Closed
Bug 843429
Opened 12 years ago
Closed 12 years ago
BaselineCompiler: Crash [@ JSObject::defaultValue]
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: gkw, Assigned: jandem)
References
Details
(Keywords: crash, regression, testcase, Whiteboard: [jsbugmon:update])
Crash Data
Attachments
(2 files)
14.91 KB,
text/plain
|
Details | |
1.15 KB,
patch
|
bhackett1024
:
review+
|
Details | Diff | Splinter Review |
(function () {
const x = [] = {};
(function () {
print(x)
})()
})()
crashes js debug and opt shell on ionmonkey changeset 2445c6378f36 without any CLI arguments at JSObject::defaultValue
Updated•12 years ago
|
Whiteboard: [jsbugmon:update] → [jsbugmon:]
Comment 1•12 years ago
|
||
JSBugMon: Cannot process bug: Unable to automatically reproduce, please track manually.
Reporter | ||
Comment 2•12 years ago
|
||
I tested this on 32-bit Linux.
OS: Mac OS X → Linux
Hardware: x86_64 → x86
Comment 3•12 years ago
|
||
Yep, confirmed. It doesn't reproduce on 64 bit that's why JSBugMon failed.
Whiteboard: [jsbugmon:] → [jsbugmon:update]
Reporter | ||
Comment 5•12 years ago
|
||
autoBisect shows this is probably related to the following changeset:
The first bad revision is:
changeset: 121322:f21ddc17c570
user: Brian Hackett
date: Thu Feb 07 13:03:12 2013 -0700
summary: Bug 839080 - Compile object initializer opcodes, r=djvj.
Brian, is bug 839080 a likely regressor?
Blocks: 839080
Crash Signature: [@ JSObject::defaultValue]
Flags: needinfo?(bhackett1024)
Keywords: regression
Assignee | ||
Comment 6•12 years ago
|
||
Between ops, values on top of the stack can be in R0 or R1 and SETALIASEDVAR shouldn't use these registers.
Assignee: general → jdemooij
Status: NEW → ASSIGNED
Attachment #716465 -
Flags: review?(bhackett1024)
Assignee | ||
Updated•12 years ago
|
Flags: needinfo?(bhackett1024)
Updated•12 years ago
|
Attachment #716465 -
Flags: review?(bhackett1024) → review+
Assignee | ||
Comment 7•12 years ago
|
||
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•