Closed Bug 666003 Opened 13 years ago Closed 13 years ago

Assertion failure: size_t((regs.fp()->hasImacropc() ? regs.fp()->imacropc() : regs.pc) - script->code) < script->length, at jsinterp.cpp:6534

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: jandem, Assigned: luke)

References

Details

(Keywords: assertion, regression, testcase, Whiteboard: fixed-in-tracemonkey)

Attachments

(1 file)

fix and test
1.43 KB, patch
Waldo
: review+
Details | Diff | Splinter Review
-- function f() { f = function() { g(); }; f(); } g = f; f(); -- $ ./js test.js Assertion failure: size_t((regs.fp()->hasImacropc() ? regs.fp()->imacropc() : regs.pc) - script->code) < script->length, at jsinterp.cpp:6534 Revision 2ff6092157a5, 32-bit OS X.
Assigning to 'script' before guaranteed success. Nice testcase, thanks.
Assignee: general → luke
Attached patch fix and testSplinter Review
Attachment #540866 - Flags: review?(jwalden+bmo)
The first bad revision is: changeset: ce10e78d030d user: Luke Wagner date: Tue Jun 14 16:36:13 2011 -0700 summary: Bug 664252 - Turn lemons (LLVM-only build bustage) into lemonade (rewrite JSOP_CALL/EVAL/NEW to have less goto madness) (r=waldo)
Blocks: 664252
Keywords: assertion, regression, testcase
Attachment #540866 - Flags: review?(jwalden+bmo) → review+
http://hg.mozilla.org/tracemonkey/rev/d416abec8cd3
Whiteboard: fixed-in-tracemonkey
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
A testcase for this bug was automatically identified at js/src/jit-test/tests/basic/testBug666003.js.
Flags: in-testsuite+
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: