Closed
Bug 1586485
Opened 5 years ago
Closed 5 years ago
Assertion failure: script->hasScriptCounts(), at js/src/vm/JSScript.cpp:1414
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
FIXED
mozilla71
| Tracking | Status | |
|---|---|---|
| firefox-esr60 | --- | unaffected |
| firefox-esr68 | --- | unaffected |
| firefox67 | --- | unaffected |
| firefox68 | --- | unaffected |
| firefox69 | --- | unaffected |
| firefox70 | --- | unaffected |
| firefox71 | --- | fixed |
People
(Reporter: gkw, Assigned: jandem)
References
(Regression)
Details
(4 keywords, Whiteboard: [jsbugmon:update])
Attachments
(3 files)
The following testcase crashes on mozilla-central revision 74c62117e3e5 (build with --enable-debug --enable-simulator=arm64, run with --fuzzing-safe --no-threads --ion-eager --dump-bytecode --nursery-strings=off):
See attachment.
Backtrace:
#0 GetScriptCountsMapEntry (script=<optimized out>) at js/src/vm/JSScript.cpp:1414
#1 0x0000559e87f53a57 in JSScript::getScriptCounts (this=0x7fdca4fe8570 <_IO_stdfile_2_lock>) at js/src/vm/JSScript.cpp:1421
#2 0x0000559e87f5436f in JSScript::maybeGetPCCounts (this=0xac3c4cb4700, pc=0x7fdca3c9bea6 "P\001") at js/src/vm/JSScript.cpp:1513
#3 0x0000559e87dad0a7 in DumpPCCounts (cx=<optimized out>, script=..., sp=0x559e892b32a0 <vtable for js::Sprinter+16>) at js/src/vm/BytecodeUtil.cpp:152
#4 js::DumpRealmPCCounts (cx=0x7fdca3c28000) at js/src/vm/BytecodeUtil.cpp:201
/snip
For detailed crash information, see attachment.
|
Reporter | |
Comment 1•5 years ago
|
||
|
|
Reporter | |
Comment 2•5 years ago
|
||
|
|
Reporter | |
Comment 3•5 years ago
|
||
autobisectjs shows this is probably related to the following changeset:
The first bad revision is:
changeset: https://hg.mozilla.org/mozilla-central/rev/0d25043ccb59
user: Jan de Mooij
date: Fri Oct 04 15:03:57 2019 +0000
summary: Bug 1398738 - Discard ScriptCounts after discarding JitScript. r=nbp
Jan, is bug 1398738 a likely regressor?
Flags: needinfo?(jdemooij)
|
Assignee | |
Updated•5 years ago
|
Flags: needinfo?(jdemooij)
|
|
Assignee | |
Comment 4•5 years ago
|
||
Also ensure DumpPCCounts does not trigger GC and discard the script counts when
disassembling in debug builds.
Assignee: nobody → jdemooij
Status: NEW → ASSIGNED
Pushed by jdemooij@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/85a86e5a8815 Don't discard script counts on GC when --dump-bytecode is used. r=nbp
|
||
Comment 6•5 years ago
|
||
| bugherder | ||
Status: ASSIGNED → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla71
|
||
Updated•5 years ago
|
status-firefox67:
--- → unaffected
status-firefox68:
--- → unaffected
status-firefox69:
--- → unaffected
status-firefox70:
--- → unaffected
status-firefox-esr60:
--- → unaffected
status-firefox-esr68:
--- → unaffected
You need to log in
before you can comment on or make changes to this bug.
Description
•