Closed Bug 487676 Opened 15 years ago Closed 15 years ago

Nesting deep-aborting trace calls don't work

Categories

(Core :: JavaScript Engine, defect)

Other Branch
defect
Not set
normal

Tracking

()

RESOLVED FIXED

People

(Reporter: jorendorff, Assigned: jorendorff)

Details

(Keywords: fixed1.9.1, Whiteboard: fixed-in-tracemonkey)

Attachments

(1 file, 1 obsolete file)

function loop() {
    for (var i = 0; i < 4; i++)
        ;
}
loop();

var _quit = false;
function f() {
    loop();
    _quit = true;
}
var stk = [[1], [], [], [], []];
while (!_quit)
    stk.pop().forEach(f);


Without JIT, this program runs fine.  With JIT, it asserts in debug, and in release behaves as if _quit never becomes true ("TypeError: stk.pop() is undefined").

The assertion is:
#0  JS_Assert (s=0x1aff82 "cx->builtinStatus == 0", file=0x1aeb55 "../jstracer.cpp", ln=3974) at ../jsutil.cpp:69
#1  0x00133607 in js_ExecuteTree (cx=0x30bcc0, f=0x30dc70, inlineCallCount=@0xbfffc0c8, innermostNestedGuardp=0xbfffbc74) at ../jstracer.cpp:3974
#2  0x0014cf95 in js_MonitorLoopEdge (cx=0x30bcc0, inlineCallCount=@0xbfffc0c8) at ../jstracer.cpp:4386
#3  0x00073381 in js_Interpret (cx=0x30bcc0) at ../jsinterp.cpp:3796
#4  0x0009683a in js_Invoke (cx=0x30bcc0, argc=3, vp=0x814844, flags=0) at jsinterp.cpp:1388
#5  0x00029347 in array_extra (cx=0x30bcc0, mode=FOREACH, argc=3, vp=0xbfffc6b8) at ../jsarray.cpp:3054
#6  0x000295d6 in array_forEach (cx=0x30bcc0, argc=1, vp=0xbfffc6b8) at ../jsarray.cpp:3110
#7  0x00287f43 in ?? ()
#8  0xbfffecf8 in ?? ()
#9  0x0014cf95 in js_MonitorLoopEdge (cx=0x30bcc0, inlineCallCount=@0xbffff188) at ../jstracer.cpp:4386
#10 0x0006b62a in js_Interpret (cx=0x30bcc0) at ../jsinterp.cpp:3196
#11 0x00095175 in js_Execute (cx=0x30bcc0, chain=0x2c3000, script=0x30db90, down=0x0, flags=0, result=0x0) at jsinterp.cpp:1614
#12 0x0001b55e in JS_ExecuteScript (cx=0x30bcc0, obj=0x2c3000, script=0x30db90, rval=0x0) at ../jsapi.cpp:5074
#13 0x000083b9 in Process (cx=0x30bcc0, obj=0x2c3000, filename=0xbffff94b "crasher.js", forceTTY=0) at ../../shell/js.cpp:412
#14 0x00009bee in ProcessArgs (cx=0x30bcc0, obj=0x2c3000, argv=0xbffff86c, argc=2) at ../../shell/js.cpp:806
#15 0x0000b07d in main (argc=2, argv=0xbffff86c, envp=0xbffff878) at ../../shell/js.cpp:4755
Flags: blocking1.9.1?
Attached patch v1 (obsolete) — Splinter Review
So, this moves builtinStatus from cx to InterpState.  That way I don't have to do any thinking.

It works.
Assignee: general → jorendorff
Attachment #371941 - Flags: review?(gal)
Comment on attachment 371941 [details] [diff] [review]
v1

This wants a macro for future changes.
Attachment #371941 - Flags: review?(gal) → review+
Attached patch v2, for check-inSplinter Review
Defined an inline function, and an extern for use by qsgen.py. :-P
Attachment #371941 - Attachment is obsolete: true
http://hg.mozilla.org/tracemonkey/rev/162de46bc0f2
Whiteboard: fixed-in-tracemonkey
http://hg.mozilla.org/mozilla-central/rev/162de46bc0f2
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
Flags: blocking1.9.1? → blocking1.9.1+
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: