Last Comment Bug 652646 - TI+JM: Assertion failure: v.kind() != SSAValue::EMPTY, at jsanalyze.cpp:1583
: TI+JM: Assertion failure: v.kind() != SSAValue::EMPTY, at jsanalyze.cpp:1583
Status: RESOLVED FIXED
:
Product: Core
Classification: Components
Component: JavaScript Engine (show other bugs)
: unspecified
: All All
: -- normal (vote)
: ---
Assigned To: general
:
:
Mentors:
Depends on:
Blocks: 619433
  Show dependency treegraph
 
Reported: 2011-04-25 14:08 PDT by Jan de Mooij [:jandem]
Modified: 2011-04-26 23:46 PDT (History)
3 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments
Stack trace (6.59 KB, text/plain)
2011-04-25 14:08 PDT, Jan de Mooij [:jandem]
no flags Details

Description Jan de Mooij [:jandem] 2011-04-25 14:08:05 PDT
Created attachment 528169 [details]
Stack trace

This assert is triggered by Mochitest-4 layout/style/test/test_bug302186.html, on this line:
--
var _46f = MochiKit.Style.computedStyle.apply(d, arguments);
--
(gdb) call js_DumpPC(cx)
main:
    00042:4182  trace 0
    00045:4183  getgname "MochiKit"
    00048:4183  getprop "Style"
    00051:4183  getprop "computedStyle"
    00054:4183  callprop "apply"
    00057:4183  getlocal 0
    00060:4183  arguments
--> 00061:4183  funapply 2
    00064:4183  setlocal 2
Comment 1 Brian Hackett (:bhackett) 2011-04-26 23:46:01 PDT
The crash here is in the SSA analysis while compiling the function invoked by the apply.  For switch and try blocks we didn't propagate stack values to the possible branch targets, which manifested in the assert fixed in bug 652314.  That fix was a workaround, and insufficient to address the base problem of not knowing the stack at these targets --- if the only path to an exception handler occurs if an exception was actually thrown, we had no stack info at the handler's PC.  This fix removes the workaround and propagates the stack for switch and try blocks.

http://hg.mozilla.org/projects/jaegermonkey/rev/e5068d17c8e3

Note You need to log in before you can comment on or make changes to this bug.