Closed
Bug 1342595
Opened 8 years ago
Closed 8 years ago
Assertion failure: size_before == *profiler->size_, at js/src/vm/GeckoProfiler.cpp:428
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 1341317
Tracking | Status | |
---|---|---|
firefox54 | --- | affected |
People
(Reporter: gkw, Unassigned)
Details
(Keywords: assertion, bugmon, testcase, Whiteboard: [jsbugmon:update])
Attachments
(1 file)
25.27 KB,
text/plain
|
Details |
The following testcase crashes on mozilla-central revision 69d2cf007cdc (build with --enable-debug, run with --fuzzing-safe --ion-offthread-compile=off --ion-eager):
// Adapted from randomly chosen test: js/src/jit-test/tests/profiler/bug1211962.js
enableGeckoProfiling();
// Adapted from randomly chosen test: js/src/jit-test/tests/basic/cooperative-threading-interrupt.js
setInterruptCallback(function () {
cooperativeYield();
});
evalInCooperativeThread("cooperativeYield();");
for (var i = 0; i < 1; i++) {
interruptIf(1);
}
Backtrace:
#0 js::GeckoProfilerEntryMarker::~GeckoProfilerEntryMarker (this=0x7ff24f326990, __in_chrg=<optimized out>) at js/src/vm/GeckoProfiler.cpp:428
#1 0x00000000005329a9 in js::RunScript (cx=cx@entry=0x7ff24cf20000, state=...) at js/src/vm/Interpreter.cpp:380
#2 0x00000000005354e1 in js::ExecuteKernel (cx=cx@entry=0x7ff24cf20000, script=..., script@entry=..., envChainArg=..., newTargetValue=..., evalInFrame=..., evalInFrame@entry=..., result=result@entry=0x7ff24f326d80) at js/src/vm/Interpreter.cpp:690
#3 0x00000000005358a8 in js::Execute (cx=cx@entry=0x7ff24cf20000, script=script@entry=..., envChainArg=..., rval=rval@entry=0x7ff24f326d80) at js/src/vm/Interpreter.cpp:723
#4 0x00000000008c909a in ExecuteScript (cx=cx@entry=0x7ff24cf20000, scope=scope@entry=..., script=script@entry=..., rval=rval@entry=0x7ff24f326d80) at js/src/jsapi.cpp:4476
#5 0x00000000008da148 in JS_ExecuteScript (cx=0x7ff24cf20000, scriptArg=scriptArg@entry=..., rval=rval@entry=...) at js/src/jsapi.cpp:4502
/snip
For detailed crash information, see attachment.
![]() |
Reporter | |
Comment 1•8 years ago
|
||
![]() |
Reporter | |
Comment 2•8 years ago
|
||
autoBisect shows this is probably related to the following changeset:
The first bad revision is:
changeset: https://hg.mozilla.org/mozilla-central/rev/fad2e60d7843
user: Brian Hackett
date: Fri Feb 17 05:13:11 2017 -0700
summary: Bug 1337968 - Add API and shell harness for cooperative multithreading, r=jandem.
Brian, is bug 1337968 a likely regressor?
Flags: needinfo?(bhackett1024)
Comment 3•8 years ago
|
||
This testcase is fixed by the patch in bug 1341317.
Status: NEW → RESOLVED
Closed: 8 years ago
Flags: needinfo?(bhackett1024)
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•