Assertion failure: from < *limit, at ../vm/Stack-inl.h:824

RESOLVED DUPLICATE of bug 538293

Status

()

--
critical
RESOLVED DUPLICATE of bug 538293
7 years ago
5 years ago

People

(Reporter: jandem, Assigned: luke)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: fixed-in-tracemonkey)

Attachments

(2 attachments)

(Reporter)

Description

7 years ago
Created attachment 529149 [details]
Test case

$ ./js -a -m test.js
Assertion failure: from < *limit, at ../vm/Stack-inl.h:824

Revision e2843f43757e, 32-bit OS X.
(Assignee)

Comment 1

7 years ago
Does this only repro on 32-bit OS X?  I tried on 64-bit 10.6 and got:

test.js:5: TypeError: function () {}.apply(null, arguments) is not a function
(Reporter)

Comment 2

7 years ago
(In reply to comment #1)
> Does this only repro on 32-bit OS X?

Yes, just tested 64-bit and it does not assert.
(Assignee)

Comment 3

7 years ago
Created attachment 531227 [details] [diff] [review]
fix

Ah, there was a bug figuring out "how much quota is left" in the case where we'd already bumped the quota for an outer call with > MANY_ARGS.
Assignee: general → luke
Status: NEW → ASSIGNED
Attachment #531227 - Flags: review?(dvander)
Attachment #531227 - Flags: review?(dvander) → review+
(Assignee)

Comment 4

7 years ago
http://hg.mozilla.org/tracemonkey/rev/33d8b418732b
Whiteboard: fixed-in-tracemonkey
(Assignee)

Comment 5

7 years ago
Backed out for causing dromaeo_css crash.
http://hg.mozilla.org/tracemonkey/rev/f6ea6d08d305
Need to find out how to reproduce.
Whiteboard: fixed-in-tracemonkey
(Assignee)

Comment 6

7 years ago
Yeah, I'm an idiot and this stackLimit stuff is too complicated.  Bug 538293 should do the trick.
I just hit this bug as well, here's the testcase (much simpler than the attached one here). If this is not the same bug, let me know and I'll file a different bug:

test();
function test() test.apply(this, Array(4242));
(Assignee)

Comment 8

7 years ago
I couldn't find any combination of jit flags to repro this on a 64-bit debug shell.  Are you sure you are testing with TM tip (viz., with bug 538293 landed)?
Ah sorry, I misread the initial comment and thought Jan filed this originally against TI. I tested on TI (with -m -a) but it's possible that bug 538293 did not land there yet.
(Assignee)

Comment 10

7 years ago
No problemo :)
(Assignee)

Comment 11

7 years ago
Fixed by removing the whole STACK_QUOTA silliness in bug 538293.
Whiteboard: fixed-in-tracemonkey
(Assignee)

Comment 12

7 years ago
Or, really, I should have resolved dup.
Status: ASSIGNED → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 538293
Group: core-security
You need to log in before you can comment on or make changes to this bug.