Closed
Bug 417012
Opened 16 years ago
Closed 16 years ago
Assertion when executing script: PCVAL_TO_OBJECT(entry->vword) == JSVAL_TO_OBJECT(v_), at jsinterp.c:4609
Categories
(Core :: JavaScript Engine, defect, P1)
Core
JavaScript Engine
Tracking
()
VERIFIED
FIXED
mozilla1.9beta4
People
(Reporter: jin, Assigned: brendan)
Details
Attachments
(1 file)
2.26 KB,
patch
|
shaver
:
review+
brendan
:
approval1.9+
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.12) Gecko/20071126 Fedora/1.5.0.12-7.fc6 Firefox/1.5.0.12 pango-text Build Identifier: CVS mozilla/js/src custom build, checkout Tue Feb 12 17:14:19 CET 2008 Hi, I was asked to submit this, so here we go: my UPnP application uses libjs to run some scripts that define the content layout when data is imported into the server. When my script is executed I get an assertion: Assertion failure: PCVAL_TO_OBJECT(entry->vword) == JSVAL_TO_OBJECT(v_), at jsinterp.c:4609 Reproducible: Always Steps to Reproduce: 1. compile libjs from CVS with JS_THREADSAFE support 2. make sure to copy *.h from mozilla/js/src/Linux_All_DBG.OBJ to mozilla/js/src/ 3. check out MediaTomb revision 1677: svn co -r 1677 https://svn.mediatomb.cc/svnroot/mediatomb/trunk/mediatomb mediatomb 4. make sure you have automake 1.10, autoconf 2.61, issue the "autoreconf -i" command in the mediatomb directory to generate the configure script 5. make sure that you have at sqlite3 dev, expat dev and taglib dev headers and the libraries installed on your system 5. run the following script: ./devconf --prefix=/tmp/mtinst --with-js-h=/path-to/mozilla/js/src/ --with-js-libs=/path-to/mozilla/js/src/Linux_All_DBG.OBJ/ 6. make sure that configure summary says "libjs : yes" 7. make && make install 8. export LD_LIBRARY_PATH=/path-to/mozilla/js/src/Linux_All_DBG.OBJ/ 9. run the server for the first time to generate the default configuration: ./build/mediatomb 10. CTRL-C to terminate the server 11. edit ~/.mediatomb/config.xml and change <virtual-layout type="builtin"> to <virtual-layout type="js"> 12. add some MP3 files to the server: ./build/mediatomb -a /path/to/dir/with/mp3 At this point the import script will be executed, this leads to the assertion. Actual Results: Assertion failure: PCVAL_TO_OBJECT(entry->vword) == JSVAL_TO_OBJECT(v_), at jsinterp.c:4609 Expected Results: With js 1.5 and 1.6 the server imports data as expected, executing the import script does not pose any problems. Here is the full backtrace: #0 JS_Assert ( s=0xb7d63578 "PCVAL_TO_OBJECT(entry->vword) == JSVAL_TO_OBJECT(v_)", file=0xb7d626dc "jsinterp.c", ln=4609) at jsutil.c:63 #1 0xb7cd6408 in js_Interpret (cx=0x8243c10, pc=0x829a35f "9", result=0xb2e66d2c) at jsinterp.c:4609 #2 0xb7cbf8b9 in js_Execute (cx=0x8243c10, chain=0xb2614000, script=0x829a248, down=0x0, flags=0, result=0xb2e66dec) at jsinterp.c:1644 #3 0xb7c80251 in JS_ExecuteScript (cx=0x8243c10, obj=0xb2614000, script=0x829a248, rval=0xb2e66dec) at jsapi.c:4791 #4 0x080b70a9 in Script::_execute (this=0x8243bd0, scr=0x829a248) at ../src/scripting/script.cc:536 #5 0x080b71bb in Script::execute (this=0x8243bd0) at ../src/scripting/script.cc:542 #6 0x080b46f5 in ImportScript::processCdsObject (this=0x8243bd0, obj=@0xb2e66e80) at ../src/scripting/import_script.cc:87 #7 0x080a420a in JSLayout::processCdsObject (this=0x823c3a0, obj=@0xb2e66f6c) at ../src/layout/js_layout.cc:57 #8 0x08093719 in ContentManager::addRecursive (this=0x8225290, path=@0xb2e670a8, hidden=false, task=@0xb2e670a4, profiling=0xb2e6725c) at ../src/content_manager.cc:958 #9 0x08093c68 in ContentManager::addRecursive (this=0x8225290, path=@0xb2e671c8, hidden=false, task=@0xb2e671c4, profiling=0xb2e6725c) at ../src/content_manager.cc:986 #10 0x08093c68 in ContentManager::addRecursive (this=0x8225290, path=@0xb2e672dc, hidden=false, task=@0xb2e672d8, profiling=0xb2e6725c) at ../src/content_manager.cc:986 #11 0x08094a75 in ContentManager::_addFile (this=0x8225290, path=@0xb2e67320, recursive=true, hidden=false, task=@0xb2e6731c) at ../src/content_manager.cc:593 #12 0x08094c4f in CMAddFileTask::run (this=0x823c458, cm=@0xb2e67398) at ../src/content_manager.cc:2030 #13 0x08088d71 in ContentManager::threadProc (this=0x8225290) at ../src/content_manager.cc:1415 #14 0x08088fbb in ContentManager::staticThreadProc (arg=0x8225290) at ../src/content_manager.cc:1436 #15 0xb792946b in start_thread () from /lib/tls/i686/cmov/libpthread.so.0 #16 0xb78ad6de in clone () from /lib/tls/i686/cmov/libc.so.6 I use a custom js build from CVS, compiled with: make -f Makefile.ref JS_THREADSAFE=1 DIST=/usr on Ubuntu 7.10 The CVS checkout is from ue Feb 12 17:14:19 CET 2008, here are the revisions of the source files: File: jsinterp.c Status: Up-to-date Working revision: 3.420 Repository revision: 3.420 /cvsroot/mozilla/js/src/jsinterp.c,v File: jsutil.c Status: Up-to-date Working revision: 3.29 Repository revision: 3.29 /cvsroot/mozilla/js/src/jsutil.c,v File: jsapi.c Status: Up-to-date Working revision: 3.406 Repository revision: 3.406 /cvsroot/mozilla/js/src/jsapi.c,v
Comment 2•16 years ago
|
||
Jin: Are you able to minimize this any further?
Assignee | ||
Comment 3•16 years ago
|
||
Get it in gdb and find me on IRC, we'll get further. /be
Status: UNCONFIRMED → NEW
Ever confirmed: true
OS: Linux → All
Priority: -- → P1
Hardware: PC → All
Target Milestone: --- → mozilla1.9beta4
I do not think that I can strip it down easily, we have quite a lot of code around the whole thing. I'll hang around in IRC
Assignee | ||
Comment 5•16 years ago
|
||
The patch for bug 417033 is checked in now -- does it help? /be
Assignee | ||
Comment 6•16 years ago
|
||
Thanks to Jin for the gdb session over IRC, and to shaver for his prescient wish for write barrier coverage. /be
Assignee | ||
Updated•16 years ago
|
Flags: blocking1.9+
Comment on attachment 303088 [details] [diff] [review] proposed fix r=shaver
Attachment #303088 -
Flags: review?(shaver) → review+
Assignee | ||
Comment 8•16 years ago
|
||
Jin, please try that patch and report here pro or con. Thanks, /be
Assignee | ||
Comment 9•16 years ago
|
||
Comment on attachment 303088 [details] [diff] [review] proposed fix This is clearly necessary; I'm inclined to get it in quickly (followup bugs if needed). /be
Attachment #303088 -
Flags: approval1.9+
Assignee | ||
Comment 10•16 years ago
|
||
Fixed on trunk: js/src/jsobj.c 3.428 /be
Status: ASSIGNED → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
Reporter | ||
Comment 11•16 years ago
|
||
I can confirm that the problem is gone, the assert does no longer happen. Thanks!
Updated•16 years ago
|
Flags: in-testsuite-
Flags: in-litmus-
You need to log in
before you can comment on or make changes to this bug.
Description
•