Closed
Bug 728191
Opened 12 years ago
Closed 12 years ago
Assertion failure: regs.fp()->prev() == regs_->fp(), at js/src/vm/Stack.cpp:338
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 752379
People
(Reporter: decoder, Unassigned)
References
Details
(Keywords: assertion, testcase, Whiteboard: [jsbugmon:update,ignore])
The following test asserts on mozilla-central revision 78fde7e54d92 (options -m -n -a):
var lfcode = new Array();
lfcode.push("");
lfcode.push("var summary = 'Let expression error involving undefined';");
while (true) {
var file = lfcode.shift(); if (file == undefined) { break; }
loadFile(file);
}
function loadFile(lfVarx) {
evaluate(lfVarx);
}
It would be good if this could be fixed quickly although it's not security critical, because the bug is easy to reproduce and makes minimization of other issues harder (as they can morph into this one). It seems to depend on TI.
|
||
Comment 1•12 years ago
|
||
Is there a blame cset for this bug?
|
||
Comment 2•12 years ago
|
||
~/fuzzing/js-autobisect/autoBisect.py -p -a 64 --flags="-m,-n,-a" -o "->prev()" ~/Desktop/p.js (plus some hacking) The first bad revision is: changeset: 752fddcf2d1d user: Brian Hackett date: Mon Jul 25 08:57:00 2011 -0700 summary: [INFER] Only allow inlined frames to call other frames in the same VMFrame, bug 673763.
|
||
Comment 3•12 years ago
|
||
Christian, is this still crimping your fuzzing?
|
Reporter | |
Comment 4•12 years ago
|
||
Nope, I haven't seen this for quite a while. I'll try a bisect later or tomorrow to see what fixed this.
|
|
Reporter | |
Updated•12 years ago
|
Whiteboard: js-triage-needed → [jsbugmon:update,bisect,bisectfix]
|
|
Reporter | |
Updated•12 years ago
|
Whiteboard: [jsbugmon:update,bisect,bisectfix] → [jsbugmon:update,ignore]
|
|
Reporter | |
Comment 5•12 years ago
|
||
JSBugMon: The testcase found in this bug no longer reproduces (tried revision ee1fb253dfce). JSBugMon: Fix Bisection requested, result: autoBisect shows this is probably related to the following changeset: The first good revision is: changeset: 93900:b6ce79884966 user: Luke Wagner date: Mon May 07 09:15:08 2012 -0700 summary: Bug 752379 - ContextStack::pushExecuteFrame should read the most recent 'fp' (r=bhackett)
|
|
Reporter | |
Updated•12 years ago
|
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → DUPLICATE
|
|
Reporter | |
Comment 7•11 years ago
|
||
A testcase for this bug was already added in the original bug (bug 752379).
Flags: in-testsuite-
You need to log in
before you can comment on or make changes to this bug.
Description
•