Closed
Bug 1199581
Opened 9 years ago
Closed 9 years ago
Assertion failure: HasSSE2(), at jit/x86-shared/Assembler-x86-shared.h
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
FIXED
Tracking | Status | |
---|---|---|
firefox43 | --- | affected |
People
(Reporter: gkw, Unassigned)
References
Details
(Keywords: assertion, regression, testcase, Whiteboard: [fuzzblocker][jsbugmon:update])
Attachments
(1 file)
8.55 KB,
text/plain
|
Details |
Object.getOwnPropertyNames(this); asserts js debug shell on m-c changeset 87e23922be37 with --fuzzing-safe --no-threads --no-fpu -D at Assertion failure: HasSSE2(), at jit/x86-shared/Assembler-x86-shared.h Configure options: LD=ld CROSS_COMPILE=1 CC="clang -Qunused-arguments -msse2 -mfpmath=sse -arch i386" RANLIB=ranlib CXX="clang++ -Qunused-arguments -msse2 -mfpmath=sse -arch i386" AS=$CC AR=ar STRIP="strip -x -S" HOST_CC="clang -Qunused-arguments -msse2 -mfpmath=sse" AUTOCONF=/usr/local/Cellar/autoconf213/2.13/bin/autoconf213 HOST_CXX="clang++ -Qunused-arguments -msse2 -mfpmath=sse" sh /Users/skywalker/trees/mozilla-central/js/src/configure --target=i386-apple-darwin9.2.0 --enable-macos-target=10.5 --enable-debug --enable-nspr-build --enable-more-deterministic --with-ccache --enable-gczeal --enable-debug-symbols --disable-tests python -u ~/funfuzz/js/compileShell.py -b "--enable-debug --enable-more-deterministic --enable-nspr-build --32" -r 87e23922be37 === Treeherder Build Bisection Results by autoBisect === The "good" changeset has the timestamp "20150826114205" and the hash "84ff0f8456e79d3c0f297c133e90de81fd75028c". The "bad" changeset has the timestamp "20150826114910" and the hash "8b68a9f000b3cc4c94af015823aa475b9c86c31f". Likely regression window: https://hg.mozilla.org/integration/mozilla-inbound/pushloghtml?fromchange=84ff0f8456e79d3c0f297c133e90de81fd75028c&tochange=8b68a9f000b3cc4c94af015823aa475b9c86c31f Nicolas, is bug 1190446 a likely regressor?
Flags: needinfo?(nicolas.b.pierron)
Reporter | ||
Comment 1•9 years ago
|
||
This completely blocks fuzzing 32-bit builds with --no-fpu and -D.
Whiteboard: [jsbugmon:update] → [fuzzblocker][jsbugmon:update]
Reporter | ||
Comment 2•9 years ago
|
||
(lldb) bt 5 * thread #1: tid = 0x21706a, 0x008d2d76 js-dbg-32-dm-nsprBuild-darwin-87e23922be37`js::jit::AssemblerX86Shared::vaddsd(this=<unavailable>, src1=(reg_ = xmm1, type_ = Single, isInvalid_ = false), src0=(reg_ = xmm0, type_ = Single, isInvalid_ = false), dest=(reg_ = xmm0, type_ = Single, isInvalid_ = false)) + 198 at Assembler-x86-shared.h:2747, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x0) * frame #0: 0x008d2d76 js-dbg-32-dm-nsprBuild-darwin-87e23922be37`js::jit::AssemblerX86Shared::vaddsd(this=<unavailable>, src1=(reg_ = xmm1, type_ = Single, isInvalid_ = false), src0=(reg_ = xmm0, type_ = Single, isInvalid_ = false), dest=(reg_ = xmm0, type_ = Single, isInvalid_ = false)) + 198 at Assembler-x86-shared.h:2747 frame #1: 0x0051310f js-dbg-32-dm-nsprBuild-darwin-87e23922be37`js::jit::BaselineCompiler::emitCoverage(unsigned char*) [inlined] js::jit::MacroAssemblerX86Shared::addDouble(js::jit::FloatRegister, js::jit::FloatRegister) + 319 at MacroAssembler-x86-shared.h:925 frame #2: 0x005130e9 js-dbg-32-dm-nsprBuild-darwin-87e23922be37`js::jit::BaselineCompiler::emitCoverage(this=<unavailable>, pc=0x030ca6a9) + 281 at BaselineCompiler.cpp:820 frame #3: 0x0050e30f js-dbg-32-dm-nsprBuild-darwin-87e23922be37`js::jit::BaselineCompiler::emitBody(this=0x03097100) + 735 at BaselineCompiler.cpp:978 frame #4: 0x0050c7a5 js-dbg-32-dm-nsprBuild-darwin-87e23922be37`js::jit::BaselineCompiler::compile(this=0xbfffc5c8) + 565 at BaselineCompiler.cpp:102 (lldb)
Comment 3•9 years ago
|
||
This is likely, and this will disappear as soon as I land Bug 1190454. Hopefully today.
Flags: needinfo?(nicolas.b.pierron)
Comment 4•9 years ago
|
||
Bug 1190454 replace the double increments by an uint64 increment. This should solve this issue.
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → DUPLICATE
Reporter | ||
Comment 5•9 years ago
|
||
I'd say this was fixed by bug 1190454.
Resolution: DUPLICATE → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•