Closed Bug 414875 Opened 17 years ago Closed 17 years ago

Another fatal startup assertion when gczeal == 2

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED DUPLICATE of bug 414871

People

(Reporter: bzbarsky, Unassigned)

References

Details

If I add a null-check to work around bug 414871, I get another fatal assertion:

Assertion failure: *flagp != GCF_FINAL, at ../../../mozilla/js/src/jsgc.c:1954

Program received signal SIGTRAP, Trace/breakpoint trap.
JS_Assert (s=0xb7ba2db2 "*flagp != GCF_FINAL", 
    file=0xb7ba1e28 "../../../mozilla/js/src/jsgc.c", ln=1954)
    at ../../../mozilla/js/src/jsutil.c:63
63          abort();

with the stack:

#0  JS_Assert (s=0xb7ba2db2 "*flagp != GCF_FINAL", 
    file=0xb7ba1e28 "../../../mozilla/js/src/jsgc.c", ln=1954)
    at ../../../mozilla/js/src/jsutil.c:63
#1  0xb7b0e605 in JS_CallTracer (trc=0xbfffdbe0, thing=0xb480f4a0, kind=0)
    at ../../../mozilla/js/src/jsgc.c:1954
#2  0xb7b70aed in js_TraceScript (trc=0xbfffdbe0, script=0x842e300)
    at ../../../mozilla/js/src/jsscript.c:1536
#3  0xb7b0eb3e in js_TraceStackFrame (trc=0xbfffdbe0, fp=0xbfffe350)
    at ../../../mozilla/js/src/jsgc.c:2111
#4  0xb7b0f31a in js_TraceContext (trc=0xbfffdbe0, acx=0x8196338)
    at ../../../mozilla/js/src/jsgc.c:2219
#5  0xb7b0f829 in js_TraceRuntime (trc=0xbfffdbe0, allAtoms=1)
    at ../../../mozilla/js/src/jsgc.c:2298
#6  0xb7b0fdb6 in js_GC (cx=0x8196338, gckind=GC_LAST_DITCH)
    at ../../../mozilla/js/src/jsgc.c:2514
#7  0xb7b0cfe2 in js_NewGCThing (cx=0x8196338, flags=2, nbytes=8)
    at ../../../mozilla/js/src/jsgc.c:1359
#8  0xb7b790da in js_NewString (cx=0x8196338, chars=0x82a28f0, length=18)
    at ../../../mozilla/js/src/jsstr.c:2484
#9  0xb7b79783 in js_NewStringCopyZ (cx=0x8196338, s=0x824e6e8)
    at ../../../mozilla/js/src/jsstr.c:2594
#10 0xb7ad6bd2 in JS_NewUCStringCopyZ (cx=0x8196338, s=0x824e6e8)
    at ../../../mozilla/js/src/jsapi.c:5180

The whole thing is under js_LookupProperty further up the stack.  I have no idea why this happens, exactly.
Flags: blocking1.9?
Igor, can you take a look at this one too?

/be
Flags: blocking1.9? → blocking1.9+
(In reply to comment #1)
> Igor, can you take a look at this one too?

This is triggered by a workaround from bug 414871 comment 0, but that workaround just sweeps the problem under the carpet: it would not bring GC-ed things back to life.
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → DUPLICATE
Verified that this problem doesn't occur with the patch that was actually checked in for bug 414871.
You need to log in before you can comment on or make changes to this bug.