Closed Bug 609103 Opened 15 years ago Closed 15 years ago

Threadsafe GC jsapi-test fails

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: gwagner, Unassigned)

Details

(Whiteboard: fixed-in-tracemonkey)

Attachments

(1 file)

testcase
3.90 KB, patch
Details | Diff | Splinter Review
No description provided.
Attached patch testcaseSplinter Review
That's the testcase. It fails in a threadsafe debug shell with: Program received signal EXC_BAD_ACCESS, Could not access memory. Reason: KERN_PROTECTION_FAILURE at address: 0x0000000102383ff8 [Switching to process 66151] 0x00000001000b0664 in JSString::isStatic (ptr=0x1022013c0) at jsstr.h:519 519 return isUnitString(ptr) || isLength2String(ptr) || isHundredString(ptr); (gdb) bt #0 0x00000001000b0664 in JSString::isStatic (ptr=0x1022013c0) at jsstr.h:519 #1 0x00000001001770a8 in js::gc::GetGCThingTraceKind (thing=0x1022013c0) at jsgc.h:548 #2 0x0000000100177494 in js::gc::Mark<JSString> (trc=0x102403be0, thing=0x1022013c0) at jsgcinlines.h:190 #3 0x000000010017770c in js::gc::MarkId (trc=0x102403be0, id={asBits = 4330623936}) at jsgcinlines.h:403 #4 0x000000010017777f in js::gc::MarkId (trc=0x102403be0, id={asBits = 4330623936}, name=0x1002f0638 "id") at jsgcinlines.h:412 #5 0x00000001001777c0 in js::Shape::trace (this=0x101076d20, trc=0x102403be0) at ../jsscope.cpp:1393 #6 0x000000010011516c in JSObject::trace (this=0x1046c9e38, trc=0x102403be0) at jsscopeinlines.h:163 #7 0x00000001001056b5 in js_TraceObject (trc=0x102403be0, obj=0x1046c9e38) at ../jsobj.cpp:6167 #8 0x00000001001033fd in js::gc::MarkChildren (trc=0x102403be0, obj=0x1046c9e38) at jsgcinlines.h:266 #9 0x000000010010309f in js::gc::TypedMarker (trc=0x102403be0, thing=0x1046c9e38) at jsgcinlines.h:326 #10 0x0000000100103165 in js::gc::Mark<JSObject> (trc=0x102403be0, thing=0x1046c9e38) at jsgcinlines.h:199 #11 0x000000010010360e in js::gc::MarkKind (trc=0x102403be0, thing=0x1046c9e38, kind=0) at jsgcinlines.h:437 #12 0x00000001001036bb in js::gc::MarkValueRaw (trc=0x102403be0, v=@0x1046c9e18) at jsgcinlines.h:460 #13 0x000000010010580d in js_TraceObject (trc=0x102403be0, obj=0x1046c9dd0) at ../jsobj.cpp:6202 ............ #8161 0x000000010010580d in js_TraceObject (trc=0x100aa6be0, obj=0x100c19048) at ../jsobj.cpp:6202 #8162 0x00000001000a9675 in js::gc::MarkChildren (trc=0x100aa6be0, obj=0x100c19048) at jsgcinlines.h:266 #8163 0x00000001000a9732 in js::gc::TypedMarker (trc=0x100aa6be0, thing=0x100c19048) at jsgcinlines.h:326 #8164 0x00000001000a97f8 in js::gc::Mark<JSObject> (trc=0x100aa6be0, thing=0x100c19048) at jsgcinlines.h:199 #8165 0x00000001000b9332 in js::gc::Arena<JSObject>::mark (this=0x100c19000, thing=0x100c19048, trc=0x100aa6be0) at ../jsgc.cpp:233 #8166 0x00000001000a983f in js::MarkCell<JSObject> (cell=0x100c19048, trc=0x100aa6be0) at ../jsgc.cpp:556 #8167 0x00000001000ba0a5 in js::MarkIfGCThingWord (trc=0x100aa6be0, w=4307652680, traceKind=@0x100aa69c8) at ../jsgc.cpp:618 #8168 0x00000001000aa490 in js::MarkWordConservatively (trc=0x100aa6be0, w=4307652680) at ../jsgc.cpp:689 #8169 0x00000001000aa55c in js::MarkRangeConservatively (trc=0x100aa6be0, begin=0x100d7f160, end=0x100d81000) at ../jsgc.cpp:711 #8170 0x00000001000aa63b in js::MarkThreadDataConservatively (trc=0x100aa6be0, td=0x100acb020) at ../jsgc.cpp:728 #8171 0x00000001000aa708 in js::MarkConservativeStackRoots (trc=0x100aa6be0) at ../jsgc.cpp:761 #8172 0x00000001000ab11e in js::MarkRuntime (trc=0x100aa6be0) at ../jsgc.cpp:1620 #8173 0x00000001000abac5 in MarkAndSweep (cx=0x100900f00, gckind=GC_NORMAL) at ../jsgc.cpp:2171 #8174 0x00000001000abf02 in GCUntilDone (cx=0x100900f00, gckind=GC_NORMAL) at ../jsgc.cpp:2515 #8175 0x00000001000ac78e in js_GC (cx=0x100900f00, gckind=GC_NORMAL) at ../jsgc.cpp:2580 #8176 0x0000000100027c3e in JS_GC (cx=0x100900f00) at ../jsapi.cpp:2513 #8177 0x0000000100027cd9 in JS_MaybeGC (cx=0x100900f00) at ../jsapi.cpp:2583 #8178 0x000000010005e563 in js_DestroyContext (cx=0x100900f00, mode=JSDCM_MAYBE_GC) at ../jscntxt.cpp:1127 #8179 0x000000010002ab0f in JS_DestroyContextMaybeGC (cx=0x100900f00) at ../jsapi.cpp:988 #8180 0x0000000100014486 in eval::operator() (this=0x7fff5fbff7b0) at ../../jsapi-tests/testThreads.cpp:140 #8181 0x00000001000144b6 in Parallel<eval>::threadMain (arg=0x7fff5fbff6f0) at ../../jsapi-tests/testThreads.cpp:82 #8182 0x000000010072fbee in PR_JoinThread () #8183 0x00007fff87caa456 in _pthread_start () #8184 0x00007fff87caa309 in thread_start ()
Basically the testcase is testThreads.cpp with a modified script.
This bug is just a bug in the test classes I wrote. eval::operator() creates a new context but doesn't call JS_SetNativeStackQuota. Fixing.
http://hg.mozilla.org/mozilla-central/rev/30c864b40483
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: