Closed Bug 296006 Opened 19 years ago Closed 19 years ago

Assert (leading to 'crash' in debug build) when locking empty string

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: bzbarsky, Unassigned)

References

Details

Attachments

(1 file, 2 obsolete files)

tabs are evil.
2.58 KB, patch
brendan
: review+
brendan
: approval1.8b3+
Details | Diff | Splinter Review 
BUILD: current trunk

STEPS TO REPRODUCE:
1)  Call JS_EvaluateUCScriptForPrincipals and wait for it to return
2)  Decide you need to do something that might trigger GC
3)  Try to lock the return value of JS_EvaluateUCScriptForPrincipals like so:

  if (ok && JSVAL_IS_GCTHING(val)) {
    ok = ::JS_LockGCThing(mContext, JSVAL_TO_GCTHING(val));

EXPECTED RESULTS:  keep |val| from being gc'ed

ACTUAL RESULTS:

#3  0xb7fd1477 in JS_Assert (s=0xb7ff0181 "JS_DHASH_ENTRY_IS_FREE(hdr)", 
    file=0xb7fefea0 "../../../mozilla/js/src/jsgc.c", ln=763)
    at ../../../mozilla/js/src/jsutil.c:155
#4  0xb7f70705 in js_LockGCThingRT (rt=0x80e3a70, thing=0x80ea798)
    at ../../../mozilla/js/src/jsgc.c:763

I this case, |val| is an empty JSString.  Shaver says we probably lock that at
startup, and the non-deep case in js_LockGCThingRT asserts if something is being
locked that's already locked.
Attached patch Fix non-deep multiple-lock case (obsolete) — Splinter Review 
I thought about losing the optimization entirely, but it looks like this will
preserve it at minimal cost.
Without this my fix for bug 295983 is unhappy...
Blocks: 295983
Man, I was tired.

But shaver, what's up with those crazy tabs?

/be
I was trying out XCode, which can be told "don't use tabs any more", but can't
apparently be told "banish the filthy tabs".  I'll M-x untabify before I commit,
natch.
Attached patch tabs are evil.Splinter Review 
Sorry, I was learning to drive XCode.
Attachment #184888 - Attachment is obsolete: true
Attachment #184889 - Attachment is obsolete: true
Attachment #184966 - Flags: review?(brendan)
Comment on attachment 184966 [details] [diff] [review]
tabs are evil.

>+        if (lhe->thing == 0) {

if (!lhe->thing), please, and r+a=me.  Thanks for wiping my old tired chin!

/be
Attachment #184966 - Flags: review?(brendan)
Attachment #184966 - Flags: review+
Attachment #184966 - Flags: approval1.8b3+
Fixed.
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
Flags: testcase-
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: