Closed
Bug 873660
Opened 12 years ago
Closed 12 years ago
Assertion failure: (ptrBits & 0x7) == 0, at ../dist/include/js/Value.h with --ion-regalloc=backtracking
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
FIXED
| Tracking | Status | |
|---|---|---|
| firefox22 | --- | unaffected |
| firefox23 | --- | unaffected |
| firefox24 | --- | fixed |
| firefox-esr17 | --- | unaffected |
| b2g18 | --- | unaffected |
People
(Reporter: gkw, Unassigned)
References
Details
(4 keywords)
Attachments
(1 file)
|
1.76 KB,
text/plain
|
Details |
(function () {
eval("\
'a'.replace(/a/, arguments.callee)\
")
})()
asserts js debug shell on m-c changeset 5c240ee646fb with --ion-eager --no-jm --ion-regalloc=backtracking at Assertion failure: (ptrBits & 0x7) == 0,
s-s because this assertion is scary.
Full configuration command with needed environment variables is:
CC="clang -Qunused-arguments" AR=ar CXX="clang++ -Qunused-arguments" sh ./configure --target=x86_64-apple-darwin11.4.0 --enable-optimize --enable-debug --enable-profiling --enable-gczeal --enable-debug-symbols --enable-methodjit --enable-type-inference --disable-tests --enable-more-deterministic --enable-threadsafe --with-ccache
Not sure if --enable-threadsafe or --with-system-nspr is needed, I had removed some threadsafe-specific flags that were pointing to specific directories on my computer.
Flags: needinfo?(bhackett1024)
|
Reporter | |
Comment 1•12 years ago
|
||
autoBisect shows this is probably related to the following changeset:
The first bad revision is:
changeset: 129263:d12788533ab7
user: Kannan Vijayan
date: Thu Apr 18 16:47:25 2013 -0400
summary: Bug 860145 - Allow Ion to compile functions which require heavyweight arguments-object construction. r=jandem r=nbp
OK, now I'm not sure what caused this.
|
|
Reporter | |
Updated•12 years ago
|
Flags: needinfo?(kvijayan)
|
||
Comment 2•12 years ago
|
||
Marking sec-high because that assertion is often bad.
Gary, does this still reproduce? Bug 860145 was relanded with some fixes, so maybe this has gone away.
Flags: needinfo?(gary)
Keywords: sec-high
|
|
Reporter | |
Comment 3•12 years ago
|
||
> Gary, does this still reproduce? Bug 860145 was relanded with some fixes,
> so maybe this has gone away.
I can still reproduce with m-c rev c21ef3664c67 (a recent tip).
--enable-more-deterministic and --enable-threadsafe are not needed.
Flags: needinfo?(gary)
|
|
Reporter | |
Comment 4•12 years ago
|
||
An even more recent landing in bug 868206 may have fixed this.
Verifying with autoBisect now.
Flags: needinfo?(kvijayan)
Flags: needinfo?(bhackett1024)
|
|
Reporter | |
Comment 5•12 years ago
|
||
autoBisect shows this is probably related to the following changeset:
The first good revision is:
changeset: 132599:3bfbd1ed214d
user: Brian Hackett
date: Tue May 21 21:40:44 2013 -0600
summary: Bug 868206 - Various fixes for the backtracking register allocator, r=jandem.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
|
|
||
Updated•12 years ago
|
status-b2g18:
--- → unaffected
status-firefox22:
--- → unaffected
status-firefox23:
--- → unaffected
status-firefox24:
--- → fixed
status-firefox-esr17:
--- → unaffected
|
||
Updated•11 years ago
|
Group: core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•