Closed
Bug 663628
Opened 13 years ago
Closed 13 years ago
TI: Crash in mjit-generated code
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 662132
People
(Reporter: decoder, Unassigned)
References
Details
(Keywords: crash, testcase, Whiteboard: [sg:dupe 662132])
Attachments
(1 file)
3.68 KB,
application/x-compressed-tar
|
Details |
The attached testcase crashes on TI revision a70672667195 (unpack, chdir and run main.js with options -j -m -n -a). This test is very fragile and switches between segmentation fault, trap and illegal instruction when being changed. S-s because this could be a duplicate of 662132 which affects TM. Backtrace: (gdb) bt #0 0x00007fb77a677116 in ?? () #1 0x00007fb77a73e560 in ?? () #2 0x00007fb77a6bce68 in ?? () #3 0x0000000000000001 in ?? () #4 0x00007fffab9e4fb0 in ?? () #5 0x00000000028fef00 in ?? () #6 0x00007fb77a803398 in ?? () #7 0x00000000028bfc1d in ?? () #8 0x0000000000000000 in ?? () (gdb) x /8i $pc 0x7fb77a677116: insl (%dx),%es:(%rdi) 0x7fb77a677117: add $0x0,%al 0x7fb77a677119: and %eax,%esp 0x7fb77a67711b: xor %r12,%r8 0x7fb77a67711e: mov $0xfff8800000000000,%r11 0x7fb77a677128: cmp %r11,%r8 0x7fb77a67712b: jne 0x7fb77a67713b 0x7fb77a677131: cvtsi2sd %r12d,%xmm6
Updated•13 years ago
|
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → DUPLICATE
Updated•13 years ago
|
Group: core-security
Whiteboard: [sg:dupe 662132]
Reporter | ||
Comment 2•11 years ago
|
||
A testcase for this bug was already added in the original bug (bug 662132).
Flags: in-testsuite-
You need to log in
before you can comment on or make changes to this bug.
Description
•