Closed
Bug 546069
Opened 14 years ago
Closed 14 years ago
"Assertion failure: cg->stackDepth >= 0, at ../jsemit.cpp"
Categories
(Core :: JavaScript Engine, defect, P1)
Core
JavaScript Engine
Tracking
()
RESOLVED
FIXED
mozilla1.9.3a2
Tracking | Status | |
---|---|---|
blocking2.0 | --- | betaN+ |
People
(Reporter: gkw, Assigned: brendan)
References
Details
(Keywords: assertion, regression, testcase, Whiteboard: fixed-in-tracemonkey)
Attachments
(1 file)
803 bytes,
patch
|
jorendorff
:
review+
|
Details | Diff | Splinter Review |
(function() { const x; _( function() x %= a ) })() asserts js debug shell on TM tip without -j at Assertion failure: cg->stackDepth >= 0, at ../jsemit.cpp:184 autoBisect shows this is probably related to bug 542002: The first bad revision is: changeset: 38030:a353e155804e user: Brendan Eich date: Wed Feb 10 15:17:52 2010 -0800 summary: Bug 542002 - Optimize to flat closures even if some upvars can't be copied (r=jorendorff).
Updated•14 years ago
|
blocking2.0: --- → ?
Reporter | ||
Comment 1•14 years ago
|
||
This seems to be occurring somewhat often in jsfunfuzz.
Assignee | ||
Comment 2•14 years ago
|
||
If the use of a name being processed by BindNameToSlot can't be optimized, it should be left unmutated. This PND_CONST propagation must be followed by the code commented starting /* * Turn attempts to mutate const-declared bindings into get ops (for . . . A bit too widely separated still but I'm going with the minimal patch here. /be
Assignee | ||
Updated•14 years ago
|
OS: Mac OS X → All
Priority: -- → P1
Hardware: x86 → All
Target Milestone: --- → mozilla1.9.3a2
Updated•14 years ago
|
Attachment #427725 -
Flags: review?(jorendorff) → review+
Assignee | ||
Comment 3•14 years ago
|
||
http://hg.mozilla.org/tracemonkey/rev/93a270561814 /be
Whiteboard: fixed-in-tracemonkey
Comment 4•14 years ago
|
||
http://hg.mozilla.org/mozilla-central/rev/93a270561814
Status: ASSIGNED → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
Updated•14 years ago
|
blocking2.0: ? → betaN+
You need to log in
before you can comment on or make changes to this bug.
Description
•