Closed
Bug 947070
Opened 11 years ago
Closed 10 years ago
Assertion failure: containsPC(pc), at jsscript.h
Categories
(Core :: JavaScript Engine: JIT, defect)
Tracking
()
VERIFIED
FIXED
mozilla29
People
(Reporter: gkw, Assigned: djvj)
References
Details
(4 keywords)
Attachments
(2 files, 1 obsolete file)
enableSPSProfilingAssertions(true); function f() { (function() { for (var i = 0; i < 9; i++) {} })(); f(); for (var i = 0; i < 9; i++) {} } f() asserts js debug shell on m-c changeset 526e12792fc8 without any CLI arguments at Assertion failure: containsPC(pc), at jsscript.h My configure flags are: CC="clang -Qunused-arguments" AR=ar CXX="clang++ -Qunused-arguments" sh ./configure --target=x86_64-apple-darwin12.5.0 --enable-optimize --enable-debug --enable-profiling --enable-gczeal --enable-debug-symbols --enable-methodjit --enable-type-inference --disable-tests --with-ccache --disable-threadsafe s-s because Kannan mentioned before that SPS bugs can be bad. Setting needinfo as well.
Flags: needinfo?(kvijayan)
Reporter | ||
Comment 1•11 years ago
|
||
(note to self: For now, stick a "Random.init()" line before all the FRC lines, the next time we have to use output from setting dumpEachSeed to true.)
Reporter | ||
Comment 2•11 years ago
|
||
autoBisect shows this is probably related to the following changeset: The first bad revision is: changeset: http://hg.mozilla.org/mozilla-central/rev/9c90bda44992 user: Brian Hackett date: Thu Aug 15 07:33:30 2013 -0700 summary: Bug 864220 - Use mprotect to trigger interrupts in Ion compiled code, r=luke,jandem. Is bug 864220 a likely regressor?
Comment 3•11 years ago
|
||
Comment 4•11 years ago
|
||
Setting as moderate because it looks related to the profiler.
Keywords: sec-moderate
Reporter | ||
Updated•11 years ago
|
Assignee: general → nobody
QA Contact: general
Comment 5•11 years ago
|
||
Updated•10 years ago
|
Group: javascript-core-security
Updated•10 years ago
|
Attachment #8344597 -
Attachment is obsolete: true
Reporter | ||
Comment 7•10 years ago
|
||
autoBisect shows this is probably related to the following changeset: The first good revision is: changeset: http://hg.mozilla.org/mozilla-central/rev/39219e33ec40 user: Kannan Vijayan date: Mon Dec 09 10:28:58 2013 -0500 summary: Bug 834678 - Ensure correct update of lastPC_ for MInstructions which add OOL code. r=jandem This issue seems to be gone. Kannan, is bug 834678 a likely fix?
Flags: needinfo?(gary)
Reporter | ||
Comment 8•10 years ago
|
||
Kannan mentions in-person here at the JS work week that this is a likely fix.
Status: NEW → RESOLVED
Closed: 10 years ago
Flags: needinfo?(kvijayan)
Resolution: --- → FIXED
Updated•10 years ago
|
Status: RESOLVED → VERIFIED
Comment 9•10 years ago
|
||
JSBugMon: This bug has been automatically verified fixed.
Updated•10 years ago
|
Assignee: nobody → kvijayan
status-b2g-v1.3:
--- → fixed
status-b2g-v1.3T:
--- → fixed
status-b2g-v1.4:
--- → fixed
status-firefox28:
--- → fixed
status-firefox29:
--- → fixed
Depends on: 834678
Target Milestone: --- → mozilla29
Updated•10 years ago
|
status-firefox-esr24:
--- → unaffected
Updated•10 years ago
|
Group: javascript-core-security
Updated•9 years ago
|
Group: core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•