Last Comment Bug 758164 - IonMonkey: Assertion failure: !comp->rt->gcRunning, at ../jsgcinlines.h:333
: IonMonkey: Assertion failure: !comp->rt->gcRunning, at ../jsgcinlines.h:333
[fuzzblocker] [jsbugmon:update,ignore]
: assertion, regression, testcase
Product: Core
Classification: Components
Component: JavaScript Engine (show other bugs)
: Other Branch
: All All
-- critical (vote)
: ---
Assigned To: general
: Jason Orendorff [:jorendorff]
Depends on: 746691
Blocks: jsfunfuzz langfuzz IonFuzz 757412
  Show dependency treegraph
Reported: 2012-05-24 03:52 PDT by Christian Holler (:decoder)
Modified: 2013-02-07 05:19 PST (History)
6 users (show)
choller: in‑testsuite+
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Description User image Christian Holler (:decoder) 2012-05-24 03:52:31 PDT
The following testcase asserts on ionmonkey revision 407632130d1b (run with --ion -n -m):

Comment 1 User image Gary Kwong [:gkw] [:nth10sd] 2012-05-24 11:24:44 PDT
jsfunfuzz hits this a lot, too.

autoBisect shows this is probably related to the following changeset:

The first bad revision is:
changeset:   96013:d5545e6d927b
user:        David Anderson
date:        Tue May 22 23:17:57 2012 -0700
summary:     Throw Ion code away when needsBarrier changes (bug 757412, r=sstangl).
Comment 2 User image Christian Holler (:decoder) 2012-05-29 18:35:51 PDT
JSBugMon: The testcase found in this bug no longer reproduces (tried revision 80a444262772).
Comment 3 User image Gary Kwong [:gkw] [:nth10sd] 2012-05-31 10:59:35 PDT
Confirming that this no longer occurs, the following changeset might have fixed it:

autoBisect shows this is probably related to the following changeset:

The first good revision is:
changeset:   96132:80a444262772
user:        David Anderson
date:        Tue May 29 21:03:22 2012 -0400
summary:     Merge backout.
Comment 4 User image Christian Holler (:decoder) 2013-02-07 05:19:09 PST
Automatically extracted testcase for this bug was committed:

Note You need to log in before you can comment on or make changes to this bug.