Closed
Bug 601393
Opened 15 years ago
Closed 15 years ago
JM: "Assertion failure: nuses <= stackDepth,"
Categories
(Core :: JavaScript Engine, defect)
Core
JavaScript Engine
Tracking
()
RESOLVED
FIXED
| Tracking | Status | |
|---|---|---|
| blocking2.0 | --- | beta8+ |
People
(Reporter: gkw, Assigned: billm)
References
Details
(Keywords: assertion, regression, testcase, Whiteboard: fixed-in-tracemonkey)
Attachments
(2 files)
|
25.66 KB,
text/plain
|
Details | |
|
2.63 KB,
patch
|
brendan
:
review+
|
Details | Diff | Splinter Review |
Testcase asserts js debug shell on TM changeset 0230a9e80c1f with -m at Assertion failure: nuses <= stackDepth,
|
Reporter | |
Updated•15 years ago
|
blocking2.0: --- → ?
|
||
Comment 1•15 years ago
|
||
This is caused by that patch. The previous version, 60b9a07d3d29, does not assert.
|
|
Reporter | |
Comment 2•15 years ago
|
||
autoBisect shows this is probably related to the following changeset:
The first bad revision is:
changeset: 54650:427282865362
user: Bill McCloskey
date: Wed Sep 29 13:21:36 2010 -0700
summary: Bug 535912 - Eliminate blockChain from JSStackFrame (r=cdleary)
Blocks: 535912
|
||
Updated•15 years ago
|
blocking2.0: ? → beta8+
|
|
||
Updated•15 years ago
|
Blocks: JaegerFuzz
|
Assignee | |
Comment 3•15 years ago
|
||
I think that this is the correct fix. The problem was that the return JS_TRUE statement caused us to skip the decrement of cg->emitLevel at the bottom of the function. That meant that OptimizeSpanDeps was not called when it should have been.
To avoid this in the future, I used some C++ magic to ensure that the decrement happens no matter what.
|
|
||
Comment 4•15 years ago
|
||
Comment on attachment 480780 [details] [diff] [review]
fix
>+class EmitLevelManager
>+{
>+private:
>+ JSCodeGenerator *cg;
>+
>+public:
>+ EmitLevelManager(JSCodeGenerator *cg) : cg(cg) { cg->emitLevel++; }
>+
>+ ~EmitLevelManager() { cg->emitLevel--; }
>+};
Nice to have C++ -- we were C for so long, MUST_FLOW_THROUGH static analysis macrology and the analysis itself evolved to help cope with lack of RAII balancers. We should rip out the MUST_FLOW_... calls now, replacing where necessary with RAII.
>+ EmitLevelManager emgr(cg);
Custom dictates naming this elm, not emgr. Plus, Unix mail nerd homage.
>- cg->emitLevel++;
>+ //cg->emitLevel++;
Remove, or move the elm decl here with a better-spaced version of this comment.
r=me with these mods.
/be
Attachment #480780 -
Flags: review?(brendan) → review+
|
|
Assignee | |
Comment 5•15 years ago
|
||
|
|
Assignee | |
Updated•15 years ago
|
Whiteboard: fixed-in-tracemonkey
|
|
||
Comment 6•15 years ago
|
||
Status: ASSIGNED → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
|
||
Comment 7•12 years ago
|
||
Automatically extracted testcase for this bug was committed:
https://hg.mozilla.org/mozilla-central/rev/efaf8960a929
Flags: in-testsuite+
You need to log in
before you can comment on or make changes to this bug.
Description
•