1023035 - Assertion failure: CurrentThreadCanAccessRuntime(rt), at /js/src/jsgc.cpp:2141

Status: RESOLVED FIXED

(Core :: JavaScript: GC, defect)

Description

[Shih-Chiang Chien [:schien] (UTC+8) (use ni? plz)]

Encounter this while executing mochitest on b2g-desktop debug build.

https://tbpl.mozilla.org/php/getParsedLog.php?id=41355834&tree=Try&full=1#error2

06:54:12     INFO -   0  libxul.so!js::gc::GCRuntime::triggerGC(JS::gcreason::Reason) [jsgc.cpp:7e27d78d3629 : 2141 + 0x18]
06:54:12     INFO -      eip = 0xb55fed91   esp = 0xb11cf1b0   ebp = 0xb11cf1d8   ebx = 0xb6bd4ca4
06:54:12     INFO -      esi = 0x00000000   edi = 0xafec71c0   eax = 0x00000000   ecx = 0xb759d8ac
06:54:12     INFO -      edx = 0x00000000   efl = 0x00210282
06:54:12     INFO -      Found by: given as instruction pointer in context
06:54:12     INFO -   1  libxul.so!js::gc::GCRuntime::onTooMuchMalloc() [jsgc.cpp:7e27d78d3629 : 1514 + 0xc]
06:54:12     INFO -      eip = 0xb56075ca   esp = 0xb11cf1e0   ebp = 0xb11cf1f8   ebx = 0xb6bd4ca4
06:54:12     INFO -      esi = 0xafec7c60   edi = 0x0004d316
06:54:12     INFO -      Found by: call frame info
06:54:12     INFO -   2  libxul.so!js::ScriptSource::ensureOwnsSource(js::ExclusiveContext*) [jscntxt.h:7e27d78d3629 : 274 + 0x14]
06:54:12     INFO -      eip = 0xb56b9c22   esp = 0xb11cf200   ebp = 0xb11cf238   ebx = 0xb6bd4ca4
06:54:12     INFO -      esi = 0x9c4693a0   edi = 0x0004d316
06:54:12     INFO -      Found by: call frame info
06:54:12     INFO -   3  libxul.so!js::frontend::CompileScript(js::ExclusiveContext*, js::LifoAlloc*, JS::Handle<JSObject*>, JS::Handle<JSScript*>, JS::ReadOnlyCompileOptions const&, JS::SourceBufferHolder&, JSString*, unsigned int, js::SourceCompressionTask*) [BytecodeCompiler.cpp:7e27d78d3629 : 256 + 0x30]
06:54:12     INFO -      eip = 0xb5884181   esp = 0xb11cf240   ebp = 0xb11d0228   ebx = 0xb6bd4ca4
06:54:12     INFO -      esi = 0x9c4693a0   edi = 0xa72c3a00
06:54:12     INFO -      Found by: call frame info
06:54:12     INFO -   4  libxul.so!js::HelperThread::handleParseWorkload() [HelperThreads.cpp:7e27d78d3629 : 907 + 0x41]
06:54:12     INFO -      eip = 0xb5759d68   esp = 0xb11d0230   ebp = 0xb11d0298   ebx = 0xb6bd4ca4
06:54:12     INFO -      esi = 0xb71b9540   edi = 0x9cbf9200
06:54:12     INFO -      Found by: call frame info
06:54:12     INFO -   5  libxul.so!js::HelperThread::threadLoop() [HelperThreads.cpp:7e27d78d3629 : 1089 + 0xa]
06:54:12     INFO -      eip = 0xb575a300   esp = 0xb11d02a0   ebp = 0xb11d02e8   ebx = 0xb6bd4ca4
06:54:12     INFO -      esi = 0xb105be00   edi = 0x00000000
06:54:12     INFO -      Found by: call frame info

Comment 1

[Kyle Huey (Exited; not receiving bugmail, old account, do not use)]

Making this s-s as a precaution.

Comment 2

[Brian Hackett [Laid off!]]

Attachment: patch

I think this is a regression from bug 988486, rev 18eea9cb1c46.  JSRuntime::onTooMuchMalloc checks it is on the main thread before triggering a GC, but GCRuntime::onTooMuchMalloc doesn't.  This fix puts the thread check in a better place.

Comment 3

[Brian Hackett [Laid off!]]

Oh, and there isn't anything obviously dangerous here we could be racing on (mainly scheduling GCs in each zone) but I don't know for sure.

Comment 4

[Bill McCloskey [inactive unless it's an emergency] (:billm)]

Comment on attachment 8438435 [details] [diff] [review]
patch

Review of attachment 8438435 [details] [diff] [review]:
-----------------------------------------------------------------

::: js/src/jsgc.cpp
@@ +2144,5 @@
>          ForkJoinContext::current()->requestGC(reason);
>          return true;
>      }
>  
> +    /* Don't trigger GCs from off the main thread. */

Please say in the comment that this should only happen through onTooMuchMalloc.

Comment 5

[Brian Hackett [Laid off!]]

https://hg.mozilla.org/integration/mozilla-inbound/rev/000b317ce64f

Comment 6

[Wes Kocher (:KWierso) (Not reading bugmail; email directly if needed)]

https://hg.mozilla.org/mozilla-central/rev/000b317ce64f