Closed
Bug 873660
Opened 11 years ago
Closed 11 years ago
Assertion failure: (ptrBits & 0x7) == 0, at ../dist/include/js/Value.h with --ion-regalloc=backtracking
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
FIXED
Tracking | Status | |
---|---|---|
firefox22 | --- | unaffected |
firefox23 | --- | unaffected |
firefox24 | --- | fixed |
firefox-esr17 | --- | unaffected |
b2g18 | --- | unaffected |
People
(Reporter: gkw, Unassigned)
References
Details
(4 keywords)
Attachments
(1 file)
1.76 KB,
text/plain
|
Details |
(function () { eval("\ 'a'.replace(/a/, arguments.callee)\ ") })() asserts js debug shell on m-c changeset 5c240ee646fb with --ion-eager --no-jm --ion-regalloc=backtracking at Assertion failure: (ptrBits & 0x7) == 0, s-s because this assertion is scary. Full configuration command with needed environment variables is: CC="clang -Qunused-arguments" AR=ar CXX="clang++ -Qunused-arguments" sh ./configure --target=x86_64-apple-darwin11.4.0 --enable-optimize --enable-debug --enable-profiling --enable-gczeal --enable-debug-symbols --enable-methodjit --enable-type-inference --disable-tests --enable-more-deterministic --enable-threadsafe --with-ccache Not sure if --enable-threadsafe or --with-system-nspr is needed, I had removed some threadsafe-specific flags that were pointing to specific directories on my computer.
Flags: needinfo?(bhackett1024)
Reporter | ||
Comment 1•11 years ago
|
||
autoBisect shows this is probably related to the following changeset: The first bad revision is: changeset: 129263:d12788533ab7 user: Kannan Vijayan date: Thu Apr 18 16:47:25 2013 -0400 summary: Bug 860145 - Allow Ion to compile functions which require heavyweight arguments-object construction. r=jandem r=nbp OK, now I'm not sure what caused this.
Reporter | ||
Updated•11 years ago
|
Flags: needinfo?(kvijayan)
Comment 2•11 years ago
|
||
Marking sec-high because that assertion is often bad. Gary, does this still reproduce? Bug 860145 was relanded with some fixes, so maybe this has gone away.
Flags: needinfo?(gary)
Keywords: sec-high
Reporter | ||
Comment 3•11 years ago
|
||
> Gary, does this still reproduce? Bug 860145 was relanded with some fixes,
> so maybe this has gone away.
I can still reproduce with m-c rev c21ef3664c67 (a recent tip).
--enable-more-deterministic and --enable-threadsafe are not needed.
Flags: needinfo?(gary)
Reporter | ||
Comment 4•11 years ago
|
||
An even more recent landing in bug 868206 may have fixed this. Verifying with autoBisect now.
Flags: needinfo?(kvijayan)
Flags: needinfo?(bhackett1024)
Reporter | ||
Comment 5•11 years ago
|
||
autoBisect shows this is probably related to the following changeset: The first good revision is: changeset: 132599:3bfbd1ed214d user: Brian Hackett date: Tue May 21 21:40:44 2013 -0600 summary: Bug 868206 - Various fixes for the backtracking register allocator, r=jandem.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Updated•11 years ago
|
status-b2g18:
--- → unaffected
status-firefox22:
--- → unaffected
status-firefox23:
--- → unaffected
status-firefox24:
--- → fixed
status-firefox-esr17:
--- → unaffected
Updated•10 years ago
|
Group: core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•