Closed
Bug 96526
Opened 23 years ago
Closed 22 years ago
JS code generator needs to eliminate tail recursion, avoid stack overflow
Categories
(Core :: JavaScript Engine, defect, P1)
Core
JavaScript Engine
Tracking
()
VERIFIED
FIXED
mozilla1.2beta
People
(Reporter: bill+mozilla-bugzilla, Assigned: brendan)
References
()
Details
(Keywords: crash, js1.5, Whiteboard: is this related to bug #96128?)
Attachments
(5 files, 8 obsolete files)
|
3.24 KB,
text/plain
|
Details | |
|
15.79 KB,
patch
|
Details | Diff | Splinter Review | |
|
51.27 KB,
text/plain
|
Details | |
|
10.97 KB,
text/plain
|
Details | |
|
22.30 KB,
patch
|
Details | Diff | Splinter Review |
This page will always crash on Mac OS X, (20010806 and 20010822) but is OK on
linux.
Guessing at component based on old stacktrace. Newer stacktrace not so helpful.
CrashReporters attached:
20010822:
**********
Date/Time: 2001-08-22 17:37:33 -0400
PID: 2901
Command: Mozilla
Exception: EXC_BAD_ACCESS (0x0001)
Codes: KERN_INVALID_ADDRESS (0x0001) at 0xbff7fe30
Thread 0:
#0 0x016a9d3c in 0x16a9d3c ()
#1 0x016ad584 in 0x16ad584 ()
#2 0x016acfdc in 0x16acfdc ()
#3 0x016aa18c in 0x16aa18c ()
#4 0x016aa2dc in 0x16aa2dc ()
#5 0x016aa2dc in 0x16aa2dc ()
#6 0x016aa2dc in 0x16aa2dc ()
#7 0x016aa2dc in 0x16aa2dc ()
#8 0x016aa2dc in 0x16aa2dc ()
#9 0x016aa2dc in 0x16aa2dc ()
#10 0x016aa2dc in 0x16aa2dc ()
#11 0x016aa2dc in 0x16aa2dc ()
#12 0x016aa2dc in 0x16aa2dc ()
#13 0x016aa2dc in 0x16aa2dc ()
#14 0x016aa2dc in 0x16aa2dc ()
#15 0x016aa2dc in 0x16aa2dc ()
#16 0x016aa2dc in 0x16aa2dc ()
#17 0x016aa2dc in 0x16aa2dc ()
#18 0x016aa2dc in 0x16aa2dc ()
#19 0x016aa2dc in 0x16aa2dc ()
#20 0x016aa2dc in 0x16aa2dc ()
#21 0x016aa2dc in 0x16aa2dc ()
#22 0x016aa2dc in 0x16aa2dc ()
#23 0x016aa2dc in 0x16aa2dc ()
#24 0x016aa2dc in 0x16aa2dc ()
#25 0x016aa2dc in 0x16aa2dc ()
#26 0x016aa2dc in 0x16aa2dc ()
#27 0x016aa2dc in 0x16aa2dc ()
#28 0x016aa2dc in 0x16aa2dc ()
#29 0x016aa2dc in 0x16aa2dc ()
#30 0x016aa2dc in 0x16aa2dc ()
#31 0x016aa2dc in 0x16aa2dc ()
#32 0x016aa2dc in 0x16aa2dc ()
#33 0x016aa2dc in 0x16aa2dc ()
#34 0x016aa2dc in 0x16aa2dc ()
#35 0x016aa2dc in 0x16aa2dc ()
#36 0x016aa2dc in 0x16aa2dc ()
#37 0x016aa2dc in 0x16aa2dc ()
#38 0x016aa2dc in 0x16aa2dc ()
#39 0x016aa2dc in 0x16aa2dc ()
#40 0x016aa2dc in 0x16aa2dc ()
#41 0x016aa2dc in 0x16aa2dc ()
#42 0x016aa2dc in 0x16aa2dc ()
#43 0x016aa2dc in 0x16aa2dc ()
#44 0x016aa2dc in 0x16aa2dc ()
#45 0x016aa2dc in 0x16aa2dc ()
#46 0x016aa2dc in 0x16aa2dc ()
#47 0x016aa2dc in 0x16aa2dc ()
#48 0x016aa2dc in 0x16aa2dc ()
#49 0x016aa2dc in 0x16aa2dc ()
#50 0x016aa2dc in 0x16aa2dc ()
#51 0x016aa2dc in 0x16aa2dc ()
#52 0x016aa2dc in 0x16aa2dc ()
#53 0x016aa2dc in 0x16aa2dc ()
#54 0x016aa2dc in 0x16aa2dc ()
#55 0x016aa2dc in 0x16aa2dc ()
#56 0x016aa2dc in 0x16aa2dc ()
#57 0x016aa2dc in 0x16aa2dc ()
#58 0x016aa2dc in 0x16aa2dc ()
#59 0x016aa2dc in 0x16aa2dc ()
#60 0x016aa2dc in 0x16aa2dc ()
#61 0x016aa2dc in 0x16aa2dc ()
#62 0x016aa2dc in 0x16aa2dc ()
#63 0x016aa2dc in 0x16aa2dc ()
#64 0x016aa2dc in 0x16aa2dc ()
#65 0x016aa2dc in 0x16aa2dc ()
#66 0x016aa2dc in 0x16aa2dc ()
#67 0x016aa2dc in 0x16aa2dc ()
#68 0x016aa2dc in 0x16aa2dc ()
#69 0x016aa2dc in 0x16aa2dc ()
#70 0x016aa2dc in 0x16aa2dc ()
#71 0x016aa2dc in 0x16aa2dc ()
#72 0x016aa2dc in 0x16aa2dc ()
#73 0x016aa2dc in 0x16aa2dc ()
#74 0x016aa2dc in 0x16aa2dc ()
#75 0x016aa2dc in 0x16aa2dc ()
#76 0x016aa2dc in 0x16aa2dc ()
#77 0x016aa2dc in 0x16aa2dc ()
#78 0x016aa2dc in 0x16aa2dc ()
#79 0x016aa2dc in 0x16aa2dc ()
#80 0x016aa2dc in 0x16aa2dc ()
#81 0x016aa2dc in 0x16aa2dc ()
#82 0x016aa2dc in 0x16aa2dc ()
#83 0x016aa2dc in 0x16aa2dc ()
#84 0x016aa2dc in 0x16aa2dc ()
#85 0x016aa2dc in 0x16aa2dc ()
#86 0x016aa2dc in 0x16aa2dc ()
#87 0x016aa2dc in 0x16aa2dc ()
#88 0x016aa2dc in 0x16aa2dc ()
#89 0x016aa2dc in 0x16aa2dc ()
#90 0x016aa2dc in 0x16aa2dc ()
#91 0x016aa2dc in 0x16aa2dc ()
#92 0x016aa2dc in 0x16aa2dc ()
#93 0x016aa2dc in 0x16aa2dc ()
#94 0x016aa2dc in 0x16aa2dc ()
#95 0x016aa2dc in 0x16aa2dc ()
#96 0x016aa2dc in 0x16aa2dc ()
#97 0x016aa2dc in 0x16aa2dc ()
#98 0x016aa2dc in 0x16aa2dc ()
#99 0x016aa2dc in 0x16aa2dc ()
#100 0x016aa2dc in 0x16aa2dc ()
#101 0x016aa2dc in 0x16aa2dc ()
#102 0x016aa2dc in 0x16aa2dc ()
#103 0x016aa2dc in 0x16aa2dc ()
#104 0x016aa2dc in 0x16aa2dc ()
#105 0x016aa2dc in 0x16aa2dc ()
#106 0x016aa2dc in 0x16aa2dc ()
#107 0x016aa2dc in 0x16aa2dc ()
#108 0x016aa2dc in 0x16aa2dc ()
#109 0x016aa2dc in 0x16aa2dc ()
#110 0x016aa2dc in 0x16aa2dc ()
#111 0x016aa2dc in 0x16aa2dc ()
#112 0x016aa2dc in 0x16aa2dc ()
#113 0x016aa2dc in 0x16aa2dc ()
#114 0x016aa2dc in 0x16aa2dc ()
#115 0x016aa2dc in 0x16aa2dc ()
#116 0x016aa2dc in 0x16aa2dc ()
#117 0x016aa2dc in 0x16aa2dc ()
#118 0x016aa2dc in 0x16aa2dc ()
#119 0x016aa2dc in 0x16aa2dc ()
#120 0x016aa2dc in 0x16aa2dc ()
#121 0x016aa2dc in 0x16aa2dc ()
#122 0x016aa2dc in 0x16aa2dc ()
#123 0x016aa2dc in 0x16aa2dc ()
#124 0x016aa2dc in 0x16aa2dc ()
#125 0x016aa2dc in 0x16aa2dc ()
#126 0x016aa2dc in 0x16aa2dc ()
#127 0x016aa2dc in 0x16aa2dc ()
#128 0x016aa2dc in 0x16aa2dc ()
#129 0x016aa2dc in 0x16aa2dc ()
#130 0x016aa2dc in 0x16aa2dc ()
#131 0x016aa2dc in 0x16aa2dc ()
#132 0x016aa2dc in 0x16aa2dc ()
#133 0x016aa2dc in 0x16aa2dc ()
#134 0x016aa2dc in 0x16aa2dc ()
#135 0x016aa2dc in 0x16aa2dc ()
#136 0x016aa2dc in 0x16aa2dc ()
#137 0x016aa2dc in 0x16aa2dc ()
#138 0x016aa2dc in 0x16aa2dc ()
#139 0x016aa2dc in 0x16aa2dc ()
#140 0x016aa2dc in 0x16aa2dc ()
#141 0x016aa2dc in 0x16aa2dc ()
#142 0x016aa2dc in 0x16aa2dc ()
#143 0x016aa2dc in 0x16aa2dc ()
#144 0x016aa2dc in 0x16aa2dc ()
#145 0x016aa2dc in 0x16aa2dc ()
#146 0x016aa2dc in 0x16aa2dc ()
#147 0x016aa2dc in 0x16aa2dc ()
#148 0x016aa2dc in 0x16aa2dc ()
#149 0x016aa2dc in 0x16aa2dc ()
#150 0x016aa2dc in 0x16aa2dc ()
#151 0x016aa2dc in 0x16aa2dc ()
#152 0x016aa2dc in 0x16aa2dc ()
#153 0x016aa2dc in 0x16aa2dc ()
#154 0x016aa2dc in 0x16aa2dc ()
#155 0x016aa2dc in 0x16aa2dc ()
#156 0x016aa2dc in 0x16aa2dc ()
#157 0x016aa2dc in 0x16aa2dc ()
#158 0x016aa2dc in 0x16aa2dc ()
#159 0x016aa2dc in 0x16aa2dc ()
#160 0x016aa2dc in 0x16aa2dc ()
#161 0x016aa2dc in 0x16aa2dc ()
#162 0x016aa2dc in 0x16aa2dc ()
#163 0x016aa2dc in 0x16aa2dc ()
#164 0x016aa2dc in 0x16aa2dc ()
#165 0x016aa2dc in 0x16aa2dc ()
#166 0x016aa2dc in 0x16aa2dc ()
#167 0x016aa2dc in 0x16aa2dc ()
#168 0x016aa2dc in 0x16aa2dc ()
#169 0x016aa2dc in 0x16aa2dc ()
#170 0x016aa2dc in 0x16aa2dc ()
#171 0x016aa2dc in 0x16aa2dc ()
#172 0x016aa2dc in 0x16aa2dc ()
#173 0x016aa2dc in 0x16aa2dc ()
#174 0x016aa2dc in 0x16aa2dc ()
#175 0x016aa2dc in 0x16aa2dc ()
#176 0x016aa2dc in 0x16aa2dc ()
#177 0x016aa2dc in 0x16aa2dc ()
#178 0x016aa2dc in 0x16aa2dc ()
#179 0x016aa2dc in 0x16aa2dc ()
#180 0x016aa2dc in 0x16aa2dc ()
#181 0x016aa2dc in 0x16aa2dc ()
#182 0x016aa2dc in 0x16aa2dc ()
#183 0x016aa2dc in 0x16aa2dc ()
#184 0x016aa2dc in 0x16aa2dc ()
#185 0x016aa2dc in 0x16aa2dc ()
#186 0x016aa2dc in 0x16aa2dc ()
#187 0x016aa2dc in 0x16aa2dc ()
#188 0x016aa2dc in 0x16aa2dc ()
#189 0x016aa2dc in 0x16aa2dc ()
#190 0x016aa2dc in 0x16aa2dc ()
#191 0x016aa2dc in 0x16aa2dc ()
#192 0x016aa2dc in 0x16aa2dc ()
#193 0x016aa2dc in 0x16aa2dc ()
#194 0x016aa2dc in 0x16aa2dc ()
#195 0x016aa2dc in 0x16aa2dc ()
#196 0x016aa2dc in 0x16aa2dc ()
#197 0x016aa2dc in 0x16aa2dc ()
#198 0x016aa2dc in 0x16aa2dc ()
#199 0x016aa2dc in 0x16aa2dc ()
#200 0x016aa2dc in 0x16aa2dc ()
#201 0x016aa2dc in 0x16aa2dc ()
#202 0x016aa2dc in 0x16aa2dc ()
#203 0x016aa2dc in 0x16aa2dc ()
#204 0x016aa2dc in 0x16aa2dc ()
#205 0x016aa2dc in 0x16aa2dc ()
#206 0x016aa2dc in 0x16aa2dc ()
#207 0x016aa2dc in 0x16aa2dc ()
#208 0x016aa2dc in 0x16aa2dc ()
#209 0x016aa2dc in 0x16aa2dc ()
#210 0x016aa2dc in 0x16aa2dc ()
#211 0x016aa2dc in 0x16aa2dc ()
#212 0x016aa2dc in 0x16aa2dc ()
#213 0x016aa2dc in 0x16aa2dc ()
#214 0x016aa2dc in 0x16aa2dc ()
#215 0x016aa2dc in 0x16aa2dc ()
#216 0x016aa2dc in 0x16aa2dc ()
#217 0x016aa2dc in 0x16aa2dc ()
#218 0x016aa2dc in 0x16aa2dc ()
#219 0x016aa2dc in 0x16aa2dc ()
#220 0x016aa2dc in 0x16aa2dc ()
#221 0x016aa2dc in 0x16aa2dc ()
#222 0x016aa2dc in 0x16aa2dc ()
#223 0x016aa2dc in 0x16aa2dc ()
#224 0x016aa2dc in 0x16aa2dc ()
#225 0x016aa2dc in 0x16aa2dc ()
#226 0x016aa2dc in 0x16aa2dc ()
#227 0x016aa2dc in 0x16aa2dc ()
#228 0x016aa2dc in 0x16aa2dc ()
#229 0x016aa2dc in 0x16aa2dc ()
#230 0x016aa2dc in 0x16aa2dc ()
#231 0x016aa2dc in 0x16aa2dc ()
#232 0x016aa2dc in 0x16aa2dc ()
#233 0x016aa2dc in 0x16aa2dc ()
#234 0x016aa2dc in 0x16aa2dc ()
#235 0x016aa2dc in 0x16aa2dc ()
#236 0x016aa2dc in 0x16aa2dc ()
#237 0x016aa2dc in 0x16aa2dc ()
#238 0x016aa2dc in 0x16aa2dc ()
#239 0x016aa2dc in 0x16aa2dc ()
#240 0x016aa2dc in 0x16aa2dc ()
#241 0x016aa2dc in 0x16aa2dc ()
#242 0x016aa2dc in 0x16aa2dc ()
#243 0x016aa2dc in 0x16aa2dc ()
#244 0x016aa2dc in 0x16aa2dc ()
#245 0x016aa2dc in 0x16aa2dc ()
#246 0x016aa2dc in 0x16aa2dc ()
#247 0x016aa2dc in 0x16aa2dc ()
#248 0x016aa2dc in 0x16aa2dc ()
#249 0x016aa2dc in 0x16aa2dc ()
#250 0x016aa2dc in 0x16aa2dc ()
#251 0x016aa2dc in 0x16aa2dc ()
#252 0x016aa2dc in 0x16aa2dc ()
#253 0x016aa2dc in 0x16aa2dc ()
#254 0x016aa2dc in 0x16aa2dc ()
#255 0x016aa2dc in 0x16aa2dc ()
#256 0x016aa2dc in 0x16aa2dc ()
#257 0x016aa2dc in 0x16aa2dc ()
#258 0x016aa2dc in 0x16aa2dc ()
#259 0x016aa2dc in 0x16aa2dc ()
#260 0x016aa2dc in 0x16aa2dc ()
#261 0x016aa2dc in 0x16aa2dc ()
#262 0x016aa2dc in 0x16aa2dc ()
#263 0x016aa2dc in 0x16aa2dc ()
#264 0x016aa2dc in 0x16aa2dc ()
#265 0x016aa2dc in 0x16aa2dc ()
#266 0x016aa2dc in 0x16aa2dc ()
#267 0x016aa2dc in 0x16aa2dc ()
#268 0x016aa2dc in 0x16aa2dc ()
#269 0x016aa2dc in 0x16aa2dc ()
#270 0x016aa2dc in 0x16aa2dc ()
#271 0x016aa2dc in 0x16aa2dc ()
#272 0x016aa2dc in 0x16aa2dc ()
#273 0x016aa2dc in 0x16aa2dc ()
#274 0x016aa2dc in 0x16aa2dc ()
#275 0x016aa2dc in 0x16aa2dc ()
#276 0x016aa2dc in 0x16aa2dc ()
#277 0x016aa2dc in 0x16aa2dc ()
#278 0x016aa2dc in 0x16aa2dc ()
#279 0x016aa2dc in 0x16aa2dc ()
#280 0x016aa2dc in 0x16aa2dc ()
#281 0x016aa2dc in 0x16aa2dc ()
#282 0x016aa2dc in 0x16aa2dc ()
#283 0x016aa2dc in 0x16aa2dc ()
#284 0x016aa2dc in 0x16aa2dc ()
#285 0x016aa2dc in 0x16aa2dc ()
#286 0x016aa2dc in 0x16aa2dc ()
#287 0x016aa2dc in 0x16aa2dc ()
#288 0x016aa2dc in 0x16aa2dc ()
#289 0x016aa2dc in 0x16aa2dc ()
#290 0x016aa2dc in 0x16aa2dc ()
#291 0x016aa2dc in 0x16aa2dc ()
#292 0x016aa2dc in 0x16aa2dc ()
#293 0x016aa2dc in 0x16aa2dc ()
#294 0x016aa2dc in 0x16aa2dc ()
#295 0x016aa2dc in 0x16aa2dc ()
#296 0x016aa2dc in 0x16aa2dc ()
#297 0x016aa2dc in 0x16aa2dc ()
#298 0x016aa2dc in 0x16aa2dc ()
Thread 1:
#0 0x7000424c in _syscall ()
#1 0x706584b8 in _ProcessReadyEvent ()
#2 0x706582b0 in _CarbonSelectThreadFunc ()
#3 0x70014f04 in __pthread_body ()
Thread 2:
#0 0x70059b68 in _semaphore_wait_signal_trap ()
#1 0x70016110 in _semaphore_wait_signal ()
#2 0x70015f78 in __pthread_cond_wait ()
#3 0x70015d18 in _pthread_cond_wait ()
#4 0x70653be0 in _BSD_pthread_cond_wait ()
#5 0x70653bc0 in _CarbonConditionWait ()
#6 0x7065557c in _CarbonOperationThreadFunc ()
#7 0x70014f04 in __pthread_body ()
Thread 3:
#0 0x70059b48 in _semaphore_timedwait_signal_trap ()
#1 0x7003f7f8 in _semaphore_timedwait_signal ()
#2 0x70015f68 in __pthread_cond_wait ()
#3 0x7003f7c4 in _pthread_cond_timedwait_relative_np ()
#4 0x7029b590 in _TSWaitOnConditionTimedRelative ()
#5 0x7029cdac in _TSWaitOnSemaphoreCommon ()
#6 0x702e5f98 in _TSWaitOnSemaphoreRelative ()
#7 0x702e7208 in _TimerThread ()
#8 0x70014f04 in __pthread_body ()
Thread 4:
#0 0x70059b68 in _semaphore_wait_signal_trap ()
#1 0x70016110 in _semaphore_wait_signal ()
#2 0x70015f78 in __pthread_cond_wait ()
#3 0x70015d18 in _pthread_cond_wait ()
#4 0x7029b550 in _TSWaitOnCondition ()
#5 0x7029cd94 in _TSWaitOnSemaphoreCommon ()
#6 0x7029cce4 in _TSWaitOnSemaphore ()
#7 0x7029cba8 in _AsyncFileThread ()
#8 0x70014f04 in __pthread_body ()
Thread 5:
#0 0x70059b68 in _semaphore_wait_signal_trap ()
#1 0x70016110 in _semaphore_wait_signal ()
#2 0x70015f78 in __pthread_cond_wait ()
#3 0x70015d18 in _pthread_cond_wait ()
#4 0x70653be0 in _BSD_pthread_cond_wait ()
#5 0x70653bc0 in _CarbonConditionWait ()
#6 0x70653ab4 in _CarbonInetOperThreadFunc ()
#7 0x70014f04 in __pthread_body ()
PPC Thread State:
srr0: 0x016a9d3c srr1: 0x0200f030 vrsave: 0x00000000
xer: 0x2000000c lr: 0x016ad584 ctr: 0x016efc30 mq: 0x00000000
r0: 0x016ad584 r1: 0xbff803e0 r2: 0x013c8000 r3: 0x02e272b0
r4: 0xbfffd584 r5: 0x03954900 r6: 0x000029ff r7: 0xbfffd5b8
r8: 0x00000001 r9: 0xffffffff r10: 0x039538d0 r11: 0x48000018
r12: 0x013c1d3c r13: 0x00000000 r14: 0x00000000 r15: 0x00000000
r16: 0x002c4b78 r17: 0x039ceb60 r18: 0x013c3968 r19: 0x00000032
r20: 0x0393d8d0 r21: 0x0000a1a1 r22: 0x03ca1be8 r23: 0x000029fa
r24: 0x00000000 r25: 0x00000000 r26: 0x02e272b0 r27: 0x03954900
r28: 0x03954870 r29: 0x03954900 r30: 0x02e272b0 r31: 0xbfffd584
**********
20010806:
Date/Time: 2001-08-22 17:30:33 -0400
PID: 2878
Command: Mozilla
Exception: EXC_BAD_ACCESS (0x0001)
Codes: KERN_INVALID_ADDRESS (0x0001) at 0xbff7ffc0
Thread 0:
#0 0x0011c200 in malloc ()
#1 0x016ec860 in JS_DHashAllocTable ()
#2 0x016ecc7c in JS_DHashTableInit ()
#3 0x016ecb40 in JS_NewDHashTable ()
#4 0x016c2b78 in 0x16c2b78 ()
#5 0x016a3ff0 in LookupArgOrVar ()
#6 0x016a8844 in js_EmitTree ()
#7 0x016a7a08 in 0x16a7a08 ()
#8 0x016a771c in 0x16a771c ()
#9 0x016a523c in 0x16a523c ()
#10 0x016a5300 in 0x16a5300 ()
#11 0x016a5300 in 0x16a5300 ()
#12 0x016a5300 in 0x16a5300 ()
#13 0x016a5300 in 0x16a5300 ()
#14 0x016a5300 in 0x16a5300 ()
#15 0x016a5300 in 0x16a5300 ()
#16 0x016a5300 in 0x16a5300 ()
#17 0x016a5300 in 0x16a5300 ()
#18 0x016a5300 in 0x16a5300 ()
#19 0x016a5300 in 0x16a5300 ()
#20 0x016a5300 in 0x16a5300 ()
#21 0x016a5300 in 0x16a5300 ()
#22 0x016a5300 in 0x16a5300 ()
#23 0x016a5300 in 0x16a5300 ()
#24 0x016a5300 in 0x16a5300 ()
#25 0x016a5300 in 0x16a5300 ()
#26 0x016a5300 in 0x16a5300 ()
#27 0x016a5300 in 0x16a5300 ()
#28 0x016a5300 in 0x16a5300 ()
#29 0x016a5300 in 0x16a5300 ()
#30 0x016a5300 in 0x16a5300 ()
#31 0x016a5300 in 0x16a5300 ()
#32 0x016a5300 in 0x16a5300 ()
#33 0x016a5300 in 0x16a5300 ()
#34 0x016a5300 in 0x16a5300 ()
#35 0x016a5300 in 0x16a5300 ()
#36 0x016a5300 in 0x16a5300 ()
#37 0x016a5300 in 0x16a5300 ()
#38 0x016a5300 in 0x16a5300 ()
#39 0x016a5300 in 0x16a5300 ()
#40 0x016a5300 in 0x16a5300 ()
#41 0x016a5300 in 0x16a5300 ()
#42 0x016a5300 in 0x16a5300 ()
#43 0x016a5300 in 0x16a5300 ()
#44 0x016a5300 in 0x16a5300 ()
#45 0x016a5300 in 0x16a5300 ()
#46 0x016a5300 in 0x16a5300 ()
#47 0x016a5300 in 0x16a5300 ()
#48 0x016a5300 in 0x16a5300 ()
#49 0x016a5300 in 0x16a5300 ()
#50 0x016a5300 in 0x16a5300 ()
#51 0x016a5300 in 0x16a5300 ()
#52 0x016a5300 in 0x16a5300 ()
#53 0x016a5300 in 0x16a5300 ()
#54 0x016a5300 in 0x16a5300 ()
#55 0x016a5300 in 0x16a5300 ()
#56 0x016a5300 in 0x16a5300 ()
#57 0x016a5300 in 0x16a5300 ()
#58 0x016a5300 in 0x16a5300 ()
#59 0x016a5300 in 0x16a5300 ()
#60 0x016a5300 in 0x16a5300 ()
#61 0x016a5300 in 0x16a5300 ()
#62 0x016a5300 in 0x16a5300 ()
#63 0x016a5300 in 0x16a5300 ()
#64 0x016a5300 in 0x16a5300 ()
#65 0x016a5300 in 0x16a5300 ()
#66 0x016a5300 in 0x16a5300 ()
#67 0x016a5300 in 0x16a5300 ()
#68 0x016a5300 in 0x16a5300 ()
#69 0x016a5300 in 0x16a5300 ()
#70 0x016a5300 in 0x16a5300 ()
#71 0x016a5300 in 0x16a5300 ()
#72 0x016a5300 in 0x16a5300 ()
#73 0x016a5300 in 0x16a5300 ()
#74 0x016a5300 in 0x16a5300 ()
#75 0x016a5300 in 0x16a5300 ()
#76 0x016a5300 in 0x16a5300 ()
#77 0x016a5300 in 0x16a5300 ()
#78 0x016a5300 in 0x16a5300 ()
#79 0x016a5300 in 0x16a5300 ()
#80 0x016a5300 in 0x16a5300 ()
#81 0x016a5300 in 0x16a5300 ()
#82 0x016a5300 in 0x16a5300 ()
#83 0x016a5300 in 0x16a5300 ()
#84 0x016a5300 in 0x16a5300 ()
#85 0x016a5300 in 0x16a5300 ()
#86 0x016a5300 in 0x16a5300 ()
#87 0x016a5300 in 0x16a5300 ()
#88 0x016a5300 in 0x16a5300 ()
#89 0x016a5300 in 0x16a5300 ()
#90 0x016a5300 in 0x16a5300 ()
#91 0x016a5300 in 0x16a5300 ()
#92 0x016a5300 in 0x16a5300 ()
#93 0x016a5300 in 0x16a5300 ()
#94 0x016a5300 in 0x16a5300 ()
#95 0x016a5300 in 0x16a5300 ()
#96 0x016a5300 in 0x16a5300 ()
#97 0x016a5300 in 0x16a5300 ()
#98 0x016a5300 in 0x16a5300 ()
#99 0x016a5300 in 0x16a5300 ()
#100 0x016a5300 in 0x16a5300 ()
#101 0x016a5300 in 0x16a5300 ()
#102 0x016a5300 in 0x16a5300 ()
#103 0x016a5300 in 0x16a5300 ()
#104 0x016a5300 in 0x16a5300 ()
#105 0x016a5300 in 0x16a5300 ()
#106 0x016a5300 in 0x16a5300 ()
#107 0x016a5300 in 0x16a5300 ()
#108 0x016a5300 in 0x16a5300 ()
#109 0x016a5300 in 0x16a5300 ()
#110 0x016a5300 in 0x16a5300 ()
#111 0x016a5300 in 0x16a5300 ()
#112 0x016a5300 in 0x16a5300 ()
#113 0x016a5300 in 0x16a5300 ()
#114 0x016a5300 in 0x16a5300 ()
#115 0x016a5300 in 0x16a5300 ()
#116 0x016a5300 in 0x16a5300 ()
#117 0x016a5300 in 0x16a5300 ()
#118 0x016a5300 in 0x16a5300 ()
#119 0x016a5300 in 0x16a5300 ()
#120 0x016a5300 in 0x16a5300 ()
#121 0x016a5300 in 0x16a5300 ()
#122 0x016a5300 in 0x16a5300 ()
#123 0x016a5300 in 0x16a5300 ()
#124 0x016a5300 in 0x16a5300 ()
#125 0x016a5300 in 0x16a5300 ()
#126 0x016a5300 in 0x16a5300 ()
#127 0x016a5300 in 0x16a5300 ()
#128 0x016a5300 in 0x16a5300 ()
#129 0x016a5300 in 0x16a5300 ()
#130 0x016a5300 in 0x16a5300 ()
#131 0x016a5300 in 0x16a5300 ()
#132 0x016a5300 in 0x16a5300 ()
#133 0x016a5300 in 0x16a5300 ()
#134 0x016a5300 in 0x16a5300 ()
#135 0x016a5300 in 0x16a5300 ()
#136 0x016a5300 in 0x16a5300 ()
#137 0x016a5300 in 0x16a5300 ()
#138 0x016a5300 in 0x16a5300 ()
#139 0x016a5300 in 0x16a5300 ()
#140 0x016a5300 in 0x16a5300 ()
#141 0x016a5300 in 0x16a5300 ()
#142 0x016a5300 in 0x16a5300 ()
#143 0x016a5300 in 0x16a5300 ()
#144 0x016a5300 in 0x16a5300 ()
#145 0x016a5300 in 0x16a5300 ()
#146 0x016a5300 in 0x16a5300 ()
#147 0x016a5300 in 0x16a5300 ()
#148 0x016a5300 in 0x16a5300 ()
#149 0x016a5300 in 0x16a5300 ()
#150 0x016a5300 in 0x16a5300 ()
#151 0x016a5300 in 0x16a5300 ()
#152 0x016a5300 in 0x16a5300 ()
#153 0x016a5300 in 0x16a5300 ()
#154 0x016a5300 in 0x16a5300 ()
#155 0x016a5300 in 0x16a5300 ()
#156 0x016a5300 in 0x16a5300 ()
#157 0x016a5300 in 0x16a5300 ()
#158 0x016a5300 in 0x16a5300 ()
#159 0x016a5300 in 0x16a5300 ()
#160 0x016a5300 in 0x16a5300 ()
#161 0x016a5300 in 0x16a5300 ()
#162 0x016a5300 in 0x16a5300 ()
#163 0x016a5300 in 0x16a5300 ()
#164 0x016a5300 in 0x16a5300 ()
#165 0x016a5300 in 0x16a5300 ()
#166 0x016a5300 in 0x16a5300 ()
#167 0x016a5300 in 0x16a5300 ()
#168 0x016a5300 in 0x16a5300 ()
#169 0x016a5300 in 0x16a5300 ()
#170 0x016a5300 in 0x16a5300 ()
#171 0x016a5300 in 0x16a5300 ()
#172 0x016a5300 in 0x16a5300 ()
#173 0x016a5300 in 0x16a5300 ()
#174 0x016a5300 in 0x16a5300 ()
#175 0x016a5300 in 0x16a5300 ()
#176 0x016a5300 in 0x16a5300 ()
#177 0x016a5300 in 0x16a5300 ()
#178 0x016a5300 in 0x16a5300 ()
#179 0x016a5300 in 0x16a5300 ()
#180 0x016a5300 in 0x16a5300 ()
#181 0x016a5300 in 0x16a5300 ()
#182 0x016a5300 in 0x16a5300 ()
#183 0x016a5300 in 0x16a5300 ()
#184 0x016a5300 in 0x16a5300 ()
#185 0x016a5300 in 0x16a5300 ()
#186 0x016a5300 in 0x16a5300 ()
#187 0x016a5300 in 0x16a5300 ()
#188 0x016a5300 in 0x16a5300 ()
#189 0x016a5300 in 0x16a5300 ()
#190 0x016a5300 in 0x16a5300 ()
#191 0x016a5300 in 0x16a5300 ()
#192 0x016a5300 in 0x16a5300 ()
#193 0x016a5300 in 0x16a5300 ()
#194 0x016a5300 in 0x16a5300 ()
#195 0x016a5300 in 0x16a5300 ()
#196 0x016a5300 in 0x16a5300 ()
#197 0x016a5300 in 0x16a5300 ()
#198 0x016a5300 in 0x16a5300 ()
#199 0x016a5300 in 0x16a5300 ()
#200 0x016a5300 in 0x16a5300 ()
#201 0x016a5300 in 0x16a5300 ()
#202 0x016a5300 in 0x16a5300 ()
#203 0x016a5300 in 0x16a5300 ()
#204 0x016a5300 in 0x16a5300 ()
#205 0x016a5300 in 0x16a5300 ()
#206 0x016a5300 in 0x16a5300 ()
#207 0x016a5300 in 0x16a5300 ()
#208 0x016a5300 in 0x16a5300 ()
#209 0x016a5300 in 0x16a5300 ()
#210 0x016a5300 in 0x16a5300 ()
#211 0x016a5300 in 0x16a5300 ()
#212 0x016a5300 in 0x16a5300 ()
#213 0x016a5300 in 0x16a5300 ()
#214 0x016a5300 in 0x16a5300 ()
#215 0x016a5300 in 0x16a5300 ()
#216 0x016a5300 in 0x16a5300 ()
#217 0x016a5300 in 0x16a5300 ()
#218 0x016a5300 in 0x16a5300 ()
#219 0x016a5300 in 0x16a5300 ()
#220 0x016a5300 in 0x16a5300 ()
#221 0x016a5300 in 0x16a5300 ()
#222 0x016a5300 in 0x16a5300 ()
#223 0x016a5300 in 0x16a5300 ()
#224 0x016a5300 in 0x16a5300 ()
#225 0x016a5300 in 0x16a5300 ()
#226 0x016a5300 in 0x16a5300 ()
#227 0x016a5300 in 0x16a5300 ()
#228 0x016a5300 in 0x16a5300 ()
#229 0x016a5300 in 0x16a5300 ()
#230 0x016a5300 in 0x16a5300 ()
#231 0x016a5300 in 0x16a5300 ()
#232 0x016a5300 in 0x16a5300 ()
#233 0x016a5300 in 0x16a5300 ()
#234 0x016a5300 in 0x16a5300 ()
#235 0x016a5300 in 0x16a5300 ()
#236 0x016a5300 in 0x16a5300 ()
#237 0x016a5300 in 0x16a5300 ()
#238 0x016a5300 in 0x16a5300 ()
#239 0x016a5300 in 0x16a5300 ()
#240 0x016a5300 in 0x16a5300 ()
#241 0x016a5300 in 0x16a5300 ()
#242 0x016a5300 in 0x16a5300 ()
#243 0x016a5300 in 0x16a5300 ()
#244 0x016a5300 in 0x16a5300 ()
#245 0x016a5300 in 0x16a5300 ()
#246 0x016a5300 in 0x16a5300 ()
#247 0x016a5300 in 0x16a5300 ()
#248 0x016a5300 in 0x16a5300 ()
#249 0x016a5300 in 0x16a5300 ()
#250 0x016a5300 in 0x16a5300 ()
#251 0x016a5300 in 0x16a5300 ()
#252 0x016a5300 in 0x16a5300 ()
#253 0x016a5300 in 0x16a5300 ()
#254 0x016a5300 in 0x16a5300 ()
#255 0x016a5300 in 0x16a5300 ()
#256 0x016a5300 in 0x16a5300 ()
#257 0x016a5300 in 0x16a5300 ()
#258 0x016a5300 in 0x16a5300 ()
#259 0x016a5300 in 0x16a5300 ()
#260 0x016a5300 in 0x16a5300 ()
#261 0x016a5300 in 0x16a5300 ()
#262 0x016a5300 in 0x16a5300 ()
#263 0x016a5300 in 0x16a5300 ()
#264 0x016a5300 in 0x16a5300 ()
#265 0x016a5300 in 0x16a5300 ()
#266 0x016a5300 in 0x16a5300 ()
#267 0x016a5300 in 0x16a5300 ()
#268 0x016a5300 in 0x16a5300 ()
#269 0x016a5300 in 0x16a5300 ()
#270 0x016a5300 in 0x16a5300 ()
#271 0x016a5300 in 0x16a5300 ()
#272 0x016a5300 in 0x16a5300 ()
#273 0x016a5300 in 0x16a5300 ()
#274 0x016a5300 in 0x16a5300 ()
#275 0x016a5300 in 0x16a5300 ()
#276 0x016a5300 in 0x16a5300 ()
#277 0x016a5300 in 0x16a5300 ()
#278 0x016a5300 in 0x16a5300 ()
#279 0x016a5300 in 0x16a5300 ()
#280 0x016a5300 in 0x16a5300 ()
#281 0x016a5300 in 0x16a5300 ()
#282 0x016a5300 in 0x16a5300 ()
#283 0x016a5300 in 0x16a5300 ()
#284 0x016a5300 in 0x16a5300 ()
#285 0x016a5300 in 0x16a5300 ()
#286 0x016a5300 in 0x16a5300 ()
#287 0x016a5300 in 0x16a5300 ()
#288 0x016a5300 in 0x16a5300 ()
#289 0x016a5300 in 0x16a5300 ()
#290 0x016a5300 in 0x16a5300 ()
#291 0x016a5300 in 0x16a5300 ()
#292 0x016a5300 in 0x16a5300 ()
#293 0x016a5300 in 0x16a5300 ()
#294 0x016a5300 in 0x16a5300 ()
#295 0x016a5300 in 0x16a5300 ()
#296 0x016a5300 in 0x16a5300 ()
#297 0x016a5300 in 0x16a5300 ()
#298 0x016a5300 in 0x16a5300 ()
Thread 1:
#0 0x7000424c in _syscall ()
#1 0x706584b8 in _ProcessReadyEvent ()
#2 0x706582b0 in _CarbonSelectThreadFunc ()
#3 0x70014f04 in __pthread_body ()
Thread 2:
#0 0x70059b68 in _semaphore_wait_signal_trap ()
#1 0x70016110 in _semaphore_wait_signal ()
#2 0x70015f78 in __pthread_cond_wait ()
#3 0x70015d18 in _pthread_cond_wait ()
#4 0x70653be0 in _BSD_pthread_cond_wait ()
#5 0x70653bc0 in _CarbonConditionWait ()
#6 0x7065557c in _CarbonOperationThreadFunc ()
#7 0x70014f04 in __pthread_body ()
Thread 3:
#0 0x70059b48 in _semaphore_timedwait_signal_trap ()
#1 0x7003f7f8 in _semaphore_timedwait_signal ()
#2 0x70015f68 in __pthread_cond_wait ()
#3 0x7003f7c4 in _pthread_cond_timedwait_relative_np ()
#4 0x7029b590 in _TSWaitOnConditionTimedRelative ()
#5 0x7029cdac in _TSWaitOnSemaphoreCommon ()
#6 0x702e5f98 in _TSWaitOnSemaphoreRelative ()
#7 0x702e7208 in _TimerThread ()
#8 0x70014f04 in __pthread_body ()
Thread 4:
#0 0x70059b68 in _semaphore_wait_signal_trap ()
#1 0x70016110 in _semaphore_wait_signal ()
#2 0x70015f78 in __pthread_cond_wait ()
#3 0x70015d18 in _pthread_cond_wait ()
#4 0x7029b550 in _TSWaitOnCondition ()
#5 0x7029cd94 in _TSWaitOnSemaphoreCommon ()
#6 0x7029cce4 in _TSWaitOnSemaphore ()
#7 0x7029cba8 in _AsyncFileThread ()
#8 0x70014f04 in __pthread_body ()
Thread 5:
#0 0x70059b68 in _semaphore_wait_signal_trap ()
#1 0x70016110 in _semaphore_wait_signal ()
#2 0x70015f78 in __pthread_cond_wait ()
#3 0x70015d18 in _pthread_cond_wait ()
#4 0x70653be0 in _BSD_pthread_cond_wait ()
#5 0x70653bc0 in _CarbonConditionWait ()
#6 0x70653ab4 in _CarbonInetOperThreadFunc ()
#7 0x70014f04 in __pthread_body ()
PPC Thread State:
srr0: 0x0011c200 srr1: 0x0200f030 vrsave: 0x00000000
xer: 0x2000001c lr: 0x016ec860 ctr: 0x0011c1f4 mq: 0x00000000
r0: 0x016ec860 r1: 0xbff80000 r2: 0x002c5000 r3: 0x000000c0
r4: 0x000000c0 r5: 0x00000000 r6: 0x0000000c r7: 0x00000010
r8: 0x00000017 r9: 0x00000001 r10: 0x02eece20 r11: 0x00000000
r12: 0x002c6bf8 r13: 0x00000000 r14: 0x00000000 r15: 0x00000000
r16: 0x013bdca4 r17: 0x013bd320 r18: 0x013bac1c r19: 0x00000032
r20: 0x013bd960 r21: 0x013bb484 r22: 0x00000575 r23: 0xbff801c4
r24: 0x00002a06 r25: 0xbff801c0 r26: 0x00000000 r27: 0x013bdc28
r28: 0x03a77910 r29: 0x013bdc28 r30: 0x0000000c r31: 0x000000c0
|
||
Comment 1•23 years ago
|
||
This crashes for me, too, on Mac OS 9.1 binary 20010822xx. Changing OS
from Mac OSX to the more widespread Mac9.1 to indicate the scope of
the problem. Does not crash on WinNT or Linux builds, same date.
Let me reassign this one to Browser-General for further triage.
It is unlikely to be a JS Engine problem, and I do not have a
debug Mac build to get a detailed stack trace - that's what we'll
need to properly assign this bug.
Assignee: rogerl → asa
Status: UNCONFIRMED → NEW
Component: Javascript Engine → Browser-General
Ever confirmed: true
OS: MacOS X → Mac System 9.x
QA Contact: pschwartau → doronr
Well it crashes for me too (2001-08-22 build). I however wish I knewn how to do
stack traces to help.
|
Reporter | |
Comment 3•23 years ago
|
||
On OS9, with MacsBug installed when you crash you can do sc6 and sc7 to do stack
crawls. That used to refer to the A6 and A7 registers in 68K assembly, but now
they're just shortcuts on PPC.
|
||
Comment 4•23 years ago
|
||
|
||
Comment 6•23 years ago
|
||
-> dagley. Is this the bug that you and simond just fixed?
Assignee: saari → sdagley
|
||
Comment 7•23 years ago
|
||
nope, different problem
|
|
||
Comment 8•23 years ago
|
||
This is a JS bug, most likely too much recursion as it looks like we're blowing
the stack out.
Assignee: sdagley → rogerl
Component: ImageLib → JavaScript Engine
QA Contact: doronr → pschwartau
|
|
||
Comment 9•23 years ago
|
||
This JS on this page has a 475 element if () else if () else if () else...
conditional to support the "Jump to..." button for the popup menu which causes us
to blow out the stack evaluating the JS. It sure sounds like really bad JS but I
don't think we should crash on it. Increasing the Fizzilla stack (remember, the
Mac has a static stack size declared at compile time) to 768K allows the page to
load.
|
|
||
Comment 10•23 years ago
|
||
The stack from the mach-o build does have the symbology and you can see that,
yep, we've got a boatload of recursion going on.
|
|
||
Comment 11•23 years ago
|
||
|
|
||
Comment 12•23 years ago
|
||
Reassigning to Kenton, and cc'ing Brendan -
I missed the boat on this one. If you load the above standalone JS test
in the WinNT or Linux JS shell, it loads fine. But on Mac9.1, it crashes
exactly as outlined above. Similar to these bugs (which I'll recheck on Mac):
bug 74474 (large switch statement)
bug 80981 Need extended jump bytecode
bug 89443 (many chained ||'s)
bug 90445 (large block)
Assignee: rogerl → khanson
Keywords: crash
|
Assignee | |
Comment 13•23 years ago
|
||
Another case where an iterative approach would win, because if-else chains are
common, and can be moderately long -- and some OSes (ahem) don't allow much
stack headroom.
/be
|
|
||
Comment 14•23 years ago
|
||
Testcase added to JS testsuite:
mozilla/js/tests/js1_5/Regress/regress-96526.js
Passing on WinNT and Linux; failing on Mac only -
|
||
Updated•23 years ago
|
Whiteboard: is this related to bug #96128?
|
|
Reporter | |
Comment 15•23 years ago
|
||
khanson@netscape.com wrote, in the status whiteboard field:
>is this related to bug #96128?
Bug 96128 is about stuff slipping past the too-much recursion detector, which
this is. But the proposed solution over there is to limit how much recursion
can be done, on a per-OS basis. If the limit was set low enough, this test page
would not crash but not work either, then it's a different bug.
Sure, the stack could be set high enough to avoid the crash with this page, but
as long as the interperter does this recursively, there's always going to be a
level at which the stack limit will be reached.
Unless the javascript spec specifies a maximum number of else's, the
interpreter's gonna be out of spec as long as it handles it this way.
|
|
||
Updated•23 years ago
|
Target Milestone: --- → mozilla1.0.1
|
|
Assignee | |
Comment 16•23 years ago
|
||
Bill McGonigle, this has nothing to do with bug 96128, or with the interpreter.
