Created attachment 643180 [details]
1. Install https://www.squarefree.com/extensions/domFuzzLite3.xpi
2. Load the testcase in a debug build (from the command line?)
Assertion failure: any, at js/src/jsgc.cpp:3570
I can reproduce using https://ftp.mozilla.org/pub/mozilla.org/firefox/tinderbox-builds/mozilla-central-macosx64-debug/1342515922/ but not using a local debug build :(
Created attachment 643181 [details]
Created attachment 644054 [details] [diff] [review]
I forgot to call Prepare before the GC. Regression from bug 774104.
This API is kinda crappy. I'm going to work on simplifying it soon.
(In reply to Bill McCloskey (:billm) from comment #2)
> I forgot to call Prepare before the GC. Regression from bug 774104.
Based on that marking this tracking for Fx16
Can we get this nominated and landed on Aurora 16 prior to Monday's merge?
This assertion is more of a sanity check. I don't think anything bad will happen if it's violated, so I don't think we need this on Aurora.
(In reply to Bill McCloskey (:billm) from comment #7)
> This assertion is more of a sanity check. I don't think anything bad will
> happen if it's violated, so I don't think we need this on Aurora.
Thanks Bill - we'll untrack in that case.
Can't reproduce the assertion with the latest beta debug build (http://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/2012-11-04-mozilla-beta-debug/) but couldn't reproduce with a build from the report date either so i'll leave the verified status as is for the moment.
Jesse, can you see if this is still reproducible for you? QA is not able to reproduce on the reported build.
Fine on trunk. I tested with "verifyprebarriers", the closest equivalent to the "verifybarriers" that existed at the time of filing, and also with "verifypostbarriers".