Closed
Bug 646012
Opened 14 years ago
Closed 14 years ago
TI: Crash @ [JSC::X86Assembler::setPointer]
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 646006
People
(Reporter: decoder, Unassigned)
References
Details
(Keywords: crash, testcase)
The following test crashes on TI tip (run with -n -m -a, tested on 64 bit):
test();
function check(s, millis){
}
function dd(year, month, day, hour, minute, second, millis){
return Date.UTC(year, month-1, day, hour, minute, second, millis);
}
function TZAtDate(d){
return d.getTimezoneOffset() * 60000;
}
function TZInMonth(month){
return TZAtDate(new Date(dd(2009,month,1,0,0,0,0)));
}
function test()
{
Date = TZInMonth(1);
JulTZ = TZInMonth(7);
}
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7f3a12ee5720 (LWP 31513)]
0x000000000068e71f in JSC::X86Assembler::setPointer (where=0xdadadadadadadad7, value=0x706504) at ./assembler/assembler/X86Assembler.h:2503
2503 reinterpret_cast<void**>(where)[-1] = value;
(gdb) bt
#0 0x000000000068e71f in JSC::X86Assembler::setPointer (where=0xdadadadadadadad7, value=0x706504) at ./assembler/assembler/X86Assembler.h:2503
#1 0x000000000068e6dd in JSC::X86Assembler::repatchPointer (where=0xdadadadadadadad7, value=0x706504) at ./assembler/assembler/X86Assembler.h:2422
#2 0x00000000006fe582 in JSC::MacroAssemblerX86_64::repatchCall (call=
{<JSC::CodeLocationCommon> = {<JSC::MacroAssemblerCodePtr> = {m_value = 0xdadadadadadadada}, <No data fields>}, <No data fields>}, destination={m_value = 0x706504})
at ./assembler/assembler/MacroAssemblerX86_64.h:576
#3 0x00000000006fed37 in JSC::RepatchBuffer::relink (this=0x7ffff0edfd90, call=
{<JSC::CodeLocationCommon> = {<JSC::MacroAssemblerCodePtr> = {m_value = 0xdadadadadadadada}, <No data fields>}, <No data fields>}, destination={m_value = 0x706504})
at ./assembler/assembler/RepatchBuffer.h:95
#4 0x00000000006fee13 in js::mjit::ic::Repatcher::relink (this=0x7ffff0edfd90, call=
{<JSC::CodeLocationCommon> = {<JSC::MacroAssemblerCodePtr> = {m_value = 0xdadadadadadadada}, <No data fields>}, <No data fields>}, stub={m_value = 0x706504})
at ./methodjit/ICRepatcher.h:76
#5 0x0000000000707350 in js::mjit::ic::BaseIC::disable (this=0x1ed84d8, cx=0x1e4cbe0, reason=0x7fcc37 "non-string primitive", stub=0x706504) at ./methodjit/PolyIC.cpp:2091
#6 0x0000000000711fea in PICStubCompiler::disable (this=0x7ffff0edfe60, cx=0x1e4cbe0, reason=0x7fcc37 "non-string primitive") at ./methodjit/PolyIC.cpp:178
#7 0x0000000000711faf in PICStubCompiler::disable (this=0x7ffff0edfe60, reason=0x7fcc37 "non-string primitive") at ./methodjit/PolyIC.cpp:174
#8 0x0000000000706d18 in js::mjit::ic::CallProp (f=@0x7ffff0edff60, pic=0x1ed84d8) at ./methodjit/PolyIC.cpp:1978
#9 0x00007f3a1198a028 in ?? ()
#10 0x00007f3a11984080 in ?? ()
#11 0x0000000001ed3140 in ?? ()
#12 0x0000000000000000 in ?? ()
Updated•14 years ago
|
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•