Closed Bug 646012 Opened 14 years ago Closed 14 years ago

TI: Crash @ [JSC::X86Assembler::setPointer]

Categories

(Core :: JavaScript Engine, defect)

x86_64
Linux
defect
Not set
critical

Tracking

()

RESOLVED DUPLICATE of bug 646006

People

(Reporter: decoder, Unassigned)

References

Details

(Keywords: crash, testcase)

The following test crashes on TI tip (run with -n -m -a, tested on 64 bit): test(); function check(s, millis){ } function dd(year, month, day, hour, minute, second, millis){ return Date.UTC(year, month-1, day, hour, minute, second, millis); } function TZAtDate(d){ return d.getTimezoneOffset() * 60000; } function TZInMonth(month){ return TZAtDate(new Date(dd(2009,month,1,0,0,0,0))); } function test() { Date = TZInMonth(1); JulTZ = TZInMonth(7); } Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7f3a12ee5720 (LWP 31513)] 0x000000000068e71f in JSC::X86Assembler::setPointer (where=0xdadadadadadadad7, value=0x706504) at ./assembler/assembler/X86Assembler.h:2503 2503 reinterpret_cast<void**>(where)[-1] = value; (gdb) bt #0 0x000000000068e71f in JSC::X86Assembler::setPointer (where=0xdadadadadadadad7, value=0x706504) at ./assembler/assembler/X86Assembler.h:2503 #1 0x000000000068e6dd in JSC::X86Assembler::repatchPointer (where=0xdadadadadadadad7, value=0x706504) at ./assembler/assembler/X86Assembler.h:2422 #2 0x00000000006fe582 in JSC::MacroAssemblerX86_64::repatchCall (call= {<JSC::CodeLocationCommon> = {<JSC::MacroAssemblerCodePtr> = {m_value = 0xdadadadadadadada}, <No data fields>}, <No data fields>}, destination={m_value = 0x706504}) at ./assembler/assembler/MacroAssemblerX86_64.h:576 #3 0x00000000006fed37 in JSC::RepatchBuffer::relink (this=0x7ffff0edfd90, call= {<JSC::CodeLocationCommon> = {<JSC::MacroAssemblerCodePtr> = {m_value = 0xdadadadadadadada}, <No data fields>}, <No data fields>}, destination={m_value = 0x706504}) at ./assembler/assembler/RepatchBuffer.h:95 #4 0x00000000006fee13 in js::mjit::ic::Repatcher::relink (this=0x7ffff0edfd90, call= {<JSC::CodeLocationCommon> = {<JSC::MacroAssemblerCodePtr> = {m_value = 0xdadadadadadadada}, <No data fields>}, <No data fields>}, stub={m_value = 0x706504}) at ./methodjit/ICRepatcher.h:76 #5 0x0000000000707350 in js::mjit::ic::BaseIC::disable (this=0x1ed84d8, cx=0x1e4cbe0, reason=0x7fcc37 "non-string primitive", stub=0x706504) at ./methodjit/PolyIC.cpp:2091 #6 0x0000000000711fea in PICStubCompiler::disable (this=0x7ffff0edfe60, cx=0x1e4cbe0, reason=0x7fcc37 "non-string primitive") at ./methodjit/PolyIC.cpp:178 #7 0x0000000000711faf in PICStubCompiler::disable (this=0x7ffff0edfe60, reason=0x7fcc37 "non-string primitive") at ./methodjit/PolyIC.cpp:174 #8 0x0000000000706d18 in js::mjit::ic::CallProp (f=@0x7ffff0edff60, pic=0x1ed84d8) at ./methodjit/PolyIC.cpp:1978 #9 0x00007f3a1198a028 in ?? () #10 0x00007f3a11984080 in ?? () #11 0x0000000001ed3140 in ?? () #12 0x0000000000000000 in ?? ()
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.