Closed Bug 291312 Opened 20 years ago Closed 20 years ago

newborn script filename table entry not saved by GC_KEEP_ATOMS

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Version:
1.0 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla1.8beta2

People

(Reporter: mvl, Assigned: brendan)

Details

(Keywords: js1.5)

Attachments

(2 files)

stack
5.68 KB, text/plain
Details
fix
3.07 KB, patch
shaver
: review+
brendan
: approval1.8b2+
Details | Diff | Splinter Review 
Inspired by bug 291210, i tried to set TOO_MUCH_GC to see how calendar handles
it. Badly, it seems. It crashes on startup with:
Assertion failure: sfe->key == sfe->filename, at
/home/michiel/mozhack/tree1/mozilla/js/src/jsscript.c:1026
Attached file stack 
This is the stack.
(The string in frame 20 is the start of monthView.js, if that helps anything)
irc log on debugging this:

<mvl>	(gdb) p *script
<mvl>	$4 = {code = 0x8529140 "\177", length = 90, main = 0x8529143 "l", version = 0,
<mvl>	  numGlobalVars = 0, atomMap = {vector = 0x85291c8, length = 9},
<mvl>	  filename = 0x85291fd "", lineno = 57, depth = 3, trynotes = 0x0,
<mvl>	  principals = 0x81be77c, object = 0x84e2560}
<brendan>	empty string filename
<brendan>	in frame 4, what is *sfe
<mvl>	(gdb) p *sfe
<mvl>	$6 = {next = 0x1, keyHash = 60, key = 0x430067, mark = 97 'a',
<mvl>	  filename = "\000l"}
<brendan>	that's not good
<brendan>	in frame 10, what is *rhe?
<mvl>	(gdb) p *rhe
<mvl>	$9 = {hdr = {keyHash = 4288663528}, root = 0x8528ca0,
<mvl>	  name = 0xb781e7d8 "nsXULPrototypeScript::mJSObject"}
<brendan>	also, let's look at $4 harder
<brendan>	x/3b $4.code
<mvl>	0x8529140:      0x7f    0x00    0x00
<brendan>	p *script.atomMap.vector[0]
<mvl>	$10 = {entry = {next = 0x847e960, keyHash = 1619793585, key = 0x84e20cc,
<mvl>	    value = 0x0}, flags = 4, number = 4669}
<brendan>	p *(JSString *)((long)$.entry.key - 4)
<mvl>	$11 = {length = 15, chars = 0x84e4fa8}
<brendan>	x/15ch $.chars
<mvl>	0x84e4fa8:      65 'A'  114 'r' 114 'r' 97 'a'  121 'y' 79 'O'  102 'f' 68 'D'
<mvl>	0x84e4fb8:      97 'a'  121 'y' 78 'N'  97 'a'  109 'm' 101 'e' 115 's'
<brendan>	ok, find the script whose only declared var is called that
<mvl>
http://lxr.mozilla.org/seamonkey/source/calendar/resources/content/monthView.xul#57
<mvl>	a <script/> element actually
<brendan>	inline script, hmm
<brendan>	in an overlay
<brendan>	the script seems intact, but its script filename table entry has been GC'd
<brendan>	one thing to check: does anyone else in the XUL we host do that?
<brendan>	maybe you've just found an old bug in overlays


on the last question:
monthView.xul, dayView.xul and the other views all include a copy of the same
<script/>. All those files overlay calendar.xul. I can of course fix that, but i
wonder if the actual error should be fixed instead.
Assignee: mostafah → brendan
Component: Sunbird and Calendar-Extension Front End → JavaScript Engine
Keywords: js1.5
OS: Linux → All
Product: Calendar → Core
Hardware: PC → All
Target Milestone: --- → mozilla1.8beta2
Version: unspecified → 1.0 Branch
Status: NEW → ASSIGNED
Summary: setting TOO_MUCH_GC crashes calendar on startup → newborn script filename table entry not saved by GC_KEEP_ATOMS
Flags: blocking1.8b2+
Attached patch fixSplinter Review 
Trivial fix, self-approving.

/be
Attachment #182636 - Flags: review?(shaver)
Attachment #182636 - Flags: approval1.8b2+
Comment on attachment 182636 [details] [diff] [review]
fix

r=shaver
Attachment #182636 - Flags: review?(shaver) → review+
Fixed, thanks all.

/be
Status: ASSIGNED → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
Flags: testcase-
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: