Closed Bug 714396 Opened 13 years ago Closed 12 years ago

IonMonkey: segfault walking the stack on ARM

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Platform:
ARM
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: mjrosenb, Unassigned)

Details

The backtrace likely has nothing to do with the actual failure

#0  0x00488c40 in js::ion::IonCommonFrameLayout::prevType (this=0xc68adbfd) at ../../src/ion/arm/IonFrames-arm.h:65
#1  0x0048713c in js::ion::IonFrameIterator::operator++ (this=0xbe8078b8) at /home/mrosenberg/src/ionmonkey/ionmonkey-build/js/src/ion/IonFrames.cpp:232
#2  0x000fb4bc in js::MarkRangeConservativelyAndSkipIon (trc=0xbe807a18, td=0x4009d420, begin=0xbe807ae0, end=0xbe80b000) at /home/mrosenberg/src/ionmonkey/ionmonkey-build/js/src/jsgc.cpp:1069
#3  0x000fb63c in js::MarkThreadDataConservatively (trc=0xbe807a18, td=0x4009d420) at /home/mrosenberg/src/ionmonkey/ionmonkey-build/js/src/jsgc.cpp:1097
#4  0x000fb6b4 in js::MarkConservativeStackRoots (trc=0xbe807a18) at /home/mrosenberg/src/ionmonkey/ionmonkey-build/js/src/jsgc.cpp:1154
#5  0x000fb708 in js::MarkRuntime (trc=0xbe807a18) at /home/mrosenberg/src/ionmonkey/ionmonkey-build/js/src/jsgc.cpp:2115
#6  0x000fc64c in BeginMarkPhase (cx=0x7016b0, gcmarker=0xbe807a18, gckind=GC_NORMAL) at /home/mrosenberg/src/ionmonkey/ionmonkey-build/js/src/jsgc.cpp:2640
#7  0x000fd890 in MarkAndSweep (cx=0x7016b0, gckind=GC_NORMAL) at /home/mrosenberg/src/ionmonkey/ionmonkey-build/js/src/jsgc.cpp:2818
#8  0x000fdb6c in GCCycle (cx=0x7016b0, comp=0x0, gckind=GC_NORMAL) at /home/mrosenberg/src/ionmonkey/ionmonkey-build/js/src/jsgc.cpp:3050
#9  0x000fde70 in js_GC (cx=0x7016b0, comp=0x0, gckind=GC_NORMAL, reason=js::gcstats::PUBLIC_API) at /home/mrosenberg/src/ionmonkey/ionmonkey-build/js/src/jsgc.cpp:3119
#10 0x00048f3c in JS_CompartmentGC (cx=0x7016b0, comp=0x0) at /home/mrosenberg/src/ionmonkey/ionmonkey-build/js/src/jsapi.cpp:2783
#11 0x0001695c in GC (cx=0x7016b0, argc=0, vp=0x40527130) at /home/mrosenberg/src/ionmonkey/ionmonkey-build/js/src/shell/js.cpp:1211
#12 0x00172c5c in js::CallJSNative (cx=0x7016b0, native=0x168a4 <GC(JSContext*, uintN, jsval*)>, args=...) at ../../src/jscntxtinlines.h:311
#13 0x0016e9c4 in js::InvokeKernel (cx=0x7016b0, args=..., construct=js::NO_CONSTRUCT) at /home/mrosenberg/src/ionmonkey/ionmonkey-build/js/src/jsinterp.cpp:534
#14 0x00160870 in js::Interpret (cx=0x7016b0, entryFrame=0x405270b8, interpMode=js::JSINTERP_NORMAL) at /home/mrosenberg/src/ionmonkey/ionmonkey-build/js/src/jsinterp.cpp:3432
#15 0x0016e144 in js::RunScript (cx=0x7016b0, script=0x40b06128, fp=0x405270b8) at /home/mrosenberg/src/ionmonkey/ionmonkey-build/js/src/jsinterp.cpp:489
#16 0x0016eac0 in js::InvokeKernel (cx=0x7016b0, args=..., construct=js::NO_CONSTRUCT) at /home/mrosenberg/src/ionmonkey/ionmonkey-build/js/src/jsinterp.cpp:552
#17 0x0008d878 in js::Invoke (cx=0x7016b0, args=..., construct=js::NO_CONSTRUCT) at /home/mrosenberg/src/ionmonkey/ionmonkey-build/js/src/jsinterp.h:157
#18 0x0016f028 in js::Invoke (cx=0x7016b0, thisv=..., fval=..., argc=1, argv=0xbe808d68, rval=0xbe808d38) at /home/mrosenberg/src/ionmonkey/ionmonkey-build/js/src/jsinterp.cpp:584
#19 0x0058c070 in js::ion::InvokeFunction (cx=0x7016b0, fun=0x40b0abc0, argc=1, argv=0xbe808d60, rval=0xbe808d38) at /home/mrosenberg/src/ionmonkey/ionmonkey-build/js/src/ion/VMFunctions.cpp:59
#20 0x4092720c in ?? ()
#21 0x4092720c in ?? ()


I'll probably get a chance to look into this this weekend.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.