TI: Assertion failure: (ptrBits & 0x7) == 0, at ../jsval.h:702

RESOLVED FIXED

Status

()

Product:
Core
Component:
JavaScript Engine
--
critical
RESOLVED FIXED
Reported:
6 years ago
Modified:
6 years ago

People

(Reporter: decoder, Unassigned)

Tracking

(Blocks: 2 bugs, {assertion, testcase})

Version:
Trunk
x86_64
Linux
Keywords:
assertion, testcase
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

shell testcase, unpack, chdir and run main.js with options "-j -n -m"
936 bytes, application/x-compressed-tar
Details
(Reporter)

Description

6 years ago 
Created attachment 532569 [details]
shell testcase, unpack, chdir and run main.js with options "-j -n -m"

The attached testcase asserts on TI revision 693a36f402ee (unpack, chdir and run main.js with options -j -m -n), tested on 64 bit.

Comment 1

6 years ago 
YES, was waiting for this to show up as it has been causing intermittent tinderbox orange, but didn't have a test to confirm the cause.  When rejoining into the interpreter we don't guarantee sync for dead locals.  Normally this isn't a problem, but if the interpreter executes a 'GETLOCAL POP' sequence as is done in script headers for the decompiler, we can fault in the compartment checking assertions at the GETLOCAL.  The interpreter should just ignore 'GETLOCAL POP' sequences like the liveness analysis does.

Comment 2

6 years ago 
Ignore same compartment assertions for GETLOCAL followed by POP.

http://hg.mozilla.org/projects/jaegermonkey/rev/1b270bc6f9c1
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → FIXED
 (Reporter)

Updated

6 years ago
Blocks: 676763
You need to log in before you can comment on or make changes to this bug.