Closed
Bug 502497
Opened 15 years ago
Closed 14 years ago
js1_5/Regress/regress-312588.js - Assertion failure: nentries != 0, at js/src/jshash.cpp:225
Categories
(Core :: JavaScript Engine, defect)
Core
JavaScript Engine
Tracking
()
RESOLVED
FIXED
People
(Reporter: bc, Unassigned)
References
()
Details
linux tracemonkey x86_64 browser only so far.
Flags: in-testsuite+
|
Reporter | |
Comment 1•15 years ago
|
||
oops, premature submission. ;-) Assertion failure: nentries != 0, at /work/mozilla/builds/1.9.1-tracemonkey/mozilla/js/src/jshash.cpp:225 js1_5/Regress/regress-312588.js http://test.bclary.com/tests/mozilla.org/js/js-test-driver-standards.html?test=js1_5%2FRegress%2Fregress-312588.js;language=type;text/javascript highmind63, why not just watch general@spidermonkey.bugs ?
|
|
Reporter | |
Comment 2•15 years ago
|
||
windows crashes as well but it is worse.
for (i = 0; nentries != 0; i++) {
for (he = oldbuckets[i]; he; he = next) {
JS_ASSERT(nentries != 0);
--nentries;
=> next = he->next;
hep = BUCKET_HEAD(ht, he->keyHash);
+ he 0xdddddddd {next=??? keyHash=??? key=??? ...} JSHashEntry *
nentries 5 unsigned int
+ next 0xdddddddd {next=??? keyHash=??? key=??? ...} JSHashEntry *
> js3250.dll!Resize(JSHashTable * ht=0x029aafc0, unsigned long newshift=28) Line 227 + 0x3 bytes C++
js3250.dll!JS_HashTableRawRemove(JSHashTable * ht=0x029aafc0, JSHashEntry * * hep=0x029ab02c, JSHashEntry * he=0x02abb1a0) Line 312 + 0x13 bytes C++
js3250.dll!array_toString_sub(JSContext * cx=0x029aad80, JSObject * obj=0x03d71020, int locale=0, JSString * sepstr=0x00000000, int * rval=0x050911d8) Line 1555 + 0x11 bytes C++
js3250.dll!array_toString(JSContext * cx=0x029aad80, unsigned int argc=0, int * vp=0x050911d8) Line 1571 + 0x15 bytes C++
js3250.dll!js_Invoke(JSContext * cx=0x029aad80, unsigned int argc=0, int * vp=0x050911d8, unsigned int flags=0) Line 1247 + 0xf bytes C++
js3250.dll!js_InternalInvoke(JSContext * cx=0x029aad80, JSObject * obj=0x03d71020, int fval=84360984, unsigned int flags=0, unsigned int argc=0, int * argv=0x00000000, int * rval=0x0012ac38) Line 1470 + 0x15 bytes C++
js3250.dll!js_TryMethod(JSContext * cx=0x029aad80, JSObject * obj=0x03d71020, JSAtom * atom=0x0209323c, unsigned int argc=0, int * argv=0x00000000, int * rval=0x0012ac38) Line 5526 + 0x1f bytes C++
js3250.dll!js_DefaultValue(JSContext * cx=0x029aad80, JSObject * obj=0x03d71020, JSType hint=JSTYPE_STRING, int * vp=0x0012ac6c) Line 4742 + 0x22 bytes C++
js3250.dll!js_ValueToStringBuffer(JSContext * cx=0x029aad80, int v=64426016, JSTempVector<unsigned short> & buf={...}) Line 3009 + 0x3a bytes C++
js3250.dll!array_toString_sub(JSContext * cx=0x029aad80, JSObject * obj=0x03d71040, int locale=0, JSString * sepstr=0x00000000, int * rval=0x050911d0) Line 1531 + 0x13 bytes C++
js3250.dll!array_toString(JSContext * cx=0x029aad80, unsigned int argc=0, int * vp=0x050911d0) Line 1571 + 0x15 bytes C++
js3250.dll!js_Invoke(JSContext * cx=0x029aad80, unsigned int argc=0, int * vp=0x050911d0, unsigned int flags=0) Line 1247 + 0xf bytes C++
js3250.dll!js_InternalInvoke(JSContext * cx=0x029aad80, JSObject * obj=0x03d71040, int fval=84360984, unsigned int flags=0, unsigned int argc=0, int * argv=0x00000000, int * rval=0x0012ae7c) Line 1470 + 0x15 bytes C++
js3250.dll!js_TryMethod(JSContext * cx=0x029aad80, JSObject * obj=0x03d71040, JSAtom * atom=0x0209323c, unsigned int argc=0, int * argv=0x00000000, int * rval=0x0012ae7c) Line 5526 + 0x1f bytes C++
js3250.dll!js_DefaultValue(JSContext * cx=0x029aad80, JSObject * obj=0x03d71040, JSType hint=JSTYPE_STRING, int * vp=0x0012aeb0) Line 4742 + 0x22 bytes C++
js3250.dll!js_ValueToStringBuffer(JSContext * cx=0x029aad80, int v=64426048, JSTempVector<unsigned short> & buf={...}) Line 3009 + 0x3a bytes C++
js3250.dll!array_toString_sub(JSContext * cx=0x029aad80, JSObject * obj=0x03d71060, int locale=0, JSString * sepstr=0x00000000, int * rval=0x050911c8) Line 1531 + 0x13 bytes C++
js3250.dll!array_toString(JSContext * cx=0x029aad80, unsigned int argc=0, int * vp=0x050911c8) Line 1571 + 0x15 bytes C++
js3250.dll!js_Invoke(JSContext * cx=0x029aad80, unsigned int argc=0, int * vp=0x050911c8, unsigned int flags=0) Line 1247 + 0xf bytes C++
js3250.dll!js_InternalInvoke(JSContext * cx=0x029aad80, JSObject * obj=0x03d71060, int fval=84360984, unsigned int flags=0, unsigned int argc=0, int * argv=0x00000000, int * rval=0x0012b0c0) Line 1470 + 0x15 bytes C++
js3250.dll!js_TryMethod(JSContext * cx=0x029aad80, JSObject * obj=0x03d71060, JSAtom * atom=0x0209323c, unsigned int argc=0, int * argv=0x00000000, int * rval=0x0012b0c0) Line 5526 + 0x1f bytes C++
js3250.dll!js_DefaultValue(JSContext * cx=0x029aad80, JSObject * obj=0x03d71060, JSType hint=JSTYPE_STRING, int * vp=0x0012b0f4) Line 4742 + 0x22 bytes C++
js3250.dll!js_ValueToStringBuffer(JSContext * cx=0x029aad80, int v=64426080, JSTempVector<unsigned short> & buf={...}) Line 3009 + 0x3a bytes C++
js3250.dll!array_toString_sub(JSContext * cx=0x029aad80, JSObject * obj=0x03d71080, int locale=0, JSString * sepstr=0x00000000, int * rval=0x050911c0) Line 1531 + 0x13 bytes C++
js3250.dll!array_toString(JSContext * cx=0x029aad80, unsigned int argc=0, int * vp=0x050911c0) Line 1571 + 0x15 bytes C++
js3250.dll!js_Invoke(JSContext * cx=0x029aad80, unsigned int argc=0, int * vp=0x050911c0, unsigned int flags=0) Line 1247 + 0xf bytes C++
js3250.dll!js_InternalInvoke(JSContext * cx=0x029aad80, JSObject * obj=0x03d71080, int fval=84360984, unsigned int flags=0, unsigned int argc=0, int * argv=0x00000000, int * rval=0x0012b304) Line 1470 + 0x15 bytes C++
js3250.dll!js_TryMethod(JSContext * cx=0x029aad80, JSObject * obj=0x03d71080, JSAtom * atom=0x0209323c, unsigned int argc=0, int * argv=0x00000000, int * rval=0x0012b304) Line 5526 + 0x1f bytes C++
js3250.dll!js_DefaultValue(JSContext * cx=0x029aad80, JSObject * obj=0x03d71080, JSType hint=JSTYPE_STRING, int * vp=0x0012b338) Line 4742 + 0x22 bytes C++
js3250.dll!js_ValueToStringBuffer(JSContext * cx=0x029aad80, int v=64426112, JSTempVector<unsigned short> & buf={...}) Line 3009 + 0x3a bytes C++
js3250.dll!array_toString_sub(JSContext * cx=0x029aad80, JSObject * obj=0x03d710c0, int locale=0, JSString * sepstr=0x00000000, int * rval=0x050911b8) Line 1531 + 0x13 bytes C++
js3250.dll!array_toString(JSContext * cx=0x029aad80, unsigned int argc=0, int * vp=0x050911b8) Line 1571 + 0x15 bytes C++
js3250.dll!js_Invoke(JSContext * cx=0x029aad80, unsigned int argc=0, int * vp=0x050911b8, unsigned int flags=0) Line 1247 + 0xf bytes C++
js3250.dll!js_InternalInvoke(JSContext * cx=0x029aad80, JSObject * obj=0x03d710c0, int fval=84360984, unsigned int flags=0, unsigned int argc=0, int * argv=0x00000000, int * rval=0x0012b548) Line 1470 + 0x15 bytes C++
js3250.dll!js_TryMethod(JSContext * cx=0x029aad80, JSObject * obj=0x03d710c0, JSAtom * atom=0x0209323c, unsigned int argc=0, int * argv=0x00000000, int * rval=0x0012b548) Line 5526 + 0x1f bytes C++
js3250.dll!js_DefaultValue(JSContext * cx=0x029aad80, JSObject * obj=0x03d710c0, JSType hint=JSTYPE_STRING, int * vp=0x0012b57c) Line 4742 + 0x22 bytes C++
js3250.dll!js_ValueToStringBuffer(JSContext * cx=0x029aad80, int v=64426176, JSTempVector<unsigned short> & buf={...}) Line 3009 + 0x3a bytes C++
js3250.dll!array_toString_sub(JSContext * cx=0x029aad80, JSObject * obj=0x03d710e0, int locale=0, JSString * sepstr=0x00000000, int * rval=0x050911b0) Line 1531 + 0x13 bytes C++
js3250.dll!array_toString(JSContext * cx=0x029aad80, unsigned int argc=0, int * vp=0x050911b0) Line 1571 + 0x15 bytes C++
js3250.dll!js_Invoke(JSContext * cx=0x029aad80, unsigned int argc=0, int * vp=0x050911b0, unsigned int flags=0) Line 1247 + 0xf bytes C++
js3250.dll!js_InternalInvoke(JSContext * cx=0x029aad80, JSObject * obj=0x03d710e0, int fval=84360984, unsigned int flags=0, unsigned int argc=0, int * argv=0x00000000, int * rval=0x0012b78c) Line 1470 + 0x15 bytes C++
js3250.dll!js_TryMethod(JSContext * cx=0x029aad80, JSObject * obj=0x03d710e0, JSAtom * atom=0x0209323c, unsigned int argc=0, int * argv=0x00000000, int * rval=0x0012b78c) Line 5526 + 0x1f bytes C++
js3250.dll!js_DefaultValue(JSContext * cx=0x029aad80, JSObject * obj=0x03d710e0, JSType hint=JSTYPE_STRING, int * vp=0x0012b7c0) Line 4742 + 0x22 bytes C++
js3250.dll!js_ValueToStringBuffer(JSContext * cx=0x029aad80, int v=64426208, JSTempVector<unsigned short> & buf={...}) Line 3009 + 0x3a bytes C++
js3250.dll!array_toString_sub(JSContext * cx=0x029aad80, JSObject * obj=0x03d71100, int locale=0, JSString * sepstr=0x00000000, int * rval=0x050911a8) Line 1531 + 0x13 bytes C++
js3250.dll!array_toString(JSContext * cx=0x029aad80, unsigned int argc=0, int * vp=0x050911a8) Line 1571 + 0x15 bytes C++
js3250.dll!js_Invoke(JSContext * cx=0x029aad80, unsigned int argc=0, int * vp=0x050911a8, unsigned int flags=0) Line 1247 + 0xf bytes C++
js3250.dll!js_InternalInvoke(JSContext * cx=0x029aad80, JSObject * obj=0x03d71100, int fval=84360984, unsigned int flags=0, unsigned int argc=0, int * argv=0x00000000, int * rval=0x0012b9d0) Line 1470 + 0x15 bytes C++
js3250.dll!js_TryMethod(JSContext * cx=0x029aad80, JSObject * obj=0x03d71100, JSAtom * atom=0x0209323c, unsigned int argc=0, int * argv=0x00000000, int * rval=0x0012b9d0) Line 5526 + 0x1f bytes C++
js3250.dll!js_DefaultValue(JSContext * cx=0x029aad80, JSObject * obj=0x03d71100, JSType hint=JSTYPE_STRING, int * vp=0x0012ba04) Line 4742 + 0x22 bytes C++
js3250.dll!js_ValueToStringBuffer(JSContext * cx=0x029aad80, int v=64426240, JSTempVector<unsigned short> & buf={...}) Line 3009 + 0x3a bytes C++
js3250.dll!array_toString_sub(JSContext * cx=0x029aad80, JSObject * obj=0x03d71120, int locale=0, JSString * sepstr=0x00000000, int * rval=0x050911a0) Line 1531 + 0x13 bytes C++
js3250.dll!array_toString(JSContext * cx=0x029aad80, unsigned int argc=0, int * vp=0x050911a0) Line 1571 + 0x15 bytes C++
js3250.dll!js_Invoke(JSContext * cx=0x029aad80, unsigned int argc=0, int * vp=0x050911a0, unsigned int flags=0) Line 1247 + 0xf bytes C++
js3250.dll!js_InternalInvoke(JSContext * cx=0x029aad80, JSObject * obj=0x03d71120, int fval=84360984, unsigned int flags=0, unsigned int argc=0, int * argv=0x00000000, int * rval=0x0012bc14) Line 1470 + 0x15 bytes C++
js3250.dll!js_TryMethod(JSContext * cx=0x029aad80, JSObject * obj=0x03d71120, JSAtom * atom=0x0209323c, unsigned int argc=0, int * argv=0x00000000, int * rval=0x0012bc14) Line 5526 + 0x1f bytes C++
js3250.dll!js_DefaultValue(JSContext * cx=0x029aad80, JSObject * obj=0x03d71120, JSType hint=JSTYPE_STRING, int * vp=0x0012bc44) Line 4742 + 0x22 bytes C++
js3250.dll!js_ValueToString(JSContext * cx=0x029aad80, int v=64426272) Line 2974 + 0x3a bytes C++
js3250.dll!array_sort(JSContext * cx=0x029aad80, unsigned int argc=0, int * vp=0x0012bcf0) Line 2243 + 0xd bytes C++
05893f90()
js3250.dll!js_ExecuteTree(JSContext * cx=0x0012c5b4, nanojit::Fragment * f=0x0012e5bc, unsigned int & inlineCallCount=1, VMSideExit * * innermostNestedGuardp=0x0012e5b4) Line 5162 + 0xb bytes C++OS: Linux → All
Hardware: x86_64 → All
|
|
Reporter | |
Comment 3•15 years ago
|
||
I realize this is a horrible regression range, but I've broken my bisect.sh script temporarily. Hopefully it helps a little. http://hg.mozilla.org/tracemonkey/pushloghtml?fromchange=d45b327f7808&tochange=ee7466ccb7f1
|
|
Reporter | |
Comment 4•15 years ago
|
||
probably a dupe of bug 501834
Let's say it's a dup, yeah.
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•