Closed
Bug 666003
Opened 9 years ago
Closed 9 years ago
Assertion failure: size_t((regs.fp()->hasImacropc() ? regs.fp()->imacropc() : regs.pc) - script->code) < script->length, at jsinterp.cpp:6534
Categories
(Core :: JavaScript Engine, defect, critical)
Core
JavaScript Engine
Tracking
()
RESOLVED
FIXED
People
(Reporter: jandem, Assigned: luke)
References
Details
(Keywords: assertion, regression, testcase, Whiteboard: fixed-in-tracemonkey)
Attachments
(1 file)
|
1.43 KB,
patch
|
Waldo
:
review+
|
Details | Diff | Splinter Review |
--
function f() {
f = function() { g(); };
f();
}
g = f;
f();
--
$ ./js test.js
Assertion failure: size_t((regs.fp()->hasImacropc() ? regs.fp()->imacropc() : regs.pc) - script->code) < script->length, at jsinterp.cpp:6534
Revision 2ff6092157a5, 32-bit OS X.
|
Assignee | |
Comment 1•9 years ago
|
||
Assigning to 'script' before guaranteed success. Nice testcase, thanks.
Assignee: general → luke
|
|
Assignee | |
Comment 2•9 years ago
|
||
Attachment #540866 -
Flags: review?(jwalden+bmo)
|
||
Comment 3•9 years ago
|
||
The first bad revision is: changeset: ce10e78d030d user: Luke Wagner date: Tue Jun 14 16:36:13 2011 -0700 summary: Bug 664252 - Turn lemons (LLVM-only build bustage) into lemonade (rewrite JSOP_CALL/EVAL/NEW to have less goto madness) (r=waldo)
Blocks: 664252
|
||
Updated•9 years ago
|
Attachment #540866 -
Flags: review?(jwalden+bmo) → review+
|
|
Assignee | |
Comment 4•9 years ago
|
||
http://hg.mozilla.org/tracemonkey/rev/d416abec8cd3
Whiteboard: fixed-in-tracemonkey
|
||
Comment 5•9 years ago
|
||
cdleary-bot mozilla-central merge info: http://hg.mozilla.org/mozilla-central/rev/d416abec8cd3
|
|
||
Updated•9 years ago
|
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
|
||
Comment 6•7 years ago
|
||
A testcase for this bug was automatically identified at js/src/jit-test/tests/basic/testBug666003.js.
Flags: in-testsuite+
You need to log in
before you can comment on or make changes to this bug.
Description
•