Closed Bug 841549 Opened 11 years ago Closed 11 years ago

Assertion failure: ready(), at /home/njn/moz/mi3/js/src/jsscript.cpp:1323 with DMD enabled

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla21

People

(Reporter: n.nethercote, Assigned: Benjamin)

Details

(Whiteboard: [js:t])

Attachments

(1 file)

fix sizeOfIncludingThis when compression is running.
1.08 KB, patch
n.nethercote
: review+
Details | Diff | Splinter Review 
If I build Firefox with --enable-dmd and then trigger a report via javascript:DMDReportAndDump(), I immediately get this assertion failure:

Assertion failure: ready(), at /home/njn/moz/mi3/js/src/jsscript.cpp:1323
#0  0x00007fa2483fe83d in nanosleep ()
    at ../sysdeps/unix/syscall-template.S:82
#1  0x00007fa2483fe6dc in __sleep (seconds=0)
    at ../sysdeps/unix/sysv/linux/sleep.c:138
#2  0x00007fa2420604fd in ah_crap_handler (signum=11)
    at /home/njn/moz/mi3/toolkit/xre/nsSigHandlers.cpp:88
#3  0x00007fa24206c821 in nsProfileLock::FatalSignalHandler (signo=11, 
    info=0x7fff767ad630, context=0x7fff767ad500) at nsProfileLock.cpp:190
#4  <signal handler called>
#5  js::ScriptSource::sizeOfIncludingThis (this=0x7fa2226c5580, mallocSizeOf=
    0x7fa243af1df0 <JsMallocSizeOf(void const*)>)
    at /home/njn/moz/mi3/js/src/jsscript.cpp:1323
#6  0x00007fa245d23a1c in StatsCellCallback (rt=0x7fa230a23000, 
    data=0x7fff767ae060, thing=0x7fa22ebc4a88, traceKind=JSTRACE_SCRIPT, 
    thingSize=200) at /home/njn/moz/mi3/js/src/jsmemorymetrics.cpp:228
#7  0x00007fa246129a36 in IterateCellCallbackOp::operator() (
    this=0x7fff767adea8, cell=0x7fa22ebc4a88)
    at /home/njn/moz/mi3/js/src/gc/Iteration.cpp:56
#8  0x00007fa2461291c3 in js::gc::ForEachArenaAndCell<IterateArenaCallbackOp, IterateCellCallbackOp> (compartment=0x7fa223725000, 
    thingKind=js::gc::FINALIZE_SCRIPT, arenaOp=..., cellOp=...)
    at /home/njn/moz/mi3/js/src/jsgcinlines.h:408
#9  0x00007fa246129065 in js::IterateCompartmentsArenasCells (
    rt=0x7fa230a23000, data=0x7fff767ae060, 
    compartmentCallback=0x7fa245d22670 <StatsCompartmentCallback(JSRuntime*, void*, JSCompartment*)>, 
    arenaCallback=0x7fa245d22c80 <StatsArenaCallback(JSRuntime*, void*, js::gc::Arena*, JSGCTraceKind, unsigned long)>, 
    cellCallback=0x7fa245d22d00 <StatsCellCallback(JSRuntime*, void*, void*, JSGCTraceKind, unsigned long)>) at /home/njn/moz/mi3/js/src/gc/Iteration.cpp:75
#10 0x00007fa245d21efa in JS::CollectRuntimeStats (rt=0x7fa230a23000, 
    rtStats=0x7fff767ae780, opv=0x7fff767ae740)
    at /home/njn/moz/mi3/js/src/jsmemorymetrics.cpp:274
#11 0x00007fa243af0405 in xpc::JSMemoryMultiReporter::CollectReports (
    windowPaths=0x7fff767af850, cb=0x7fa21ef2d8c0, closure=0x0)
---Type <return> to continue, or q <return> to quit---
    at /home/njn/moz/mi3/js/xpconnect/src/XPCJSRuntime.cpp:2184
