Closed Bug 621055 Opened 9 years ago Closed 9 years ago

JM: ReferenceError inside catch hangs JM

Categories

(Core :: JavaScript Engine, defect)

x86
macOS
defect
Not set

Tracking

()

RESOLVED FIXED
Tracking Status
blocking2.0 --- betaN+

People

(Reporter: jandem, Assigned: adrake)

References

Details

(Whiteboard: hardblocker, fixed-in-tracemonkey)

Attachments

(1 file)

---
function f() {
    try {
        f();
    } catch(e) {
        asdfghjkl; // ReferenceError
    } 
}
f();
---
This script hangs shell and browser with JM enabled. 

If I run with "-t 4" I get the message "Script runs for too long, terminating." after 4 seconds, but then it hangs. It does use CPU though; I think it's in an infinite loop or something.
Requesting blocking-2.0 because this freezes the browser forever.
blocking2.0: --- → ?
blocking2.0: ? → betaN+
Attached patch Patch v0Splinter Review
This is caused by the exception handlers never checking the interrupt flag. When the timeout expires, the script continues to execute as normal. This patch adds an interrupt flag check to the top of exception handler blocks to ensure that this doesn't happen.
Assignee: general → adrake
Status: NEW → ASSIGNED
Attachment #499685 - Flags: review?(sstangl)
Attachment #499685 - Flags: review?(sstangl) → review+
Whiteboard: hardblocker
I applied the patch but this still iloops here:

JSStackFrame *
JSContext::computeNextFrame(JSStackFrame *fp)
{
    JSStackFrame *next = NULL;
    for (js::StackSegment *ss = currentSegment; ; ss = ss->getPreviousInContext()) {
        JSStackFrame *end = ss->getInitialFrame()->prev();
        // *** We never leave this loop:
        for (JSStackFrame *f = ss->getCurrentFrame(); f != end; next = f, f = f->prev()) {
            if (f == fp)
                return next;
        }
        if (end != ss->getPreviousInContext()->getCurrentFrame())
            next = NULL;
    }
}
What build configuration are you using that this still loops? As of TM e2623ac04d70, this WFM with patch applied on both debug and opt Linux x64 builds.

[adrake@charon tm64-js-dbg]$ time ./js -t 4 -m 621055.js 
Script runs for too long, terminating.

real	0m4.091s
user	0m4.035s
sys	0m0.044s
[adrake@charon tm64-js-dbg]$
(In reply to comment #4)
> What build configuration are you using that this still loops? As of TM
> e2623ac04d70, this WFM with patch applied on both debug and opt Linux x64
> builds.

Indeed. I knew I was doing something wrong yesterday (still have no idea what it was, though). Thanks for rechecking.

http://hg.mozilla.org/tracemonkey/rev/da8a898a7b31
Whiteboard: hardblocker → hardblocker, fixed-in-tracemonkey
http://hg.mozilla.org/mozilla-central/rev/da8a898a7b31
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.