Closed
Bug 466808
Opened 17 years ago
Closed 17 years ago
SEGFAULT: generator functions doesn't prevent functions in their scope from garbage collection
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 466206
People
(Reporter: gavrilyak, Unassigned)
Details
(Whiteboard: [sg:dupe 466206])
Attachments
(1 file)
|
1.08 KB,
text/html
|
Details |
User-Agent: Mozilla/5.0 (X11; U; Linux i686; uk; rv:1.9.0.4) Gecko/2008111318 Ubuntu/8.10 (intrepid) Firefox/3.0.4
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; uk; rv:1.9.0.4) Gecko/2008111318 Ubuntu/8.10 (intrepid) Firefox/3.0.4
Using the Neil Mix's Thread.js library (http://www.neilmix.com/demos/js17threading/Thread.js)
the following code will result in segmentation fault during GC.
function spawn(generator) {
return new Thread(generator).start();
}
function sleep(millis) {
setTimeout((yield CONTINUATION), millis);
yield SUSPEND;
}
var print = function(s){ document.body.innerHTML += (s + " ")};
spawn( function() {
for(;;){
print("!");
function inner(){
function some(){print(".") } //this will be gc'd, though it is accessible in script via scope
function inner2(){
yield sleep(50);
//print("GC") //GC should run here
//Components.utils.forceGC()
some() //this function will be unavalaible after gc, resulting in segmentation fault
}
spawn(inner2)
yield 0;
};
yield inner();
yield sleep(10);
}
});
This happens in Firefox 3.1 beta builds. Everything was ok in Firefox 2 and 3
Reproducible: Always
Steps to Reproduce:
1.Use the example code in webpage
2.Open a page and wait when GC will be performed in line Components.utils.forceGC()
Actual Results:
Segmentation fault
Expected Results:
Code should run ok
|
||
Comment 1•17 years ago
|
||
Can you obtain a crash id from about:crashes and post it here? Over to jseng.
Assignee: nobody → general
Component: General → JavaScript Engine
Product: Firefox → Core
QA Contact: general → general
Version: unspecified → Trunk
|
Reporter | |
Comment 2•17 years ago
|
||
(In reply to comment #1)
> Can you obtain a crash id from about:crashes and post it here? Over to jseng.
9a5a3934-db3e-4c69-a65d-fe9bf2081126
1d1066ac-b9d6-41a6-937f-904422081126
|
|
Reporter | |
Comment 3•17 years ago
|
||
Test page. It will crash at random period of time(maybe about a minute), depends on gc.
|
||
Comment 4•17 years ago
|
||
I think this is a dup of bug 466206, but that needs a confirmation. For now I just make a dependency.
Depends on: 466206
|
|
||
Comment 5•17 years ago
|
||
To Vassily:
The fix for bug 466206 has landed, so could you test with the next nighty if it solved the problem of this bug?
|
|
Reporter | |
Comment 6•17 years ago
|
||
Yes, this bug is fixed too. Thanks!
Status: UNCONFIRMED → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED
|
|
||
Comment 7•17 years ago
|
||
Marking the bug as a dup - this is the *same* issue as in bug 466206.
No longer depends on: 466206
Resolution: FIXED → DUPLICATE
|
||
Updated•16 years ago
|
Whiteboard: [sg:dupe 466206]
|
|
||
Updated•16 years ago
|
Group: core-security
Flags: wanted1.9.0.x-
You need to log in
before you can comment on or make changes to this bug.
Description
•