Closed
Bug 586450
Opened 14 years ago
Closed 14 years ago
Assert that we only create a small subset of things in the default compartment
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: mrbkap, Assigned: gwagner)
References
Details
(Whiteboard: [compartments])
Attachments
(2 files, 1 obsolete file)
|
6.94 KB,
patch
|
Details | Diff | Splinter Review | |
|
29.59 KB,
patch
|
Details | Diff | Splinter Review |
No description provided.
|
Assignee | |
Comment 1•14 years ago
|
||
thats the first thing I see for the defaultcompartment when I start the browser:
Assertion failure: (thingKind == js::gc::FINALIZE_STRING) || (thingKind == js::gc::FINALIZE_SHORT_STRING), at /Users/idefix2/moz/ws5/js/src/jsgcinlines.h:65
Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_INVALID_ADDRESS at address: 0x0000000000000000
0x0000000104b10899 in JS_Assert (s=0x104bd3260 "(thingKind == js::gc::FINALIZE_STRING) || (thingKind == js::gc::FINALIZE_SHORT_STRING)", file=0x104bd3208 "/Users/idefix2/moz/ws5/js/src/jsgcinlines.h", ln=65) at /Users/idefix2/moz/ws5/js/src/jsutil.cpp:80
80 *((int *) NULL) = 0; /* To continue from here in GDB: "return" then "continue". */
(gdb) bt
#0 0x0000000104b10899 in JS_Assert (s=0x104bd3260 "(thingKind == js::gc::FINALIZE_STRING) || (thingKind == js::gc::FINALIZE_SHORT_STRING)", file=0x104bd3208 "/Users/idefix2/moz/ws5/js/src/jsgcinlines.h", ln=65) at /Users/idefix2/moz/ws5/js/src/jsutil.cpp:80
#1 0x0000000104b0845a in NewFinalizableGCThing<JSObject> (cx=0x10682f4c0, compartment=0x10682c760, thingKind=0) at jsgcinlines.h:63
#2 0x0000000104a5dfbe in js_NewGCObject (cx=0x10682f4c0, comp=0x10682c760) at jsgcinlines.h:92
#3 0x00000001049a266b in js::detail::NewObject<true, false> (cx=0x10682f4c0, clasp=0x1023fd#3 0x00000001049a266b in js::detail::NewObject<true, false> (cx=0x10682f4c0, clasp=0x1023fde80, proto=0x0, parent=0x0) at jsobjinlines.h:704
#4 0x00000001049a274e in js::NewNonFunction<(js::WithProto::e)1> (cx=0x10682f4c0, clasp=0x1023fde80, proto=0x0, parent=0x0) at jsobjinlines.h:743
#5 0x00000001049a2a04 in JS_NewGlobalObject (cx=0x10682f4c0, clasp=0x1023fde80) at /Users/idefix2/moz/ws5/js/src/jsapi.cpp:2905
#6 0x0000000100e14f7d in XPCJSContextStack::GetSafeJSContext (this=0x10682f0c0, aSafeJSContext=0x7fff5fbfdf98) at /Users/idefix2/moz/ws5/js/src/xpconnect/src/xpcthreadcontext.cpp:258
#7 0x0000000100dd64e1 in nsXPConnect::GetSafeJSContext (this=0x10682b8f0, aSafeJSContext=0x7fff5fbfdf98) at /Users/idefix2/moz/ws5/js/src/xpconnect/src/nsXPConnect.cpp:2706
#8 0x0000000100abcbda in nsScriptSecurityManager::GetSafeJSContext (this=0x10682ebf0) at /Users/idefix2/moz/ws5/caps/src/nsScriptSecurityManager.cpp:332
#9 0x0000000100ac5a4b in nsScriptSecurityManager::Init (this=0x10682ebf0) at /Users/idefix2/moz/ws5/caps/src/nsScriptSecurityManager.cpp:3365
#10 0x0000000100ac5fc2 in nsScriptSecurityManager::GetScriptSecurityManager () at /Users/idefix2/moz/ws5/caps/src/nsScriptSecurityManager.cpp:3459
#11 0x00000001005b0b9e in nsContentUtils::Init () at /Users/idefix2/moz/ws5/content/base/src/nsContentUtils.cpp:446
#12 0x000000010028216a in nsLayoutStatics::Initialize () at /Users/idefix2/moz/ws5/layout/build/nsLayoutStatics.cpp:169
#13 0x000000010027d518 in Initialize () at /Users/idefix2/moz/ws5/layout/build/nsLayoutModule.cpp:386
#14 0x000000010153348e in nsComponentManagerImpl::KnownModule::Load (this=0x1054263b0) at /Users/idefix2/moz/ws5/xpcom/components/nsComponentManager.cpp:962
#15 0x0000000101533543 in nsFactoryEntry::GetFactory (this=0x1054263f0) at /Users/idefix2/moz/ws5/xpcom/components/nsComponentManager.cpp:1942
#16 0x000000010153383a in nsComponentManagerImpl::CreateInstanceByContractID (this=0x105418760, aContractID=0x101995018 "@mozilla.org/js/xpc/XPConnect;1", aDelegate=0x0, aIID=@0x101a81e00, aResult=0x7fff5fbfe420) at /Users/idefix2/moz/ws5/xpcom/components/nsComponentManager.cpp:1304
#17 0x0000000101532599 in nsComponentManagerImpl::GetServiceByContractID (this=0x105418760, aContractID=0x101995018 "@mozilla.org/js/xpc/XPConnect;1", aIID=@0x101a81e00, result=0x7fff5fbfe538) at /Users/idefix2/moz/ws5/xpcom/components/nsComponentManager.cpp:1670
#18 0x00000001014c1647 in CallGetService (aContractID=0x101995018 "@mozilla.org/js/xpc/XPConnect;1", aIID=@0x101a81e00, aResult=0x7fff5fbfe538) at nsComponentManagerUtils.cpp:94
#19 0x00000001014c16dc in nsGetServiceByContractID::operator() (this=0x7fff5fbfe520, aIID=@0x101a81e00, aInstancePtr=0x7fff5fbfe538) at nsComponentManagerUtils.cpp:278
#20 0x00000001014dec33 in nsCOMPtr<nsIXPConnect>::assign_from_gs_contractid (this=0x7fff5fbfecd0, gs={mContractID = 0x101995018 "@mozilla.org/js/xpc/XPConnect;1"}, aIID=@0x101a81e00) at nsCOMPtr.h:1252
#21 0x00000001014dec82 in nsCOMPtr<nsIXPConnect>::operator= (this=0x7fff5fbfecd0, rhs={mContractID = 0x101995018 "@mozilla.org/js/xpc/XPConnect;1"}) at nsCOMPtr.h:713
#22 0x00000001014db255 in nsChromeRegistry::ManifestProcessingContext::GetXPConnect (this=0x7fff5fbfecb0) at /Users/idefix2/moz/ws5/chrome/src/nsChromeRegistryChrome.cpp:817
#23 0x00000001014dca1a in nsChromeRegistryChrome::ManifestContent (this=0x1068143f0, cx=@0x7fff5fbfecb0, lineno=1, argv=0x7fff5fbfeab0, platform=false, contentaccessible=true) at /Users/idefix2/moz/ws5/chrome/src/nsChromeRegistryChrome.cpp:884
#24 0x000000010153bd49 in ParseManifestCommon (aType=NS_COMPONENT_LOCATION, aFile=0x1068137e0, mgrcx=@0x7fff5fbfece0, chromecx=@0x7fff5fbfecb0, aPath=0x0, buf=0x1060c4c00 "content", aChromeOnly=false) at /Users/idefix2/moz/ws5/xpcom/components/ManifestParser.cpp:620
#25 0x000000010153c00d in ParseManifest (type=NS_COMPONENT_LOCATION, file=0x1068137e0, buf=0x1060c4c00 "content", aChromeOnly=false) at /Users/idefix2/moz/ws5/xpcom/components/ManifestParser.cpp:648
#26 0x000000010153324c in nsComponentManagerImpl::RegisterManifestFile (this=0x105418760, aType=NS_COMPONENT_LOCATION, aFile=0x1068137e0, aChromeOnly=false) at /Users/idefix2/moz/ws5/xpcom/components/nsComponentManager.cpp:677
#27 0x00000001015340df in nsComponentManagerImpl::RegisterLocation (this=0x105418760, aType=NS_COMPONENT_LOCATION, aLocation=0x105419670, aChromeOnly=false) at /Users/idefix2/moz/ws5/xpcom/components/nsComponentManager.cpp:548
#28 0x0000000101535c82 in nsComponentManagerImpl::Init (this=0x105418760) at /Users/idefix2/moz/ws5/xpcom/components/nsComponentManager.cpp:415
#29 0x00000001014d517c in NS_InitXPCOM2_P (result=0x7fff5fbff4d0, binDirectory=0x105415ba0, appFileLocationProvider=0x7fff5fbff2a0) at /Users/idefix2/moz/ws5/xpcom/build/nsXPComInit.cpp:497
#30 0x000000010002422a in ScopedXPCOMStartup::Initialize (this=0x7fff5fbff4d0) at /Users/idefix2/moz/ws5/toolkit/xre/nsAppRunner.cpp:1200
#31 0x000000010002ab2b in XRE_main (argc=1, argv=0x7fff5fbff8b8, aAppData=0x105415b30) at /Users/idefix2/moz/ws5/toolkit/xre/nsAppRunner.cpp:3437
#32 0x00000001000011e9 in main (argc=1, argv=0x7fff5fbff8b8) at /Users/idefix2/moz/ws5/browser/app/nsBrowserApp.cpp:158
|
|
Assignee | |
Comment 2•14 years ago
|
||
for a multithreaded shell with jsapi-tests:
testSetPropertyWithNativeGetterStubSetter
Assertion failure: (thingKind == js::gc::FINALIZE_STRING) || (thingKind == js::gc::FINALIZE_SHORT_STRING), at ../jsgcinlines.h:65
Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_INVALID_ADDRESS at address: 0x0000000000000000
0x000000010017f5b5 in JS_Assert (s=0x100214be8 "(thingKind == js::gc::FINALIZE_STRING) || (thingKind == js::gc::FINALIZE_SHORT_STRING)", file=0x10022a6a0 "../jsgcinlines.h", ln=65) at ../jsutil.cpp:80
80 *((int *) NULL) = 0; /* To continue from here in GDB: "return" then "continue". */
(gdb) bt
#0 0x000000010017f5b5 in JS_Assert (s=0x100214be8 "(thingKind == js::gc::FINALIZE_STRING) || (thingKind == js::gc::FINALIZE_SHORT_STRING)", file=0x10022a6a0 "../jsgcinlines.h", ln=65) at ../jsutil.cpp:80
#1 0x000000010014512d in NewFinalizableGCThing<JSObject> (cx=0x1018015b0, thingKind=0) at jsgcinlines.h:63
#2 0x0000000100176bc2 in js_NewGCObject (cx=0x1018015b0, comp=0x100611140) at jsgcinlines.h:92
#3 0x0000000100011843 in js::detail::NewObject<true, false> (cx=0x1018015b0, clasp=0x1002b6b80, proto=0x0, parent=0x0) at jsobjinlines.h:704
#4 0x0000000100011926 in js::NewNonFunction<(js::WithProto::e)1> (cx=0x1018015b0, clasp=0x1002b6b80, proto=0x0, parent=0x0) at jsobjinlines.h:743
#5 0x0000000100011bdc in JS_NewGlobalObject (cx=0x1018015b0, clasp=0x1002b6b80) at ../jsapi.cpp:2905
#6 0x0000000100004cd8 in JSAPITest::createGlobal (this=0x1002eb7e0) at tests.h:276
#7 0x0000000100005765 in JSAPITest::init (this=0x1002eb7e0) at tests.h:132
#8 0x000000010000400a in main (argc=1, argv=0x7fff5fbff910) at ../../jsapi-tests/tests.cpp:57
|
||
Updated•14 years ago
|
Assignee: general → anygregor
Whiteboard: [compartments]
|
|
Assignee | |
Comment 3•14 years ago
|
||
We might want to combine the new lock and the atoms lock later.
|
||
Comment 4•14 years ago
|
||
Comment on attachment 465403 [details] [diff] [review]
patch
"later" == never, or so far in the future that the cost of changing things is too high.
We should not be serializing GC with a mutex (PRLock). That means CPUs spinning for way too many cycles.
Why not rename the defaultCompartment the globalAtomCompartment and use the atom table lock to serialize allocations from it? No good will come of generalizing.
/be
|
|
Assignee | |
Comment 5•14 years ago
|
||
The patch was only for assertion hunting and "later" was definitely before landing :)
The new version uses the atomstate lock to lock the default compartment.
Maybe it needs a new name now.
Attachment #465403 -
Attachment is obsolete: true
|
|
Assignee | |
Comment 6•14 years ago
|
||
another place where we allocate objects in the default compartment:
#3 0x0000000104a530cd in BeginGCSession (cx=0x106b4bfa0) at /Users/idefix2/moz/ws3/js/src/jsgc.cpp:2894
#4 0x0000000104a57483 in GCUntilDone (cx=0x106b4bfa0, gckind=GC_LOCK_HELD) at /Users/idefix2/moz/ws3/js/src/jsgc.cpp:2961
#5 0x0000000104a576d4 in js_GC (cx=0x106b4bfa0, gckind=GC_LOCK_HELD) at /Users/idefix2/moz/ws3/js/src/jsgc.cpp:3043
#6 0x0000000104a58ab0 in RefillFinalizableFreeList<JSObject> (cx=0x106b4bfa0, thingKind=0) at /Users/idefix2/moz/ws3/js/src/jsgc.cpp:1398
#7 0x0000000104aba47b in NewFinalizableGCThing<JSObject> (cx=0x106b4bfa0, thingKind=0) at jsgcinlines.h:81
#8 0x0000000104aba4b2 in js_NewGCObject (cx=0x106b4bfa0, comp=0x106b36960) at jsgcinlines.h:93
#9 0x00000001049db883 in js::detail::NewObject<false, false> (cx=0x106b4bfa0, clasp=0x1024167c0, proto=0x1215b7288, parent=0x118adcd80) at jsobjinlines.h:704
#10 0x00000001049db96e in js::NewNonFunction<(js::WithProto::e)0> (cx=0x106b4bfa0, clasp=0x1024167c0, proto=0x1215b7288, parent=0x118adcd80) at jsobjinlines.h:743
#11 0x00000001049dbbbc in JS_NewObject (cx=0x106b4bfa0, jsclasp=0x1024167c0, proto=0x1215b7288, parent=0x118adcd80) at /Users/idefix2/moz/ws3/js/src/jsapi.cpp:2942
#12 0x0000000100e3cf9b in xpc_NewSystemInheritingJSObject (cx=0x106b4bfa0, clasp=0x1024167c0, proto=0x1215b7288, parent=0x118adcd80) at xpcinlines.h:739
#13 0x0000000100e344a0 in XPCWrappedNative::Init (this=0x11a826120, ccx=@0x7fff5fbfad80, parent=0x118adcd80, isGlobal=0, sci=0x7fff5fbfa7f0) at /Users/idefix2/moz/ws3/js/src/xpconnect/src/xpcwrappednative.cpp:1164
#14 0x0000000100e395eb in XPCWrappedNative::GetNewOrUsed (ccx=@0x7fff5fbfad80, Object=0x11a823fa0, Scope=0x1055761a0, Interface=0x11a827540, cache=0x0, isGlobal=0, resultWrapper=0x7fff5fbfaad0) at /Users/idefix2/moz/ws3/js/src/xpconnect/src/xpcwrappednative.cpp:581
#15 0x0000000100e08600 in XPCConvert::NativeInterface2JSObject (lccx=@0x7fff5fbfac40, d=0x7fff5fbfac30, dest=0x7fff5fbfaec0, src=0x11a823fa0, iid=0x107028e20, Interface=0x0, cache=0x0, scope=0x12771ff30, allowNativeWrapper=0, isGlobal=0, pErr=0x7fff5fbfabbc, aHelper=0x0) at /Users/idefix2/moz/ws3/js/src/xpconnect/src/xpcconvert.cpp:1237
#16 0x0000000100de6571 in NativeInterface2JSObject (lccx=@0x7fff5fbfac40, aScope=0x12771ff30, aCOMObj=0x11a823fa0, aCache=0x0, aIID=0x107028e20, aAllowWrapping=0, aVal=0x7fff5fbfac30, aHolder=0x7fff5fbfaec0) at /Users/idefix2/moz/ws3/js/src/xpconnect/src/nsXPConnect.cpp:1255
#17 0x0000000100de6953 in nsXPConnect::WrapNative (this=0x105620450, aJSContext=0x106b4bfa0, aScope=0x12771ff30, aCOMObj=0x11a823fa0, aIID=@0x107028e20, aHolder=0x7fff5fbfaec0) at /Users/idefix2/moz/ws3/js/src/xpconnect/src/nsXPConnect.cpp:1289
#18 0x0000000100e13fa0 in nsJSCID::GetService (this=0x127658010, _retval=0x7fff5fbfb1c0) at /Users/idefix2/moz/ws3/js/src/xpconnect/src/xpcjsid.cpp:852
#19 0x000000010156b5cd in NS_InvokeByIndex_P (that=0x127658010, methodIndex=11, paramCount=1, params=0x7fff5fbfb1c0) at /Users/idefix2/moz/ws3/xpcom/reflect/xptcall/src/md/unix/xptcinvoke_x86_64_unix.cpp:208
#20 0x0000000100e3d8f1 in CallMethodHelper::Invoke (this=0x7fff5fbfb180) at /Users/idefix2/moz/ws3/js/src/xpconnect/src/xpcwrappednative.cpp:3073
#21 0x0000000100e40501 in CallMethodHelper::Call (this=0x7fff5fbfb180) at /Users/idefix2/moz/ws3/js/src/xpconnect/src/xpcwrappednative.cpp:2340
#22 0x0000000100e39a92 in XPCWrappedNative::CallMethod (ccx=@0x7fff5fbfb410, mode=XPCWrappedNative::CALL_METHOD) at /Users/idefix2/moz/ws3/js/src/xpconnect/src/xpcwrappednative.cpp:2304
#23 0x0000000100e45acb in XPC_WN_CallMethod (cx=0x106b4bfa0, obj=0x12771ff30, argc=1, argv=0x117b061a0, vp=0x117b061f0) at /Users/idefix2/moz/ws3/js/src/xpconnect/src/xpcwrappednativejsops.cpp:1738
#24 0x0000000104a9411b in js::callJSNative (cx=0x106b4bfa0, native=0x100e4581d <XPC_WN_CallMethod(JSContext*, JSObject*, unsigned int, jsval_layout*, jsval_layout*)>, thisobj=0x12771ff30, argc=1, argv=0x117b061a0, rval=0x117b061f0) at jscntxtinlines.h:554
#25 0x0000000104a900b8 in js::InvokeCommon<int (*)(JSContext*, JSObject*, unsigned int, js::Value*, js::Value*)> (cx=0x106b4bfa0, fun=0x118a1df00, script=0x0, native=0x100e4581d <XPC_WN_CallMethod(JSContext*, JSObject*, unsigned int, jsval_layout*, jsval_layout*)>, argsRef=@0x7fff5fbfba20, flags=2) at jsinterp.cpp:562
#26 0x0000000104a92b8a in js::Invoke (cx=0x106b4bfa0, args=@0x7fff5fbfba20, flags=2) at jsinterp.cpp:695
#27 0x0000000104a7cf51 in js::Interpret (cx=0x106b4bfa0) at /Users/idefix2/moz/ws3/js/src/jsinterp.cpp:4711
#28 0x0000000104a9013e in js::InvokeCommon<int (*)(JSContext*, JSObject*, unsigned int, js::Value*, js::Value*)> (cx=0x106b4bfa0, fun=0x12152c168, script=0x120b50120, native=0, argsRef=@0x7fff5fbfcc50, flags=0) at jsinterp.cpp:573
#29 0x0000000104a92b8a in js::Invoke (cx=0x106b4bfa0, args=@0x7fff5fbfcc50, flags=0) at jsinterp.cpp:695
#30 0x0000000104a9314e in js::InternalInvoke (cx=0x106b4bfa0, thisv=@0x7fff5fbfccf0, fval=@0x7fff5fbfcd28, flags=0, argc=1, argv=0x1225c71d0, rval=0x7fff5fbfce80) at jsinterp.cpp:735
#31 0x00000001049d9ef7 in js::InternalCall (cx=0x106b4bfa0, obj=0x118adcd80, fval=@0x7fff5fbfcd28, argc=1, argv=0x1225c71d0, rval=0x7fff5fbfce80) at jsinterp.h:419
#32 0x00000001049d9fdb in JS_CallFunctionValue (cx=0x106b4bfa0, obj=0x118adcd80, fval={asBits = 18445477441199730120, debugView = {payload47 = 4885376456, tag = JSVAL_TAG_OBJECT}, s = {payload = {i32 = 590409160, u32 = 590409160, why = 590409160}}, asDouble = -nan(0xb80012330edc8)}, argc=1, argv=0x1225c71d0, rval=0x7fff5fbfce80) at /Users/idefix2/moz/ws3/js/src/jsapi.cpp:4858
#33 0x00000001008dfabc in nsJSContext::CallEventHandler (this=0x106b4bf30, aTarget=0x105575b60, aScope=0x118adcd80, aHandler=0x12330edc8, aargv=0x1225c7cf8, arv=0x7fff5fbfd080) at /Users/idefix2/moz/ws3/dom/base/nsJSEnvironment.cpp:2248
#34 0x0000000100914c3e in nsGlobalWindow::RunTimeout (this=0x105575b60, aTimeout=0x1225c7d30) at /Users/idefix2/moz/ws3/dom/base/nsGlobalWindow.cpp:8519
#35 0x0000000100915258 in nsGlobalWindow::TimerCallback (aTimer=0x1225c7da0, aClosure=0x1225c7d30) at /Users/idefix2/moz/ws3/dom/base/nsGlobalWindow.cpp:8864
#36 0x00000001015572f5 in nsTimerImpl::Fire (this=0x1225c7da0) at /Users/idefix2/moz/ws3/xpcom/threads/nsTimerImpl.cpp:425
#37 0x0000000101557568 in nsTimerEvent::Run (this=0x11a90f420) at /Users/idefix2/moz/ws3/xpcom/threads/nsTimerImpl.cpp:517
#38 0x000000010155053c in nsThread::ProcessNextEvent (this=0x106b01ca0, mayWait=0, result=0x7fff5fbfd404) at /Users/idefix2/moz/ws3/xpcom/threads/nsThread.cpp:547
#39 0x00000001014daba3 in NS_ProcessPendingEvents_P (thread=0x106b01ca0, timeout=20) at nsThreadUtils.cpp:200
#40 0x00000001012c9c80 in nsBaseAppShell::NativeEventCallback (this=0x106b27d20) at /Users/idefix2/moz/ws3/widget/src/xpwidgets/nsBaseAppShell.cpp:126
#41 0x000000010127d3fa in nsAppShell::ProcessGeckoEvents (aInfo=0x106b27d20) at /Users/idefix2/moz/ws3/widget/src/cocoa/nsAppShell.mm:394
#42 0x00007fff84f45e91 in __CFRunLoopDoSources0 ()
#43 0x00007fff84f44089 in __CFRunLoopRun ()
#44 0x00007fff84f4384f in CFRunLoopRunSpecific ()
#45 0x00007fff882e191a in RunCurrentEventLoopInMode ()
#46 0x00007fff882e171f in ReceiveNextEventCommon ()
#47 0x00007fff882e15d8 in BlockUntilNextEventMatchingListInMode ()
#48 0x00007fff82e1229e in _DPSNextEvent ()
#49 0x00007fff82e11bed in -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] ()
#50 0x00007fff82dd78d3 in -[NSApplication run] ()
#51 0x000000010127cc99 in nsAppShell::Run (this=0x106b27d20) at /Users/idefix2/moz/ws3/widget/src/cocoa/nsAppShell.mm:747
#52 0x0000000100fee66c in nsAppStartup::Run (this=0x106b34de0) at /Users/idefix2/moz/ws3/toolkit/components/startup/src/nsAppStartup.cpp:191
#53 0x000000010002bcc7 in XRE_main (argc=6, argv=0x7fff5fbfeff8, aAppData=0x105515ab0) at /Users/idefix2/moz/ws3/toolkit/xre/nsAppRunner.cpp:3659
#54 0x00000001000011e9 in main (argc=6, argv=0x7fff5fbfeff8) at /Users/idefix2/moz/ws3/browser/app/nsBrowserApp.cpp:158
|
|
Assignee | |
Comment 7•14 years ago
|
||
and another place where cx->compartment == cx->runtime->defaultCompartment:
45 INFO TEST-PASS | /tests/dom/src/threads/test/test_json.html | No messages to test!
Assertion failure: newscope->freeslot >= JSSLOT_START(obj->getClass()) && newscope->freeslot <= JSSLOT_FREE(obj->getClass()), at /Users/idefix2/moz/ws3/js/src/jsscope.cpp:122
Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_INVALID_ADDRESS at address: 0x0000000000000000
[Switching to process 11962]
0x0000000104b39589 in JS_Assert (s=0x104c34860 "newscope->freeslot >= JSSLOT_START(obj->getClass()) && newscope->freeslot <= JSSLOT_FREE(obj->getClass())", file=0x104c34668 "/Users/idefix2/moz/ws3/js/src/jsscope.cpp", ln=122) at /Users/idefix2/moz/ws3/js/src/jsutil.cpp:80
80 *((int *) NULL) = 0; /* To continue from here in GDB: "return" then "continue". */
(gdb) bt
#0 0x0000000104b39589 in JS_Assert (s=0x104c34860 "newscope->freeslot >= JSSLOT_START(obj->getClass()) && newscope->freeslot <= JSSLOT_FREE(obj->getClass())", file=0x104c34668 "/Users/idefix2/moz/ws3/js/src/jsscope.cpp", ln=122) at /Users/idefix2/moz/ws3/js/src/jsutil.cpp:80
#1 0x0000000104b0dd42 in js_GetMutableScope (cx=0x11b859f70, obj=0x121b921b0) at /Users/idefix2/moz/ws3/js/src/jsscope.cpp:121
#2 0x0000000104aaa1c5 in js_NonEmptyObject (cx=0x11b859f70, proto=0x121e314c8) at /Users/idefix2/moz/ws3/js/src/jsobj.cpp:2601
#3 0x0000000119fa1e90 in ?? ()
#4 0x0000000104b5e8ff in js::ExecuteTrace (cx=0x11b859f70, f=0x1069e4680, state=@0x11ef001e0) at /Users/idefix2/moz/ws3/js/src/jstracer.cpp:6657
#5 0x0000000104b6af40 in js::ExecuteTree (cx=0x11b859f70, f=0x1069e4680, inlineCallCount=@0x11ef01660, innermostNestedGuardp=0x11ef00330, lrp=0x11ef00338) at /Users/idefix2/moz/ws3/js/src/jstracer.cpp:6758
#6 0x0000000104b7cc62 in js::MonitorLoopEdge (cx=0x11b859f70, inlineCallCount=@0x11ef01660, reason=js::Record_Branch) at /Users/idefix2/moz/ws3/js/src/jstracer.cpp:7263
#7 0x0000000104a72453 in js::Interpret (cx=0x11b859f70) at /Users/idefix2/moz/ws3/js/src/jsinterp.cpp:3359
#8 0x0000000104a92395 in js::Execute (cx=0x11b859f70, chain=0x121e31480, script=0x106188800, down=0x0, flags=0, result=0x11ef01880) at jsinterp.cpp:887
#9 0x00000001049daa53 in JS_ExecuteScript (cx=0x11b859f70, obj=0x121e31480, script=0x106188800, rval=0x11ef01880) at /Users/idefix2/moz/ws3/js/src/jsapi.cpp:4760
#10 0x00000001009b8477 in nsDOMWorkerScriptLoader::ExecuteScripts (this=0x123ff57e0, aCx=0x11b859f70) at /Users/idefix2/moz/ws3/dom/src/threads/nsDOMWorkerScriptLoader.cpp:271
#11 0x00000001009b9269 in nsDOMWorkerScriptLoader::LoadScripts (this=0x123ff57e0, aCx=0x11b859f70, aURLs=@0x11ef01940, aForWorker=1) at /Users/idefix2/moz/ws3/dom/src/threads/nsDOMWorkerScriptLoader.cpp:150
#12 0x00000001009b92ea in nsDOMWorkerScriptLoader::LoadScript (this=0x123ff57e0, aCx=0x11b859f70, aURL=@0x11b1232e8, aForWorker=1) at /Users/idefix2/moz/ws3/dom/src/threads/nsDOMWorkerScriptLoader.cpp:166
#13 0x00000001009a62ef in nsDOMWorker::CompileGlobalObject (this=0x11b123240, aCx=0x11b859f70) at /Users/idefix2/moz/ws3/dom/src/threads/nsDOMWorker.cpp:1686
#14 0x00000001009a6477 in nsDOMWorker::SetGlobalForContext (this=0x11b123240, aCx=0x11b859f70) at /Users/idefix2/moz/ws3/dom/src/threads/nsDOMWorker.cpp:1573
#15 0x000000010099d03c in nsDOMWorkerRunnable::Run (this=0x11b123780) at /Users/idefix2/moz/ws3/dom/src/threads/nsDOMThreadService.cpp:400
#16 0x00000001015544d9 in nsThreadPool::Run (this=0x11b88eef0) at /Users/idefix2/moz/ws3/xpcom/threads/nsThreadPool.cpp:221
#17 0x000000010155053c in nsThread::ProcessNextEvent (this=0x107168350, mayWait=1, result=0x11ef01e3c) at /Users/idefix2/moz/ws3/xpcom/threads/nsThread.cpp:547
#18 0x00000001014daa88 in NS_ProcessNextEvent_P (thread=0x107168350, mayWait=1) at nsThreadUtils.cpp:250
#19 0x0000000101550ee7 in nsThread::ThreadFunc (arg=0x107168350) at /Users/idefix2/moz/ws3/xpcom/threads/nsThread.cpp:263
#20 0x0000000104fb5e49 in _pt_root (arg=0x107198670) at /Users/idefix2/moz/ws3/nsprpub/pr/src/pthreads/ptthread.c:228
#21 0x00007fff839bb456 in _pthread_start ()
#22 0x00007fff839bb309 in thread_start ()
(gdb) up
#1 0x0000000104b0dd42 in js_GetMutableScope (cx=0x11b859f70, obj=0x121b921b0) at /Users/idefix2/moz/ws3/js/src/jsscope.cpp:121
121 JS_ASSERT(newscope->freeslot >= JSSLOT_START(obj->getClass()) &&
|
||
Updated•14 years ago
|
Assignee: anygregor → jorendorff
|
|
Assignee | |
Comment 8•14 years ago
|
||
I also see native functions in the defaultCompartment like:
native = 0x102a06ba0 <obj_hasOwnProperty(JSContext*, unsigned int, js::Value*)>,
native = 0x102a06e90 <obj_isPrototypeOf(JSContext*, unsigned int, js::Value*)>,
|
|
Assignee | |
Comment 9•14 years ago
|
||
The patch I am using to assert at API boundary that we don't enter with the defaultCompartment. It's not complete and only meant for testing.
|
||
Updated•14 years ago
|
Assignee: jorendorff → anygregor
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•