Closed Bug 549393 Opened 15 years ago Closed 15 years ago

TM: "Assertion failure: disp == ((base == lirbuf->sp) ? nativespOffset(p) : nativeGlobalOffset(p)), at ../jstracer.cpp"

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: gkw, Unassigned)

References

Details

(Keywords: assertion, regression, testcase)

Attachments

(1 file, 1 obsolete file)

take two
2.70 KB, patch
Details | Diff | Splinter Review
function start() { MAX_TOTAL_TIME = startTime = new Date do { if (rnd(0)) return (a[rnd()])() lastTime = new Date } while ( lastTime - startTime < MAX_TOTAL_TIME ) } function MersenneTwister19937() { this.init_genrand = function() { for (mti = 1; mti < 4; mti++) { Array[mti] = 1 } }; this.genrand_int32 = function() { if (mti > 4) { mti = 0 } return Array[mti++]; } } (function() { fuzzMT = new MersenneTwister19937; fuzzMT.init_genrand() rnd = function() { return Math.floor(fuzzMT.genrand_int32()) } } ()) function weighted(wa) { a = [] for (i = 0; i < wa.length; ++i) { for (var j = 0; j < 8; ++j) { a.push(wa[i].fun) } } } statementMakers = weighted([{ fun: function makeMixedTypeArray() { [[, , , , , , , , , , , , , , , , , , , , , , , , ""][(a[rnd()])()]]} }]) start() Using JM repository rev 2e244af372f2 ( http://hg.mozilla.org/users/danderson_mozilla.com/jaegermonkey/rev/2e244af372f2 ), this asserts in Assertion failure: disp == ((base == lirbuf->sp) ? nativespOffset(p) : nativeGlobalOffset(p)), at ../jstracer.cpp:3643 This occurs only with -j and only in JM repository. dvander indicates Luke might be testing something there, so might not be methodJIT-related...
Seems to be related to the patch in bug 540706...
Blocks: 540706
Summary: JM: "Assertion failure: disp == ((base == lirbuf->sp) ? nativespOffset(p) : nativeGlobalOffset(p)), at ../jstracer.cpp" → TM: "Assertion failure: disp == ((base == lirbuf->sp) ? nativespOffset(p) : nativeGlobalOffset(p)), at ../jstracer.cpp"
I tested with just the bug 540706 patch applied, with no assert. Will have to investigate further with David.
No longer blocks: 540706
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
Not yet completely fixed on JM: (function () { for (var q = 0; q < 6; ++q) { x: (function () { var m = (function () {})() })([0, , 0, 0, 0, , 0, 0, 0, , 0, 0, 0, , 0, 0, 0, 0, 0, 0, Number(1)]) } })() asserts js debug shell with -j on JM rev 51898db0bbc9 at Assertion failure: disp == ((base == lirbuf->sp) ? nativespOffset(p) : nativeGlobalOffset(p)), at ../jstracer.cpp:3643
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Status: REOPENED → RESOLVED
Closed: 15 years ago15 years ago
Resolution: --- → FIXED
A testcase for this bug was automatically identified at js/src/jit-test/tests/jaeger/bug549393-1.js.
Flags: in-testsuite+
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: