Closed Bug 746150 Opened 12 years ago Closed 12 years ago

Assertion failure: [infer failure] Missing type pushed 0: void, at js/src/jsinfer.cpp:352

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Platform:
x86
All
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED DUPLICATE of bug 747926

People

(Reporter: decoder, Unassigned)

References

Details

(Keywords: assertion, regression, testcase, Whiteboard: [sg:critical] js-triage-needed) 

The following test asserts on mozilla-central revision c61e7c3a232a (options -m -n):


gczeal(2);
exhaustiveSpliceTestWithArgs();
function exhaustiveSpliceTestWithArgs() {
    var errorMessage;
    var reason = "";
    for (var first = 2;;) {
        actualSpliced = []
        actualSpliced.push(schedulegc(""));
        reason = reason + errorMessage
    }
}


This could be a problem with the type taken/returned by the shell-only function "schedulegc", but it could also be some other problem. Marking s-s because infer failures can be critical and test involves gczeal.
guessing at severity based on previous inference failures
Whiteboard: js-triage-needed → [sg:critical] js-triage-needed
autoBisect shows this is probably related to the following changeset:

The first bad revision is:
changeset:   91130:15a23c3923ff
user:        Bill McCloskey
date:        Tue Apr 03 14:07:38 2012 -0700
summary:     Bug 742570 - Improve GC testing functions (r=igor)
Blocks: 742570
OS: Linux → All
Status: NEW → RESOLVED
Closed: 12 years ago
status-firefox-esr10: unaffected → ---
status-firefox12: unaffected → ---
status-firefox13: unaffected → ---
status-firefox14: affected → ---
status-firefox15: affected → ---
tracking-firefox14: + → ---
tracking-firefox15: + → ---
Resolution: --- → DUPLICATE
Group: core-security
You need to log in before you can comment on or make changes to this bug.