Last Comment Bug 657287 - TI: Assertion failure: (ptrBits & 0x7) == 0, at ../jsval.h:702
: TI: Assertion failure: (ptrBits & 0x7) == 0, at ../jsval.h:702
: assertion, testcase
Product: Core
Classification: Components
Component: JavaScript Engine (show other bugs)
: Trunk
: x86_64 Linux
: -- critical (vote)
: ---
Assigned To: general
: Jason Orendorff [:jorendorff]
Depends on:
Blocks: infer-regress langfuzz
  Show dependency treegraph
Reported: 2011-05-16 00:28 PDT by Christian Holler (:decoder)
Modified: 2011-08-05 00:54 PDT (History)
4 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---

shell testcase, unpack, chdir and run main.js with options "-j -n -m" (936 bytes, application/x-compressed-tar)
2011-05-16 00:28 PDT, Christian Holler (:decoder)
no flags Details

Description Christian Holler (:decoder) 2011-05-16 00:28:16 PDT
Created attachment 532569 [details]
shell testcase, unpack, chdir and run main.js with options "-j -n -m"

The attached testcase asserts on TI revision 693a36f402ee (unpack, chdir and run main.js with options -j -m -n), tested on 64 bit.
Comment 1 Brian Hackett (:bhackett) 2011-05-16 06:35:54 PDT
YES, was waiting for this to show up as it has been causing intermittent tinderbox orange, but didn't have a test to confirm the cause.  When rejoining into the interpreter we don't guarantee sync for dead locals.  Normally this isn't a problem, but if the interpreter executes a 'GETLOCAL POP' sequence as is done in script headers for the decompiler, we can fault in the compartment checking assertions at the GETLOCAL.  The interpreter should just ignore 'GETLOCAL POP' sequences like the liveness analysis does.
Comment 2 Brian Hackett (:bhackett) 2011-05-16 10:30:26 PDT
Ignore same compartment assertions for GETLOCAL followed by POP.

Note You need to log in before you can comment on or make changes to this bug.