Closed
Bug 752081
Opened 13 years ago
Closed 13 years ago
"Assertion failure: invalid trace kind" with incremental GC and multiple browser windows
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
VERIFIED
FIXED
mozilla15
| Tracking | Status | |
|---|---|---|
| firefox14 | --- | unaffected |
| firefox15 | --- | verified |
| firefox-esr10 | --- | unaffected |
People
(Reporter: jruderman, Assigned: billm)
References
Details
(Keywords: assertion, regression, testcase, Whiteboard: [advisory-tracking-])
Attachments
(3 files)
1. Set
user_pref("javascript.options.mem.gc_incremental", true);
2. Load the testcase
3. Click the button.
4. Wait ~10 seconds for Firefox to load 200 iframes and a new window.
(You might have to click twice.)
Result:
Assertion failure: invalid trace kind, at js/src/jsfriendapi.cpp:790
I'm guessing this is bad interaction between IGC and CPG.
|
Reporter | |
Comment 1•13 years ago
|
||
|
||
Comment 2•13 years ago
|
||
This looks like code sfink added recently in bug 730208. (The unmarkGrayScript.)
|
Assignee | |
Comment 3•13 years ago
|
||
Just needed to cover the script case.
|
||
Updated•13 years ago
|
Attachment #621226 -
Flags: review?(sphink) → review+
|
|
Reporter | |
Updated•13 years ago
|
|
|
Assignee | |
Comment 5•13 years ago
|
||
Target Milestone: --- → mozilla15
|
||
Comment 6•13 years ago
|
||
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
|
||
Updated•13 years ago
|
status-firefox-esr10:
--- → unaffected
status-firefox14:
--- → unaffected
status-firefox15:
--- → fixed
|
||
Comment 8•12 years ago
|
||
Not tracking for advisory since bug was fallout from May 4 checkin, which is after Firefox 15 fork.
Whiteboard: [advisory-tracking-]
I'm having trouble reproducing this. The testcase does not crash Firefox 15.0a1 Nightly Debug 2012-05-04. Should I try a different build?
Whiteboard: [advisory-tracking-] → [advisory-tracking-][qa?]
|
|
||
Comment 10•12 years ago
|
||
Hmm. Incremental GC was disabled at some point in 15. I'm not sure when.
|
||
Comment 11•12 years ago
|
||
(In reply to Andrew McCreight [:mccr8] from comment #10)
> Hmm. Incremental GC was disabled at some point in 15. I'm not sure when.
Wouldn't setting the pref in comment 0 turn this on? FWIW, I was testing with the mozilla-central build from the day Jesse filed this bug.
|
|
Assignee | |
Comment 12•12 years ago
|
||
I never tried to reproduce this problem. It was fixed based on the stack trace. So maybe it only happens on Jesse's computer or something.
|
|
||
Comment 13•12 years ago
|
||
Jesse, can you please give us some assistance in verifying this is fixed in Firefox 15? Thank you.
Keywords: verifyme
|
|
Reporter | |
Comment 14•12 years ago
|
||
I can reproduce with the parent of d4796c874d6a, but not with d4796c874d6a :)
Status: RESOLVED → VERIFIED
|
|
||
Updated•12 years ago
|
Group: core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•