Closed Bug 653785 Opened 12 years ago Closed 12 years ago

Assertion failure: from < *limit, at ../vm/Stack-inl.h:824

Categories

(Core :: JavaScript Engine, defect)

defect
Not set
critical

Tracking

()

RESOLVED DUPLICATE of bug 538293

People

(Reporter: jandem, Assigned: luke)

Details

(Whiteboard: fixed-in-tracemonkey)

Attachments

(2 files)

Attached file Test case
$ ./js -a -m test.js
Assertion failure: from < *limit, at ../vm/Stack-inl.h:824

Revision e2843f43757e, 32-bit OS X.
Does this only repro on 32-bit OS X?  I tried on 64-bit 10.6 and got:

test.js:5: TypeError: function () {}.apply(null, arguments) is not a function
(In reply to comment #1)
> Does this only repro on 32-bit OS X?

Yes, just tested 64-bit and it does not assert.
Attached patch fixSplinter Review
Ah, there was a bug figuring out "how much quota is left" in the case where we'd already bumped the quota for an outer call with > MANY_ARGS.
Assignee: general → luke
Status: NEW → ASSIGNED
Attachment #531227 - Flags: review?(dvander)
Attachment #531227 - Flags: review?(dvander) → review+
http://hg.mozilla.org/tracemonkey/rev/33d8b418732b
Whiteboard: fixed-in-tracemonkey
Backed out for causing dromaeo_css crash.
http://hg.mozilla.org/tracemonkey/rev/f6ea6d08d305
Need to find out how to reproduce.
Whiteboard: fixed-in-tracemonkey
Yeah, I'm an idiot and this stackLimit stuff is too complicated.  Bug 538293 should do the trick.
I just hit this bug as well, here's the testcase (much simpler than the attached one here). If this is not the same bug, let me know and I'll file a different bug:

test();
function test() test.apply(this, Array(4242));
I couldn't find any combination of jit flags to repro this on a 64-bit debug shell.  Are you sure you are testing with TM tip (viz., with bug 538293 landed)?
Ah sorry, I misread the initial comment and thought Jan filed this originally against TI. I tested on TI (with -m -a) but it's possible that bug 538293 did not land there yet.
No problemo :)
Fixed by removing the whole STACK_QUOTA silliness in bug 538293.
Whiteboard: fixed-in-tracemonkey
Or, really, I should have resolved dup.
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 538293
Group: core-security
You need to log in before you can comment on or make changes to this bug.