Closed
Bug 466808
Opened 16 years ago
Closed 16 years ago
SEGFAULT: generator functions doesn't prevent functions in their scope from garbage collection
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 466206
People
(Reporter: gavrilyak, Unassigned)
Details
(Whiteboard: [sg:dupe 466206])
Attachments
(1 file)
1.08 KB,
text/html
|
Details |
User-Agent: Mozilla/5.0 (X11; U; Linux i686; uk; rv:1.9.0.4) Gecko/2008111318 Ubuntu/8.10 (intrepid) Firefox/3.0.4 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; uk; rv:1.9.0.4) Gecko/2008111318 Ubuntu/8.10 (intrepid) Firefox/3.0.4 Using the Neil Mix's Thread.js library (http://www.neilmix.com/demos/js17threading/Thread.js) the following code will result in segmentation fault during GC. function spawn(generator) { return new Thread(generator).start(); } function sleep(millis) { setTimeout((yield CONTINUATION), millis); yield SUSPEND; } var print = function(s){ document.body.innerHTML += (s + " ")}; spawn( function() { for(;;){ print("!"); function inner(){ function some(){print(".") } //this will be gc'd, though it is accessible in script via scope function inner2(){ yield sleep(50); //print("GC") //GC should run here //Components.utils.forceGC() some() //this function will be unavalaible after gc, resulting in segmentation fault } spawn(inner2) yield 0; }; yield inner(); yield sleep(10); } }); This happens in Firefox 3.1 beta builds. Everything was ok in Firefox 2 and 3 Reproducible: Always Steps to Reproduce: 1.Use the example code in webpage 2.Open a page and wait when GC will be performed in line Components.utils.forceGC() Actual Results: Segmentation fault Expected Results: Code should run ok
Comment 1•16 years ago
|
||
Can you obtain a crash id from about:crashes and post it here? Over to jseng.
Assignee: nobody → general
Component: General → JavaScript Engine
Product: Firefox → Core
QA Contact: general → general
Version: unspecified → Trunk
Reporter | ||
Comment 2•16 years ago
|
||
(In reply to comment #1) > Can you obtain a crash id from about:crashes and post it here? Over to jseng. 9a5a3934-db3e-4c69-a65d-fe9bf2081126 1d1066ac-b9d6-41a6-937f-904422081126
Reporter | ||
Comment 3•16 years ago
|
||
Test page. It will crash at random period of time(maybe about a minute), depends on gc.
Comment 4•16 years ago
|
||
I think this is a dup of bug 466206, but that needs a confirmation. For now I just make a dependency.
Depends on: 466206
Comment 5•16 years ago
|
||
To Vassily: The fix for bug 466206 has landed, so could you test with the next nighty if it solved the problem of this bug?
Reporter | ||
Comment 6•16 years ago
|
||
Yes, this bug is fixed too. Thanks!
Status: UNCONFIRMED → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
Comment 7•16 years ago
|
||
Marking the bug as a dup - this is the *same* issue as in bug 466206.
No longer depends on: 466206
Resolution: FIXED → DUPLICATE
Updated•15 years ago
|
Whiteboard: [sg:dupe 466206]
Updated•15 years ago
|
Group: core-security
Flags: wanted1.9.0.x-
You need to log in
before you can comment on or make changes to this bug.
Description
•