TM: Crash [@ isi2f] [@ nanojit::LIns::opcode] 64-bit non-debug only

RESOLVED WORKSFORME

Status

()

Core
JavaScript Engine
--
critical
RESOLVED WORKSFORME
8 years ago
7 years ago

People

(Reporter: Jesse Ruderman, Unassigned)

Tracking

(Blocks: 1 bug, {crash, testcase})

Trunk
x86
Mac OS X
crash, testcase
Points:
---
Bug Flags:
in-testsuite ?

Firefox Tracking Flags

(Not tracked)

Details

(crash signature)

Attachments

(1 attachment)

(Reporter)

Description

8 years ago
Created attachment 401273 [details]
shell testcase, 42 lines

This crash only happens in non-debug 64-bit builds, and the testcase is fragile :(

Here's a stack trace from an unusual build type: non-opt but also non-debug.  I'd make one with debugging symbols (but without the DEBUG define) if I knew how.

Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_INVALID_ADDRESS at address: 0x0000000000000003
0x0000000100150024 in nanojit::LIns::opcode ()
(gdb) bt
#0  0x0000000100150024 in nanojit::LIns::opcode ()
#1  0x00000001001500ac in nanojit::LIns::isop ()
#2  0x0000000100125e92 in isi2f ()
#3  0x0000000100126199 in isPromoteInt ()
#4  0x000000010012ad90 in TraceRecorder::determineSlotType ()
#5  0x0000000100134507 in VisitFrameSlots<DetermineTypesVisitor> ()
#6  0x0000000100138bd7 in TraceRecorder::snapshot ()
#7  0x0000000100141a01 in TraceRecorder::guardPropertyCacheHit ()
#8  0x0000000100142414 in TraceRecorder::setProp ()
#9  0x00000001001425ee in TraceRecorder::record_SetPropHit ()
#10 0x000000010008e47f in js_SetPropertyHelper ()
#11 0x000000010006ce25 in js_Interpret ()
#12 0x000000010007b663 in js_Execute ()
#13 0x000000010000ebf7 in JS_ExecuteScript ()
#14 0x0000000100003ffb in Process ()
#15 0x0000000100005ec1 in ProcessArgs ()
#16 0x00000001000061da in main ()
This WFM on all 64-bit opt or debug builds, no crash anywhere, TM tip, 10.6.2.
Status: NEW → RESOLVED
Last Resolved: 8 years ago
Flags: in-testsuite?
Resolution: --- → WORKSFORME
Crash Signature: [@ isi2f] [@ nanojit::LIns::opcode]
You need to log in before you can comment on or make changes to this bug.