Closed
Bug 824869
Opened 12 years ago
Closed 12 years ago
Infinite loop in JS GC
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
WORKSFORME
| blocking-basecamp | - |
People
(Reporter: cjones, Unassigned)
References
Details
Reproduced running https://wiki.mozilla.org/B2G/Memory_acceptance_criteria#MW0:_Every_app_is_successfully_launched_into_the_foreground .
C-c C-c
Program received signal SIGINT, Interrupt.
findFreeEntry (this=0x47975760, fop=0xbeceb648) at ./../../dist/include/js/HashTable.h:518
(gdb) bt
#0 findFreeEntry (this=0x47975760, fop=0xbeceb648) at ./../../dist/include/js/HashTable.h:518
#1 changeTableSize (this=0x47975760, fop=0xbeceb648) at ./../../dist/include/js/HashTable.h:553
#2 checkUnderloaded (this=0x47975760, fop=0xbeceb648) at ./../../dist/include/js/HashTable.h:609
#3 remove (this=0x47975760, fop=0xbeceb648) at ./../../dist/include/js/HashTable.h:833
#4 remove (this=0x47975760, fop=0xbeceb648) at ./../../dist/include/js/HashTable.h:1284
#5 remove (this=0x47975760, fop=0xbeceb648) at ./../../dist/include/js/HashTable.h:1417
#6 removeChild (this=0x47975760, fop=0xbeceb648) at /home/cjones/mozilla/new-b2g/gecko/js/src/jspropertytree.cpp:117
...
(gdb) c
Continuing.
C-c C-c
Program received signal SIGINT, Interrupt.
findFreeEntry (this=0x47975760, fop=0xbeceb648) at ./../../dist/include/js/HashTable.h:518
(gdb) bt
#0 findFreeEntry (this=0x47975760, fop=0xbeceb648) at ./../../dist/include/js/HashTable.h:518
#1 changeTableSize (this=0x47975760, fop=0xbeceb648) at ./../../dist/include/js/HashTable.h:553
#2 checkUnderloaded (this=0x47975760, fop=0xbeceb648) at ./../../dist/include/js/HashTable.h:609
#3 remove (this=0x47975760, fop=0xbeceb648) at ./../../dist/include/js/HashTable.h:833
#4 remove (this=0x47975760, fop=0xbeceb648) at ./../../dist/include/js/HashTable.h:1284
#5 remove (this=0x47975760, fop=0xbeceb648) at ./../../dist/include/js/HashTable.h:1417
#6 removeChild (this=0x47975760, fop=0xbeceb648) at /home/cjones/mozilla/new-b2g/gecko/js/src/jspropertytree.cpp:117
...
Probably some kind of heap corruption. Too bad it happened the day-after-Christmas-US-and-middle-of-the-night-Europe :/.
|
Reporter | |
Comment 1•12 years ago
|
||
Only workaround is to pull battery.
|
||
Updated•12 years ago
|
Assignee: nobody → general
Component: General → JavaScript Engine
Does this happen every time you run a particular benchmark? Also, which frame is being slow? Is it findFreeEntry itself? After you ^C, can you try finishing each of the frames?
|
|
Reporter | |
Comment 3•12 years ago
|
||
I've only seen it this once. I'm afraid I dumped this pretty quickly out of gdb because I was frustrated that I knew I wouldn't find anyone in time :/. Sorry, should have got full backtrace.
I ^C'd about 5 times in the space of 10 seconds, and every time it was the same functions on the stack with the same pointers. This was under a GC triggered by a memory-pressure event.
|
||
Comment 4•12 years ago
|
||
Not blocking unless we get evidence of this starts showing up more, or we get more data that points to this being more serious than it seems at first glance.
blocking-basecamp: ? → -
|
|
Reporter | |
Comment 5•12 years ago
|
||
I don't think keeping this bug open is helping anyone. A bit of a stretch but this could plausibly have been a symptom of bug 822398.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•