Closed
Bug 655949
Opened 14 years ago
Closed 14 years ago
TI: "Assertion failure: Bad rejoin getter op,"
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: gkw, Assigned: jandem)
References
Details
(Keywords: assertion, testcase)
Attachments
(1 file)
1.48 KB,
patch
|
bhackett1024
:
review+
|
Details | Diff | Splinter Review |
var a; a() asserts js debug shell on JM changeset 32e8c937a409 with -m, -j, -a and -n at Assertion failure: Bad rejoin getter op, when passed in as a CLI argument to a 32-bit Linux shell. (gdb) bt #0 0xf7fdf430 in __kernel_vsyscall () #1 0xf7fb5ba0 in raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/pt-raise.c:42 #2 0x081fdc65 in JS_Assert (s=0x8444cf8 "Bad rejoin getter op", file=0x8443d5c "/home/fuzz1/Desktop/jsfunfuzz-dbg-32-jm-69153-32e8c937a409/compilePath/js/src/methodjit/InvokeHelpers.cpp", ln=1561) at /home/fuzz1/Desktop/jsfunfuzz-dbg-32-jm-69153-32e8c937a409/compilePath/js/src/jsutil.cpp:89 #3 0x083535dd in js_InternalInterpret (returnData=0xffff0002, returnType=0x851af20, returnReg=0x0, f=...) at /home/fuzz1/Desktop/jsfunfuzz-dbg-32-jm-69153-32e8c937a409/compilePath/js/src/methodjit/InvokeHelpers.cpp:1561 #4 0x082b6518 in JaegerInterpoline () at /home/fuzz1/Desktop/jsfunfuzz-dbg-32-jm-69153-32e8c937a409/compilePath/js/src/methodjit/MethodJIT.cpp:152 #5 0x000f4240 in ?? () #6 0x00000000 in ?? ()
Reporter | ||
Comment 1•14 years ago
|
||
Original assertion was: Assertion failure: Unknown value, #0 0xf7774430 in __kernel_vsyscall () #1 0xf774aba0 in raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/pt-raise.c:42 #2 0x081fdc65 in JS_Assert (s=0x83cb980 "Unknown value", file=0x83cb8fc "/home/fuzz1/Desktop/jsfunfuzz-dbg-32-jm-69153-32e8c937a409/compilePath/js/src/jsinferinlines.h", ln=80) at /home/fuzz1/Desktop/jsfunfuzz-dbg-32-jm-69153-32e8c937a409/compilePath/js/src/jsutil.cpp:89 #3 0x08080f96 in js::types::GetValueType (cx=0x95c6028, val=...) at /home/fuzz1/Desktop/jsfunfuzz-dbg-32-jm-69153-32e8c937a409/compilePath/js/src/jsinferinlines.h:80 #4 0x081192f6 in JSScript::typeCheckBytecode (this=0x964d348, cx=0x95c6028, pc=0x964d46d "V", sp=0xf6e790d8) at /home/fuzz1/Desktop/jsfunfuzz-dbg-32-jm-69153-32e8c937a409/compilePath/js/src/jsinfer.cpp:4206 #5 0x0837e5a9 in TypeCheckNextBytecode (cx=0x95c6028, script=0x964d348, n=3, regs=...) at /home/fuzz1/Desktop/jsfunfuzz-dbg-32-jm-69153-32e8c937a409/compilePath/js/src/jsinterp.cpp:2173 #6 0x0839d513 in js::Interpret (cx=0x95c6028, entryFrame=0xf6e79088, inlineCallCount=0, interpMode=js::JSINTERP_SAFEPOINT) at /home/fuzz1/Desktop/jsfunfuzz-dbg-32-jm-69153-32e8c937a409/compilePath/js/src/jsinterp.cpp:5196 #7 0x08353797 in js_InternalInterpret (returnData=0xf6d1e6c0, returnType=0xffff0007, returnReg=0x82b6540, f=...) at /home/fuzz1/Desktop/jsfunfuzz-dbg-32-jm-69153-32e8c937a409/compilePath/js/src/methodjit/InvokeHelpers.cpp:1612 #8 0x082b6518 in JaegerInterpoline () at /home/fuzz1/Desktop/jsfunfuzz-dbg-32-jm-69153-32e8c937a409/compilePath/js/src/methodjit/MethodJIT.cpp:152 #9 0x000f4240 in ?? () #10 0x00000000 in ?? ()
Comment 2•14 years ago
|
||
Getting this as well a lot on LangFuzz, voting to fix this before the other issues.
Assignee | ||
Comment 3•14 years ago
|
||
Add JSOP_CALLGLOBAL to interpoline.
Assignee: general → jandemooij
Status: NEW → ASSIGNED
Attachment #531274 -
Flags: review?(bhackett1024)
Comment 4•14 years ago
|
||
Comment on attachment 531274 [details] [diff] [review] Patch Review of attachment 531274 [details] [diff] [review]: -----------------------------------------------------------------
Attachment #531274 -
Flags: review?(bhackett1024) → review+
Assignee | ||
Comment 5•14 years ago
|
||
http://hg.mozilla.org/projects/jaegermonkey/rev/015bd3ff1be6
Status: ASSIGNED → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
Comment 6•12 years ago
|
||
A testcase for this bug was automatically identified at js/src/jit-test/tests/jaeger/recompile/bug655949.js.
Flags: in-testsuite+
You need to log in
before you can comment on or make changes to this bug.
Description
•