Closed Bug 657287 Opened 9 years ago Closed 9 years ago

TI: Assertion failure: (ptrBits & 0x7) == 0, at ../jsval.h:702

Categories

(Core :: JavaScript Engine, defect, critical)

Product:
Core
Component:
JavaScript Engine
Platform:
x86_64
Linux
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: decoder, Unassigned)

References

(Blocks 2 open bugs)

Details

(Keywords: assertion, testcase)

Attachments

(1 file)

shell testcase, unpack, chdir and run main.js with options "-j -n -m"
936 bytes, application/x-compressed-tar
Details 
The attached testcase asserts on TI revision 693a36f402ee (unpack, chdir and run main.js with options -j -m -n), tested on 64 bit.
YES, was waiting for this to show up as it has been causing intermittent tinderbox orange, but didn't have a test to confirm the cause.  When rejoining into the interpreter we don't guarantee sync for dead locals.  Normally this isn't a problem, but if the interpreter executes a 'GETLOCAL POP' sequence as is done in script headers for the decompiler, we can fault in the compartment checking assertions at the GETLOCAL.  The interpreter should just ignore 'GETLOCAL POP' sequences like the liveness analysis does.
Ignore same compartment assertions for GETLOCAL followed by POP.

http://hg.mozilla.org/projects/jaegermonkey/rev/1b270bc6f9c1
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Blocks: 676763
You need to log in before you can comment on or make changes to this bug.