Closed Bug 716895 Opened 13 years ago Closed 13 years ago

IonMonkey: Segmentation fault running deltablue.js

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: h4writer, Unassigned)

Details

Attachments

(1 file)

testcase
600 bytes, patch
dvander
: review+
Details | Diff | Splinter Review
I narrowed the test down to the following code: function output(c) { return (c.direction == 1) ? c.v2 : c.v1; } var constraint = { v1 : {}, v2 : {}, direction: 1 } for (i=0; i<100; i++){ output(constraint) constraint.direction = -1 output(constraint); } It looks a lot like #715111, but I'm not sure. Therefor I'm creating a new bug for this. If it's the same feel free to mark as duplicate. Program received signal SIGSEGV, Segmentation fault. 0x080cbe14 in Type (data=<optimized out>, this=<optimized out>) at /home/h4writer/Build/ionmonkey/js/src/jsinfer.h:71 71 Type(jsuword data) : data(data) {}
I could reduce it even more to: function output(c, dir) { return (dir) ? c.v1 : c.v1; } var constraint = { v1 : {} } for (i=0; i<100; i++){ output(constraint, 0) output(constraint, 1); }
Nice work reducing this, though it looks like it reproduces bug 714727 instead. deltablue is still segfaulting though and I think it is bug 715111.
Attached patch testcaseSplinter Review
Indeed testcase succeeds now. I've created a patch for the testcase. I wasn't sure if it was needed or not. I've also reduced the testcase again, to find why it still segfaults. Could be #715111 like you suggested, but I'm not sure. Therefor I created a new bug report #723271. That way if #715111 is fixed, we can test if it solves that test too.
Attachment #593598 - Flags: review?(dvander)
Comment on attachment 593598 [details] [diff] [review] testcase Review of attachment 593598 [details] [diff] [review]: ----------------------------------------------------------------- No review needed for test cases, you can just checkin.
Attachment #593598 - Flags: review?(dvander) → review+
Keywords: checkin-needed
Whiteboard: checkin on ionmonkey branch
http://hg.mozilla.org/projects/ionmonkey/rev/41b54805815b
Status: NEW → RESOLVED
Closed: 13 years ago
Keywords: checkin-needed
Resolution: --- → FIXED
Whiteboard: checkin on ionmonkey branch
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: