RESOLVED FIXED 20863
ASSERTION FAILED: addressOffset < instructions.size() in CodeBlock::getHandlerForVPC
https://bugs.webkit.org/show_bug.cgi?id=20863
Summary ASSERTION FAILED: addressOffset < instructions.size() in CodeBlock::getHandle...
Geoffrey Garen
Reported 2008-09-15 15:45:01 PDT
~/Labyrinth/OpenSource/JavaScriptCore/tests/mozilla$ "/Volumes/Big/ggaren/build/Debug/jsc" -s -f ./js1_5/shell.js -f ./js1_5/Regress/regress-96128-n.js BUGNUMBER: 96128 STATUS: Testing that JS infinite recursion protection works ASSERTION FAILED: addressOffset < instructions.size() (/Volumes/Big/ggaren/Labyrinth/OpenSource/JavaScriptCore/VM/CodeBlock.cpp:978 bool JSC::CodeBlock::getHandlerForVPC(const JSC::Instruction*, JSC::Instruction*&, int&))
Attachments
Proposed patch (1.58 KB, patch)
2008-09-15 19:36 PDT, Cameron Zwarich (cpst)
mjs: review+
Geoffrey Garen
Comment 1 2008-09-15 15:45:30 PDT
Only fails in CTI.
Cameron Zwarich (cpst)
Comment 2 2008-09-15 16:20:04 PDT
The problem is that exception range info is not being correctly generated, now that op_get_by_id is emitted before op_construct and op_instanceof (in this case it is op_construct). I tried to make a quick fix to avoid the crash, but it doesn't seem to work. I must leave now for a while, so I am unassigning this to myself.
Cameron Zwarich (cpst)
Comment 3 2008-09-15 19:36:46 PDT
Created attachment 23457 [details] Proposed patch
Maciej Stachowiak
Comment 4 2008-09-15 19:40:22 PDT
Comment on attachment 23457 [details] Proposed patch r=me
Cameron Zwarich (cpst)
Comment 5 2008-09-17 19:57:47 PDT
Landed in r36472.
Note You need to log in before you can comment on or make changes to this bug.