The default bug view has changed. See this FAQ.

Assertion failure: getSlotRef(FLOAT32X4_TYPE_OBJECT).isUndefined(), at vm/GlobalObject.h:419 due to OOM in SIMDObject::initClass

RESOLVED FIXED in mozilla29

Status

()

Core
JavaScript Engine
--
critical
RESOLVED FIXED
3 years ago
3 years ago

People

(Reporter: decoder, Assigned: decoder)

Tracking

(Blocks: 2 bugs, {sec-want})

Trunk
mozilla29
x86_64
Linux
sec-want
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Assignee)

Description

3 years ago
Created attachment 8358502 [details] [diff] [review]
simd.patch

The function SIMDObject::initClass, which initializes the SIMD global object, can be called multiple times, if an OOM occurs during initialization. Due to the order of things being done there, an OOM can lead to a half-initialized state, leading to the mentioned assert. The attached patch reorders some of the code to avoid this.
Attachment #8358502 - Flags: review?(nmatsakis)
Attachment #8358502 - Flags: review?(nmatsakis) → review+
(Assignee)

Comment 1

3 years ago
https://hg.mozilla.org/integration/mozilla-inbound/rev/2ba9e57f5678
Assignee: nobody → choller
Status: NEW → ASSIGNED
https://hg.mozilla.org/mozilla-central/rev/2ba9e57f5678
Status: ASSIGNED → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla29
You need to log in before you can comment on or make changes to this bug.