Closed
Bug 1000225
Opened 10 years ago
Closed 6 years ago
Assertion failure: js(), at js/ProfilingStack.h:64 or Crash [@ js::ProfileEntry::setPC]
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
WORKSFORME
Tracking | Status | |
---|---|---|
firefox31 | --- | affected |
People
(Reporter: decoder, Unassigned)
Details
(Keywords: assertion, crash, testcase, Whiteboard: [jsbugmon:testComment=6,origRev=d7c07694f339])
Crash Data
Attachments
(1 file)
1009 bytes,
text/plain
|
Details |
The following testcase asserts on mozilla-central revision ac376a4e8174 (run with --fuzzing-safe --ion-eager): arr = []; arr.watch('length', watcher); try { arr.push(5); } catch(ex) { arr.pop(); } function watcher(propname, oldval, newval) { return (function() { var n = 50; while (n--) { disableSPSProfiling(); if (!n) return; enableSPSProfilingAssertions(true); } })(); }
Reporter | ||
Updated•10 years ago
|
Crash Signature: [@ js::ProfileEntry::setPC]
status-firefox31:
--- → affected
Keywords: crash
Whiteboard: [jsbugmon:update,bisect]
Reporter | ||
Comment 1•10 years ago
|
||
Comment 2•10 years ago
|
||
Kannan / Jan, is this another SPS issue related to bug 970252 or bug 994406?
Reporter | ||
Updated•10 years ago
|
Whiteboard: [jsbugmon:update,bisect] → [jsbugmon:update]
Reporter | ||
Comment 3•10 years ago
|
||
JSBugMon: Bisection requested, result: autoBisect shows this is probably related to the following changeset: The first bad revision is: changeset: http://hg.mozilla.org/mozilla-central/rev/88288ea65ef8 user: Steve Fink date: Mon Apr 01 17:58:37 2013 -0700 summary: Bug 822041 - Do not copy hasPushedSPSFrame() from heap generator frame. r=luke This iteration took 81.981 seconds to run.
Reporter | ||
Updated•10 years ago
|
Whiteboard: [jsbugmon:update] → [jsbugmon:update,ignore]
Reporter | ||
Comment 5•10 years ago
|
||
JSBugMon: The testcase found in this bug no longer reproduces (tried revision b7062df8c7c3).
Reporter | ||
Updated•10 years ago
|
Whiteboard: [jsbugmon:update,ignore] → [jsbugmon:bisectfix]
Reporter | ||
Comment 6•10 years ago
|
||
arr = []; arr.watch('length', watcher); try { arr.push(5); } catch(ex) { arr.pop(); } function watcher(propname, oldval, newval) { return (function() { var n = 50; while (n--) { disableSPSProfiling(); if (!n) return; enableSPSProfilingWithSlowAssertions(); } })(); } Let's try this with JSBugMon :)
Whiteboard: [jsbugmon:bisectfix] → [jsbugmon:update,testComment=6,origRev=d7c07694f339]
Reporter | ||
Updated•10 years ago
|
Whiteboard: [jsbugmon:update,testComment=6,origRev=d7c07694f339] → [jsbugmon:testComment=6,origRev=d7c07694f339]
Reporter | ||
Comment 7•10 years ago
|
||
JSBugMon: Cannot process bug: Unable to automatically reproduce, please track manually.
Comment 8•9 years ago
|
||
I'm assuming this will disappear with djvj's new frame walking stuff. Either that, or it's already gone.
Flags: needinfo?(sphink)
Comment 9•6 years ago
|
||
Closing because no crash reported since 12 weeks.
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → WONTFIX
Comment 10•6 years ago
|
||
Closing because no crash reported since 12 weeks.
Reopening because crash bugs **with testcases** should not be resolved **as WONTFIX** based on queries of crash-stats. Other resolutions may be appropriate for other reasons. (Crash signatures are not the same as bug identity; they're merely a search aid to find and group similar crashes. The bug may still be present, but the signature may have changed slightly, or the bug may even still be present with the same signature but there are simply no recent reports of crashes in that function.)
Status: RESOLVED → REOPENED
Resolution: WONTFIX → ---
Reporter | ||
Comment 13•6 years ago
|
||
I would assume this bug is gone because Array.watch() has been removed. JSBugMon didn't report this because it couldn't automatically track this bug in the first place for some reason. Closing as WORKSFORME because we removed the underlying code, but I don't know where.
Status: REOPENED → RESOLVED
Closed: 6 years ago → 6 years ago
Flags: needinfo?(choller)
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•