Closed Bug 649017 Opened 10 years ago Closed 10 years ago

TM: Crash due to call stack overflow [@ js_ValueToString]

Categories

(Core :: JavaScript Engine, defect)

x86_64
Linux
defect
Not set
critical

Tracking

()

RESOLVED FIXED

People

(Reporter: decoder, Unassigned)

References

Details

(Keywords: crash, testcase)

Crash Data

The following testcase crashes on TI revision 74a8fb1bbec5 (works with most option combinations), tested on 64 bit:

throw {toString: parseInt.call};


This looks like a call stack overflow.
TM tip is busted on this testcase too, not a TI bug.
No longer blocks: infer-regress
Summary: TI: Crash due to call stack overflow [@ js_ValueToString] → TM: Crash due to call stack overflow [@ js_ValueToString]
autoBisect shows this is probably related to the following changeset:

The first bad revision is:
changeset:   64672:0906d9490eaf
user:        Jeff Walden
date:        Mon Mar 28 20:01:53 2011 -0700
summary:     Bug 645468 - Remove js_TryMethod: its semantics aren't what most of its users want, and its utility is limited.  r=luke
Can't reproduce against latest TM tip, am I doing it wrong or did this go away?
Went away:

The first good revision is:
changeset:   43cef42964d7
user:        Tom Schuster (evilpies)
date:        Mon Apr 11 01:38:27 2011 -0700
summary:     Bug 601709 - Remove the misnomer InstanceOf variant methods by replacing their uses with clearer if-not-class-then-report code.  r=jwalden
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Crash Signature: [@ js_ValueToString]
Automatically extracted testcase for this bug was committed:

https://hg.mozilla.org/mozilla-central/rev/efaf8960a929
Flags: in-testsuite+
You need to log in before you can comment on or make changes to this bug.