Closed Bug 505220 Opened 15 years ago Closed 12 years ago

JS_Assert jp->script->flags & JSSF_SAVED_CALLER_FUN failed

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Version:
1.9.1 Branch
Platform:
x86_64
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: bmcquade, Unassigned)

References

Details

(Keywords: crash, regression) 

User-Agent:       Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1) Gecko/20090720 Shiretoko/3.5
Build Identifier: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1) Gecko/20090720 Shiretoko/3.5

When my extension calls jsdIScript::GetFunctionSource, the following assertion in jsopcode.cpp triggers (see stack trace for more detail):

                if (!jp->fun) {
-->                 JS_ASSERT(jp->script->flags & JSSF_SAVED_CALLER_FUN);
                    JS_GET_SCRIPT_FUNCTION(jp->script, 0, jp->fun);
                }

Reproducible: Always

Steps to Reproduce:
See bug 505041 and follow the instructions there. 
Actual Results:  
assertion triggered

Expected Results:  
no assertion triggered

#0  0x00007fe2c8ea0b81 in nanosleep () from /lib/libc.so.6
#1  0x00007fe2c8ea09a4 in sleep () from /lib/libc.so.6
#2  0x00007fe2cccfdf98 in ah_crap_handler (signum=6) at /usr/local/b/ff35/mozilla/toolkit/xre/nsSigHandlers.cpp:149
#3  0x00007fe2cccff165 in nsProfileLock::FatalSignalHandler (signo=6) at nsProfileLock.cpp:216
#4  <signal handler called>
#5  0x00007fe2c8e35095 in raise () from /lib/libc.so.6
#6  0x00007fe2c8e36af0 in abort () from /lib/libc.so.6
#7  0x00007fe2cca5f619 in JS_Assert (s=0x7fe2cca92d98 "jp->script->flags & JSSF_SAVED_CALLER_FUN",
    file=0x7fe2cca92188 "/usr/local/b/ff35/mozilla/js/src/jsopcode.cpp", ln=2807) at /usr/local/b/ff35/mozilla/js/src/jsutil.cpp:69
#8  0x00007fe2cca099ce in Decompile (ss=0x7fffd5359150, pc=0x7fe2ac6b1093 "¹", nb=29, nextop=JSOP_NOP) at /usr/local/b/ff35/mozilla/js/src/jsopcode.cpp:2807
#9  0x00007fe2cca145ad in DecompileCode (jp=0x7fe2ac6f6e80, script=0x7fe2ac6b0fe0, pc=0x7fe2ac6b108c "}", len=29, pcdepth=0)
    at /usr/local/b/ff35/mozilla/js/src/jsopcode.cpp:4831
#10 0x00007fe2cca15905 in js_DecompileScript (jp=0x7fe2ac6f6e80, script=0x7fe2ac6b0fe0) at /usr/local/b/ff35/mozilla/js/src/jsopcode.cpp:4856
#11 0x00007fe2cc94eb4d in JS_DecompileScript (cx=0x7fe2af6e9800, script=0x7fe2ac6b0fe0, name=0x7fe2b6697b4c "ppscript", indent=4)
    at /usr/local/b/ff35/mozilla/js/src/jsapi.cpp:4982
#12 0x00007fe2b668ffdb in jsdScript::GetFunctionSource (this=0x7fe2aca838e0, aFunctionSource=@0x7fffd5359300) at /usr/local/b/ff35/mozilla/js/jsd/jsd_xpc.cpp:1288
#13 0x00007fe2b530632d in ?? ()
   from /home/bmcquade/.mozilla/firefox/tpd6j54n.svn-rw/extensions/{e3f6c2cc-d8db-498c-af6c-499fb211db97}/platform/Linux_x86_64-gcc3/components/libpagespeed.so
#14 0x00007fe2b52fdffc in ?? ()
   from /home/bmcquade/.mozilla/firefox/tpd6j54n.svn-rw/extensions/{e3f6c2cc-d8db-498c-af6c-499fb211db97}/platform/Linux_x86_64-gcc3/components/libpagespeed.so
#15 0x00007fe2b530652d in ?? ()
   from /home/bmcquade/.mozilla/firefox/tpd6j54n.svn-rw/extensions/{e3f6c2cc-d8db-498c-af6c-499fb211db97}/platform/Linux_x86_64-gcc3/components/libpagespeed.so
#16 0x00007fe2b6690f48 in jsds_ScriptHookProc (jsdc=0x7fe2af6b8480, jsdscript=0x7fe2aca83880, creating=1, callerdata=0x0)
    at /usr/local/b/ff35/mozilla/js/jsd/jsd_xpc.cpp:734
#17 0x00007fe2b6685184 in jsd_NewScriptHookProc (cx=0x7fe2b1c08800, filename=0x7fe2ac91ac5d "http://en-us.www.mozilla.com/js/s_code.js", lineno=438,
    script=0x7fe2ac6b0fe0, fun=0x0, callerdata=0x7fe2af6b8480) at /usr/local/b/ff35/mozilla/js/jsd/jsd_scpt.c:613
#18 0x00007fe2cca4e2b2 in js_CallNewScriptHook (cx=0x7fe2b1c08800, script=0x7fe2ac6b0fe0, fun=0x0) at /usr/local/b/ff35/mozilla/js/src/jsscript.cpp:1581
#19 0x00007fe2cca4f487 in js_NewScriptFromCG (cx=0x7fe2b1c08800, cg=0x7fffd5359600) at /usr/local/b/ff35/mozilla/js/src/jsscript.cpp:1564
#20 0x00007fe2cca314e8 in JSCompiler::compileScript (cx=0x7fe2b1c08800, scopeChain=0x7fe2aca81840, callerFrame=0x7fe2ae520390, principals=0x7fe2ad65f748,
    tcflags=139264, chars=0x7fe2ac83a800, length=602, file=0x0, filename=0x7fe2ac91ac5d "http://en-us.www.mozilla.com/js/s_code.js", lineno=438,
    source=0x7fe2ac825920) at /usr/local/b/ff35/mozilla/js/src/jsparse.cpp:987
#21 0x00007fe2cc9fc17c in obj_eval (cx=0x7fe2b1c08800, obj=0x7fe2b2c60a40, argc=1, argv=0x7fe2ae5204e0, rval=0x7fffd5359d30)
    at /usr/local/b/ff35/mozilla/js/src/jsobj.cpp:1482
#22 0x00007fe2cc9db6cf in js_Invoke (cx=0x7fe2b1c08800, argc=1, vp=0x7fe2ae5204d0, flags=2) at /usr/local/b/ff35/mozilla/js/src/jsinterp.cpp:1386
#23 0x00007fe2cc9c88e5 in js_Interpret (cx=0x7fe2b1c08800) at /usr/local/b/ff35/mozilla/js/src/jsinterp.cpp:5179
#24 0x00007fe2cc9da7ec in js_Execute (cx=0x7fe2b1c08800, chain=0x7fe2adfa6c00, script=0x7fe2ad035000, down=0x0, flags=0, result=0x0)
    at /usr/local/b/ff35/mozilla/js/src/jsinterp.cpp:1622
#25 0x00007fe2cc94f236 in JS_EvaluateUCScriptForPrincipals (cx=0x7fe2b1c08800, obj=0x7fe2adfa6c00, principals=0x7fe2ad65f748, chars=0x7fe2ad002008, length=26695,
    filename=0x7fe2ad3a1448 "http://en-us.www.mozilla.com/js/s_code.js", lineno=1, rval=0x0) at /usr/local/b/ff35/mozilla/js/src/jsapi.cpp:5145
#26 0x00007fe2b927e97a in nsJSContext::EvaluateString (this=0x7fe2ae4b4ab0, aScript=@0x7fe2ad3a14c8, aScopeObject=0x7fe2adfa6c00, aPrincipal=0x7fe2ad65f740,
    aURL=0x7fe2ad3a1448 "http://en-us.www.mozilla.com/js/s_code.js", aLineNo=1, aVersion=0, aRetValue=0x0, aIsUndefined=0x7fffd535ade0)
    at /usr/local/b/ff35/mozilla/dom/src/base/nsJSEnvironment.cpp:1631
#27 0x00007fe2b905d210 in nsScriptLoader::EvaluateScript (this=0x7fe2ad48b510, aRequest=0x7fe2ad3a14a0, aScript=@0x7fe2ad3a14c8)
    at /usr/local/b/ff35/mozilla/content/base/src/nsScriptLoader.cpp:686
#28 0x00007fe2b905d4d3 in nsScriptLoader::ProcessRequest (this=0x7fe2ad48b510, aRequest=0x7fe2ad3a14a0)
    at /usr/local/b/ff35/mozilla/content/base/src/nsScriptLoader.cpp:600
#29 0x00007fe2b905f058 in nsScriptLoader::ProcessScriptElement (this=0x7fe2ad48b510, aElement=0x7fe2ac527018)
    at /usr/local/b/ff35/mozilla/content/base/src/nsScriptLoader.cpp:511
#30 0x00007fe2b905ad86 in nsScriptElement::MaybeProcessScript (this=0x7fe2ac527018) at /usr/local/b/ff35/mozilla/content/base/src/nsScriptElement.cpp:193
#31 0x00007fe2b912c00d in nsHTMLScriptElement::MaybeProcessScript (this=0x7fe2ac526fd0)
    at /usr/local/b/ff35/mozilla/content/html/content/src/nsHTMLScriptElement.cpp:546
#32 0x00007fe2b912a7f5 in nsHTMLScriptElement::DoneAddingChildren (this=0x7fe2ac526fd0, aHaveNotified=1)
    at /usr/local/b/ff35/mozilla/content/html/content/src/nsHTMLScriptElement.cpp:483
#33 0x00007fe2b915beba in HTMLContentSink::ProcessSCRIPTEndTag (this=0x7fe2ade03000, content=0x7fe2ac526fd0, aMalformed=0)
    at /usr/local/b/ff35/mozilla/content/html/document/src/nsHTMLContentSink.cpp:3145
#34 0x00007fe2b915d070 in SinkContext::CloseContainer (this=0x7fe2ad48b650, aTag=eHTMLTag_script, aMalformed=0)
    at /usr/local/b/ff35/mozilla/content/html/document/src/nsHTMLContentSink.cpp:1022
#35 0x00007fe2b915d6c5 in HTMLContentSink::CloseContainer (this=0x7fe2ade03000, aTag=eHTMLTag_script)
    at /usr/local/b/ff35/mozilla/content/html/document/src/nsHTMLContentSink.cpp:2396
#36 0x00007fe2b6fca338 in CNavDTD::CloseContainer (this=0x7fe2adf92a00, aTag=eHTMLTag_script, aMalformed=0)
    at /usr/local/b/ff35/mozilla/parser/htmlparser/src/CNavDTD.cpp:2804
#37 0x00007fe2b6fcde0e in CNavDTD::HandleEndToken (this=0x7fe2adf92a00, aToken=0x7fe2addd7308) at /usr/local/b/ff35/mozilla/parser/htmlparser/src/CNavDTD.cpp:1683
#38 0x00007fe2b6fd0159 in CNavDTD::HandleToken (this=0x7fe2adf92a00, aToken=0x7fe2addd7308, aParser=0x7fe2ad5caae0)
    at /usr/local/b/ff35/mozilla/parser/htmlparser/src/CNavDTD.cpp:760
#39 0x00007fe2b6fccf0f in CNavDTD::BuildModel (this=0x7fe2adf92a00, aParser=0x7fe2ad5caae0, aTokenizer=0x7fe2ad660160, anObserver=0x0, aSink=0x7fe2ade03108)
    at /usr/local/b/ff35/mozilla/parser/htmlparser/src/CNavDTD.cpp:332
#40 0x00007fe2b6fdab1d in nsParser::BuildModel (this=0x7fe2ad5caae0) at /usr/local/b/ff35/mozilla/parser/htmlparser/src/nsParser.cpp:2400
#41 0x00007fe2b6fe0919 in nsParser::ResumeParse (this=0x7fe2ad5caae0, allowIteration=1, aIsFinalChunk=1, aCanInterrupt=1)
    at /usr/local/b/ff35/mozilla/parser/htmlparser/src/nsParser.cpp:2273
#42 0x00007fe2b6fe2413 in nsParser::ContinueInterruptedParsing (this=0x7fe2ad5caae0) at /usr/local/b/ff35/mozilla/parser/htmlparser/src/nsParser.cpp:1773
#43 0x00007fe2b8faae2c in nsContentSink::ContinueInterruptedParsingIfEnabled (this=0x7fe2ade03000)
    at /usr/local/b/ff35/mozilla/content/base/src/nsContentSink.cpp:1720
#44 0x00007fe2b8fb1b9e in nsRunnableMethod<nsContentSink>::Run (this=0x7fe2ac7ca0d0) at ../../../dist/include/xpcom/nsThreadUtils.h:264
#45 0x00007fe2cc47bf08 in nsThread::ProcessNextEvent (this=0x7fe2c4f3e1f0, mayWait=1, result=0x7fffd535baac)
    at /usr/local/b/ff35/mozilla/xpcom/threads/nsThread.cpp:510
#46 0x00007fe2cc40bd64 in NS_ProcessNextEvent_P (thread=0x7fe2c4f3e1f0, mayWait=1) at nsThreadUtils.cpp:227
#47 0x00007fe2b6d3fc18 in nsBaseAppShell::Run (this=0x7fe2b4d4d740) at /usr/local/b/ff35/mozilla/widget/src/xpwidgets/nsBaseAppShell.cpp:170
#48 0x00007fe2bac29a90 in nsAppStartup::Run (this=0x7fe2b4c6f8d0) at /usr/local/b/ff35/mozilla/toolkit/components/startup/src/nsAppStartup.cpp:193
#49 0x00007fe2ccceed52 in XRE_main (argc=3, argv=0x7fffd535c3b8, aAppData=0x7fe2c4f1f080) at /usr/local/b/ff35/mozilla/toolkit/xre/nsAppRunner.cpp:3298
#50 0x0000000000402076 in main (argc=3, argv=0x7fffd535c3b8) at /usr/local/b/ff35/mozilla/browser/app/nsBrowserApp.cpp:156
Component: General → JavaScript Debugging APIs
Product: Firefox → Core
QA Contact: general → jsd
Version: unspecified → 1.9.1 Branch
until someone from spidermonkey says it's my fault, i'm going to assume it isn't :)
Assignee: nobody → general
Component: JavaScript Debugging APIs → JavaScript Engine
QA Contact: jsd → general
so...
things to print:

frame 8
print sn
print pc
print *jp->script

that said...

JS_DecompileScript   script=0x7fe2ac6b0fe0
js_CallNewScriptHook script=0x7fe2ac6b0fe0, fun=0x0
JSCompiler::compileScript "http://en-us.www.mozilla.com/js/s_code.js"

I'm fairly confident I'm not doing anything wrong.

There is no caller in this case.

I'm going to blame brendan's bug 452598 upvar2
Assignee: general → brendan
Blocks: 452598
Keywords: crash
Summary: JS_ASSERT triggers when jsdScript::GetFunctionSource invoked → JS_Assert jp->script->flags & JSSF_SAVED_CALLER_FUN failed
ok. it's bug 452498

http://mxr-test.konigsberg.mozilla.org/bonsai/cvsblame.cgi?file=js/src/jsopcode.cpp&rev=2cf0bbe3772a&mark=2810#2805

and for people who want a regression window, the bonsai url above is pinned to the correct changeset.
Blocks: upvar2
No longer blocks: 452598
Keywords: regression
Timeless: don't assign me bugs like this. I'll try to take 'em but if they end up requiring jsd changes, you will have to lead.

In this bug's case, can you confirm and come up with a testcase? The extension mentioned in comment 0 is nowhere to be found by anyone who could fix this bug.

/be
Assignee: brendan → general
Bryan, do you still see this with a current build?
Bryan writes "I haven't actually used this API in some time, so for all I know, it
may still be a problem."
The assert no longer exists in jsopcode.cpp, doing a search for JSSF_SAVED_CALLER_FUN no longer turns up anything on MXR, the decompiler I believe has significantly in the past weeks/months.

Please file a new bug if the issue still occurs.

-> WFM.
Status: UNCONFIRMED → RESOLVED
Closed: 12 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.