Closed Bug 648438 Opened 14 years ago Closed 14 years ago

TM: Assertion failure: !cx->regs->fp->hasImacropc(), at ./jscntxtinlines.h:424

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Platform:
x86_64
Linux
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: decoder, Assigned: luke)

References

Details

(Keywords: assertion, testcase, Whiteboard: fixed-in-tracemonkey)

Attachments

(1 file, 1 obsolete file)

fix assert
1.88 KB, patch
Waldo
: review+
Details | Diff | Splinter Review
The following code asserts TM revision 5550f333d8c8 when run with -j -m (tested on 64 bit): test(); function test() { var code = "", obj = {}; for(var i = 0; i < 0x10000; i++) { if(i == 10242) { return test.call(obj, obj); } else { code += "void 'x" + i + "';\n"; } } }
Flags: wanted-fennec1.0?
I'm not sure but this assert seems to be more frequent now. Here's a simpler test case: -- for (var i = 0; i < 20; i++) { (function () { try { JSON.parse(); } catch (e) {} }).call(); } -- Asserts with -j, 32-bit OS X. Top stack frames: #1 0x0012387c in ReconstructImacroPCStack (cx=0x70b770, script=0x70de20, imacstart=0x38c2a0 "OQ@:", target=0x38c2a3 ":", pcstack=0x0) at jsopcode.cpp:5504 #2 0x00123939 in ReconstructPCStack (cx=0x70b770, script=0x70de20, target=0x38c2a3 ":", pcstack=0x0) at jsopcode.cpp:5529 #3 0x00123c54 in js_ReconstructStackDepth (cx=0x70b770, script=0x70de20, pc=0x38c2a3 ":") at jsopcode.cpp:5364 #4 0x001e350b in js::StackIter::settleOnNewState (this=0xbfffe238) at vm/Stack.cpp:941 #5 0x001e39c5 in js::StackIter::operator++ (this=0xbfffe238) at vm/Stack.cpp:1018 #6 0x0001220b in js::FrameRegsIter::operator++ (this=0xbfffe238) at Stack.h:1679
Oops, that js_ReconstructStack is in an assert that needs a: JS_ASSERT_IF(!fp->hasImacropc(), in front of it.
Attached patch fix assert (obsolete) — Splinter Review
hate imacros
Assignee: general → luke
Status: NEW → ASSIGNED
Attachment #539658 - Flags: review?(jwalden+bmo)
Attached patch fix assertSplinter Review
Oops, last patch inverted the new assert it added.
Attachment #539658 - Attachment is obsolete: true
Attachment #539658 - Flags: review?(jwalden+bmo)
Attachment #539689 - Flags: review?(jwalden+bmo)
Comment on attachment 539689 [details] [diff] [review] fix assert Review of attachment 539689 [details] [diff] [review]: ----------------------------------------------------------------- ::: js/src/vm/Stack.cpp @@ +947,5 @@ > args_ = CallArgsFromVp(argc, vp); > return; > } > } else if (op == JSOP_FUNAPPLY) { > + JS_ASSERT(!fp_->hasImacropc()); But but but I had an awesome idea for an optimization that used JSOP_FUNAPPLY from an imacro!!!1!
Attachment #539689 - Flags: review?(jwalden+bmo) → review+
(In reply to comment #5) stab http://hg.mozilla.org/tracemonkey/rev/b65724d6c326
Whiteboard: fixed-in-tracemonkey
Status: ASSIGNED → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
A testcase for this bug was automatically identified at js/src/jit-test/tests/basic/testBug648438.js.
Flags: in-testsuite+
Flags: wanted-fennec1.0?
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: