Closed
Bug 335013
Opened 18 years ago
Closed 12 years ago
jsd_GetScopeChainForStackFrame triggers ABBA deadlock
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
WORKSFORME
Future
People
(Reporter: timeless, Assigned: timeless)
References
()
Details
one thread is doing: 03 kernel32!WaitForSingleObject+0x12 (FPO: [Non-Fpo]) 04 nspr4!_PR_MD_WAIT_CV(struct _MDCVar * cv = 0x00d4eb6c, struct _MDLock * lock = 0x00d73d9c, unsigned int timeout = 0xffffffff)+0x7f (FPO: [Non-Fpo]) (CONV: cdecl) [r:\mozilla\nsprpub\pr\src\md\windows\w95cv.c @ 280] 05 nspr4!_PR_WaitCondVar(struct PRThread * thread = 0x00a55958, struct PRCondVar * cvar = 0x00d4eaf8, struct PRLock * lock = 0x00d73d80, unsigned int timeout = 0xffffffff)+0xd1 (FPO: [Non-Fpo]) (CONV: cdecl) [r:\mozilla\nsprpub\pr\src\threads\combined\prucv.c @ 204] 06 nspr4!PR_WaitCondVar(struct PRCondVar * cvar = 0x00d4eaf8, unsigned int timeout = 0xffffffff)+0x7f (FPO: [Non-Fpo]) (CONV: cdecl) [r:\mozilla\nsprpub\pr\src\threads\combined\prucv.c @ 551] 07 js3250!ClaimScope(struct JSScope * scope = 0x0362f5c8, struct JSContext * cx = 0x04f119f0)+0x211 (FPO: [Non-Fpo]) (CONV: cdecl) [r:\mozilla\js\src\jslock.c @ 534] 08 js3250!js_GetSlotThreadSafe(struct JSContext * cx = 0x04f119f0, struct JSObject * obj = 0x034617d0, unsigned long slot = 2)+0x11d (FPO: [Non-Fpo]) (CONV: cdecl) [r:\mozilla\js\src\jslock.c @ 610] 09 js3250!js_GetClassPrototype(struct JSContext * cx = 0x04f119f0, struct JSObject * scope = 0x036536f0, struct JSAtom * classAtom = 0x00d52bc8, struct JSObject ** protop = 0x0012e6bc)+0x154 (FPO: [Non-Fpo]) (CONV: cdecl) [r:\mozilla\js\src\jsobj.c @ 3889] 0a js3250!js_NewObject(struct JSContext * cx = 0x04f119f0, struct JSClass * clasp = 0x00fcc148, struct JSObject * proto = 0x00000000, struct JSObject * parent = 0x036536f0)+0x58 (FPO: [Non-Fpo]) (CONV: cdecl) [r:\mozilla\js\src\jsobj.c @ 1970] 0b js3250!js_GetCallObject(struct JSContext * cx = 0x04f119f0, struct JSStackFrame * fp = 0x04f151e8, struct JSObject * parent = 0x036536f0)+0x1a9 (FPO: [Non-Fpo]) (CONV: cdecl) [r:\mozilla\js\src\jsfun.c @ 566] 0c js3250!JS_GetFrameCallObject(struct JSContext * cx = 0x04f119f0, struct JSStackFrame * fp = 0x04f151e8)+0x2f (FPO: [Non-Fpo]) (CONV: cdecl) [r:\mozilla\js\src\jsdbgapi.c @ 810] 0d js3250!JS_GetFrameScopeChain(struct JSContext * cx = 0x04f119f0, struct JSStackFrame * fp = 0x04f151e8)+0x10 (FPO: [Non-Fpo]) (CONV: cdecl) [r:\mozilla\js\src\jsdbgapi.c @ 792] 0e jsd3250!jsd_GetScopeChainForStackFrame(struct JSDContext * jsdc = 0x00db2aa8, struct JSDThreadState * jsdthreadstate = 0x067dada8, struct JSDStackFrameInfo * jsdframe = 0x067dae08)+0x5b (FPO: [Non-Fpo]) (CONV: cdecl) [r:\mozilla\js\jsd\jsd_stak.c @ 322] 0f jsd3250!JSD_GetScopeChainForStackFrame(struct JSDContext * jsdc = 0x00db2aa8, struct JSDThreadState * jsdthreadstate = 0x067dada8, struct JSDStackFrameInfo * jsdframe = 0x067dae08)+0x20 (FPO: [Non-Fpo]) (CONV: cdecl) [r:\mozilla\js\jsd\jsdebug.c @ 713] 10 jsd3250!jsdStackFrame::GetScope(class jsdIValue ** _rval = 0x0012e890)+0x2e (FPO: [Non-Fpo]) (CONV: stdcall) [r:\mozilla\js\jsd\jsd_xpc.cpp @ 1945] frame 0e grabbed the