Closed Bug 454624 Opened 16 years ago Closed 16 years ago

Crash (dehydra with tracing) in nanojit::Fragmento::pagesGrow

Categories

(Core :: JavaScript Engine, defect)

x86
Linux
defect
Not set
normal

Tracking

()

RESOLVED FIXED

People

(Reporter: benjamin, Unassigned)

Details

crash in nanojit::Framento::pagesGrow: this is on x86-64, but Taras had the same crash, apparently, on x86. The crash appears to be on this line: int32_t gcpages = (count*NJ_PAGE_SIZE) / _gcHeap->kNativePageSize; because _gcHeap->kNativePageSize is 0. I'm happy to debug more, but don't know what to look for next: is it more likely that _gcHeap is bogus or that it wasn't initialized with a native page size?
More info: #0 0x00002aaab05566b4 in nanojit::Fragmento::pagesGrow (this=0x11ae520, count=1) at nanojit/Fragmento.cpp:159 #1 0x00002aaab0556742 in nanojit::Fragmento::pageAlloc (this=0x2aaab078af64) at nanojit/Fragmento.cpp:112 #2 0x00002aaab0557a89 in nanojit::LirBuffer::pageAlloc (this=0x1eed3e0) at nanojit/LIR.cpp:174 #3 0x00002aaab0558371 in LirBuffer (this=0x1eed3e0, frago=<value optimized out>, functions=<value optimized out>) at nanojit/LIR.cpp:106 #4 0x00002aaab054b49c in js_RecordTree (cx=0x125d800, tm=0x1251170, f=<value optimized out>) at jstracer.cpp:2092 #5 0x00002aaab054c808 in js_MonitorLoopEdge (cx=0x125d800, oldpc=<value optimized out>, inlineCallCount=@0x7fffe625d1bc) at jstracer.cpp:2508 #6 0x00002aaab04f4e03 in js_Interpret (cx=0x125d800) at jsinterp.cpp:3041 #7 0x00002aaab04fdd5e in js_Invoke (cx=0x125d800, argc=0, vp=0x126f290, flags=0) at jsinterp.cpp:1326 #8 0x00002aaab04fe0b4 in js_InternalInvoke (cx=0x125d800, obj=0x1261000, fval=19402560, flags=0, argc=0, argv=0x0, rval=0x7fffe625d3f0) at jsinterp.cpp:1383 #9 0x00002aaab04c5400 in JS_CallFunctionValue (cx=0x2aaab078af64, obj=0x1, fval=0, argc=0, argv=0xffffffff, rval=<value optimized out>) at jsapi.cpp:5074 #10 0x00002aaab025a533 in dehydra_input_end (this=0x2aaab0462c60) at dehydra.c:637 #11 0x00002aaab02548cf in gcc_plugin_finish () at dehydra_plugin.c:314 #12 0x0000000000857f7e in toplev_main (argc=<value optimized out>, argv=<value optimized out>) at ../../gcc-4.3.0/gcc/toplev.c:2225 #13 0x000000339b61e074 in __libc_start_main () from /lib64/libc.so.6 #14 0x0000000000471eb9 in _start () I put a breakpoint at GCHeap::GCHeap and it never fired.
It seems likely that this is peculiar to the way dehydra embeds spidermonkey: I suspect that c++ static constructors aren't being run for some reason... Found it: see bug 453388 for a solution.
Fixed on tracemonkey branch.
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
Flags: in-testsuite-
Flags: in-litmus-
You need to log in before you can comment on or make changes to this bug.