Closed
Bug 472440
Opened 16 years ago
Closed 16 years ago
Crash [@ TraceRecorder::record_JSOP_CALLGVAR]
Categories
(Core :: JavaScript Engine, defect, P1)
Tracking
()
VERIFIED
FIXED
People
(Reporter: bc, Assigned: dmandelin)
References
()
Details
(Keywords: assertion, testcase, verified1.9.1)
Attachments
(1 file)
|
501 bytes,
patch
|
mrbkap
:
review+
|
Details | Diff | Splinter Review |
js1_7/regress/regress-418641.js browser; jit only
Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_INVALID_ADDRESS at address: 0xfffffffc
0x00362fb7 in TraceRecorder::record_JSOP_CALLGVAR (this=0x1dc90930) at /work/mozilla/builds/1.9.1-tracemonkey/mozilla/js/src/jstracer.cpp:8489
8489 jsval& v = STOBJ_GET_SLOT(cx->fp->scopeChain, slot);
(gdb) bt
#0 0x00362fb7 in TraceRecorder::record_JSOP_CALLGVAR (this=0x1dc90930) at /work/mozilla/builds/1.9.1-tracemonkey/mozilla/js/src/jstracer.cpp:8489
#1 0x00367279 in TraceRecorder::monitorRecording (this=0x1dc90930, op=JSOP_CALLGVAR) at jsopcode.tbl:545
#2 0x00293303 in js_Interpret (cx=0xacb600) at /work/mozilla/builds/1.9.1-tracemonkey/mozilla/js/src/jsinterp.cpp:2840
#3 0x002b8a6a in js_Execute (cx=0xacb600, chain=0x1db9d5c0, script=0xcd4200, down=0x0, flags=0, result=0x0) at jsinterp.cpp:1564
#4 0x002487a7 in JS_EvaluateUCScriptForPrincipals (cx=0xacb600, obj=0x1db9d5c0, principals=0x1c388c84, chars=0xd03008, length=4035, filename=0x1dc08418 "http://test.mozilla.com/tests/mozilla.org/js/js1_7/regress/regress-418641.js", lineno=1, rval=0x0) at /work/mozilla/builds/1.9.1-tracemonkey/mozilla/js/src/jsapi.cpp:5192
#5 0x13055687 in nsJSContext::EvaluateString (this=0x1bdd1b70, aScript=@0x1dc519b4, aScopeObject=0x1db9d5c0, aPrincipal=0x1c388c80, aURL=0x1dc08418 "http://test.mozilla.com/tests/mozilla.org/js/js1_7/regress/regress-418641.js", aLineNo=1, aVersion=170, aRetValue=0x0, aIsUndefined=0xbfffc6d4) at /work/mozilla/builds/1.9.1-tracemonkey/mozilla/dom/src/base/nsJSEnvironment.cpp:1588
regressed by http://hg.mozilla.org/tracemonkey/rev/c0d189525474
occurs on 1.9.1, 1.9.1-tm, 1.9.2
Flags: in-testsuite+
Flags: in-litmus-
Flags: blocking1.9.1?
|
||
Updated•16 years ago
|
Flags: blocking1.9.1? → blocking1.9.1+
|
|
||
Updated•16 years ago
|
Priority: -- → P1
|
Assignee | |
Updated•16 years ago
|
Assignee: general → dmandelin
|
|
Assignee | |
Comment 1•16 years ago
|
||
Attachment #356867 -
Flags: review?(mrbkap)
|
||
Updated•16 years ago
|
Attachment #356867 -
Flags: review?(mrbkap) → review+
|
|
Assignee | |
Comment 2•16 years ago
|
||
Pushed to TM as 4025f66494fd.
|
|
||
Comment 3•16 years ago
|
||
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
|
|
||
Comment 4•16 years ago
|
||
Keywords: fixed1.9.1
|
Reporter | |
Comment 5•16 years ago
|
||
v 1.9.1, 1.9.2
Status: RESOLVED → VERIFIED
Keywords: fixed1.9.1 → verified1.9.1
You need to log in
before you can comment on or make changes to this bug.
Description
•