jsd lock, it then called out of jsd into spidermonkey which tries to poke a lock at frame 07. unfortunately that loses to the other js thread: 04 nspr4!PR_Lock(struct PRLock * lock = 0x00db3040)+0xac (FPO: [Non-Fpo]) (CONV: cdecl) [r:\mozilla\nsprpub\pr\src\threads\combined\prulock.c @ 255] 05 jsd3250!jsd_Lock(struct JSDStaticLock * lock = 0x00db2ff0)+0x65 (FPO: [Non-Fpo]) (CONV: cdecl) [r:\mozilla\js\jsd\jsd_lock.c @ 153] 06 jsd3250!jsd_NewThreadState(struct JSDContext * jsdc = 0x00db2aa8, struct JSContext * cx = 0x068ec948)+0x1ab (FPO: [Non-Fpo]) (CONV: cdecl) [r:\mozilla\js\jsd\jsd_stak.c @ 164] 07 jsd3250!jsd_CallExecutionHook(struct JSDContext * jsdc = 0x00db2aa8, struct JSContext * cx = 0x068ec948, unsigned int type = 1, <function> * hook = 0x019a24c0, void * hookData = 0x00000001, long * rval = 0x0778fa34)+0x2c (FPO: [Non-Fpo]) (CONV: cdecl) [r:\mozilla\js\jsd\jsd_hook.c @ 165] 08 jsd3250!jsd_TrapHandler(struct JSContext * cx = 0x068ec948, struct JSScript * script = 0x034f51a0, unsigned char * pc = 0x034f5204 "SW", long * rval = 0x0778fa34, void * closure = 0x0692d1b1)+0x1bf (FPO: [Non-Fpo]) (CONV: cdecl) [r:\mozilla\js\jsd\jsd_scpt.c @ 745] 09 js3250!JS_HandleTrap(struct JSContext * cx = 0x068ec948, struct JSScript * script = 0x034f51a0, unsigned char * pc = 0x034f5204 "SW", long * rval = 0x0778fa34)+0x67 (FPO: [Non-Fpo]) (CONV: cdecl) [r:\mozilla\js\src\jsdbgapi.c @ 217] 0a js3250!js_Interpret(struct JSContext * cx = 0x068ec948, unsigned char * pc = 0x034f5204 "SW", long * result = 0x0778fb64)+0x10dbb (FPO: [Non-Fpo]) (CONV: cdecl) [r:\mozilla\js\src\jsinterp.c @ 4489] 0b js3250!js_Invoke(struct JSContext * cx = 0x068ec948, unsigned int argc = 0, unsigned int flags = 2)+0xba5 (FPO: [Non-Fpo]) (CONV: cdecl) [r:\mozilla\js\src\jsinterp.c @ 1274] 0c xpc3250!nsXPCWrappedJSClass::CallMethod(class nsXPCWrappedJS * wrapper = 0x0663d800, unsigned short methodIndex = 3, class nsXPTMethodInfo * info = 0x019f5ba0, struct nsXPTCMiniVariant * nativeParams = 0x0778fe84)+0xd39 (FPO: [Non-Fpo]) (CONV: stdcall) [r:\mozilla\js\src\xpconnect\src\xpcwrappedjsclass.cpp @ 1507] 0d xpc3250!nsXPCWrappedJS::CallMethod(unsigned short methodIndex = 3, class nsXPTMethodInfo * info = 0x019f5ba0, struct nsXPTCMiniVariant * params = 0x0778fe84)+0x3f (FPO: [Non-Fpo]) (CONV: stdcall) [r:\mozilla\js\src\xpconnect\src\xpcwrappedjs.cpp @ 519] this thread owns the jsscope or something and triggers a trap a which tries to get the jsdlock in frame 06, but it can't get it because thread 0 has the jsd lock. and thread 0 is waiting for this thread to let go of js.
Comment 1•17 years ago
|
||
timeless, I think all of us know this bug is not going to get fixed soon unless you do it. :-(
Target Milestone: --- → Future
Updated•15 years ago
|
Assignee: timeless → nobody
Component: Venkman JS Debugger → JavaScript Debugging APIs
Product: Other Applications → Core
QA Contact: venkman → jsd
Version: unspecified → Trunk
Updated•13 years ago
|
Component: JavaScript Debugging/Profiling APIs → JavaScript Engine
Comment 2•12 years ago
|
||
Title code was deleted.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•