Closed
Bug 769818
Opened 13 years ago
Closed 6 years ago
Workers + presweep's dynamicizeStrings == Assert fail
Categories
(Tamarin Graveyard :: Workers, defect)
Tamarin Graveyard
Workers
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: pnkfelix, Unassigned)
Details
This one was reported by tlt in the #tamarin chat room:
http://asteam.corp.adobe.com/irc/log/ttlogger/tamarin/20120629
The heart of it is this stack trace:
#0 avmplus::AvmAssertFail (message=0x10026c678 "Assertion failed: \"((!gc->IsRCObjectSafe(valAtAddr)))\" (\"../MMgc/WriteBarrier-inlines.h\":74)\n") at AvmAssert.h:66
#1 0x000000010000098e in avmplus::_AvmAssertMsg (condition=0, message=0x10026c678 "Assertion failed: \"((!gc->IsRCObjectSafe(valAtAddr)))\" (\"../MMgc/WriteBarrier-inlines.h\":74)\n") at AvmAssert.h:72
#2 0x0000000100210078 in MMgc::GC::WriteFieldNonRC (address=0x1018bcc58, value=0x101b7ab30) at WriteBarrier-inlines.h:74
#3 0x00000001002102ca in MMgc::GC::privateInlineWriteBarrier (this=0x1018e9010, container=0x1018bcc48, address=0x1018bcc58, value=0x101b7ab30) at WriteBarrier-inlines.h:191
#4 0x00000001002096a5 in MMgc::GC::privateWriteBarrier (this=0x1018e9010, container=0x1018bcc48, address=0x1018bcc58, value=0x101b7ab30) at ../MMgc/GC.cpp:3157
#5 0x00000001001314be in avmplus::String::convertToDynamic (this=0x1018bcc48) at ../core/StringObject.cpp:682
#6 0x00000001001315d0 in avmplus::String::makeDynamic (this=0x1018bcc48, dataStart=0x1018c3025 "", dataSize=10046) at ../core/StringObject.cpp:649
#7 0x0000000100122bf1 in avmplus::PoolObject::dynamicizeStrings (this=0x1018b80e8) at ../core/PoolObject.cpp:155
#8 0x0000000100098bf5 in avmplus::AvmCore::presweep (this=0x10199f008) at ../core/AvmCore.cpp:3710
#9 0x00000001000a63d3 in avmplus::AvmCore::GCInterface::presweep (this=0x10199f120) at AvmCore.h:524
#10 0x000000010020ee09 in MMgc::GC::DoPreSweepCallbacks (this=0x1018e9010) at GC-inlines.h:756
#11 0x000000010020aed9 in MMgc::GC::Sweep (this=0x1018e9010) at ../MMgc/GC.cpp:1286
#12 0x000000010020b3b1 in MMgc::GC::FinishIncrementalMark (this=0x1018e9010, scanStack=true, okToShrinkHeapTarget=true) at ../MMgc/GC.cpp:3082
#13 0x000000010020c5df in MMgc::GC::CollectionWork (this=0x1018e9010) at ../MMgc/GC.cpp:718
#14 0x00000001002108ca in MMgc::GC::SignalAllocWork (this=0x1018e9010, size=12240) at GC-inlines.h:101
#15 0x000000010021d0f3 in MMgc::GCLargeAlloc::Alloc (this=0x10100d878, originalSize=8376, requestSize=8400, flags=23) at ../MMgc/GCLargeAlloc.cpp:74
#16 0x000000010020c264 in MMgc::GC::Alloc (this=0x1018e9010, size=8400, flags=23) at ../MMgc/GC.cpp:897
#17 0x0000000100210899 in MMgc::GC::AllocExtra (this=0x1018e9010, size=48, extra=8328, flags=23) at GC-inlines.h:119
#18 0x000000010020c535 in MMgc::GC::OutOfLineAllocExtra (this=0x1018e9010, size=48, extra=8328, flags=23) at ../MMgc/GC.cpp:944
#19 0x00000001000ac6ce in MMgc::GC::AllocExtraPtrZeroFinalizedExact (this=0x1018e9010, size=48, extra=8328) at GC-inlines.h:273
#20 0x00000001000ac6f9 in MMgc::GCFinalizedObject::operator new (size=48, gc=0x1018e9010, extra=8328) at GCObject.h:556
#21 0x0000000100123c7f in avmplus::ExactStructContainer<avmplus::HeapMultiname>::create (gc=0x1018e9010, finalizer=0x100121768 <avmplus::PoolObject::destroyPrecomputedMultinames(avmplus::ExactStructContainer<avmplus::HeapMultiname>*)>, capacity=348) at avmplusContainer.h:62
#22 0x0000000100122098 in avmplus::PoolObject::initPrecomputedMultinames (this=0x1018b8668) at ../core/PoolObject.cpp:755
#23 0x000000010014f1ca in avmplus::Verifier::Verifier (this=0x1006f1430, info=0x101b37988, ms=0x101b32588, toplevel=0x1016ca0d8, abc_env=0x101800c38, secondTry=false) at ../core/Verifier.cpp:81
#24 0x00000001000f4cf5 in avmplus::BaseExecMgr::verifyCommon (this=0x1019b4068, m=0x101b37988, ms=0x101b32588, toplevel=0x1016ca0d8, abc_env=0x101800c38, coder=0x1006f1620) at ../core/exec.cpp:479
#25 0x00000001000f4f92 in avmplus::BaseExecMgr::verifyInterp (this=0x1019b4068, m=0x101b37988, ms=0x101b32588, toplevel=0x1016ca0d8, abc_env=0x101800c38) at ../core/exec.cpp:447
