Closed Bug 1123120 Opened 10 years ago Closed 10 years ago

Assertion failure: !isInterpretedLazy(), at jsfun.h

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Platform:
x86_64
macOS
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla38
Tracking Flags:
Tracking Status
firefox38 --- affected

People

(Reporter: gkw, Assigned: jandem)

References

Details

(Keywords: assertion, regression, testcase, Whiteboard: [jsbugmon:])

Attachments

(2 files)

stack
2.78 KB, text/plain
Details
Patch
890 bytes, patch
till
: review+
Details | Diff | Splinter Review
(function() { function f() {} var x (function() { x = 1 })() f + 0 relazifyFunctions() })() asserts js debug shell on m-c changeset 6446c26b45f9 with --fuzzing-safe --no-threads -D at Assertion failure: !isInterpretedLazy(), at jsfun.h Debug configure options: CC="clang -Qunused-arguments" CXX="clang++ -Qunused-arguments" AR=ar AUTOCONF=/usr/local/Cellar/autoconf213/2.13/bin/autoconf213 sh /Users/skywalker/trees/mozilla-central/js/src/configure --target=x86_64-apple-darwin12.5.0 --enable-debug --enable-optimize --enable-nspr-build --enable-more-deterministic --with-ccache --enable-gczeal --enable-debug-symbols --disable-tests === Tinderbox Build Bisection Results by autoBisect === The "good" changeset has the timestamp "20150117005258" and the hash "b86864fd9d60". The "bad" changeset has the timestamp "20150117035558" and the hash "eb6e90404b76". Likely regression window: https://hg.mozilla.org/integration/mozilla-inbound/pushloghtml?fromchange=b86864fd9d60&tochange=eb6e90404b76 This was probably exposed by bug 1116760. Jan, thoughts?
Flags: needinfo?(jdemooij)
Attached file stack
(lldb) bt 5 * thread #1: tid = 0x128f5, 0x0000000100024f9a js-dbg-opt-64-dm-nsprBuild-darwin-6446c26b45f9`JSFunction::isHeavyweight(this=<unavailable>) const + 202 at jsfun.h:95, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x0) * frame #0: 0x0000000100024f9a js-dbg-opt-64-dm-nsprBuild-darwin-6446c26b45f9`JSFunction::isHeavyweight(this=<unavailable>) const + 202 at jsfun.h:95 frame #1: 0x0000000100813d18 js-dbg-opt-64-dm-nsprBuild-darwin-6446c26b45f9`js::StaticScopeIter<(this=<unavailable>)0>::hasDynamicScopeObject() const + 120 at ScopeObject-inl.h:106 frame #2: 0x00000001007bdcf8 js-dbg-opt-64-dm-nsprBuild-darwin-6446c26b45f9`js::ScopeCoordinateToStaticScopeShape(script=<unavailable>, pc=<unavailable>) + 200 at ScopeObject.cpp:45 frame #3: 0x00000001007bdfaa js-dbg-opt-64-dm-nsprBuild-darwin-6446c26b45f9`js::ScopeCoordinateName(cache=0x0000000102029098, script=0x000000010505e300, pc=0x0000000101e1eabb) + 42 at ScopeObject.cpp:68 frame #4: 0x000000010060a53d js-dbg-opt-64-dm-nsprBuild-darwin-6446c26b45f9`js_Disassemble1(cx=0x0000000101f01cf0, pc=0x0000000101e1eabb, loc=<unavailable>, lines=<unavailable>, sp=0x00007fff5fbff4b0, script=<unavailable>) + 2141 at jsopcode.cpp:979 (lldb)
Whiteboard: [jsbugmon:update] → [jsbugmon:]
JSBugMon: Cannot process bug: Unable to automatically reproduce, please track manually.
Note that this requires -D.
Attached patch PatchSplinter Review
We shouldn't relazify scripts with pc counts. If we're using this option, we're intentionally keeping the scripts alive (so that we can dump the info later), so relazifying doesn't gain us anything. Furthermore, this is only used by devs anyway.
Assignee: nobody → jdemooij
Status: NEW → ASSIGNED
Flags: needinfo?(jdemooij)
Attachment #8551246 - Flags: review?(till)
Comment on attachment 8551246 [details] [diff] [review] Patch Review of attachment 8551246 [details] [diff] [review]: ----------------------------------------------------------------- Yup, that makes sense.
Attachment #8551246 - Flags: review?(till) → review+
https://hg.mozilla.org/mozilla-central/rev/deadc5352365
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla38
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: