715356 - "Assertion failure: pc[bodyLength] == JSOP_LEAVEBLOCKEXPR,"

Status: RESOLVED DUPLICATE of bug 716068

(Core :: JavaScript Engine, defect)

Description

[Gary Kwong [:gkw] [:nth10sd] (NOT official MoCo now)]

function f(code) {
    code = code.replace(/\/\*DUPTRY\d+/, function(k) {
        n = parseInt(k.substr(8), 0);
        return g("try{}catch(e){}", n)
    })
    String(Function(code))
}
function g(s, n) {
    if (n == 0) {
        return s
    }
    s2 = s + s
    r = n % 2
    d = (n - r) / 2
    m = g(s2, d)
    return r ? m + s : m
}
f("let(x){switch(x){case 7:/*DUPTRY801([])([])([])/function(){x}}}")

asserts js debug shell on m-c changeset 44d992ccc97a without any CLI arguments at Assertion failure: pc[bodyLength] == JSOP_LEAVEBLOCKEXPR,

autoBisect shows this is probably related to the following changeset:

The first bad revision is:
changeset:   83259:38344f96b3e3
user:        Luke Wagner
date:        Fri Oct 07 12:02:50 2011 -0700
summary:     Bug Bug 692274, part 4 - Rewrite parsing, emitting and decompiling of let to fix scoping properly (r=jorendorff)

Comment 1

[Gary Kwong [:gkw] [:nth10sd] (NOT official MoCo now)]

Attachment: stack

Comment 2

[Luke Wagner [:luke]]

OptimizeSpanDeps!!!!

Comment 3

[Luke Wagner [:luke]]

Attachment: fix

I'm going measure how much OptimizeSpanDeps wins us on MemBuster b/c if it's not at least 1%, then this complexity is unconscionable.

Oh, the bug was that OptimizeSpanDeps wants to look into let's SRC_DECL (since js_SrcNoteSpec[SRC_DECL].isSpandDep = true) and fiddle with its offsets based.  However, what I crammed in there was a shifted offset and a bit so it just scrambles the bits.  The solution (since it is no longer necessary for SN_TYPE(sn) to be SRC_DECL) is to use a srcnote type with arity = 2 and make each one a valid offset.

Comment 4

[Luke Wagner [:luke]]

Oh yeah, I need to update the JSXDR_BYTECODE_VERSION.

Comment 5

[Luke Wagner [:luke]]

You know what is better than fixing a bug caused by OptimizeSpanDeps?  Removing OptimizeSpanDeps.