Closed
Bug 1406452
Opened 7 years ago
Closed 7 years ago
Assertion failure: status() != 0, at js/src/builtin/ModuleObject.cpp:784 with getModuleEnvironmentValue
Categories
(Core :: JavaScript Engine, defect, P2)
Tracking
()
RESOLVED
FIXED
mozilla58
Tracking | Status | |
---|---|---|
firefox-esr52 | --- | unaffected |
firefox56 | --- | unaffected |
firefox57 | --- | wontfix |
firefox58 | --- | fixed |
People
(Reporter: decoder, Assigned: jonco)
Details
(Keywords: assertion, bugmon, testcase, Whiteboard: [jsbugmon:update])
Attachments
(1 file)
3.20 KB,
patch
|
evilpies
:
review+
|
Details | Diff | Splinter Review |
The following testcase crashes on mozilla-central revision 19b32a138d08 (build with --enable-posix-nspr-emulation --enable-valgrind --enable-gczeal --disable-tests --enable-stdcxx-compat --disable-profiling --enable-debug --enable-optimize, run with --fuzzing-safe --thread-count=2 --ion-eager):
loadFile(`
let m = parseModule(\`
for (var x of iterator) {}
\`);
m.declarationInstantiation();
m.evaluation();
`)
getModuleEnvironmentValue(m, "r").toString()
function loadFile(lfVarx) {
try {
evaluate(lfVarx);
} catch (lfVare) { }
}
Backtrace:
received signal SIGSEGV, Segmentation fault.
0x0000000000575278 in js::ModuleObject::environment (this=0x7ffff528f1a0) at js/src/builtin/ModuleObject.cpp:784
#0 0x0000000000575278 in js::ModuleObject::environment (this=0x7ffff528f1a0) at js/src/builtin/ModuleObject.cpp:784
#1 0x000000000088d95d in GetModuleEnvironment (cx=0x7ffff6948000, moduleValue=..., moduleValue@entry=...) at js/src/builtin/TestingFunctions.cpp:4250
#2 0x00000000008979da in GetModuleEnvironmentValue (cx=0x7ffff6948000, argc=<optimized out>, vp=<optimized out>) at js/src/builtin/TestingFunctions.cpp:4306
#3 0x000000000055d4f1 in js::CallJSNative (cx=0x7ffff6948000, native=0x897900 <GetModuleEnvironmentValue(JSContext*, unsigned int, JS::Value*)>, args=...) at js/src/jscntxtinlines.h:293
#4 0x0000000000551d1f in js::InternalCallOrConstruct (cx=cx@entry=0x7ffff6948000, args=..., construct=construct@entry=js::NO_CONSTRUCT) at js/src/vm/Interpreter.cpp:495
#5 0x00000000005521bd in InternalCall (cx=0x7ffff6948000, args=...) at js/src/vm/Interpreter.cpp:540
#6 0x00000000005522ea in js::CallFromStack (cx=<optimized out>, args=...) at js/src/vm/Interpreter.cpp:546
#7 0x000000000063c263 in js::jit::DoCallFallback (cx=0x7ffff6948000, frame=0x7fffffffcce8, stub_=<optimized out>, argc=<optimized out>, vp=0x7fffffffcc88, res=...) at js/src/jit/BaselineIC.cpp:2534
#8 0x000006d3b930c42b in ?? ()
rax 0x0 0
rbx 0x7ffff528f1a0 140737306489248
rcx 0x7ffff6c28a2d 140737333332525
rdx 0x0 0
rsi 0x7ffff6ef7770 140737336276848
rdi 0x7ffff6ef6540 140737336272192
rbp 0x7fffffffc430 140737488340016
rsp 0x7fffffffc410 140737488339984
r8 0x7ffff6ef7770 140737336276848
r9 0x7ffff7fe4740 140737354024768
r10 0x58 88
r11 0x7ffff6b9f750 140737332770640
r12 0x7fffffffc460 140737488340064
r13 0x7ffff6948020 140737330315296
r14 0x7fffffffc440 140737488340032
r15 0x1 1
rip 0x575278 <js::ModuleObject::environment() const+216>
=> 0x575278 <js::ModuleObject::environment() const+216>: movl $0x0,0x0
0x575283 <js::ModuleObject::environment() const+227>: ud2
Updated•7 years ago
|
Whiteboard: [jsbugmon:update,bisect] → [jsbugmon:update]
Comment 1•7 years ago
|
||
JSBugMon: Bisection requested, result:
autoBisect shows this is probably related to the following changeset:
The first bad revision is:
changeset: https://hg.mozilla.org/mozilla-central/rev/2e4748827cda
user: Jon Coppeard
date: Wed Aug 09 18:05:15 2017 +0100
summary: Bug 1374239 - Store and re-throw module instantiation and evaluation errors r=shu
This iteration took 0.966 seconds to run.
Assignee | ||
Comment 2•7 years ago
|
||
This assert is going off because we're trying to get the environment from an 'errored' module, i.e. where we've thrown an exception during instantiation or evaluation.
We just need to check that in our testing functions.
Assignee: nobody → jcoppeard
Attachment #8916556 -
Flags: review?(evilpies)
Attachment #8916556 -
Flags: review?(evilpies) → review+
Pushed by jcoppeard@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/29e70589594f
Check for errored modules in builtin testing functions r=evilpie
Updated•7 years ago
|
Priority: -- → P2
Comment 4•7 years ago
|
||
bugherder |
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla58
Updated•7 years ago
|
status-firefox56:
--- → unaffected
status-firefox57:
--- → wontfix
status-firefox-esr52:
--- → unaffected
You need to log in
before you can comment on or make changes to this bug.
Description
•