Closed Bug 487684 Opened 15 years ago Closed 15 years ago

"Assertion failure: *pc == JSOP_ENTERBLOCK || *pc == JSOP_TRAP" with tracing(true) and exception

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: jruderman, Assigned: mrbkap)

Details

(Keywords: assertion, fixed1.9.1, testcase, Whiteboard: fixed-in-tracemonkey)

Attachments

(1 file, 1 obsolete file)

patch v2
4.42 KB, patch
igor
: review+
Details | Diff | Splinter Review 
try {
  tracing(true);
  x;
} catch(e) {
}

Assertion failure: *pc == JSOP_ENTERBLOCK || *pc == JSOP_TRAP, at ../jsopcode.cpp:232

I heard the JS shell's "tracing()" feature might be useful for testing DVG hard with jsfunfuzz, but this assertion is in the way of doing that kind of testing.
Attached patch Proposed fix (obsolete) — Splinter Review 
We can't pass in regs.pc and the previous opcode in case we actually need to use the PC.
Assignee: general → mrbkap
Status: NEW → ASSIGNED
Attachment #371934 - Flags: review?(igor)
Attachment #371934 - Flags: review?(igor) → review-
Comment on attachment 371934 [details] [diff] [review]
Proposed fix

>+    if (cx->tracePrevPc && regs->pc >= fp->script->main) {
>+        JSOp tracePrevOp = JSOp(*cx->tracePrevPc);

This may dereference GC-ed script and does not check for JSOP_TRAP.
(In reply to comment #2)
> This may dereference GC-ed script and

This is easy to fix.

> does not check for JSOP_TRAP.

This is more work than I want to do. We get this wrong currently anyway, so I'd like to hold off on fixing it.
Attached patch patch v2Splinter Review 

        Attachment #371934 -
        Attachment is obsolete: true

        Attachment #371991 -
        Flags: review?(igor)

    
  

        Attachment #371991 -
        Flags: review?(igor) → review+

    
    

    
  
http://hg.mozilla.org/mozilla-central/rev/b5f70fee3fa1
Status: ASSIGNED → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
Flags: in-testsuite-

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: