Closed
Bug 454624
Opened 16 years ago
Closed 16 years ago
Crash (dehydra with tracing) in nanojit::Fragmento::pagesGrow
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: benjamin, Unassigned)
Details
crash in nanojit::Framento::pagesGrow: this is on x86-64, but Taras had the same crash, apparently, on x86.
The crash appears to be on this line:
int32_t gcpages = (count*NJ_PAGE_SIZE) / _gcHeap->kNativePageSize;
because _gcHeap->kNativePageSize is 0.
I'm happy to debug more, but don't know what to look for next: is it more likely that _gcHeap is bogus or that it wasn't initialized with a native page size?
Reporter | ||
Comment 1•16 years ago
|
||
More info:
#0 0x00002aaab05566b4 in nanojit::Fragmento::pagesGrow (this=0x11ae520,
count=1) at nanojit/Fragmento.cpp:159
#1 0x00002aaab0556742 in nanojit::Fragmento::pageAlloc (this=0x2aaab078af64)
at nanojit/Fragmento.cpp:112
#2 0x00002aaab0557a89 in nanojit::LirBuffer::pageAlloc (this=0x1eed3e0)
at nanojit/LIR.cpp:174
#3 0x00002aaab0558371 in LirBuffer (this=0x1eed3e0,
frago=<value optimized out>, functions=<value optimized out>)
at nanojit/LIR.cpp:106
#4 0x00002aaab054b49c in js_RecordTree (cx=0x125d800, tm=0x1251170,
f=<value optimized out>) at jstracer.cpp:2092
#5 0x00002aaab054c808 in js_MonitorLoopEdge (cx=0x125d800,
oldpc=<value optimized out>, inlineCallCount=@0x7fffe625d1bc)
at jstracer.cpp:2508
#6 0x00002aaab04f4e03 in js_Interpret (cx=0x125d800) at jsinterp.cpp:3041
#7 0x00002aaab04fdd5e in js_Invoke (cx=0x125d800, argc=0, vp=0x126f290,
flags=0) at jsinterp.cpp:1326
#8 0x00002aaab04fe0b4 in js_InternalInvoke (cx=0x125d800, obj=0x1261000,
fval=19402560, flags=0, argc=0, argv=0x0, rval=0x7fffe625d3f0)
at jsinterp.cpp:1383
#9 0x00002aaab04c5400 in JS_CallFunctionValue (cx=0x2aaab078af64, obj=0x1,
fval=0, argc=0, argv=0xffffffff, rval=<value optimized out>)
at jsapi.cpp:5074
#10 0x00002aaab025a533 in dehydra_input_end (this=0x2aaab0462c60)
at dehydra.c:637
#11 0x00002aaab02548cf in gcc_plugin_finish () at dehydra_plugin.c:314
#12 0x0000000000857f7e in toplev_main (argc=<value optimized out>,
argv=<value optimized out>) at ../../gcc-4.3.0/gcc/toplev.c:2225
#13 0x000000339b61e074 in __libc_start_main () from /lib64/libc.so.6
#14 0x0000000000471eb9 in _start ()
I put a breakpoint at GCHeap::GCHeap and it never fired.
Reporter | ||
Comment 2•16 years ago
|
||
It seems likely that this is peculiar to the way dehydra embeds spidermonkey: I suspect that c++ static constructors aren't being run for some reason...
Found it: see bug 453388 for a solution.
Reporter | ||
Comment 3•16 years ago
|
||
Fixed on tracemonkey branch.
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
Updated•16 years ago
|
Flags: in-testsuite-
Flags: in-litmus-
You need to log in
before you can comment on or make changes to this bug.
Description
•