Closed Bug 713952 Opened 13 years ago Closed 13 years ago

IonMonkey: Crash in math-cordic with --ion -n

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Platform:
x86_64
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: dvander, Assigned: dvander)

References

Details

Attachments

(1 file)

fix
1.84 KB, patch
sstangl
: review+
Details | Diff | Splinter Review
This test currently segfaults with LSRA.
Attached patch fixSplinter Review
The bug is a regression from bug 695075. When we re-use a Value slot for a double, we have to compute its base since it could be off by 4 bytes.
Attachment #584642 - Flags: review?(sstangl)
Comment on attachment 584642 [details] [diff] [review] fix Review of attachment 584642 [details] [diff] [review]: ----------------------------------------------------------------- ::: js/src/ion/C1Spewer.cpp @@ +55,5 @@ > > bool > C1Spewer::init(const char *path) > { > + spewout_ = fopen(path, "a"); This seems dangerous. We should keep overwriting by default. I will not remember to periodically clear this file manually.
Attachment #584642 - Flags: review?(sstangl) → review+
http://hg.mozilla.org/projects/ionmonkey/rev/fb34f17071b4 (w/ fopen change reverted)
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: