|
7.10 KB,
text/plain
|
Details | |
|
11.87 KB,
patch
|
terrence
:
review+
|
Details | Diff | Splinter Review |
Created attachment 646190 [details]
Valgrind stack
gczeal(9, 2)
for (a = 0; a < 4; ++a) {
b =
evaluate("/x/g");
}
causes an invalid read of size 1 and invalid write of size 1 error on js opt shell on m-c changeset 7065b767f30d with -n using Valgrind, turning s-s because of this.
|
(Reporter) | |
Comment 1•5 years ago
|
||
autoBisect shows this is probably related to the following changeset: The first bad revision is: changeset: 99950:e080642175e6 user: Benjamin Peterson date: Fri Jul 20 20:17:38 2012 +0200 summary: Bug 761723 - Save script sources to implement Function.prototype.toString. r=jorendorff,njn,jimb,jst,Ms2ger During reduction, this testcase has also been known to crash with malloc errors.
|
(Assignee) | |
Comment 2•5 years ago
|
||
I can't reproduce on Linux 64-bit. Also, what does "crash with malloc errors" mean?
|
|
(Reporter) | |
Comment 3•5 years ago
|
||
(In reply to Benjamin Peterson from comment #2) > I can't reproduce on Linux 64-bit. > > Also, what does "crash with malloc errors" mean? My opt shell is compiled with --enable-gczeal, --enable-profiling, --enable-debug-symbols, --enable-more-deterministic and --enable-valgrind among others - could you pls retry? Mac OS X has a special abort mode for binaries in which it says that there was a malloc error, unfortunately I've lost the exact error message. A similar error message can be found here: bug 736609 comment 0
|
|
(Assignee) | |
Comment 4•5 years ago
|
||
--enable-more-determinism seems to do the trick.
|
||
Updated•5 years ago
|
||
|
|
(Assignee) | |
Comment 5•5 years ago
|
||
Created attachment 646634 [details] [diff] [review] add barrier to JSScript::scriptSource_
|
|
(Reporter) | |
Comment 6•5 years ago
|
||
This bug throws up a lot of weird duplicate errors.
|
||
Updated•5 years ago
|
||
|
|
(Assignee) | |
Comment 7•5 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/b69f5004fde8
|
|
(Assignee) | |
Comment 8•5 years ago
|
||
And backedout for bustage: https://hg.mozilla.org/integration/mozilla-inbound/rev/c394a354eef7
|
|
(Assignee) | |
Comment 9•5 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/4cdd23569371
|
|
(Assignee) | |
Comment 10•5 years ago
|
||
Backed out again: https://hg.mozilla.org/integration/mozilla-inbound/rev/a04448be734a
|
|
(Reporter) | |
Comment 11•5 years ago
|
||
Try using the Try Server first: https://wiki.mozilla.org/ReleaseEngineering/TryServer
|
|
(Assignee) | |
Comment 12•5 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/b6ac2095d264
|
|
(Assignee) | |
Comment 13•5 years ago
|
||
http://hg.mozilla.org/mozilla-central/rev/b6ac2095d264
|
||
Updated•5 years ago
|
||
|
|
||
Updated•5 years ago
|
||
|
|
||
Updated•5 years ago
|
||
|
||
Updated•5 years ago
|
||
|
|
||
Updated•5 years ago
|
||
|
|
(Reporter) | |
Comment 14•5 years ago
|
||
A type of test for this bug has already been landed because it is already marked in-testsuite+ -> VERIFIED.
Description
•