Closed
Bug 646480
Opened 14 years ago
Closed 14 years ago
TI+JM: Assertion failure: Call site vanished., at ../methodjit/Retcon.cpp:112
Categories
(Core :: JavaScript Engine, defect)
Core
JavaScript Engine
Tracking
()
RESOLVED
FIXED
People
(Reporter: jandem, Unassigned)
References
Details
-- if (true) function f1() {}; function f2() { var y = -8; return y % 2; } f2() / 3; -- $ ./js -a -n -m test.js Assertion failure: Call site vanished., at ../methodjit/Retcon.cpp:112 Same assert as bug 646429, but it looks like it's another bug.
Comment 1•14 years ago
|
||
Yeah, the problem is that we emitted an IC for the first call to f2, then recompiled within that ic::Call and emitted an inline call which we couldn't rejoin at. We can't really rejoin here, period: after ic::Call we need to test the return value, write ncode and jump to the new frame, but we don't have any value of ncode to write (fp->ncode must be in the inline path for lazy computation of prevPCs to work; there is an exception for expanded inline frames, but these should have their prevPC set directly). This disables frame inlining during recompilation if there is any frame making a stub call at the call PC (kind of nasty; maybe the issue described above should just be fixed). There is a second issue where during recompilation we get deeply confused by having the compilation in a call to recompile trigger reentrant recompilation. Reentrant compilation is just plain bad news, and this fixes things so that any triggered recompilations are delayed until after the initial compilation/recompilation finishes. http://hg.mozilla.org/projects/jaegermonkey/rev/b0cd13380c36
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•