Closed
Bug 450139
Opened 16 years ago
Closed 16 years ago
TM: LOAD_INTERRUPT_HANDLER must respect recording (crash in 3d-cube and 3d-raytrace)
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: sayrer, Assigned: brendan)
References
Details
Program received signal EXC_BAD_ACCESS, Could not access memory. Reason: KERN_PROTECTION_FAILURE at address: 0x00000000 0x0008f30b in isPromoteInt () (gdb) bt #0 0x0008f30b in isPromoteInt () #1 0x00091bde in TraceRecorder::set () #2 0x00092b4d in TraceRecorder::stack () #3 0x00093a06 in TraceRecorder::record_LeaveFrame () #4 0x0003a37e in js_Interpret () #5 0x0004025f in js_Execute () #6 0x0000884a in JS_ExecuteScript () #7 0x00002210 in Process () #8 0x00005aab in main ()
|
||
Comment 1•16 years ago
|
||
Recent regression. Bisecting.
|
|
||
Comment 2•16 years ago
|
||
This patch breaks it: http://hg.mozilla.org/index.cgi/tracemonkey/rev/887fc4facdeb
|
|
||
Comment 3•16 years ago
|
||
Patch is fine. It makes additional code tracable, which triggers the interrupt-table bug (which is being worked on).
|
Assignee | |
Comment 4•16 years ago
|
||
That patch made us trace more, which got us into trouble with LOAD_INTERRUPT_HANDLER (where it doesn't check whether we were recording before the native or debugger hook call-out, so it clobbers jumpTable with something other than recordingJumpTable) which Andreas reported by email. I'm making this bug track that problem. /be
Status: NEW → ASSIGNED
Priority: -- → P1
Summary: TM: crash in 3d-cube and 3d-raytrace → TM: LOAD_INTERRUPT_HANLDER must respect recording (crash in 3d-cube and 3d-raytrace)
Target Milestone: --- → mozilla1.9.1a2
|
||
Updated•16 years ago
|
Priority: P1 → --
Target Milestone: mozilla1.9.1a2 → ---
|
|
Assignee | |
Comment 5•16 years ago
|
||
Fixed? Seems so, but this exposes other latent bugs. http://hg.mozilla.org/tracemonkey/index.cgi/rev/167ade86d28e /be
Status: ASSIGNED → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
|
|
Assignee | |
Comment 6•16 years ago
|
||
Not fixed... more soon. /be
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Summary: TM: LOAD_INTERRUPT_HANLDER must respect recording (crash in 3d-cube and 3d-raytrace) → TM: LOAD_INTERRUPT_HANDLER must respect recording (crash in 3d-cube and 3d-raytrace)
|
|
Assignee | |
Comment 7•16 years ago
|
||
Urgh, don't pass calls to macros that expand their args twice. /be
Status: REOPENED → ASSIGNED
|
|
Assignee | |
Comment 8•16 years ago
|
||
DEBUG build only bug, fix is: http://hg.mozilla.org/tracemonkey/index.cgi/rev/fe7b3611e9c4 Any non-DEBUG probs this reveals are separate bugs. /be
Status: ASSIGNED → RESOLVED
Closed: 16 years ago → 16 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•