Closed Bug 680976 Opened 9 years ago Closed 9 years ago
TI: "Assertion failure: stack
Depth >= nuses,"
The attached testcase asserts at Assertion failure: stackDepth >= nuses, on JM changeset 8fe193e034cb with -m and -a, on Windows 7 debug shell. This was found using a triple combination of an existing js test, jsfunfuzz and jandem's method fuzzer. Eventually the reduced testcase revealed jsfunfuzz was not needed for the assert.
Probably JM-only, doesn't occur on mc changeset 33e4aa663bba. Thanks Luke who confirms via IRC that it doesn't on 64-bit Linux debug shell (assuming mozilla-central).
9 years ago
Summary: "Assertion failure: stackDepth >= nuses," → TI: "Assertion failure: stackDepth >= nuses,"
For decomposed incops which needed an INDEXBASE opcode to adjust their atom operand, the resulting bytecode was deformed --- a RESETBASE opcode must be emitted after such ops, and it was taking the place of the one-byte decomposed length attached to these ops. http://hg.mozilla.org/projects/jaegermonkey/rev/a30c64a27b4a
Attachment #555007 - Flags: review?(dvander)
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Attachment #555007 - Flags: review?(dvander) → review+
You need to log in before you can comment on or make changes to this bug.