#26 0x00000001000f5110 in avmplus::BaseExecMgr::verifyMethod (this=0x1019b4068, m=0x101b37988, toplevel=0x1016ca0d8, abc_env=0x101800c38) at ../core/exec.cpp:429
#27 0x00000001000f5176 in avmplus::BaseExecMgr::verifyOnCall (env=0x1018d28b8) at ../core/exec.cpp:404
#28 0x00000001000f51ae in avmplus::BaseExecMgr::verifyInvoke (env=0x1018d28b8, argc=0, args=0x1006f1700) at ../core/exec.cpp:372
#29 0x00000001000a6a73 in avmplus::MethodEnv::coerceEnter (this=0x1018d28b8, thisArg=4323770569) at MethodEnv-inlines.h:137
#30 0x000000010009c269 in avmplus::AvmCore::callScriptEnvEntryPoint (this=0x10199f008, main=0x1018d28b8) at ../core/AvmCore.cpp:906
#31 0x000000010009d1f1 in avmplus::AvmCore::handleActionPool (this=0x10199f008, pool=0x1018b8668, toplevel=0x1016ca0d8, codeContext=0x1016c2fb8) at ../core/AvmCore.cpp:1167
#32 0x000000010009d2b3 in avmplus::AvmCore::handleActionBlock (this=0x10199f008, code=@0x1006f1a50, start=0, toplevel=0x1016ca0d8, ninit=0x0, codeContext=0x1016c2fb8, apiVersion=avmplus::kApiVersion_SWF_17) at ../core/AvmCore.cpp:1234
#33 0x0000000100044583 in avmshell::ShellCore::handleArbitraryExecutableContent (this=0x10199f008, do_testSWFHasAS3=false, code=@0x1006f1b10, filename=0x1002307b0 "<ByteArray buffer>") at ../shell/ShellCore.cpp:607
#34 0x00000001000449e3 in avmshell::ShellCore::evaluateScriptBuffer (this=0x10199f008, buffer=@0x1006f1b10, enter_debugger_on_launch=false) at ../shell/ShellCore.cpp:582
#35 0x00000001001fae49 in avmplus::Isolate::evalCodeBlobs (this=0x1018a3050, enter_debugger_on_launch=false) at ../core/Isolate.cpp:735
#36 0x0000000100037d6c in avmshell::ShellIsolate::doRun (this=0x1018a3050) at ../shell/avmshell.cpp:224
#37 0x00000001001fd731 in avmplus::Aggregate::runIsolate (this=0x10100b050, isolate=0x1018a3050) at ../core/Isolate.cpp:1084
#38 0x00000001001f8959 in avmplus::Isolate::run (this=0x1018a3050) at ../core/Isolate.cpp:778
#39 0x00000001002261a2 in vmbase::VMThread::startInternal (args=0x10123b200) at ../vmbase/VMThread.cpp:210
#40 0x00007fff80296fd6 in _pthread_start ()
#41 0x00007fff80296e89 in thread_start ()
tlt believes this was injected by Workers. It is possible that it is actually an MMgc issue though. It would be good to resolve it one way or another; it could be a clue towards resolving some other nasty bugs.
Steps to reproduce:
1. Check out tamarin-redux at changeset 7452:8295c371837a (the current tip).
2. Build a Debug build. (I'm using a 64-bit Mac OS X avmshell, not sure if it is more general than that.)
3. Build esc (you do this by copying or sym-linking an avmshell to esc/bin/shell and then running 'make' in esc/build/)
4. Run the esc read-eval-print-loop (REPL), main.sh, *using* the Debug avmshell you built in step 2. (You can do this by putting the shell into your copy at esc/bin/shell and running main.sh, or you can read the source code to main.sh and run the relatively few commands in a debug session of the Debug avmshell.)
5. Once you have an esc REPL running (it will prompt you with "es> ", run the following command repeatedly. (Sometimes I got the assertion on the first try, other times I had to iterate maybe four or five times.)
es> use namespace "avmplus", namespace "flash.utils", namespace "flash.system"; (new WorkerDomain()).createWorkerFromByteArray(null).start()
Note that is all one line following the "es> "prompt. I.e.:
es> use namespace "avmplus", \
namespace "flash.utils", \
namespace "flash.system"; \
(new WorkerDomain()).createWorkerFromByteArray(null).start()
It needs to be one line because the esc REPL, much like the avmshell REPL, treats imports of other namespaces as only being scoped for the current input line; their scope does not include subsequent repl interactions.
Comment 1•6 years ago
|
||
Tamarin is a dead project now. Mass WONTFIX.
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → WONTFIX
Comment 2•6 years ago
|
||
Tamarin isn't maintained anymore. WONTFIX remaining bugs.
You need to log in
before you can comment on or make changes to this bug.
Description
•