Closed Bug 663628 Opened 13 years ago Closed 13 years ago

TI: Crash in mjit-generated code

Categories

(Core :: JavaScript Engine, defect)

x86_64
Linux
defect
Not set
critical

Tracking

()

RESOLVED DUPLICATE of bug 662132

People

(Reporter: decoder, Unassigned)

References

Details

(Keywords: crash, testcase, Whiteboard: [sg:dupe 662132])

Attachments

(1 file)

The attached testcase crashes on TI revision a70672667195 (unpack, chdir and run main.js with options -j -m -n -a). This test is very fragile and switches between segmentation fault, trap and illegal instruction when being changed. S-s because this could be a duplicate of 662132 which affects TM.

Backtrace:

(gdb) bt
#0  0x00007fb77a677116 in ?? ()
#1  0x00007fb77a73e560 in ?? ()
#2  0x00007fb77a6bce68 in ?? ()
#3  0x0000000000000001 in ?? ()
#4  0x00007fffab9e4fb0 in ?? ()
#5  0x00000000028fef00 in ?? ()
#6  0x00007fb77a803398 in ?? ()
#7  0x00000000028bfc1d in ?? ()
#8  0x0000000000000000 in ?? ()
(gdb) x /8i $pc
0x7fb77a677116: insl   (%dx),%es:(%rdi)
0x7fb77a677117: add    $0x0,%al
0x7fb77a677119: and    %eax,%esp
0x7fb77a67711b: xor    %r12,%r8
0x7fb77a67711e: mov    $0xfff8800000000000,%r11
0x7fb77a677128: cmp    %r11,%r8
0x7fb77a67712b: jne    0x7fb77a67713b
0x7fb77a677131: cvtsi2sd %r12d,%xmm6
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → DUPLICATE
Group: core-security
Whiteboard: [sg:dupe 662132]
A testcase for this bug was already added in the original bug (bug 662132).
Flags: in-testsuite-
You need to log in before you can comment on or make changes to this bug.