Closed
Bug 733141
Opened 12 years ago
Closed 12 years ago
JS OOM Testing: Assertion failure: spoff == js_ReconstructStackDepth(cx_, fp_->script(), pc_), at vm/Stack.cpp:1150
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 732496
People
(Reporter: decoder, Unassigned)
References
Details
(Keywords: assertion, testcase, Whiteboard: js-triage-needed)
Attachments
(2 files)
2.57 KB,
patch
|
Details | Diff | Splinter Review | |
613 bytes,
application/x-perl
|
Details |
After applying the attached patch to the JS engine, the following command crashes/aborts on mozilla-central revision 4b728a090880: js/src/debug64-bt/js -m -n -a -A 1327 -f /home/decoder/LangFuzz/mozilla-central/js/src/jit-test/tests/debug/Object-defineProperty-06.js In order to build, use CFLAGS="-rdynamic -Wno-error" CXXFLAGS="-rdynamic -Wno-error" (I promise to make the patch more clean, it's just a hack right now^^). The patch adds two things: First it adds the JS_OOM_POSSIBLY_FAIL macro to LifoAlloc (which is required for this issue to reproduce more reliably) and secondly, it adds the possibility to print backtraces for alloc failures. Use MOZ_OOM_BTPRINT=1 MOZ_OOM_BTDEPTH=8 js/src/debug64-bt/js -m -n -a -A 1327 -f /home/decoder/LangFuzz/mozilla-central/js/src/jit-test/tests/debug/Object-defineProperty-06.js to see traces of allocation failures. This will hopefully make debugging OOM failures much easier. I'll also attach a small perl script that allows filtering the output to add symbols. In the future, the patch can hopefully be enhanced and merged to m-c, and the script will be part of a larger set of JS shell OOM testing tools. I'm filing this now because I keep hitting this bug extremely often and I don't know how to fix it.
Reporter | ||
Comment 1•12 years ago
|
||
Reporter | ||
Comment 2•12 years ago
|
||
Brian just pointed me to bug 732496 and the patch in there fixes this problem too.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•