Closed
Bug 1341283
Opened 7 years ago
Closed 7 years ago
Assertion failure: !activeContext() || gc.canChangeActiveContext(activeContext()), at js/src/vm/Runtime.cpp:339 with evalInCooperativeThread and Interrupt
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
FIXED
mozilla54
Tracking | Status | |
---|---|---|
firefox52 | --- | unaffected |
firefox53 | --- | unaffected |
firefox54 | --- | fixed |
People
(Reporter: decoder, Assigned: bhackett1024)
References
Details
(4 keywords, Whiteboard: [jsbugmon:update,bisect])
Attachments
(1 file)
1.85 KB,
patch
|
jonco
:
review+
|
Details | Diff | Splinter Review |
The following testcase crashes on mozilla-central revision d84beb192e57 (build with --enable-posix-nspr-emulation --enable-valgrind --enable-gczeal --disable-tests --enable-stdcxx-compat --disable-profiling --enable-debug --without-intl-api --enable-optimize --target=i686-pc-linux-gnu, run with --fuzzing-safe): gczeal(4); evalInCooperativeThread('\ for (var i = 0; i < 10; i++) {\ interruptIf(true);\ }\ '); Backtrace: received signal SIGSEGV, Segmentation fault. 0x0879e5b0 in JSRuntime::setActiveContext (this=0xf793d000, cx=0x0) at js/src/vm/Runtime.cpp:339 #0 0x0879e5b0 in JSRuntime::setActiveContext (this=0xf793d000, cx=0x0) at js/src/vm/Runtime.cpp:339 #1 0x08566bd8 in js::YieldCooperativeContext (cx=0xf7941800) at js/src/jscntxt.cpp:197 #2 0x0852a199 in JS_YieldCooperativeContext (cx=0xf7941800) at js/src/jsapi.cpp:486 #3 0x0809a693 in CooperativeBeginWait (cx=0xf7941800) at js/src/shell/js.cpp:3386 #4 EvalInThread (cx=0xf7941800, argc=<optimized out>, vp=<optimized out>, cooperative=true) at js/src/shell/js.cpp:3633 #5 0x0816ea10 in js::CallJSNative (cx=0xf7941800, native=0x809aa60 <EvalInCooperativeThread(JSContext*, unsigned int, JS::Value*)>, args=...) at js/src/jscntxtinlines.h:281 [...] #19 0x08078203 in main (argc=3, argv=0xffffd8e4, envp=0xffffd8f4) at js/src/shell/js.cpp:8320 eax 0x0 0 ebx 0x0 0 ecx 0xf7da4864 -136689564 edx 0x0 0 esi 0xf793d000 -141307904 edi 0x8cf7ff4 147816436 ebp 0xffffcbf8 4294953976 esp 0xffffcbe0 4294953952 eip 0x879e5b0 <JSRuntime::setActiveContext(JSContext*)+192> => 0x879e5b0 <JSRuntime::setActiveContext(JSContext*)+192>: movl $0x0,0x0 0x879e5ba <JSRuntime::setActiveContext(JSContext*)+202>: ud2
Assignee | ||
Comment 2•7 years ago
|
||
We don't want cooperative multithreading to conflict with GC settings that prevent changing the active context (this was, yeah, pretty forseeable...). I think the only GC setting that can change dynamically and prevent active context changes is the tracer used in the pre barrier verifier.
Assignee: nobody → bhackett1024
Attachment #8839705 -
Flags: review?(jcoppeard)
Updated•7 years ago
|
Attachment #8839705 -
Flags: review?(jcoppeard) → review+
Pushed by bhackett@mozilla.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/3c365d2e8202 Avoid conflicts between GC zeal behavior and cooperative multithreading context switches, r=jonco.
Comment 5•7 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/3c365d2e8202
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla54
Updated•7 years ago
|
status-firefox52:
--- → unaffected
status-firefox53:
--- → unaffected
You need to log in
before you can comment on or make changes to this bug.
Description
•