The crash here is in the compiler, where the maximum length of else-if chain is
enforced with an OS-dependent crash (as in 96128, that's the only thing in
common and it does not make this bug the same as that -- there is no recursion
limiter in the compiler, it's different code, it needs a different bug).
There are many places where recursion in the code generator will chew stack.
The fix is likely to cover many specific input cases, so I think it's ok to
track a number of testcases in this bug, to try to synthesize a unified
solution. One came by from Georgi Guninski recently:
<script>
a="[\"b\"]";
s="g";
for(i=0;i<20000;i++)
s += a;
try {eval(s);}
catch (e) {alert(e)};
</script>
The answer is tail recursion elimination, but again, I hope it can be done
systematically (perhaps by js_FoldConstants), so it covers all cases of binary
and ternary parse-nodes.
/be
/be
Keywords: mozilla1.1
|
|
Assignee | |
Updated•23 years ago
|
Summary: page causes Fizzilla crash → JS code generator needs to eliminate tail recursion, avoid stack overflow
|
|
||
Comment 17•23 years ago
|
||
I have added Georgi's test to the testcase for this bug:
mozilla/js/tests/js1_5/Regress/regress-96526.js
Now this testcase fails on WinNT and Linux as well as on Mac9.1.
|
|
Assignee | |
Comment 18•23 years ago
|
||
*** Bug 133897 has been marked as a duplicate of this bug. ***
|
|
||
Comment 19•23 years ago
|
||
The offending function from the duplicate bug 133897 has been added
to the testcase for this bug:
mozilla/js/tests/js1_5/Regress/regress-96526.js
|
|
||
Comment 20•23 years ago
|
||
Changing platform and OS to all. See Phil's comment #17 and duplicate bug
#133897 description.
Status: NEW → ASSIGNED
OS: Mac System 9.x → All
Hardware: Macintosh → All
|
||
Comment 21•23 years ago
|
||
This crash takes down my machine on Mac OS 9. It's really bad.
|
|
||
Comment 22•23 years ago
|
||
*** Bug 140358 has been marked as a duplicate of this bug. ***
|
|
||
Comment 23•23 years ago
|
||
cc'ing folks from bug 140358 -
|
|
||
Comment 24•23 years ago
|
||
This patch reduces the recursion depth caused by jsparse.c when encountering
large chains of else if statements. It artificially handles the recursion
without changing the underlying logic of jsparse.c. However, while avoiding
stack overflow other problems occur, memory exceptions. These can also be seen
without the patch by reducing the test case to 100 else if statements. I will
continue to investigate. I welcome any thoughts or insights.
|
|
||
Comment 25•23 years ago
|
||
Same test case as Phil did in comment #11 except it has only 100 "else if"
statements. Phils test has 475. Without the patch this test case produces a
"line 1111 exception" in CodeWarrior and crashes my Mac (OS 9.1) with an
"unmapped memeory exception heap is probably corrupt." With the patch,
CodeWarrior produces an "unmapped memory exception" at js_PopStatement (tc) in
file jsparse.c. With the patch a stack overflow does not occur. I also do not
expect a stack overflow without the patch for this testcase.
|
|
Assignee | |
Comment 26•23 years ago
|
||
I haven't looked at the patch, but isn't the parser relatively frugal with stack
compared to the code generator? I.e., aren't the crashes that this bug
complains about in js_EmitTree, in jsemit.c?
/be
|
|
||
Comment 27•23 years ago
|
||
Comment on attachment 81832 [details] [diff] [review]
Experimental patch
Yes, Upon closer inspection the parse of 475 else if statements is not causing
the stack overflow.
Attachment #81832 -
Attachment is obsolete: true
|
||
Comment 28•23 years ago
|
||
I just filed bug 152646 on a posibly related issue - too many nested parentheses
in an expression also causes a stack overflow crash.
|
|
Assignee | |
Comment 29•23 years ago
|
||
When the patch for bug 144834 goes in, js_EmitTree's stack frame size may go
down for some compilers (depends on how block locals are allocated, on entry to
function containing block, or on entry to block). Phil, if you have time to try
the patches for jsemit.c and js.msg in 144834 and tell whether they change any
of these testcases' results, that would be swell.
/be
|
|
||
Comment 30•23 years ago
|
||
Brendan: I applied the patches for bug 144834. They fix that bug,
but make no difference for me on WinNT on the testcase here:
mozilla/js/tests/js1_5/Regress/regress-96526.js
Nor any difference on the testcase for bug 152646 Mitch filed above:
mozilla/js/tests/js1_5/Regress/regress-152646.js
Both of these still crash in the debug and optimized JS shell,
even with the patches for bug 144834 applied -
|
|
||
Comment 31•23 years ago
|
||
*** Bug 156647 has been marked as a duplicate of this bug. ***
|
|
||
Comment 32•22 years ago
|
||
The crash appears to be caused by recursive calls to js_EmitTree (a routine that
consists of about 2000 lines of C source code). Each recursive call adds about
1500 bytes to the stack (Mac OS9). Called recursively 473 times requires 692K
of stack space. Needless to say, things go bad.
I broke the routine into two routines, a short routine that contains the “case
TOK_IF:” code. The remainder of code is in a second routine that gets called if
the “case TOK_IF:” is not invoked. This reduces the stack space per call for
“case TOK_IF:” to 144 bytes. Called recursively 473 times requires 66K of stack
space. Still too much stack space. My next strategy is to reduce recursive
call to an iterative structure.
|
|
Assignee | |
Comment 33•22 years ago
|
||
khanson, why so much stack space, can you tell (e.g., by printing &cg2 and &fun
in the TOK_FUNCTION case)? A JSCodeGenerator is about 39 words, and a StmtInfo
is 8 words. The other locals are scalars or pointers, so I don't see how we
approach 400 words (1500 bytes), even including callee-saved register spill
slots and other call-linkage overhead.
If the cg2 block-local in the TOK_FUNCTION case is the worst offender, perhaps
we should just move it from the stack into the cx->tempPool arena-pool.
/be
|
|
||
Comment 34•22 years ago
|
||
Proposed patch. Reduces stack space for large else if statements caused by
jsemit.
|
|
Assignee | |
Comment 35•22 years ago
|
||
Also, let's allocate cg2 (the TOK_FUNCTION case) from cx->tempPool and reduce
js_EmitTree's stack frame size.
Kenton, Phil: please test and review this and vouch for it if you like it.
Thanks,
/be
|
|
Assignee | |
Comment 36•22 years ago
|
||
Taking for 1.2alpha.
/be
Assignee: khanson → brendan
Status: ASSIGNED → NEW
Priority: -- → P1
Target Milestone: mozilla1.0.1 → mozilla1.2alpha
|
|
Assignee | |
Updated•22 years ago
|
Attachment #97438 -
Attachment is obsolete: true
|
|
Assignee | |
Comment 37•22 years ago
|
||
Comment on attachment 97438 [details] [diff] [review]
patch that reduces stack space for large if else statements
No need for a library-wide js_EmitTreeIf, but what's more: the only
recursion-spanning data dependency is the beq variable that lives across the
else-clause call to js_EmitTree, and we can eliminate that dependency using
backpatching.
/be
|
|
Assignee | |
Comment 38•22 years ago
|
||
Phil, the test for this bug, js1_5/Regress/regress-96526.js, actually tests
several things. Could you split it up?
The attachment 97801 [details] [diff] [review] fixes the else-if problem, but the crazy generated string
of g["b"]["b"]["b"]...["b"] passed to eval will run into another place where
recursion exceeds thread stack limits. I'll see about extending the patch to
cover that case too, although it is not a real-world one and I wont' spend too
much time on it.
/be
Status: NEW → ASSIGNED
|
|
||
Comment 39•22 years ago
|
||
I have CVS-removed the test js1_5/Regress/regress-96526.js
and split it up into three separate tests that I've added:
js1_5/Regress/regress-96526-001.js
js1_5/Regress/regress-96526-002.js
js1_5/Regress/regress-96526-003.js
I am now testing the latest patch -
|
|
||
Comment 40•22 years ago
|
||
The latest patch (attachment 97801 [details] [diff] [review]) passes the JS testsuite on WinNT,
in both the debug/optimized shells: it introduces no test regressions.
As for the three testcases above:
js1_5/Regress/regress-96526-001.js pass (as does the current trunk)
js1_5/Regress/regress-96526-002.js FAIL (as Brendan indicated in Comment #38)
js1_5/Regress/regress-96526-003.js pass (whereas the current trunk crashes)
|
|
Assignee | |
Comment 41•22 years ago
|
||
This adds code to cover the g.b.b.b.b.b....b and g['b']['b']['b']...['b']
cases.
/be
|
|
Assignee | |
Comment 42•22 years ago
|
||
This adds code to cover the g.b.b.b.b.b....b and g['b']['b']['b']...['b']
cases.
/be
Attachment #97801 -
Attachment is obsolete: true
|
|
Assignee | |
Comment 43•22 years ago
|
||
Comment on attachment 97881 [details] [diff] [review]
proposed fix for all tests
Oops, double-tapped bugzilla and it didn't accuse me of self-colliding. Hmm.
/be
Attachment #97881 -
Attachment is obsolete: true
|
|
||
Comment 44•22 years ago
|
||
Gee, the latest patch introduces no test regresssions, but still
crashes on Georgi's test, js1_5/Regress/regress-96526-002.js
(due to stack overflow:)
js_FoldConstants(JSContext * 0x00301d60, JSParseNode * 0x005ab080, JSTreeContext
* 0x0012d49c) line 3083 + 9 bytes
js_FoldConstants(JSContext * 0x00301d60, JSParseNode * 0x005ab0e0, JSTreeContext
* 0x0012d49c) line 3083 + 23 bytes
js_FoldConstants(JSContext * 0x00301d60, JSParseNode * 0x005ab140, JSTreeContext
* 0x0012d49c) line 3083 + 23 bytes
js_FoldConstants(JSContext * 0x00301d60, JSParseNode * 0x005ab1a0, JSTreeContext
* 0x0012d49c) line 3083 + 23 bytes
js_FoldConstants(JSContext * 0x00301d60, JSParseNode * 0x005ab200, JSTreeContext
* 0x0012d49c) line 3083 + 23 bytes
js_FoldConstants(JSContext * 0x00301d60, JSParseNode * 0x005ab260, JSTreeContext
* 0x0012d49c) line 3083 + 23 bytes
js_FoldConstants(JSContext * 0x00301d60, JSParseNode * 0x005ab2c0, JSTreeContext
* 0x0012d49c) line 3083 + 23 bytes
js_FoldConstants(JSContext * 0x00301d60, JSParseNode * 0x005ab320, JSTreeContext
* 0x0012d49c) line 3083 + 23 bytes
js_FoldConstants(JSContext * 0x00301d60, JSParseNode * 0x005ab380, JSTreeContext
* 0x0012d49c) line 3083 + 23 bytes
js_FoldConstants(JSContext * 0x00301d60, JSParseNode * 0x005ab418, JSTreeContext
* 0x0012d49c) line 3083 + 23 bytes
etc.
|
|
Assignee | |
Comment 45•22 years ago
|
||
Plus, I hacked more in jsemit.c to preserve the JSOP_ARGSUB optimization used
for arguments[0] (any constant integer index that fits in the immediate operand
for JSOP_ARGSUB), so it kicks in for arguments[0][j] and similar chained []
exprs.
Phil, no tests crashed for me with the previous patch, but I'm testing on RH7.1
Linux/x86. What OS/CPU were you using? Let me know whether this patch fixes
all ills.
Still looking for an r=, or questions and comments leading to an r=.
/be
|
|
Assignee | |
Updated•22 years ago
|
Attachment #97882 -
Attachment is obsolete: true
|
|
Assignee | |
Comment 46•22 years ago
|
||
This is the money, baby.
/be
Attachment #98035 -
Attachment is obsolete: true
|
|
||
Comment 47•22 years ago
|
||
The latest patch passes the JS testsuite in both the debug/optimized
JS shell on WinNT. No test regressions are introduced, and this time
all three testcases above are passing for me, including Georgi's -
OS=WinNT4.0(SP6) 500MHz CPU 128M RAM
|
|
Assignee | |
Comment 48•22 years ago
|
||
Diff the last two patches to show what changed. Just these things:
- Better comment in CheckSideEffects.
- Use JS_ARENA_ALLOCATE_TYPE to allocate cg2, instead of redundantly
parameterized JS_ARENA_ALLOCATE_CAST (that's what _TYPE is for: allocate one
thing and casting the pointer to the right type).
- Long lost JS_ReportOutOfMemory calls in NewParseNode and NewBinary (silent
errors crept in when allocation changed from JS_malloc to JS_ARENA_ALLOCATE_*).
- Comment in js_FoldConstants for the PN_NAME recursion avoidance added to fix
that last test of phil's/guninsk's.
- goto to skip around a switch case in js_FoldConstants, instead of falling
through it and wasting a test.
/be
Attachment #98041 -
Attachment is obsolete: true
|
|
||
Comment 49•22 years ago
|
||
The latest patch passes the JS testsuite in both the debug/optimized
JS shell on WinNT. No test regressions are introduced, and all three
testcases above are passing -
|
|
Assignee | |
Comment 50•22 years ago
|
||
Moving out, some of these may move to 1.3alpha shortly.
/be
Target Milestone: mozilla1.2alpha → mozilla1.2beta
|
||
Comment 51•22 years ago
|
||
Comment on attachment 98080 [details] [diff] [review]
final proposal (fixes a few nits, adds/improves comments)
sr=shaver.
Attachment #98080 -
Flags: superreview+
|
|
Assignee | |
Comment 52•22 years ago
|
||
More testing was needed, EmitElemOp generated bad code for several cases. It
should be all good now. Phil, please contact me for testcase raw materials.
/be
Attachment #98080 -
Attachment is obsolete: true
|
|
Assignee | |
Comment 53•22 years ago
|
||
Fixed.
/be
Status: ASSIGNED → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
|
|
Reporter | |
Comment 54•22 years ago
|
||
Verifying reported URL works properly on Fizilla/200210090.
Many thanks.
|
|
||
Comment 55•22 years ago
|
||
Testcases by Brendan (see Comment #52) added to JS testsuite:
js1_5/Expressions/regress-96526-argsub.js
js1_5/Expressions/regress-96526-noargsub.js
js1_5/Expressions/regress-96526-delelem.js
These, plus the original three testcases for this bug (Comment #39)
js1_5/Regress/regress-96526-001.js
js1_5/Regress/regress-96526-002.js
js1_5/Regress/regress-96526-003.js
are all passing in the debug and optimized JS shell on WinNT,
Linux, and MacOS X. On my Mac9.1, all six of these tests pass
except js1_5/Regress/regress-96526-002.js. But I believe this
has to do with other issues I have with this machine.
Therefore based on my testing and on Bill's in Comment #54,
marking this bug Verified FIXED -
Status: RESOLVED → VERIFIED
|
||
Updated•20 years ago
|
Flags: testcase+
|
|
||
Comment 56•19 years ago
|
||
Note to self: js1_5/Expressions/regress-96526-delelem.js will fail in pre 1.9 builds due to fix for bug 311583 and the modification of the test to adhere to the new behavior.
|
|
||
Comment 57•19 years ago
|
||
(In reply to comment #56)
Now that bug 311583 has landed on 1.8.1, this test will only fail in 1.8.0.x and older branches.
You need to log in
before you can comment on or make changes to this bug.
Description
•