Closed
Bug 467068
Opened 16 years ago
Closed 16 years ago
Crash [@ GetGCThingFlags] - js1_5/Regress/regress-351116.js browser gczeal 2
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 467162
People
(Reporter: bc, Assigned: igor)
References
()
Details
(Keywords: crash)
Crash Data
js1_5/Regress/regress-351116.js browser gczeal 2
jstest: js1_5/Regress/regress-351116.js bug: result: PASSED type: browser description: formal parameter and inner function have same name reason:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1208363312 (LWP 20068)]
0x0026bb95 in GetGCThingFlags (thing=0x96d4bb0) at /work/mozilla/builds/1.9.1/mozilla/js/src/jsgc.cpp:1084
1084 index = THING_TO_INDEX(thing, a->list->thingSize);
#0 0x0026bb95 in GetGCThingFlags (thing=0x96d4bb0) at /work/mozilla/builds/1.9.1/mozilla/js/src/jsgc.cpp:1084
#1 0x0026dccb in JS_CallTracer (trc=0xbf91b5f8, thing=0x96d4bb0, kind=0) at /work/mozilla/builds/1.9.1/mozilla/js/src/jsgc.cpp:2616
#2 0x00fe9727 in XPCMarkableJSVal::TraceJS (this=0xbf91b940, trc=0xbf91b5f8) at /work/mozilla/builds/1.9.1/mozilla/js/src/xpconnect/src/xpcprivate.h:3733
#3 0x00fe9753 in AutoMarkingJSVal::TraceJS (this=0xbf91b930, trc=0xbf91b5f8) at /work/mozilla/builds/1.9.1/mozilla/js/src/xpconnect/src/xpcprivate.h:3822
#4 0x0101bfad in XPCPerThreadData::TraceJS (this=0x96615a0, trc=0xbf91b5f8) at /work/mozilla/builds/1.9.1/mozilla/js/src/xpconnect/src/xpcthreadcontext.cpp:399
#5 0x01016f6f in XPCJSRuntime::TraceJS (trc=0xbf91b5f8, data=0x965fee0) at /work/mozilla/builds/1.9.1/mozilla/js/src/xpconnect/src/xpcjsruntime.cpp:303
#6 0x0026f2c6 in js_TraceRuntime (trc=0xbf91b5f8, allAtoms=1) at /work/mozilla/builds/1.9.1/mozilla/js/src/jsgc.cpp:3036
#7 0x0026faca in js_GC (cx=0x99c4200, gckind=GC_LAST_DITCH) at /work/mozilla/builds/1.9.1/mozilla/js/src/jsgc.cpp:3423
#8 0x002718ab in js_NewGCThing (cx=0x99c4200, flags=2, nbytes=8) at /work/mozilla/builds/1.9.1/mozilla/js/src/jsgc.cpp:1842
#9 0x00315259 in js_NewString (cx=0x99c4200, chars=0xa2556c8, length=10) at /work/mozilla/builds/1.9.1/mozilla/js/src/jsstr.cpp:2816
#10 0x00222e8d in JS_NewStringCopyZ (cx=0x99c4200, s=0xbf91b788 "2147500033") at /work/mozilla/builds/1.9.1/mozilla/js/src/jsapi.cpp:5444
#11 0x002bb701 in NumberToStringWithBase (cx=0x99c4200, d=2147500033, base=10) at /work/mozilla/builds/1.9.1/mozilla/js/src/jsnum.cpp:823
#12 0x002bb738 in js_NumberToString (cx=0x99c4200, d=2147500033) at /work/mozilla/builds/1.9.1/mozilla/js/src/jsnum.cpp:829
#13 0x003135cf in js_ValueToString (cx=0x99c4200, v=158130754) at /work/mozilla/builds/1.9.1/mozilla/js/src/jsstr.cpp:3049
#14 0x0026380a in js_ReportUncaughtException (cx=0x99c4200) at /work/mozilla/builds/1.9.1/mozilla/js/src/jsexn.cpp:1302
#15 0x0021a177 in JS_ReportPendingException (cx=0x99c4200) at /work/mozilla/builds/1.9.1/mozilla/js/src/jsapi.cpp:5926
#16 0x01028e2d in nsXPCWrappedJSClass::CallQueryInterfaceOnJSObject (this=0x98f2d10, ccx=@0xbf91ba20, jsobj=0xa24f5a0, aIID=@0x3b84ce8)
at /work/mozilla/builds/1.9.1/mozilla/js/src/xpconnect/src/xpcwrappedjsclass.cpp:345
#17 0x010294f5 in nsXPCWrappedJSClass::DelegatedQueryInterface (this=0x98f2d10, self=0xa24aa48, aIID=@0x3b84ce8, aInstancePtr=0xbf91bbc4)
at /work/mozilla/builds/1.9.1/mozilla/js/src/xpconnect/src/xpcwrappedjsclass.cpp:735
#18 0x0101f23a in nsXPCWrappedJS::QueryInterface (this=0xa24aa48, aIID=@0x3b84ce8, aInstancePtr=0xbf91bbc4)
at /work/mozilla/builds/1.9.1/mozilla/js/src/xpconnect/src/xpcwrappedjs.cpp:187
#19 0x00490928 in nsXPTCStubBase::QueryInterface (this=0xa249fa8, aIID=@0x3b84ce8, aInstancePtr=0xbf91bbc4)
at /work/mozilla/builds/1.9.1/mozilla/xpcom/reflect/xptcall/src/xptcall.cpp:53
#20 0x003f863d in nsQueryInterface::operator() (this=0xbf91bbd8, aIID=@0x3b84ce8, answer=0xbf91bbc4) at nsCOMPtr.cpp:47
#21 0x03b7cf5a in nsCOMPtr<nsISecurityCheckedComponent>::assign_from_qi (this=0xbf91be68, qi={mRawPtr = 0xa249fa8}, aIID=@0x3b84ce8) at ../../dist/include/xpcom/nsCOMPtr.h:1179
#22 0x03b7cfbd in nsCOMPtr (this=0xbf91be68, qi={mRawPtr = 0xa249fa8}) at ../../dist/include/xpcom/nsCOMPtr.h:572
#23 0x03b73d39 in nsScriptSecurityManager::CanCreateWrapper (this=0x95f0908, cx=0x99c4200, aIID=@0x9637a90, aObj=0xa249fa8, aClassInfo=0x0, aPolicy=0x0)
at /work/mozilla/builds/1.9.1/mozilla/caps/src/nsScriptSecurityManager.cpp:2883
#24 0x0102fcfb in XPCWrappedNative::InitTearOff (this=0xa253f28, ccx=@0xbf91c398, aTearOff=0xa253f48, aInterface=0xa255608, needJSObject=0)
at /work/mozilla/builds/1.9.1/mozilla/js/src/xpconnect/src/xpcwrappednative.cpp:1769
#25 0x01030069 in XPCWrappedNative::FindTearOff (this=0xa253f28, ccx=@0xbf91c398, aInterface=0xa255608, needJSObject=0, pError=0xbf91bff8)
at /work/mozilla/builds/1.9.1/mozilla/js/src/xpconnect/src/xpcwrappednative.cpp:1597
#26 0x00feb057 in XPCCallContext::CanCallNow (this=0xbf91c398) at /work/mozilla/builds/1.9.1/mozilla/js/src/xpconnect/src/xpccallcontext.cpp:264
#27 0x0102d58c in XPCWrappedNative::CallMethod (ccx=@0xbf91c398, mode=XPCWrappedNative::CALL_METHOD)
at /work/mozilla/builds/1.9.1/mozilla/js/src/xpconnect/src/xpcwrappednative.cpp:1928
#28 0x0103e018 in XPC_WN_CallMethod (cx=0x99c4200, obj=0xa24f520, argc=0, argv=0x99d0e64, vp=0xbf91c4ac)
at /work/mozilla/builds/1.9.1/mozilla/js/src/xpconnect/src/xpcwrappednativejsops.cpp:1477
#29 0x002b1799 in js_Invoke (cx=0x99c4200, argc=0, vp=0x99d0e5c, flags=2) at /work/mozilla/builds/1.9.1/mozilla/js/src/jsinterp.cpp:1313
#30 0x00289968 in js_Interpret (cx=0x99c4200) at /work/mozilla/builds/1.9.1/mozilla/js/src/jsinterp.cpp:5135
#31 0x002b1829 in js_Invoke (cx=0x99c4200, argc=1, vp=0x99d0e50, flags=0) at /work/mozilla/builds/1.9.1/mozilla/js/src/jsinterp.cpp:1331
#32 0x002b1e5c in js_InternalInvoke (cx=0x99c4200, obj=0x99bb7c0, fval=169583616, flags=0, argc=1, argv=0xa1bb6d0, rval=0xbf91e118)
at /work/mozilla/builds/1.9.1/mozilla/js/src/jsinterp.cpp:1388
#33 0x0021c4aa in JS_CallFunctionValue (cx=0x99c4200, obj=0x99bb7c0, fval=169583616, argc=1, argv=0xa1bb6d0, rval=0xbf91e118)
at /work/mozilla/builds/1.9.1/mozilla/js/src/jsapi.cpp:5242
#34 0x0463ab7e in nsJSContext::CallEventHandler (this=0x99c41c8, aTarget=0x99cdd90, aScope=0x99bb7c0, aHandler=0xa1ba400, aargv=0xa1bb6b4, arv=0xbf91e230)
at /work/mozilla/builds/1.9.1/mozilla/dom/src/base/nsJSEnvironment.cpp:1979
#35 0x0466758b in nsGlobalWindow::RunTimeout (this=0x99cdd90, aTimeout=0xa1419b8) at /work/mozilla/builds/1.9.1/mozilla/dom/src/base/nsGlobalWindow.cpp:7661
#36 0x04667ac0 in nsGlobalWindow::TimerCallback (aTimer=0xa1419f8, aClosure=0xa1419b8) at /work/mozilla/builds/1.9.1/mozilla/dom/src/base/nsGlobalWindow.cpp:7993
#37 0x0047b9de in nsTimerImpl::Fire (this=0xa1419f8) at /work/mozilla/builds/1.9.1/mozilla/xpcom/threads/nsTimerImpl.cpp:420
#38 0x0047bc0f in nsTimerEvent::Run (this=0xa1e1fd8) at /work/mozilla/builds/1.9.1/mozilla/xpcom/threads/nsTimerImpl.cpp:512
#39 0x0047541b in nsThread::ProcessNextEvent (this=0x95c6280, mayWait=1, result=0xbf91e414) at /work/mozilla/builds/1.9.1/mozilla/xpcom/threads/nsThread.cpp:510
#40 0x00402df5 in NS_ProcessNextEvent_P (thread=0x95c6280, mayWait=1) at nsThreadUtils.cpp:227
#41 0x004758bc in nsThread::Shutdown (this=0xa05c7d0) at /work/mozilla/builds/1.9.1/mozilla/xpcom/threads/nsThread.cpp:465
#42 0x00490c57 in NS_InvokeByIndex_P () at /work/mozilla/builds/1.9.1/mozilla/xpcom/reflect/xptinfo/src/xptiInterfaceInfo.cpp:73
#43 0x0047fb09 in nsProxyObjectCallInfo::Run (this=0xa037d90) at /work/mozilla/builds/1.9.1/mozilla/xpcom/proxy/src/nsProxyEvent.cpp:181
#44 0x0047541b in nsThread::ProcessNextEvent (this=0x95c6280, mayWait=1, result=0xbf91e560) at /work/mozilla/builds/1.9.1/mozilla/xpcom/threads/nsThread.cpp:510
#45 0x00402df5 in NS_ProcessNextEvent_P (thread=0x95c6280, mayWait=1) at nsThreadUtils.cpp:227
#46 0x05bcf22a in nsBaseAppShell::Run (this=0x967eed0) at /work/mozilla/builds/1.9.1/mozilla/widget/src/xpwidgets/nsBaseAppShell.cpp:170
#47 0x023e579d in nsAppStartup::Run (this=0x96b5ab0) at /work/mozilla/builds/1.9.1/mozilla/toolkit/components/startup/src/nsAppStartup.cpp:192
#48 0x00768cef in XRE_main (argc=4, argv=0xbf91eba4, aAppData=0x95939a8) at /work/mozilla/builds/1.9.1/mozilla/toolkit/xre/nsAppRunner.cpp:3264
#49 0x08048df1 in main (argc=4, argv=0xbf91eba4) at /work/mozilla/builds/1.9.1/mozilla/browser/app/nsBrowserApp.cpp:156
Flags: in-testsuite+
Flags: in-litmus-
|
Assignee | |
Updated•16 years ago
|
Assignee: general → igor
|
Reporter | |
Comment 1•16 years ago
|
||
bisection fingers http://hg.mozilla.org/mozilla-central/rev/13ebc220fad3 bug 459790
Blocks: 459790
|
|
Reporter | |
Comment 2•16 years ago
|
||
mega assert in debug builds:
Assertion failure: (jsuword) (((uint32) ((jsuword) (thing) & ((jsuword) (((JSUint32)1 << (12)) - 1))) / (uint32) (sizeof(JSGCThing)))) < (jsuword) THINGS_PER_ARENA((((JSGCArenaInfo *)(((jsuword) (thing) | ((jsuword) (((JSUint32)1 << (12)) - 1))) + 1 - sizeof(JSGCArenaInfo))))->list->thingSize), at /usr3/work/mozilla/builds/1.9.1/mozilla/js/src/jsgc.cpp:2601
|
||
Comment 3•16 years ago
|
||
Lines 301-302 added in that patch are wrong:
jsval jsexception;
AUTO_MARK_JSVAL(ccx, jsexception);
Here jsexception is used uninitialized; I think it should be
jsval jsexception = JSVAL_NULL;
AUTO_MARK_JSVAL(ccx, &jsexception);
or something.
|
||
Comment 4•16 years ago
|
||
See this bug's dependency-sibling bug 467162 where bent's patch that does exactly what you propose has r+sr and blocking. I'll dupe this forward to the bug that will fix it.
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → DUPLICATE
|
||
Updated•14 years ago
|
Crash Signature: [@ GetGCThingFlags]
You need to log in
before you can comment on or make changes to this bug.
Description
•