Closed Bug 674391 Opened 9 years ago Closed 9 years ago
TI: Assertion failure: Unpossible rejoin!, at methodjit/Invoke
The attached testcase asserts on TI revision bd40ad1be9d8 (run main.js with options -j -m -n -a). This seems very complex, cannot get it into a single file, but got it greatly reduced from its original form.
WFM, I just get: ReferenceError: expect is not defined ReferenceError: startTest is not defined Can you paste the stack traces from the last few calls to js_GC, and/or the output when setting the JMFLAGS environment variable to 'recompile'?
Here are the stacks of the last three calls to js_GC. Will attach the other information afterwards. If that is not enough, I can also simply provide you a shell with gdb so you can debug it on the fuzzing box. It's an Ubuntu (64 bit).
(In reply to comment #2) > Created attachment 549326 [details] > Stacks of last three calls to js_GC > > Here are the stacks of the last three calls to js_GC. Will attach the other > information afterwards. If that is not enough, I can also simply provide you > a shell with gdb so you can debug it on the fuzzing box. It's an Ubuntu (64 > bit). Ah, this does it, the problem is that js_IteratorNext can GC and throw us into the interpreter, but we don't rejoin from calls to it. Thought that this function couldn't GC, maybe I should be eating my own dogfood though and using the reports for GC callers at sixgill.mozilla.org, since it's pretty clear what's going on there.
http://hg.mozilla.org/projects/jaegermonkey/rev/e5b57c9ebbe9 Side note: IterNext used REJOIN_NONE instead of REJOIN_FALLTHROUGH because it used to be called in the middle of JSOP_FOR* opcodes. Without the fix from bug 648175 that removed these opcodes and made ITERNEXT its own opcode, being able to rejoin from an IterNext would have been extremely complicated.
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
A testcase for this bug was automatically identified at js/src/jit-test/tests/jaeger/recompile/bug674391.js.
You need to log in before you can comment on or make changes to this bug.