Beginning on October 25th, 2016, Persona will no longer be an option for authentication on BMO. For more details see Persona Deprecated.
Last Comment Bug 752379 - Assertion failure: regs.fp()->prev() == regs_->fp(), at js/src/vm/Stack.cpp:339 or Crash [@ CrashIfInvalidSlot]
: Assertion failure: regs.fp()->prev() == regs_->fp(), at js/src/vm/Stack.cpp:3...
: assertion, crash, testcase
Product: Core
Classification: Components
Component: JavaScript Engine (show other bugs)
: Trunk
: x86_64 Linux
: -- critical (vote)
: mozilla15
Assigned To: general
: Jason Orendorff [:jorendorff]
: 728191 (view as bug list)
Depends on:
Blocks: langfuzz 728191
  Show dependency treegraph
Reported: 2012-05-06 17:04 PDT by Christian Holler (:decoder)
Modified: 2013-01-14 08:15 PST (History)
6 users (show)
choller: in‑testsuite+
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---

fix and test (2.19 KB, patch)
2012-05-07 09:17 PDT, Luke Wagner [:luke]
bhackett1024: review+
Details | Diff | Splinter Review

Description Christian Holler (:decoder) 2012-05-06 17:04:07 PDT
The following test crashes on mozilla-central revision 032d43b1770f (options -m -n -a):

var lfcode = new Array();
while (true) {
        var file = lfcode.shift(); if (file == undefined) { break; }
function loadFile(lfVarx) {

The test is very similar to bug 728191 (same assertion, but doesn't reproduce anymore), so it's likely the same underlying issue.
Comment 1 Luke Wagner [:luke] 2012-05-07 09:17:51 PDT
Created attachment 621625 [details] [diff] [review]
fix and test

ContextStack::pushExecuteFrame is sampling 'fp' before ensureOnTop flushes inlined frames which means that it doesn't get the most recent 'fp'.
Comment 3 Ed Morley [:emorley] 2012-05-15 06:49:44 PDT
Comment 4 Christian Holler (:decoder) 2012-10-02 08:37:47 PDT
*** Bug 728191 has been marked as a duplicate of this bug. ***
Comment 5 Christian Holler (:decoder) 2013-01-14 08:15:05 PST
A testcase for this bug was automatically identified at js/src/jit-test/tests/basic/testBug752379.js.

Note You need to log in before you can comment on or make changes to this bug.