Closed
Bug 653785
Opened 13 years ago
Closed 13 years ago
Assertion failure: from < *limit, at ../vm/Stack-inl.h:824
Categories
(Core :: JavaScript Engine, defect)
Core
JavaScript Engine
Tracking
()
RESOLVED
DUPLICATE
of bug 538293
People
(Reporter: jandem, Assigned: luke)
Details
(Whiteboard: fixed-in-tracemonkey)
Attachments
(2 files)
1.92 KB,
application/x-javascript
|
Details | |
1.28 KB,
patch
|
dvander
:
review+
|
Details | Diff | Splinter Review |
$ ./js -a -m test.js Assertion failure: from < *limit, at ../vm/Stack-inl.h:824 Revision e2843f43757e, 32-bit OS X.
Assignee | ||
Comment 1•13 years ago
|
||
Does this only repro on 32-bit OS X? I tried on 64-bit 10.6 and got: test.js:5: TypeError: function () {}.apply(null, arguments) is not a function
Reporter | ||
Comment 2•13 years ago
|
||
(In reply to comment #1) > Does this only repro on 32-bit OS X? Yes, just tested 64-bit and it does not assert.
Assignee | ||
Comment 3•13 years ago
|
||
Ah, there was a bug figuring out "how much quota is left" in the case where we'd already bumped the quota for an outer call with > MANY_ARGS.
Updated•13 years ago
|
Attachment #531227 -
Flags: review?(dvander) → review+
Assignee | ||
Comment 4•13 years ago
|
||
http://hg.mozilla.org/tracemonkey/rev/33d8b418732b
Whiteboard: fixed-in-tracemonkey
Assignee | ||
Comment 5•13 years ago
|
||
Backed out for causing dromaeo_css crash. http://hg.mozilla.org/tracemonkey/rev/f6ea6d08d305 Need to find out how to reproduce.
Whiteboard: fixed-in-tracemonkey
Assignee | ||
Comment 6•13 years ago
|
||
Yeah, I'm an idiot and this stackLimit stuff is too complicated. Bug 538293 should do the trick.
Comment 7•13 years ago
|
||
I just hit this bug as well, here's the testcase (much simpler than the attached one here). If this is not the same bug, let me know and I'll file a different bug: test(); function test() test.apply(this, Array(4242));
Assignee | ||
Comment 8•13 years ago
|
||
I couldn't find any combination of jit flags to repro this on a 64-bit debug shell. Are you sure you are testing with TM tip (viz., with bug 538293 landed)?
Comment 9•13 years ago
|
||
Ah sorry, I misread the initial comment and thought Jan filed this originally against TI. I tested on TI (with -m -a) but it's possible that bug 538293 did not land there yet.
Assignee | ||
Comment 10•13 years ago
|
||
No problemo :)
Assignee | ||
Comment 11•13 years ago
|
||
Fixed by removing the whole STACK_QUOTA silliness in bug 538293.
Whiteboard: fixed-in-tracemonkey
Assignee | ||
Comment 12•13 years ago
|
||
Or, really, I should have resolved dup.
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Resolution: --- → DUPLICATE
Updated•10 years ago
|
Group: core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•