Closed Bug 646004 Opened 13 years ago Closed 13 years ago

TI: Assertion failure: (uint8*)ic.funGuard.executableAddress() + ic.joinPointOffset == returnAddress, at ./methodjit/MethodJIT.cpp:1128

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Platform:
x86_64
Linux
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: decoder, Unassigned)

References

Details

(Keywords: assertion, testcase) 

The following code asserts on TI tip (run with -n -m -a), tested on 64 bit:

function reportCompare (expected, actual, description) {}
function f()
{
  f(f, 0x09AA, 0x09B0, f);
}
{
  reportCompare ("outer", f(),
                 "Inner function statement should not have been called.");
}
Fix a known issue where we didn't reserve space for any frames we inlined.  This reserves some extra space before the end of the STACK_QUOTA which we can use for inlining, and checks when generating inline frames that we don't exceed the extra space.

http://hg.mozilla.org/projects/jaegermonkey/rev/9575a4e04a4e
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
A testcase for this bug was automatically identified at js/src/jit-test/tests/jaeger/inline/bug646004.js.
Flags: in-testsuite+
You need to log in before you can comment on or make changes to this bug.