Closed
Bug 503817
Opened 16 years ago
Closed 16 years ago
Assertion failure: original == thisv || original == OBJECT_TO_JSVAL(obj)
Categories
(Core :: JavaScript Engine, defect)
Core
JavaScript Engine
Tracking
()
RESOLVED
FIXED
| Tracking | Status | |
|---|---|---|
| status1.9.2 | --- | beta1-fixed |
| blocking1.9.1 | --- | .2+ |
| status1.9.1 | --- | .2-fixed |
People
(Reporter: bc, Assigned: mrbkap)
References
()
Details
(Keywords: assertion, testcase, verified1.9.1, Whiteboard: fixed-in-tracemonkey)
Attachments
(2 files, 2 obsolete files)
|
277 bytes,
text/plain
|
Details | |
|
1.78 KB,
patch
|
gal
:
review+
samuel.sidler+old
:
approval1.9.1.2+
|
Details | Diff | Splinter Review |
Assertion failure: original == thisv || original == OBJECT_TO_JSVAL(obj), at /work/mozilla/builds/1.9.1-tracemonkey/mozilla/js/src/jstracer.cpp:7812
1. load http://www.movenetworks.com/
2. resize page
3. assert
repro on 1.9.1, 1.9.2 and tracemonkey mac/windows.
Flags: blocking1.9.2?
Flags: blocking1.9.1.1?
|
||
Updated•16 years ago
|
Flags: blocking1.9.2? → blocking1.9.2+
|
||
Comment 1•16 years ago
|
||
(In reply to comment #0)
> Assertion failure: original == thisv || original == OBJECT_TO_JSVAL(obj), at
> /work/mozilla/builds/1.9.1-tracemonkey/mozilla/js/src/jstracer.cpp:7812
>
> 1. load http://www.movenetworks.com/
> 2. resize page
> 3. assert
>
> repro on 1.9.1, 1.9.2 and tracemonkey mac/windows.
Could not reproduce on XP and OSX
Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.2a1pre) Gecko/20090712 Minefield/3.6a1pre
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2a1pre) Gecko/20090712 Minefield/3.6a1pre
1. Visited page.
2. Did a drag resize and a resizeTo(x,x)
No crash
|
Reporter | |
Comment 2•16 years ago
|
||
does not crash opt/nightly builds. You need a debug build to reproduce this.
|
|
||
Comment 3•16 years ago
|
||
(In reply to comment #2)
> does not crash opt/nightly builds. You need a debug build to reproduce this.
JS_Assert (s=0x85 <Address 0x85 out of bounds>, file=0x85 <Address 0x85 out of bounds>, ln=133) at /Users/mozilla/mozilla-central/js/src/jsutil.cpp:69
#0 JS_Assert (s=0x85 <Address 0x85 out of bounds>, file=0x85 <Address 0x85 out of bounds>, ln=133) at /Users/mozilla/mozilla-central/js/src/jsutil.cpp:69
#1 0x00391eb0 in TraceRecorder::getThis (this=0x15de1d60, this_ins=@0xbfffc78c) at /Users/mozilla/mozilla-central/js/src/jstracer.cpp:7737
#2 0x0039f792 in TraceRecorder::record_JSOP_THIS () at /Users/mozilla/mozilla-central/js/src/jstracer.cpp:10195
#3 0x0039f792 in TraceRecorder::monitorRecording (cx=0x95e600, tr=0x15de1d60, op=JSOP_THIS) at /Users/mozilla/mozilla-central/js/src/jstracer.cpp:186
#4 0x0029fde5 in js_Interpret (cx=0x95e600) at /Users/mozilla/mozilla-central/js/src/jsinterp.cpp:3107
#5 0x002c7bbb in js_Invoke (cx=0x95e600, argc=1, vp=0xc47820, flags=32) at jsinterp.cpp:1397
#6 0x11e47d7f in nsXPCWrappedJSClass::CallMethod (this=0x126ecdb0, wrapper=0x15d25860, methodIndex=3, info=0xa394a0, nativeParams=0xbfffd19c) at /Users/mozilla/mozilla-central/js/src/xpconnect/src/xpcwrappedjsclass.cpp:1647
#7 0x11e3d4c3 in nsXPCWrappedJS::CallMethod (this=0x15d25860, methodIndex=3, info=0xa394a0, params=0xbfffd19c) at /Users/mozilla/mozilla-central/js/src/xpconnect/src/xpcwrappedjs.cpp:570
#8 0x00509e87 in PrepareAndDispatch (self=0x15d24700, methodIndex=<value temporarily unavailable, due to optimizations>, args=0xbfffd284) at /Users/mozilla/mozilla-central/xpcom/reflect/xptcall/src/md/unix/xptcstubs_unixish_x86.cpp:93
#9 0x00504f56 in nsXPTCStubBase::Stub3 (this=0x15d24700) at xptcstubsdef.inc:1
...
|
|
||
Comment 4•16 years ago
|
||
reduction v1
|
||
Updated•16 years ago
|
|
|
||
Comment 6•16 years ago
|
||
That's a great partially reduced testcase, Aaron.
Attachment #388190 -
Attachment is obsolete: true
|
|
||
Comment 7•16 years ago
|
||
(In reply to comment #6)
> Created an attachment (id=388198) [details]
> fully reduced testcase
To reproduce (at least on Ubuntu), open the page, then manually click-drag-resize to hit the assert.
|
|
Reporter | |
Comment 8•16 years ago
|
||
Another site: http://sports.espn.go.com/broadband/espn360/player
|
||
Updated•16 years ago
|
Assignee: general → gal
|
Assignee | |
Comment 9•16 years ago
|
||
Are we there yet?
|
|
||
Updated•16 years ago
|
Attachment #388374 -
Flags: review?(gal) → review+
|
|
Assignee | |
Comment 10•16 years ago
|
||
Whiteboard: fixed-in-tracemonkey
|
|
||
Comment 11•16 years ago
|
||
Status: ASSIGNED → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
|
||
Updated•16 years ago
|
blocking1.9.1: --- → .2+
Flags: blocking1.9.1.1? → blocking1.9.1.1-
|
|
||
Comment 12•16 years ago
|
||
Comment on attachment 388374 [details] [diff] [review]
Proposed fix
Please mark this for approval1.9.1.2? if it's ready to go in for Firefox 3.5.2
|
|
||
Updated•16 years ago
|
Attachment #388374 -
Flags: approval1.9.1.2?
|
||
Comment 13•16 years ago
|
||
Comment on attachment 388374 [details] [diff] [review]
Proposed fix
Approved for 1.9.1.2. a=ss for release-drivers
Attachment #388374 -
Flags: approval1.9.1.2? → approval1.9.1.2+
|
|
Assignee | |
Comment 14•16 years ago
|
||
sayrer apparently pushed this a while ago: http://hg.mozilla.org/releases/mozilla-1.9.1/rev/299366f80d9f (http://hg.mozilla.org/releases/mozilla-1.9.1/pushloghtml?changeset=299366f80d9f).
status1.9.1:
--- → .2-fixed
|
|
||
Comment 16•16 years ago
|
||
Mass change: adding fixed1.9.2 keyword
(This bug was identified as a mozilla1.9.2 blocker which was fixed before the mozilla-1.9.2 repository was branched (August 13th, 2009) as per this query: http://is.gd/2ydcb - if this bug is not actually fixed on mozilla1.9.2, please remove the keyword. Apologies for the bugspam)
Keywords: fixed1.9.2
|
|
||
Updated•16 years ago
|
status1.9.2:
--- → beta1-fixed
Keywords: fixed1.9.2
|
||
Comment 17•12 years ago
|
||
Filter on qa-project-auto-change:
Bug in removed tracer code, setting in-testsuite- flag.
Flags: in-testsuite-
You need to log in
before you can comment on or make changes to this bug.
Description
•