Hannes Verschore [:h4writer]]

Attachment: Disable lazy linking for arm

Quick fix by disabling lazy linking for ARM temporarily. This is because the arm assembly of the lazy link stub is incorrect (as stated by you in bug 1047346 comment 11). I want to address your comments later this week. (After urgent stuff after week PTO is done). But let us remove this crash source.

Comment 3

[Hannes Verschore [:h4writer]]

Comment on attachment 8493262 [details] [diff] [review]
Disable lazy linking for arm

Review of attachment 8493262 [details] [diff] [review]:
-----------------------------------------------------------------

::: js/src/jit/Ion.cpp
@@ +1848,5 @@
>          }
>          if (!builder)
>              break;
>  
> +#if defined(JS_CODEGEN_X86) || defined(JS_CODEGEN_X64)

Add comment:

// TODO bug 1047346: Enable lazy linking for other architectures again by fixing the lazy link stub.

Comment 4

[Marty Rosenberg [:mjrosenb]]

Comment on attachment 8493262 [details] [diff] [review]
Disable lazy linking for arm

Review of attachment 8493262 [details] [diff] [review]:
-----------------------------------------------------------------

Seems straightforward enough.

Comment 5

[Hannes Verschore [:h4writer]]

https://hg.mozilla.org/integration/mozilla-inbound/rev/0c8fa599e889

Comment 6

[Ed Morley [:emorley]]

https://hg.mozilla.org/mozilla-central/rev/0c8fa599e889