Beginning on October 25th, 2016, Persona will no longer be an option for authentication on BMO. For more details see Persona Deprecated.
Last Comment Bug 684621 - Assertion failure: copied == 0, at methodjit/FrameEntry.h:180
: Assertion failure: copied == 0, at methodjit/FrameEntry.h:180
: assertion, testcase
Product: Core
Classification: Components
Component: JavaScript Engine (show other bugs)
: Trunk
: x86 Linux
: -- critical (vote)
: ---
Assigned To: general
: Jason Orendorff [:jorendorff]
Depends on:
Blocks: infer-regress langfuzz
  Show dependency treegraph
Reported: 2011-09-04 14:16 PDT by Christian Holler (:decoder)
Modified: 2013-01-14 08:43 PST (History)
4 users (show)
choller: in‑testsuite+
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Description Christian Holler (:decoder) 2011-09-04 14:16:45 PDT
The following test asserts on mozilla-central revision a351ae35f2c4 (with shell build fix from mozilla-inbound rev fff3dc9478ce). Use options -m -n -a and a 32 bit debug build:

function runRichards() {
    queue = new Packet;
    Packet(queue, ID_DEVICE_A, KIND_DEVICE);
    new Packet;
var ID_DEVICE_A = 4;
var KIND_DEVICE = 0;
Packet = function (queue) { = null
    if (queue == null) return;
    var peek, next = queue;
    while ((peek = != null)
Comment 1 Boris Zbarsky [:bz] (still a bit busy) 2011-09-04 17:42:51 PDT
Is this a TI regression?
Comment 2 Brian Hackett (:bhackett) 2011-09-04 17:43:48 PDT
Yes, working on a fix.
Comment 3 Brian Hackett (:bhackett) 2011-09-05 17:22:36 PDT
After processing a loop backedge, we clear information about loop temporaries but did not uncopy any temporaries which there were copies of.  This can only happen when an assignment of a loop invariant entry occurs in the loop test.
Comment 4 Brian Hackett (:bhackett) 2011-09-06 22:36:44 PDT
Comment 5 Christian Holler (:decoder) 2013-01-14 08:43:16 PST
A testcase for this bug was automatically identified at js/src/jit-test/tests/jaeger/loops/bug684621.js.

Note You need to log in before you can comment on or make changes to this bug.