Closed
Bug 797163
Opened 13 years ago
Closed 13 years ago
"Assertion failure: lifetime->entry == uint32_t(entryTarget - outerScript->code),"
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
People
(Reporter: gkw, Assigned: jandem)
References
Details
(Keywords: assertion, sec-critical, testcase, Whiteboard: Fixed by patch in bug 781859 [jsbugmon:update,ignore][adv-track-main17+])
Attachments
(1 file)
|
7.20 KB,
text/plain
|
Details |
function f() {
switch (2) {
default:
y = newGlobal()
}
return function(code) {
try {
evalcx(code, y)
} catch (e) {}
}
}
function h(code) {
g(code)
}
g = f()
mjitChunkLimit(1)
h("let x=s")
h("switch(x){\
case 2:break;\
b;\
default:while(this){}\
}")
asserts js debug shell on m-c changeset 640a57ebab48 without any CLI arguments at Assertion failure: lifetime->entry == uint32_t(entryTarget - outerScript->code),
s-s because bug 781859 is s-s, also adapting flags from that bug.
This is likely fixed by the upcoming patch in bug 781859, filing to (hopefully) get this testcase in the tree.
Flags: in-testsuite?
|
||
Updated•13 years ago
|
Depends on: 781859
Whiteboard: [jsbugmon:update] → [jsbugmon:update] possibly will be fixed by patch in bug 781859
|
||
Updated•13 years ago
|
Assignee: general → jdemooij
|
|
||
Updated•13 years ago
|
Assignee: jdemooij → general
status-firefox19:
--- → affected
|
|
||
Updated•13 years ago
|
Assignee: general → jdemooij
tracking-firefox17:
--- → +
tracking-firefox18:
--- → +
tracking-firefox19:
--- → +
|
||
Updated•13 years ago
|
Whiteboard: [jsbugmon:update] possibly will be fixed by patch in bug 781859 → possibly will be fixed by patch in bug 781859 [jsbugmon:update,ignore]
|
|
||
Comment 1•13 years ago
|
||
JSBugMon: The testcase found in this bug no longer reproduces (tried revision 93cc1ee94291).
|
|
Reporter | |
Updated•13 years ago
|
Whiteboard: possibly will be fixed by patch in bug 781859 [jsbugmon:update,ignore] → possibly will be fixed by patch in bug 781859 [jsbugmon:update,bisectfix]
|
|
||
Updated•13 years ago
|
Whiteboard: possibly will be fixed by patch in bug 781859 [jsbugmon:update,bisectfix] → possibly will be fixed by patch in bug 781859 [jsbugmon:update,ignore]
|
|
||
Comment 2•13 years ago
|
||
JSBugMon: The testcase found in this bug no longer reproduces (tried revision 93cc1ee94291).
JSBugMon: Fix Bisection requested, result:
autoBisect shows this is probably related to the following changeset:
The first good revision is:
changeset: 111150:0d60a2c574f4
user: Brian Hackett
date: Tue Oct 23 07:45:34 2012 -0700
summary: Don't get confused by unreachable opcodes before loop headers when picking chunk boundaries, bug 781859. r=jandem
This iteration took 204.724 seconds to run.
|
|
Reporter | |
Comment 3•13 years ago
|
||
Highly likely fixed by bug 781859.
Whiteboard: possibly will be fixed by patch in bug 781859 [jsbugmon:update,ignore] → Fixed by patch in bug 781859 [jsbugmon:update,ignore]
|
|
Reporter | |
Updated•13 years ago
|
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
|
|
||
Updated•13 years ago
|
Status: RESOLVED → VERIFIED
|
|
||
Comment 4•13 years ago
|
||
JSBugMon: This bug has been automatically verified fixed.
|
|
||
Comment 5•13 years ago
|
||
Matt - can you verify this is fixed in FF17/18 as well? Thanks!
Keywords: qawanted
QA Contact: general → mwobensmith
|
|
||
Comment 6•13 years ago
|
||
Confirmed assertion on build 2012-10-2, nightly
Verified fixed on build 2012-11-6, nightly
Verified fixed on build 2012-11-6, Aurora 18
Verified fixed on build 2012-11-6, Beta 17
|
|
||
Updated•13 years ago
|
|
||
Updated•13 years ago
|
Whiteboard: Fixed by patch in bug 781859 [jsbugmon:update,ignore] → Fixed by patch in bug 781859 [jsbugmon:update,ignore][adv-track-main17+]
|
|
||
Updated•12 years ago
|
Group: core-security
|
|
||
Comment 7•12 years ago
|
||
Bug 781859 already has a test, not taking this one.
Flags: in-testsuite? → in-testsuite-
You need to log in
before you can comment on or make changes to this bug.
Description
•