Assertion failure: vp + 1 < end in DeutschSchorrWaite

VERIFIED FIXED

Status

()

Core
JavaScript Engine
VERIFIED FIXED
13 years ago
12 years ago

People

(Reporter: bc, Unassigned)

Tracking

({regression})

1.8 Branch
x86
Linux
regression
Points:
---
Dependency tree / graph
Bug Flags:
blocking1.8.1 -
blocking1.8.0.1 -
blocking1.8.0.2 -
in-testsuite +

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: regression from 1.5, URL)

(Reporter)

Description

13 years ago
Found this in 1.8.0.1 and 1.8.1 builds on Linux Debug only on 2006-01-11.

Assertion failure: vp + 1 < end, at mozilla/js/src/jsgc.c:1428

The symptom appeared in the automated browser based JS tests as a time out on the test. Looking at the log, it was actually this assert. This has not appeared before. The last test run where I did not see this was 2006-01-06 or so. 

I am not sure this is really a regression from 1.5 since it crashed in Firefox 1.5 20051111 release on Linux. It does not crash with Firefox 1.5.0.1 on Linux. Is this something that is a result of recent checkins on the branches?

TB13865366 with Firefox 1.5 20051111 release

DeutschSchorrWaite()  [/builds/tinderbox/Fx-Mozilla1.8/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/js/src/jsgc.c, line 1401]
MarkGCThing()  [/builds/tinderbox/Fx-Mozilla1.8/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/js/src/jsgc.c, line 1274]
gc_root_marker()  [/builds/tinderbox/Fx-Mozilla1.8/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/js/src/jsgc.c, line 1485]
JS_DHashTableEnumerate()  [/builds/tinderbox/Fx-Mozilla1.8/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/js/src/jsdhash.c, line 621]
js_GC()  [/builds/tinderbox/Fx-Mozilla1.8/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/js/src/jsgc.c, line 1702]
js_NewGCThing()  [/builds/tinderbox/Fx-Mozilla1.8/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/js/src/jsgc.c, line 634]
js_NewString()  [/builds/tinderbox/Fx-Mozilla1.8/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/js/src/jsstr.c, line 2523]
JS_NewStringCopyZ()  [/builds/tinderbox/Fx-Mozilla1.8/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/js/src/jsapi.c, line 4265]
js_QuoteString()  [/builds/tinderbox/Fx-Mozilla1.8/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/js/src/jsopcode.c, line 455]
js_ValueToSource()  [/builds/tinderbox/Fx-Mozilla1.8/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/js/src/jsstr.c, line 2783]
InitExceptionObject()  [/builds/tinderbox/Fx-Mozilla1.8/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/js/src/jsexn.c, line 448]
js_ErrorToException()  [/builds/tinderbox/Fx-Mozilla1.8/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/js/src/jsexn.c, line 1037]
ReportCompileErrorNumber()  [/builds/tinderbox/Fx-Mozilla1.8/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/js/src/jsscan.c, line 698]
js_ReportCompileErrorNumber()  [/builds/tinderbox/Fx-Mozilla1.8/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/js/src/jsscan.c, line 754]
Statement()  [/builds/tinderbox/Fx-Mozilla1.8/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/js/src/jsparse.c, line 1275]
repeated Statement()...
(Reporter)

Comment 1

13 years ago
setting blocking 1.8.0.1 and 1.8.1 flags to get this on the radar.
Flags: blocking1.8.1?
Flags: blocking1.8.0.1?
(Reporter)

Updated

13 years ago
Flags: testcase+
Whiteboard: regression from 1.5
I don't see how this is a regression since 1.5.

/be
Is bug 323252 a dup?

/be
No fix in sight, no clarity on whether this is or isn't a regression: pushing into the 1.8.0.2 pile to decide on because this missed the 1.8.0.1 train 
Flags: blocking1.8.0.2?
Flags: blocking1.8.0.1?
Flags: blocking1.8.0.1-

Updated

13 years ago
Depends on: 324117
ditto for 1.8.0.2
Flags: blocking1.8.0.2? → blocking1.8.0.2-

Updated

12 years ago
Flags: blocking1.8.1? → blocking1.8.1+

Comment 6

12 years ago
Given previous comments taking this off the 1.8.1 list...
Flags: blocking1.8.1+ → blocking1.8.1-
(Reporter)

Comment 7

12 years ago
works for me in 1.8.0, 1.8.1, 1.9 20061109 windows/linux/mac*
Status: NEW → RESOLVED
Last Resolved: 12 years ago
Resolution: --- → WORKSFORME

Comment 8

12 years ago
Note that this must be resolved-fixed on the trunk and 1.8.1 branch as the changes from bug 324278 removed DeutschSchorrWaite code completely. On the other hand the code is on 1.8.0 branch and if it no longer crashes, then it means that something fixed it. Perhaps 1.8.0-only patch for bug 324117 did it, perhaps other GC hazards fixes. But this is not something I am going to spend time on. 
Depends on: 324278
(Reporter)

Updated

12 years ago
Status: RESOLVED → REOPENED
Resolution: WORKSFORME → ---
(Reporter)

Comment 9

12 years ago
fixed by bug 324278
Status: REOPENED → RESOLVED
Last Resolved: 12 years ago12 years ago
Resolution: --- → FIXED
(Reporter)

Comment 10

12 years ago
verified fixed 20061122 1.9 windows/linux
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.