Closed Bug 1827830 Opened 2 years ago Closed 2 years ago

Intermittent Assertion failure: !realm_->hasActiveAutoSetNewObjectMetadata_ (Shouldn't nest AutoSetNewObjectMetadata), at /builds/worker/checkouts/gecko/js/src/vm/Realm.h:904

Categories

(Core :: JavaScript Engine, defect, P5)

Product:
Core
Component:
JavaScript Engine
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
114 Branch
Tracking Flags:
Tracking Status
firefox-esr102 --- unaffected
firefox112 --- unaffected
firefox113 --- unaffected
firefox114 --- fixed

People

(Reporter: intermittent-bug-filer, Assigned: jandem)

References

(Regression)

Details

(Keywords: assertion, intermittent-failure, regression)

Attachments

(1 file)

Bug 1827830 - Simplify AutoSetNewObjectMetadata more. r?jonco!
48 bytes, text/x-phabricator-request
Details | Review

Filed by: nerli [at] mozilla.com
Parsed log: https://treeherder.mozilla.org/logviewer?job_id=412266062&repo=autoland
Full log: https://firefox-ci-tc.services.mozilla.com/api/queue/v1/task/MTbOi_oVSeiCH63ZtsuXUw/runs/0/artifacts/public/logs/live_backing.log

[task 2023-04-13T07:57:14.222Z] 07:57:14     INFO - TEST-START | docshell/test/navigation/test_reload.html
[task 2023-04-13T07:57:15.137Z] 07:57:15     INFO - GECKO(1585) | [Parent 1585, Main Thread] WARNING: '!top', file /builds/worker/checkouts/gecko/dom/xul/MenuBarListener.cpp:99
[task 2023-04-13T07:57:15.140Z] 07:57:15     INFO - GECKO(1585) | [Parent 1585, Main Thread] WARNING: '!top', file /builds/worker/checkouts/gecko/dom/xul/MenuBarListener.cpp:99
[task 2023-04-13T07:57:15.148Z] 07:57:15     INFO - GECKO(1585) | Assertion failure: !realm_->hasActiveAutoSetNewObjectMetadata_ (Shouldn't nest AutoSetNewObjectMetadata), at /builds/worker/checkouts/gecko/js/src/vm/Realm.h:904
[task 2023-04-13T07:57:15.148Z] 07:57:15     INFO - GECKO(1585) | #01: js::AutoSetNewObjectMetadata::AutoSetNewObjectMetadata(JSContext*) [js/src/vm/Realm.h:903]
[task 2023-04-13T07:57:15.149Z] 07:57:15     INFO - GECKO(1585) | #02: NewArrayWithShape<(unsigned int)4294967295>(JSContext*, JS::Handle<js::SharedShape*>, unsigned int, js::NewObjectKind, js::gc::AllocSite*) [js/src/builtin/Array.cpp:0]
[task 2023-04-13T07:57:15.150Z] 07:57:15     INFO - GECKO(1585) | #03: NewArray<(unsigned int)4294967295>(JSContext*, unsigned int, js::NewObjectKind, js::gc::AllocSite*) [js/src/builtin/Array.cpp:4810]
[task 2023-04-13T07:57:15.152Z] 07:57:15     INFO - GECKO(1585) | #04: js::AbstractGeneratorObject::create(JSContext*, JS::Handle<JSFunction*>, JS::Handle<JSScript*>, JS::Handle<JSObject*>, JS::Handle<js::ArgumentsObject*>) [js/src/vm/GeneratorObject.cpp:48]
[task 2023-04-13T07:57:15.152Z] 07:57:15     INFO - GECKO(1585) | #05: js::AbstractGeneratorObject::createFromFrame(JSContext*, js::AbstractFramePtr) [js/src/vm/GeneratorObject.cpp:74]
[task 2023-04-13T07:57:15.153Z] 07:57:15     INFO - GECKO(1585) | #06: js::jit::CreateGeneratorFromFrame(JSContext*, js::jit::BaselineFrame*) [js/src/jit/VMFunctions.cpp:1037]
[task 2023-04-13T07:57:15.154Z] 07:57:15     INFO - GECKO(1585) | #07: ??? (???:???)
[task 2023-04-13T07:57:15.156Z] 07:57:15     INFO - GECKO(1585) | ExceptionHandler::GenerateDump cloned child 2243
[task 2023-04-13T07:57:15.157Z] 07:57:15     INFO - GECKO(1585) | ExceptionHandler::SendContinueSignalToChild sent continue signal to child
[task 2023-04-13T07:57:15.158Z] 07:57:15     INFO - GECKO(1585) | ExceptionHandler::WaitForContinueSignal waiting for continue signal...
[task 2023-04-13T07:57:15.337Z] 07:57:15     INFO - GECKO(1585) | Exiting due to channel error.
[task 2023-04-13T07:57:15.342Z] 07:57:15     INFO - TEST-INFO | Main app process: exit 11
[task 2023-04-13T07:57:15.342Z] 07:57:15     INFO - Buffered messages finished
[task 2023-04-13T07:57:15.344Z] 07:57:15    ERROR - TEST-UNEXPECTED-FAIL | docshell/test/navigation/test_reload.html | application terminated with exit code 11
[task 2023-04-13T07:57:15.344Z] 07:57:15     INFO - runtests.py | Application ran for: 0:03:02.958144
[task 2023-04-13T07:57:15.345Z] 07:57:15     INFO - zombiecheck | Reading PID log: /tmp/tmpdvpj4yh0pidlog
[task 2023-04-13T07:57:15.345Z] 07:57:15     INFO - ==> process 1585 launched child process 1605
[task 2023-04-13T07:57:15.345Z] 07:57:15     INFO - ==> process 1585 launched child process 1675
[task 2023-04-13T07:57:15.345Z] 07:57:15     INFO - ==> process 1585 launched child process 1702
[task 2023-04-13T07:57:15.345Z] 07:57:15     INFO - ==> process 1585 launched child process 1755
[task 2023-04-13T07:57:15.345Z] 07:57:15     INFO - ==> process 1585 launched child process 1762
[task 2023-04-13T07:57:15.346Z] 07:57:15     INFO - ==> process 1585 launched child process 1781
[task 2023-04-13T07:57:15.347Z] 07:57:15     INFO - ==> process 1585 launched child process 1822
[task 2023-04-13T07:57:15.347Z] 07:57:15     INFO - ==> process 1585 launched child process 1876
[task 2023-04-13T07:57:15.348Z] 07:57:15     INFO - ==> process 1585 launched child process 1927
[task 2023-04-13T07:57:15.350Z] 07:57:15     INFO - ==> process 1585 launched child process 1992
[task 2023-04-13T07:57:15.350Z] 07:57:15     INFO - ==> process 1585 launched child process 2091
[task 2023-04-13T07:57:15.350Z] 07:57:15     INFO - ==> process 1585 launched child process 2124
[task 2023-04-13T07:57:15.350Z] 07:57:15     INFO - ==> process 1585 launched child process 2176
[task 2023-04-13T07:57:15.350Z] 07:57:15     INFO - ==> process 1585 launched child process 2205
Duplicate of this bug: 1827777
Duplicate of this bug: 1827776

Note that this assertion has been added pretty recently on bug 1827420. Note that for Wd jobs this mainly happens for GeckoView.

Jan, can you please have a look?

status-firefox112: --- → unaffected
status-firefox113: --- → unaffected
status-firefox114: --- → affected
status-firefox-esr102: --- → unaffected
Component: DOM: Navigation → JavaScript Engine
Flags: needinfo?(jdemooij)
Keywords: regression
Regressed by: 1827420

The problem in the bug is that in the browser, GC can call back into JS code,
violating the assertion checking that we have only one AutoSetNewObjectMetadata
active on the stack.

In debug builds, we now use a counter for the number of active AutoSetNewObjectMetadata
instances on the stack.

This patch simplifies the object metadata code more. The NewObjectMetadataState
variant was adding a lot of complexity. It's simpler to remove it and use the
numActiveAutoSetNewObjectMetadata_ field for similar assertions.

Assignee: nobody → jdemooij
Status: NEW → ASSIGNED
Pushed by jdemooij@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/f36db2d74625 Simplify AutoSetNewObjectMetadata more. r=jonco

https://hg.mozilla.org/mozilla-central/rev/f36db2d74625

Status: ASSIGNED → RESOLVED
Closed: 2 years ago
status-firefox114: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → 114 Branch
Flags: needinfo?(jdemooij)
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: