Closed Bug 1342595 Opened 8 years ago Closed 8 years ago

Assertion failure: size_before == *profiler->size_, at js/src/vm/GeckoProfiler.cpp:428

Categories

(Core :: JavaScript Engine, defect)

x86_64
Linux
defect
Not set
critical

Tracking

()

RESOLVED DUPLICATE of bug 1341317
Tracking Status
firefox54 --- affected

People

(Reporter: gkw, Unassigned)

Details

(Keywords: assertion, bugmon, testcase, Whiteboard: [jsbugmon:update])

Attachments

(1 file)

The following testcase crashes on mozilla-central revision 69d2cf007cdc (build with --enable-debug, run with --fuzzing-safe --ion-offthread-compile=off --ion-eager): // Adapted from randomly chosen test: js/src/jit-test/tests/profiler/bug1211962.js enableGeckoProfiling(); // Adapted from randomly chosen test: js/src/jit-test/tests/basic/cooperative-threading-interrupt.js setInterruptCallback(function () { cooperativeYield(); }); evalInCooperativeThread("cooperativeYield();"); for (var i = 0; i < 1; i++) { interruptIf(1); } Backtrace: #0 js::GeckoProfilerEntryMarker::~GeckoProfilerEntryMarker (this=0x7ff24f326990, __in_chrg=<optimized out>) at js/src/vm/GeckoProfiler.cpp:428 #1 0x00000000005329a9 in js::RunScript (cx=cx@entry=0x7ff24cf20000, state=...) at js/src/vm/Interpreter.cpp:380 #2 0x00000000005354e1 in js::ExecuteKernel (cx=cx@entry=0x7ff24cf20000, script=..., script@entry=..., envChainArg=..., newTargetValue=..., evalInFrame=..., evalInFrame@entry=..., result=result@entry=0x7ff24f326d80) at js/src/vm/Interpreter.cpp:690 #3 0x00000000005358a8 in js::Execute (cx=cx@entry=0x7ff24cf20000, script=script@entry=..., envChainArg=..., rval=rval@entry=0x7ff24f326d80) at js/src/vm/Interpreter.cpp:723 #4 0x00000000008c909a in ExecuteScript (cx=cx@entry=0x7ff24cf20000, scope=scope@entry=..., script=script@entry=..., rval=rval@entry=0x7ff24f326d80) at js/src/jsapi.cpp:4476 #5 0x00000000008da148 in JS_ExecuteScript (cx=0x7ff24cf20000, scriptArg=scriptArg@entry=..., rval=rval@entry=...) at js/src/jsapi.cpp:4502 /snip For detailed crash information, see attachment.
autoBisect shows this is probably related to the following changeset: The first bad revision is: changeset: https://hg.mozilla.org/mozilla-central/rev/fad2e60d7843 user: Brian Hackett date: Fri Feb 17 05:13:11 2017 -0700 summary: Bug 1337968 - Add API and shell harness for cooperative multithreading, r=jandem. Brian, is bug 1337968 a likely regressor?
Flags: needinfo?(bhackett1024)
This testcase is fixed by the patch in bug 1341317.
Status: NEW → RESOLVED
Closed: 8 years ago
Flags: needinfo?(bhackett1024)
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: