Closed Bug 454624 Opened 16 years ago Closed 16 years ago

Crash (dehydra with tracing) in nanojit::Fragmento::pagesGrow

Categories

(Core :: JavaScript Engine, defect)

x86
Linux
defect
Not set
normal

Tracking

()

RESOLVED FIXED

People

(Reporter: benjamin, Unassigned)

Details

crash in nanojit::Framento::pagesGrow: this is on x86-64, but Taras had the same crash, apparently, on x86.

The crash appears to be on this line:

int32_t gcpages = (count*NJ_PAGE_SIZE) / _gcHeap->kNativePageSize;

because _gcHeap->kNativePageSize is 0.

I'm happy to debug more, but don't know what to look for next: is it more likely that _gcHeap is bogus or that it wasn't initialized with a native page size?
More info:
#0  0x00002aaab05566b4 in nanojit::Fragmento::pagesGrow (this=0x11ae520, 
    count=1) at nanojit/Fragmento.cpp:159
#1  0x00002aaab0556742 in nanojit::Fragmento::pageAlloc (this=0x2aaab078af64)
    at nanojit/Fragmento.cpp:112
#2  0x00002aaab0557a89 in nanojit::LirBuffer::pageAlloc (this=0x1eed3e0)
    at nanojit/LIR.cpp:174
#3  0x00002aaab0558371 in LirBuffer (this=0x1eed3e0, 
    frago=<value optimized out>, functions=<value optimized out>)
    at nanojit/LIR.cpp:106
#4  0x00002aaab054b49c in js_RecordTree (cx=0x125d800, tm=0x1251170, 
    f=<value optimized out>) at jstracer.cpp:2092
#5  0x00002aaab054c808 in js_MonitorLoopEdge (cx=0x125d800, 
    oldpc=<value optimized out>, inlineCallCount=@0x7fffe625d1bc)
    at jstracer.cpp:2508
#6  0x00002aaab04f4e03 in js_Interpret (cx=0x125d800) at jsinterp.cpp:3041
#7  0x00002aaab04fdd5e in js_Invoke (cx=0x125d800, argc=0, vp=0x126f290, 
    flags=0) at jsinterp.cpp:1326
#8  0x00002aaab04fe0b4 in js_InternalInvoke (cx=0x125d800, obj=0x1261000, 
    fval=19402560, flags=0, argc=0, argv=0x0, rval=0x7fffe625d3f0)
    at jsinterp.cpp:1383
#9  0x00002aaab04c5400 in JS_CallFunctionValue (cx=0x2aaab078af64, obj=0x1, 
    fval=0, argc=0, argv=0xffffffff, rval=<value optimized out>)
    at jsapi.cpp:5074
#10 0x00002aaab025a533 in dehydra_input_end (this=0x2aaab0462c60)
    at dehydra.c:637
#11 0x00002aaab02548cf in gcc_plugin_finish () at dehydra_plugin.c:314
#12 0x0000000000857f7e in toplev_main (argc=<value optimized out>, 
    argv=<value optimized out>) at ../../gcc-4.3.0/gcc/toplev.c:2225
#13 0x000000339b61e074 in __libc_start_main () from /lib64/libc.so.6
#14 0x0000000000471eb9 in _start ()

I put a breakpoint at GCHeap::GCHeap and it never fired.
It seems likely that this is peculiar to the way dehydra embeds spidermonkey: I suspect that c++ static constructors aren't being run for some reason...

Found it: see bug 453388 for a solution.
Fixed on tracemonkey branch.
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
Flags: in-testsuite-
Flags: in-litmus-
You need to log in before you can comment on or make changes to this bug.