Closed
Bug 529147
Opened 16 years ago
Closed 16 years ago
TM: "Assertion failure: numSideExitsBefore >= fragment->root->treeInfo->sideExits.length(), at ../jstracer.cpp"
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: gkw, Assigned: luke)
References
Details
(Keywords: assertion, regression, testcase, Whiteboard: fixed-in-tracemonkey)
Attachments
(1 file)
|
1.48 KB,
patch
|
dvander
:
review+
|
Details | Diff | Splinter Review |
var magicNumbers = [1, -1, 0, 0];
var magicIndex = 0;
function foo(n) {
for (var i = 0; i < n; ++i) {
bar();
}
}
function bar() {
var q = magicNumbers[magicIndex++];
if (q != -1) {
foo(q);
}
}
foo(3);
asserts js debug shell with -j on TM tip at Assertion failure: numSideExitsBefore >= fragment->root->treeInfo->sideExits.length(), at ../jstracer.cpp:2560
Many thanks to Jesse for his help in reduction of the testcase.
autoBisect shows this has the following (not exactly the smallest regression window):
http://hg.mozilla.org/tracemonkey/pushloghtml?fromchange=81afd53646d4&tochange=30f8f6dcf808
|
Reporter | |
Comment 1•16 years ago
|
||
This is impacting jsfunfuzz significantly. :(
|
|
Reporter | |
Comment 2•16 years ago
|
||
After some manual bisects, this is probably related to bug 520636.
Blocks: 520636
|
|
Assignee | |
Comment 3•16 years ago
|
||
Flipped relational operator; pretty dim on my part. At first I was surprised that something so wrong could pass debug trace-tests, but its actually quite a corner case, so I'm adding it. Thanks again Gary!
|
|
||
Updated•16 years ago
|
Attachment #412742 -
Flags: review?(dvander) → review+
|
|
Assignee | |
Comment 4•16 years ago
|
||
Whiteboard: fixed-in-tracemonkey
|
||
Comment 5•16 years ago
|
||
Status: ASSIGNED → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
|
||
Comment 6•13 years ago
|
||
A testcase for this bug was automatically identified at js/src/jit-test/tests/basic/testBug529147.js.
Flags: in-testsuite+
You need to log in
before you can comment on or make changes to this bug.
Description
•