Closed
Bug 1335533
Opened 7 years ago
Closed 6 years ago
Assertion failure: !JS_IsExceptionPending(cx), at js/src/jsexn.h:124
Categories
(Core :: JavaScript Engine, defect, P3)
Tracking
()
RESOLVED
WORKSFORME
Tracking | Status | |
---|---|---|
firefox54 | --- | affected |
People
(Reporter: gkw, Unassigned)
References
Details
(5 keywords, Whiteboard: [jsbugmon:update])
Attachments
(2 files)
The following testcase crashes on mozilla-central revision 1fe66bd0efba (build with --enable-debug --enable-more-deterministic --32, run with --fuzzing-safe --no-threads --ion-eager): // jsfunfuzz-generated oomTest(function () { // Adapted from randomly chosen test: js/src/jit-test/tests/debug/bug999655.js var g = newGlobal(); Debugger(g).onNewScript = function (script) { fscript = script.getChildScripts()[0] } g.eval("function f(){}"); fscript.setBreakpoint(0, { hit: function (frame) { frame.arguments[0] } }); g.f() }) Backtrace: 0 js-dbg-32-dm-clang-darwin-1fe66bd0efba 0x0028a568 js::jit::GetPropIRGenerator::tryAttachStub() + 2232 (jsexn.h:124) 1 js-dbg-32-dm-clang-darwin-1fe66bd0efba 0x00be7aef js::jit::DoGetElemFallback(JSContext*, js::jit::BaselineFrame*, js::jit::ICGetElem_Fallback*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::MutableHandle<JS::Value>) + 1231 (BaselineIC.cpp:851) /snip For detailed crash information, see attachment.
Reporter | ||
Comment 1•7 years ago
|
||
Reporter | ||
Comment 2•7 years ago
|
||
autoBisect shows this is probably related to the following changeset: The first bad revision is: changeset: https://hg.mozilla.org/mozilla-central/rev/0b58022dda33 user: Eddy Bruel date: Thu Dec 29 15:10:11 2016 +0100 summary: Bug 1271650 - Implement a C++ interface for DebuggerFrame.arguments. r=jimb Jim, is bug 1271650 a likely regressor?
Blocks: 1271650
Flags: needinfo?(jimb)
Reporter | ||
Comment 3•7 years ago
|
||
Reporter | ||
Comment 4•7 years ago
|
||
autoBisect shows this is probably related to the following changeset: The first good revision is: changeset: https://hg.mozilla.org/mozilla-central/rev/48078fb0fcc2 user: André Bargull date: Fri Jun 02 12:04:31 2017 +0200 summary: Bug 1368963 - Avoid extra calls to GetPropertyKeys() in Object.freeze/seal/preventExtensions. r=jandem I don't think this is a likely fix, is it? Shu-yu, you've fixed a few Debugger issues related to Exceptions, what do you think?
Flags: needinfo?(jimb) → needinfo?(shu)
Updated•7 years ago
|
Keywords: triage-deferred
Priority: -- → P3
Reporter | ||
Comment 5•7 years ago
|
||
> I don't think this is a likely fix, is it? Shu-yu, you've fixed a few
> Debugger issues related to Exceptions, what do you think?
Moving needinfo? to Jim.
Flags: needinfo?(shu) → needinfo?(jimb)
Comment 7•6 years ago
|
||
I'm also able to reproduce this on the parent of the changeset given in comment 2. I get: Assertion failure: cx->isExceptionPending() (Thunk execution failed but no exception was raised - missing call to js::ReportOutOfMemory()?), at /home/jimb/moz/dbg/js/src/builtin/TestingFunctions.cpp:1406 Segmentation fault (core dumped)
Comment 8•6 years ago
|
||
(In reply to Gary Kwong [:gkw] [:nth10sd] from comment #4) > autoBisect shows this is probably related to the following changeset: > > The first good revision is: > changeset: https://hg.mozilla.org/mozilla-central/rev/48078fb0fcc2 > user: André Bargull > date: Fri Jun 02 12:04:31 2017 +0200 > summary: Bug 1368963 - Avoid extra calls to GetPropertyKeys() in > Object.freeze/seal/preventExtensions. r=jandem > > I don't think this is a likely fix, is it? Shu-yu, you've fixed a few > Debugger issues related to Exceptions, what do you think? This does not seem like a likely fix for this bug.
Comment hidden (Intermittent Failures Robot) |
Comment hidden (Intermittent Failures Robot) |
Updated•6 years ago
|
Keywords: regression
Reporter | ||
Comment 11•6 years ago
|
||
Let's resolve this WFM, since it no longer reproduces. We'll find more fuzzbugs of these types going forward as well.
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•