Closed Bug 1127525 Opened 9 years ago Closed 2 years ago

"Assertion failure: !isIncrementalGCInProgress()" with gczeal(4), verifyprebarriers()

Categories

(Core :: JavaScript: GC, defect)

x86_64
macOS
defect
Not set
critical

Tracking

()

RESOLVED INACTIVE

People

(Reporter: jruderman, Unassigned)

References

Details

(Keywords: assertion, regression, testcase)

Attachments

(2 files)

Attached file f.html
1. Create a profile with:
     e10 disabled
     https://www.squarefree.com/extensions/domFuzzLite3.xpi intalled
2. Run: firefox -profile <profiledir> f.html
3. Wait a few seconds for the testcase to spin and then for the GC timer to fire

Result:

Assertion failure: !isIncrementalGCInProgress(), at js/src/jsgc.cpp:6231
Attached file stack
Component: JavaScript Engine → JavaScript: GC
I'm hitting this assertion very frequently, even without gczeal. Having a fix would speed up fuzzing.
Whiteboard: [fuzzblocker]
Setting a needinfo? from Terrence as requested, to take a peek at this old fuzzblocker.
Flags: needinfo?(terrence)
This is happening because gecko's notion of "is inside an incremental GC" gets out of sync with spidermonkey's notion of the same. In gecko, GC_CYCLE_BEGIN/END maintain sCCLockedOut, which gets checked whenever we want to do a slice. In spidermonkey we maintain and check incrementalState. StartVerifyingPreBarriers munges incrementalState without calling the callbacks.

I think ideally we want a single source of truth here. I'm going to need to think about how we want to do this.
Flags: needinfo?(terrence)
StartVerifyingPreBarriers doesn't seem to exist anymore (after a quick DXR check). Jon, is this still applicable?
Flags: needinfo?(jcoppeard)
Right, but the pre-barrier verifier is still there, the function just got moved to GCRuntime::startVerifyPreBarriers.

I expect this bug is still present.
Flags: needinfo?(jcoppeard)

We're no longer see this assertion in fuzzing. Removing fuzzblocker from the whiteboard.

Whiteboard: [fuzzblocker]

Please reopen if this starts happening again.

Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → INACTIVE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: