Last Comment Bug 765907 - eif-generator.js assertion error with gc zeal at 4
: eif-generator.js assertion error with gc zeal at 4
Product: Core
Classification: Components
Component: JavaScript Engine (show other bugs)
: unspecified
: x86_64 Linux
-- normal (vote)
: mozilla16
Assigned To: Luke Wagner [:luke]
: Jason Orendorff [:jorendorff]
Depends on:
  Show dependency treegraph
Reported: 2012-06-18 14:27 PDT by :Benjamin Peterson
Modified: 2012-06-26 01:57 PDT (History)
4 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---

fix (2.04 KB, patch)
2012-06-18 19:20 PDT, Luke Wagner [:luke]
wmccloskey: review+
Details | Diff | Splinter Review

Description User image :Benjamin Peterson 2012-06-18 14:27:42 PDT
$ JS_GC_ZEAL=4 jit-test/ _DBJ.OBJ/js eif-generator -o
Assertion failure: addr % Cell::CellSize == 0, at ../gc/Heap.h:825
Comment 1 User image Luke Wagner [:luke] 2012-06-18 19:20:58 PDT
Created attachment 634271 [details] [diff] [review]

Ah, so the problem is that it is totally bogus to copy a generator frame's slot values into the call object when the generator is about to finalized (duh).  Rather than trying to dance around to make this work, I'd rather just remove the copy since it only helps preserve debugger values in a presumably rare corner case.
Comment 2 User image Bill McCloskey (:billm) 2012-06-25 14:23:09 PDT
Comment on attachment 634271 [details] [diff] [review]

This looks fine to me. Jim, I just want to make sure you're okay losing this debugger feature.
Comment 3 User image Luke Wagner [:luke] 2012-06-25 14:26:21 PDT
The code removal here is definitely a necessary fix, since the values are potentially garbage, so "not losing the debugger feature" is really "adding a debugger feature" which would imply a new bug.
Comment 4 User image Luke Wagner [:luke] 2012-06-25 14:43:25 PDT
and filed bug 768220 as followup.
Comment 5 User image Ed Morley [:emorley] 2012-06-26 01:57:52 PDT

Note You need to log in before you can comment on or make changes to this bug.