Closed
Bug 467857
Opened 16 years ago
Closed 16 years ago
TM: Another crash with jit.content enabled [@ nanojit::Assembler::asm_store32]
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
VERIFIED
FIXED
People
(Reporter: dvander, Assigned: dvander)
References
()
Details
(Keywords: crash, verified1.9.1, Whiteboard: fixed-in-tracemonkey)
Crash Data
Attachments
(1 file, 1 obsolete file)
|
(deleted),
patch
|
gal
:
review+
sayrer
:
approval1.9.1+
|
Details | Diff | Splinter Review |
+++ This bug was initially created as a clone of Bug #460511 +++
We crash again on this site from a deep abort right before a branch instruction. We only check the deepAbort flag in MonitorRecording, it needs to be in RecordLoopEdge as well.
|
Assignee | |
Comment 1•16 years ago
|
||
Not sure if the walkedOutOfLoop change was necessary. It sounds impossible to deep abort in between setting that flag and hitting the next instruction.
|
||
Comment 2•16 years ago
|
||
Make it an assert and r=me.
|
|
Assignee | |
Comment 3•16 years ago
|
||
Slightly better fix.
Attachment #351291 -
Attachment is obsolete: true
Attachment #351462 -
Flags: review?(gal)
Attachment #351291 -
Flags: review?(gal)
|
|
||
Updated•16 years ago
|
Attachment #351462 -
Flags: review?(gal) → review+
|
|
Assignee | |
Comment 4•16 years ago
|
||
Pushed fix as changeset: http://hg.mozilla.org/tracemonkey/rev/984f615816de
Whiteboard: fixed-in-tracemonkey
|
||
Updated•16 years ago
|
Status: ASSIGNED → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
|
|
||
Updated•16 years ago
|
Attachment #351462 -
Flags: approval1.9.1+
|
|
||
Comment 5•16 years ago
|
||
Keywords: fixed1.9.1
|
||
Updated•16 years ago
|
Flags: in-testsuite-
Flags: in-litmus-
|
||
Comment 6•16 years ago
|
||
Is there a way to verify this via blackbox testing if a testcase is not going to be added to mochitest?
|
|
||
Comment 7•16 years ago
|
||
You can try capturing the page and adding it to the page set. Ideally make sure that without the patch we actually crash viewing the page.
|
|
||
Comment 8•16 years ago
|
||
verified FIXED on builds:
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2a1pre) Gecko/20090422 Minefield/3.6a1pre ID:20090422044118
and
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1b4pre) Gecko/20090422 Shiretoko/3.5b4pre ID:20090422042031
Status: RESOLVED → VERIFIED
Keywords: fixed1.9.1 → verified1.9.1
|
||
Updated•14 years ago
|
Crash Signature: [@ nanojit::Assembler::asm_store32]
You need to log in
before you can comment on or make changes to this bug.
Description
•