Closed Bug 326005 Opened 19 years ago Closed 19 years ago

Crash when embedding Release version (but not Debug version)

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
VERIFIED DUPLICATE of bug 151066

People

(Reporter: peebrainx, Unassigned)

References

(
URL
)

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1

I am embedding SpiderMonkey into my own MSVC++6.0 project.  Using the Debug .dll works fine, but when I switch over to the Release .dll, it crashes.

As a note, I have modified the SpiderMonkey source to output the function js_PCToLineNumber to the .dll, so I could call it, but that's the only modification I've made.

I traced the bug to jsparse.c, line 2184:

            if (currentGetter == js_GetLocalVariable &&
                atom != cx->runtime->atomState.argumentsAtom &&
                fp->scopeChain == obj &&
                !js_InWithStatement(tc)) {
                if (!js_AddNativeProperty(cx, obj, (jsid)atom,
                                          currentGetter, currentSetter,
                                          SPROP_INVALID_SLOT,
                                          pn2->pn_attrs | JSPROP_SHARED,
                                          SPROP_HAS_SHORTID, fun->nvars)) {
                    ok = JS_FALSE;
                }
                fun->nvars++;
            }

It seems in the Release version, the above condition returns TRUE, which causes the function below to execute.  The problem is that the variable fun is NULL.  So fun->nvars forces a crash.  A simple fix is to include "&& fun" in the conditional - although I'm not sure if that is the CORRECT solution.

You can download the program at: http://pbwhere.com/JSWin-crash.zip

The Debug version will run correctly (if you have the debug version of MFC).  The Release version will crash.  The source is included.

Reproducible: Always

Steps to Reproduce:
1. Run the program JSWin-crash.zip/JSWin/Release/JSWin.exe

Actual Results:  
Crash

Expected Results:  
No crash
Sean, where does js32.dll come from (i.e., how are you building it?). At first blush, it seems that you're running into bug 151066, where a bug in the MSVC optimizer causes otherwise fine code to crash. Can you see if adding -OPT:NOICF to your linker flags when compiling SpiderMonkey fixes this crash for you?
That worked - I added:

/opt:ref /opt:noicf

And it fixed the problem.  Thank you - sorry for the trouble.

~Sean

*** This bug has been marked as a duplicate of 151066 ***
Status: UNCONFIRMED → RESOLVED
Closed: 19 years ago
Resolution: --- → DUPLICATE
The release notes warn about this in red text in a red-bordered box.  Maybe we should use the blink tag? ;-)

/be
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.