Closed
Bug 767643
Opened 13 years ago
Closed 13 years ago
Incremental GC: Assertion failure in jsgc.cpp leading to a crash
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
FIXED
mozilla16
People
(Reporter: espadrine, Assigned: billm)
Details
(Whiteboard: [js:waitingforinfo])
Attachments
(1 file)
|
742 bytes,
patch
|
mccr8
:
review+
|
Details | Diff | Splinter Review |
While browsing on a fx-team build, I got the following error leading to a crash:
Assertion failure: false, at /home/tyl/files/cloud/fx-team/js/src/jsgc.cpp:3182
Stack: <http://pastebin.mozilla.org/1670658>
Backtrace: <http://pastebin.mozilla.org/1670655>
|
||
Comment 1•13 years ago
|
||
A js_InvokeOperationCallback during scripted QueryInterface (for a WrappedJSClass) which is called while converting the parameters of an XPC call. What could go wrong?
|
Assignee | |
Comment 2•13 years ago
|
||
What revision is this? I can't figure out which assertion is hitting.
Can you make this happen more than once?
|
||
Updated•13 years ago
|
Whiteboard: [js:waitingforinfo]
|
Reporter | |
Comment 3•13 years ago
|
||
Revision: 97352:06873a64a192 (merge to fx-team).
I believe the latest commit to the JS subtree was 97341:14305028261b (meaning, the most recent commit in my branch history; this commit is very likely not responsible).
I cannot make it happen again. I have no idea if there is a reproducible way to do it over again. I know I was testing the future devtools timeline <https://github.com/scrapmac/Graphical-Timeline-of-Events> and it was listening to all GC/CC events on a GC-expensive page.
|
|
Assignee | |
Comment 4•13 years ago
|
||
Man, what a disaster. In bug 743396, I accidentally checked in the assertion that we never find black/gray edges. Either this is a very rare case to hit, or else not many people run debug builds.
Assignee: general → wmccloskey
Status: NEW → ASSIGNED
Attachment #636523 -
Flags: review?(continuation)
|
||
Comment 5•13 years ago
|
||
Comment on attachment 636523 [details] [diff] [review]
patch
Review of attachment 636523 [details] [diff] [review]:
-----------------------------------------------------------------
Oops!
Attachment #636523 -
Flags: review?(continuation) → review+
|
|
||
Comment 6•13 years ago
|
||
I guess it is a good sign we don't hit it that much...
|
|
Assignee | |
Comment 7•13 years ago
|
||
Target Milestone: --- → mozilla16
|
||
Comment 8•13 years ago
|
||
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•