Closed Bug 878495 Opened 7 years ago Closed 7 years ago

Crash [@ js_DisassembleAtPC] with "use asm"

Categories

(Core :: JavaScript Engine, defect)

x86_64
macOS
defect
Not set
critical

Tracking

()

RESOLVED FIXED
mozilla24

People

(Reporter: gkw, Assigned: bbouvier)

References

Details

(Keywords: crash, regression, testcase, Whiteboard: [jsbugmon:update])

Crash Data

Attachments

(2 files, 2 obsolete files)

Attached file stack
disassemble("-r", (function() {
    (function() {
        "use asm"
        return {}
    })()
}))

crashes js debug shell on m-c changeset 18fc62fd8dcc without any CLI arguments at js_DisassembleAtPC
Regression from bug 851421?
Blocks: odinfuzz
Yep.

autoBisect shows this is probably related to the following changeset:

The first bad revision is:
changeset:   http://hg.mozilla.org/mozilla-central/rev/30b977b2b911
user:        Nicholas Nethercote
date:        Thu Mar 14 18:44:03 2013 -0700
summary:     Bug 851421 (part 2) - Don't emit bytecode for asm.js functions unless linking fails.  r=luke.
Blocks: 851421
Attached patch proposed fix + test case (obsolete) — Splinter Review
The script is set to NULL if the function is native; in this case, there is no need to recursively apply the function.
Assignee: general → bbouvier
Status: NEW → ASSIGNED
Attachment #759390 - Flags: review?(luke)
Comment on attachment 759390 [details] [diff] [review]
proposed fix + test case

Thanks!  Do you suppose you could change this so that, in the !script case, we Sprint something like "[native code]"?
Attachment #759390 - Flags: review?(luke) → review+
The current behaviour of dis() and disassemble() is to throw an error if there is no script: "typein:2:0 Error: only works on scripts".
So this is doable, but this would change dis / disassemble (and similar functions) behaviours.
Attachment #759390 - Attachment is obsolete: true
Attachment #759525 - Flags: review?(luke)
Comment on attachment 759525 [details] [diff] [review]
print "native code" instead of nothing, as discussed

Thanks!
Attachment #759525 - Flags: review?(luke) → review+
Ugh, I should have caught this; some shell functions are only available in debug builds (like dis and disassemble).  Try "if (disassemble)" (but double check me that this fixes the problem ;)
if (disassemble) was not enough as "disassemble" was not defined. This test case passes in debug and opt builds and does what we expect. One can check by printing the result of disassemble: in debug mode, it will print the disassembled bytecode; in opt mode it won't print anything.
Attachment #759525 - Attachment is obsolete: true
Attachment #759831 - Flags: review?(luke)
Comment on attachment 759831 [details] [diff] [review]
patch + test case that runs even in opt builds

Thanks!
Attachment #759831 - Flags: review?(luke) → review+
https://hg.mozilla.org/mozilla-central/rev/5860d85b0006
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla24
You need to log in before you can comment on or make changes to this bug.