As a security precaution, we have turned on the setting "Require API key authentication for API requests" for everyone. If this has broken something, please contact
Last Comment Bug 727921 - "Assertion failure: (ptrBits & 0x7) == 0,"
: "Assertion failure: (ptrBits & 0x7) == 0,"
[sg:critical] js-triage-needed [advis...
: assertion, regression, testcase
Product: Core
Classification: Components
Component: JavaScript Engine (show other bugs)
: Trunk
: x86 Mac OS X
: -- critical (vote)
: mozilla13
Assigned To: Bill McCloskey (:billm)
: Jason Orendorff [:jorendorff]
Depends on:
Blocks: jsfunfuzz 723313
  Show dependency treegraph
Reported: 2012-02-16 11:01 PST by Gary Kwong [:gkw] [:nth10sd]
Modified: 2012-05-22 16:33 PDT (History)
5 users (show)
gary: in‑testsuite+
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---

stack (7.29 KB, text/plain)
2012-02-16 11:01 PST, Gary Kwong [:gkw] [:nth10sd]
no flags Details

Description User image Gary Kwong [:gkw] [:nth10sd] 2012-02-16 11:01:06 PST
Created attachment 597899 [details]

(function() {
    let(d) {
        schedulegc(5), 'a'.replace(/a/,function(){yield})\

asserts js debug shell on m-c changeset ebafee0cea36 with -m, -a and -n at Assertion failure: (ptrBits & 0x7) == 0,

autoBisect shows this is probably related to the following changeset:

The first bad revision is:
changeset:   86695:fbef6a165cf8
user:        Bill McCloskey
date:        Fri Feb 10 18:32:08 2012 -0800
summary:     Bug 723313 - Stop using conservative stack scanner for VM stack marking (r=luke,bhackett)
Comment 1 User image Gary Kwong [:gkw] [:nth10sd] 2012-02-16 13:33:10 PST
Assuming sg:critical and s-s initially after a quick look by billm and I.
Comment 2 User image Gary Kwong [:gkw] [:nth10sd] 2012-02-16 14:14:46 PST
Erm, I updated to tip and this seems gone, probably fixed by bug 714109:

autoBisect shows this is probably related to the following changeset:

The first good revision is:
changeset:   86735:f29587aa8965
user:        Terrence Cole
date:        Mon Feb 13 10:01:18 2012 -0800
summary:     Bug 714109 - Add missing barriers to Generator; r=billm
Comment 3 User image Bill McCloskey (:billm) 2012-02-16 14:16:48 PST
I'm going to re-open this, at least until I can triage it. Bug 714109 wasn't intended to fix existing bugs in the tree, so it's more likely that it's just covering up the problem.
Comment 4 User image Bill McCloskey (:billm) 2012-02-16 14:39:09 PST
OK, it turns out I was wrong. That patch actually does fix the problem. I pushed a test case here:
Comment 5 User image Gary Kwong [:gkw] [:nth10sd] 2012-02-16 14:40:14 PST

Setting in-testsuite+
Comment 6 User image Ed Morley [:emorley] 2012-02-17 05:05:35 PST
(Normally bugs aren't closed until the cset merges from inbound)
Comment 7 User image Gary Kwong [:gkw] [:nth10sd] 2012-03-23 17:06:27 PDT
Test committed with fix, marking verified based on that.

Note You need to log in before you can comment on or make changes to this bug.