Closed Bug 417012 Opened 16 years ago Closed 16 years ago

Assertion when executing script: PCVAL_TO_OBJECT(entry->vword) == JSVAL_TO_OBJECT(v_), at jsinterp.c:4609

Categories

(Core :: JavaScript Engine, defect, P1)

Product:
Core
Component:
JavaScript Engine
Type:
defect

Tracking

()

Status:
VERIFIED FIXED
Milestone:
mozilla1.9beta4

People

(Reporter: jin, Assigned: brendan)

Details

Attachments

(1 file)

proposed fix
2.26 KB, patch
shaver
: review+
brendan
: approval1.9+
Details | Diff | Splinter Review 
User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.12) Gecko/20071126 Fedora/1.5.0.12-7.fc6 Firefox/1.5.0.12 pango-text
Build Identifier: CVS mozilla/js/src custom build, checkout Tue Feb 12 17:14:19 CET 2008

Hi,

I was asked to submit this, so here we go:

my UPnP application uses libjs to run some scripts that define the content layout when data is imported into the server.

When my script is executed I get an assertion:
Assertion failure: PCVAL_TO_OBJECT(entry->vword) == JSVAL_TO_OBJECT(v_), at jsinterp.c:4609



Reproducible: Always

Steps to Reproduce:
1. compile libjs from CVS with JS_THREADSAFE support

2. make sure to copy *.h from mozilla/js/src/Linux_All_DBG.OBJ to mozilla/js/src/

3. check out MediaTomb revision 1677: svn co -r 1677 https://svn.mediatomb.cc/svnroot/mediatomb/trunk/mediatomb mediatomb

4. make sure you have automake 1.10, autoconf 2.61, issue the "autoreconf -i" command in the mediatomb directory to generate the configure script

5. make sure that you have at sqlite3 dev, expat dev and taglib dev headers and the libraries installed on your system

5. run the following script: ./devconf --prefix=/tmp/mtinst --with-js-h=/path-to/mozilla/js/src/ --with-js-libs=/path-to/mozilla/js/src/Linux_All_DBG.OBJ/

6. make sure that configure summary says "libjs : yes"

7. make && make install

8. export LD_LIBRARY_PATH=/path-to/mozilla/js/src/Linux_All_DBG.OBJ/

9. run the server for the first time to generate the default configuration: ./build/mediatomb 

10. CTRL-C to terminate the server

11. edit ~/.mediatomb/config.xml and change <virtual-layout type="builtin"> to <virtual-layout type="js">

12. add some MP3 files to the server: ./build/mediatomb -a /path/to/dir/with/mp3

At this point the import script will be executed, this leads to the assertion.
Actual Results:  
Assertion failure: PCVAL_TO_OBJECT(entry->vword) == JSVAL_TO_OBJECT(v_), at jsinterp.c:4609

Expected Results:  
With js 1.5 and 1.6 the server imports data as expected, executing the import script does not pose any problems.

Here is the full backtrace:
#0  JS_Assert (
    s=0xb7d63578 "PCVAL_TO_OBJECT(entry->vword) == JSVAL_TO_OBJECT(v_)", 
    file=0xb7d626dc "jsinterp.c", ln=4609) at jsutil.c:63
#1  0xb7cd6408 in js_Interpret (cx=0x8243c10, pc=0x829a35f "9", 
    result=0xb2e66d2c) at jsinterp.c:4609
#2  0xb7cbf8b9 in js_Execute (cx=0x8243c10, chain=0xb2614000, 
    script=0x829a248, down=0x0, flags=0, result=0xb2e66dec) at jsinterp.c:1644
#3  0xb7c80251 in JS_ExecuteScript (cx=0x8243c10, obj=0xb2614000, 
    script=0x829a248, rval=0xb2e66dec) at jsapi.c:4791
#4  0x080b70a9 in Script::_execute (this=0x8243bd0, scr=0x829a248)
    at ../src/scripting/script.cc:536
#5  0x080b71bb in Script::execute (this=0x8243bd0)
    at ../src/scripting/script.cc:542
#6  0x080b46f5 in ImportScript::processCdsObject (this=0x8243bd0, 
    obj=@0xb2e66e80) at ../src/scripting/import_script.cc:87
#7  0x080a420a in JSLayout::processCdsObject (this=0x823c3a0, obj=@0xb2e66f6c)
    at ../src/layout/js_layout.cc:57
#8  0x08093719 in ContentManager::addRecursive (this=0x8225290, 
    path=@0xb2e670a8, hidden=false, task=@0xb2e670a4, profiling=0xb2e6725c)
    at ../src/content_manager.cc:958
#9  0x08093c68 in ContentManager::addRecursive (this=0x8225290, 
    path=@0xb2e671c8, hidden=false, task=@0xb2e671c4, profiling=0xb2e6725c)
    at ../src/content_manager.cc:986
#10 0x08093c68 in ContentManager::addRecursive (this=0x8225290, 
    path=@0xb2e672dc, hidden=false, task=@0xb2e672d8, profiling=0xb2e6725c)
    at ../src/content_manager.cc:986
#11 0x08094a75 in ContentManager::_addFile (this=0x8225290, path=@0xb2e67320, 
    recursive=true, hidden=false, task=@0xb2e6731c)
    at ../src/content_manager.cc:593
#12 0x08094c4f in CMAddFileTask::run (this=0x823c458, cm=@0xb2e67398)
    at ../src/content_manager.cc:2030
#13 0x08088d71 in ContentManager::threadProc (this=0x8225290)
    at ../src/content_manager.cc:1415
#14 0x08088fbb in ContentManager::staticThreadProc (arg=0x8225290)
    at ../src/content_manager.cc:1436
#15 0xb792946b in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#16 0xb78ad6de in clone () from /lib/tls/i686/cmov/libc.so.6


I use a custom js build from CVS, compiled with:
make -f Makefile.ref JS_THREADSAFE=1 DIST=/usr
on Ubuntu 7.10

The CVS checkout is from ue Feb 12 17:14:19 CET 2008, here are the revisions of the source files:
File: jsinterp.c       	Status: Up-to-date

   Working revision:	3.420
   Repository revision:	3.420	/cvsroot/mozilla/js/src/jsinterp.c,v

File: jsutil.c         	Status: Up-to-date

   Working revision:	3.29
   Repository revision:	3.29	/cvsroot/mozilla/js/src/jsutil.c,v

File: jsapi.c          	Status: Up-to-date

   Working revision:	3.406
   Repository revision:	3.406	/cvsroot/mozilla/js/src/jsapi.c,v
Added CC as requested.
Jin:  Are you able to minimize this any further?
Get it in gdb and find me on IRC, we'll get further.

/be
Status: UNCONFIRMED → NEW
Ever confirmed: true
OS: Linux → All
Priority: -- → P1
Hardware: PC → All
Target Milestone: --- → mozilla1.9beta4
I do not think that I can strip it down easily, we have quite a lot of code around the whole thing.

I'll hang around in IRC
The patch for bug 417033 is checked in now -- does it help?

/be
Attached patch proposed fixSplinter Review 
Thanks to Jin for the gdb session over IRC, and to shaver for his prescient wish for write barrier coverage.

/be
Assignee: general → brendan
Status: NEW → ASSIGNED
Attachment #303088 - Flags: review?(shaver)
Flags: blocking1.9+
Comment on attachment 303088 [details] [diff] [review]
proposed fix

r=shaver
Attachment #303088 - Flags: review?(shaver) → review+
Jin, please try that patch and report here pro or con. Thanks,

/be
Comment on attachment 303088 [details] [diff] [review]
proposed fix

This is clearly necessary; I'm inclined to get it in quickly (followup bugs if needed).

/be
Attachment #303088 - Flags: approval1.9+
Fixed on trunk:

js/src/jsobj.c 3.428

/be
Status: ASSIGNED → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
I can confirm that the problem is gone, the assert does no longer happen.

Thanks!
Status: RESOLVED → VERIFIED
Flags: in-testsuite-
Flags: in-litmus-
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: