Closed Bug 1342595 Opened 7 years ago Closed 7 years ago

Assertion failure: size_before == *profiler->size_, at js/src/vm/GeckoProfiler.cpp:428

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Platform:
x86_64
Linux
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1341317
Tracking Flags:
Tracking Status
firefox54 --- affected

People

(Reporter: gkw, Unassigned)

Details

(Keywords: assertion, bugmon, testcase, Whiteboard: [jsbugmon:update])

Attachments

(1 file)

Detailed Crash Information
25.27 KB, text/plain
Details 
The following testcase crashes on mozilla-central revision 69d2cf007cdc (build with --enable-debug, run with --fuzzing-safe --ion-offthread-compile=off --ion-eager):

// Adapted from randomly chosen test: js/src/jit-test/tests/profiler/bug1211962.js
enableGeckoProfiling();
// Adapted from randomly chosen test: js/src/jit-test/tests/basic/cooperative-threading-interrupt.js
setInterruptCallback(function () {
    cooperativeYield();
});
evalInCooperativeThread("cooperativeYield();");
for (var i = 0; i < 1; i++) {
    interruptIf(1);
}

Backtrace:

#0  js::GeckoProfilerEntryMarker::~GeckoProfilerEntryMarker (this=0x7ff24f326990, __in_chrg=<optimized out>) at js/src/vm/GeckoProfiler.cpp:428
#1  0x00000000005329a9 in js::RunScript (cx=cx@entry=0x7ff24cf20000, state=...) at js/src/vm/Interpreter.cpp:380
#2  0x00000000005354e1 in js::ExecuteKernel (cx=cx@entry=0x7ff24cf20000, script=..., script@entry=..., envChainArg=..., newTargetValue=..., evalInFrame=..., evalInFrame@entry=..., result=result@entry=0x7ff24f326d80) at js/src/vm/Interpreter.cpp:690
#3  0x00000000005358a8 in js::Execute (cx=cx@entry=0x7ff24cf20000, script=script@entry=..., envChainArg=..., rval=rval@entry=0x7ff24f326d80) at js/src/vm/Interpreter.cpp:723
#4  0x00000000008c909a in ExecuteScript (cx=cx@entry=0x7ff24cf20000, scope=scope@entry=..., script=script@entry=..., rval=rval@entry=0x7ff24f326d80) at js/src/jsapi.cpp:4476
#5  0x00000000008da148 in JS_ExecuteScript (cx=0x7ff24cf20000, scriptArg=scriptArg@entry=..., rval=rval@entry=...) at js/src/jsapi.cpp:4502
/snip

For detailed crash information, see attachment.
autoBisect shows this is probably related to the following changeset:

The first bad revision is:
changeset:   https://hg.mozilla.org/mozilla-central/rev/fad2e60d7843
user:        Brian Hackett
date:        Fri Feb 17 05:13:11 2017 -0700
summary:     Bug 1337968 - Add API and shell harness for cooperative multithreading, r=jandem.

Brian, is bug 1337968 a likely regressor?
Flags: needinfo?(bhackett1024)
This testcase is fixed by the patch in bug 1341317.
Status: NEW → RESOLVED
Closed: 7 years ago
Flags: needinfo?(bhackett1024)
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: