Closed
Bug 1023035
Opened 10 years ago
Closed 10 years ago
Assertion failure: CurrentThreadCanAccessRuntime(rt), at /js/src/jsgc.cpp:2141
Categories
(Core :: JavaScript: GC, defect)
Tracking
()
RESOLVED
FIXED
mozilla33
Tracking | Status | |
---|---|---|
firefox32 | --- | unaffected |
firefox33 | --- | fixed |
firefox-esr24 | --- | unaffected |
firefox-esr31 | --- | unaffected |
People
(Reporter: schien, Unassigned)
References
Details
(Keywords: regression, Whiteboard: [adv-main33+])
Attachments
(1 file)
1.36 KB,
patch
|
billm
:
review+
|
Details | Diff | Splinter Review |
Encounter this while executing mochitest on b2g-desktop debug build. https://tbpl.mozilla.org/php/getParsedLog.php?id=41355834&tree=Try&full=1#error2 06:54:12 INFO - 0 libxul.so!js::gc::GCRuntime::triggerGC(JS::gcreason::Reason) [jsgc.cpp:7e27d78d3629 : 2141 + 0x18] 06:54:12 INFO - eip = 0xb55fed91 esp = 0xb11cf1b0 ebp = 0xb11cf1d8 ebx = 0xb6bd4ca4 06:54:12 INFO - esi = 0x00000000 edi = 0xafec71c0 eax = 0x00000000 ecx = 0xb759d8ac 06:54:12 INFO - edx = 0x00000000 efl = 0x00210282 06:54:12 INFO - Found by: given as instruction pointer in context 06:54:12 INFO - 1 libxul.so!js::gc::GCRuntime::onTooMuchMalloc() [jsgc.cpp:7e27d78d3629 : 1514 + 0xc] 06:54:12 INFO - eip = 0xb56075ca esp = 0xb11cf1e0 ebp = 0xb11cf1f8 ebx = 0xb6bd4ca4 06:54:12 INFO - esi = 0xafec7c60 edi = 0x0004d316 06:54:12 INFO - Found by: call frame info 06:54:12 INFO - 2 libxul.so!js::ScriptSource::ensureOwnsSource(js::ExclusiveContext*) [jscntxt.h:7e27d78d3629 : 274 + 0x14] 06:54:12 INFO - eip = 0xb56b9c22 esp = 0xb11cf200 ebp = 0xb11cf238 ebx = 0xb6bd4ca4 06:54:12 INFO - esi = 0x9c4693a0 edi = 0x0004d316 06:54:12 INFO - Found by: call frame info 06:54:12 INFO - 3 libxul.so!js::frontend::CompileScript(js::ExclusiveContext*, js::LifoAlloc*, JS::Handle<JSObject*>, JS::Handle<JSScript*>, JS::ReadOnlyCompileOptions const&, JS::SourceBufferHolder&, JSString*, unsigned int, js::SourceCompressionTask*) [BytecodeCompiler.cpp:7e27d78d3629 : 256 + 0x30] 06:54:12 INFO - eip = 0xb5884181 esp = 0xb11cf240 ebp = 0xb11d0228 ebx = 0xb6bd4ca4 06:54:12 INFO - esi = 0x9c4693a0 edi = 0xa72c3a00 06:54:12 INFO - Found by: call frame info 06:54:12 INFO - 4 libxul.so!js::HelperThread::handleParseWorkload() [HelperThreads.cpp:7e27d78d3629 : 907 + 0x41] 06:54:12 INFO - eip = 0xb5759d68 esp = 0xb11d0230 ebp = 0xb11d0298 ebx = 0xb6bd4ca4 06:54:12 INFO - esi = 0xb71b9540 edi = 0x9cbf9200 06:54:12 INFO - Found by: call frame info 06:54:12 INFO - 5 libxul.so!js::HelperThread::threadLoop() [HelperThreads.cpp:7e27d78d3629 : 1089 + 0xa] 06:54:12 INFO - eip = 0xb575a300 esp = 0xb11d02a0 ebp = 0xb11d02e8 ebx = 0xb6bd4ca4 06:54:12 INFO - esi = 0xb105be00 edi = 0x00000000 06:54:12 INFO - Found by: call frame info
Making this s-s as a precaution.
Group: core-security
Flags: needinfo?(bhackett1024)
Comment 2•10 years ago
|
||
I think this is a regression from bug 988486, rev 18eea9cb1c46. JSRuntime::onTooMuchMalloc checks it is on the main thread before triggering a GC, but GCRuntime::onTooMuchMalloc doesn't. This fix puts the thread check in a better place.
Attachment #8438435 -
Flags: review?(wmccloskey)
Flags: needinfo?(bhackett1024)
Comment 3•10 years ago
|
||
Oh, and there isn't anything obviously dangerous here we could be racing on (mainly scheduling GCs in each zone) but I don't know for sure.
Comment on attachment 8438435 [details] [diff] [review] patch Review of attachment 8438435 [details] [diff] [review]: ----------------------------------------------------------------- ::: js/src/jsgc.cpp @@ +2144,5 @@ > ForkJoinContext::current()->requestGC(reason); > return true; > } > > + /* Don't trigger GCs from off the main thread. */ Please say in the comment that this should only happen through onTooMuchMalloc.
Attachment #8438435 -
Flags: review?(wmccloskey) → review+
https://hg.mozilla.org/mozilla-central/rev/000b317ce64f
Status: NEW → RESOLVED
Closed: 10 years ago
status-firefox32:
--- → ?
status-firefox33:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla33
Updated•10 years ago
|
status-firefox-esr24:
--- → wontfix
Updated•10 years ago
|
Whiteboard: [adv-main33+]
Updated•10 years ago
|
You need to log in
before you can comment on or make changes to this bug.
Description
•