#12 0x00007fa24327c5f4 in nsWindowMemoryReporter::CollectReports (
    this=0x7fa233798270, aCb=0x7fa21ef2d8c0, aClosure=0x0)
    at /home/njn/moz/mi3/dom/base/nsWindowMemoryReporter.cpp:328
#13 0x00007fa244dd596a in mozilla::dmd::RunReporters ()
    at /home/njn/moz/mi3/xpcom/base/nsMemoryReporterManager.cpp:1317
#14 0x00007fa24316c554 in mozilla::dmd::ReportAndDump (cx=0x7fa2250ac9f0, 
    argc=1, vp=0x7fa22fdff0a0)
    at /home/njn/moz/mi3/dom/base/nsJSEnvironment.cpp:2279
    native=0x7fa24316c3b0 <mozilla::dmd::ReportAndDump(JSContext*, unsigned int, JS::Value*)>, args=...) at /home/njn/moz/mi3/js/src/jscntxtinlines.h:327
#16 js::InvokeKernel (cx=0x7fa2250ac9f0, args=..., construct=js::NO_CONSTRUCT)
    at /home/njn/moz/mi3/js/src/jsinterp.cpp:367
#17 0x00007fa245cc719f in js::Interpret (cx=0x7fa2250ac9f0, 
    entryFrame=0x7fa22fdff038, interpMode=js::JSINTERP_NORMAL)
    at /home/njn/moz/mi3/js/src/jsinterp.cpp:2344
#18 0x00007fa245ca911e in js::RunScript (cx=0x7fa2250ac9f0, fp=0x7fa22fdff038)
    at /home/njn/moz/mi3/js/src/jsinterp.cpp:324
#19 0x00007fa245cd7583 in js::ExecuteKernel (cx=0x7fa2250ac9f0, script=..., 
    scopeChainArg=..., thisv=..., type=js::EXECUTE_GLOBAL, evalInFrame=..., 
    result=0x7fff767bb7d8) at /home/njn/moz/mi3/js/src/jsinterp.cpp:514
#20 0x00007fa245cd7a00 in js::Execute (cx=0x7fa2250ac9f0, script=..., 
    scopeChainArg=..., rval=0x7fff767bb7d8)
    at /home/njn/moz/mi3/js/src/jsinterp.cpp:553
#21 0x00007fa245af3b2e in JS::Evaluate (cx=0x7fa2250ac9f0, obj=..., 
    options=..., chars=0x7fff767bb5e0, length=27, rval=0x7fff767bb7d8)
    at /home/njn/moz/mi3/js/src/jsapi.cpp:5553
#22 0x00007fa24315a4a9 in nsJSContext::EvaluateString (this=0x7fa2238f9b80, 
    aScript=..., aScopeObject=..., aOptions=..., aCoerceToString=true, 
    aRetValue=0x7fff767bb7d8)
    at /home/njn/moz/mi3/dom/base/nsJSEnvironment.cpp:1290
#23 0x00007fa2433475d6 in nsJSThunk::EvaluateScript (this=0x7fa21ef897c0, 
    aChannel=0x7fa222a070d0, aPopupState=openAllowed, aExecutionPolicy=2, 
    aOriginalInnerWindow=0x7fa2216cb818)
It seems like a bogus assertion.  What's to say that ready() will be true when ScriptSource::sizeOfIncludingThis() is called?
I think we want something like this.
Attachment #714195 - Flags: review?(n.nethercote)
Comment on attachment 714195 [details] [diff] [review]
fix sizeOfIncludingThis when compression is running.

Review of attachment 714195 [details] [diff] [review]:
-----------------------------------------------------------------

Looks good.  I tested it, it fixes the crash.  Thanks.

::: js/src/jsscript.cpp
@@ +1323,5 @@
>      // |data| is a union, but both members are pointers to allocated memory,
>      // |emptySource|, or NULL, so just using |data.compressed| will work.
> +    size_t sourceSize = 0;
> +    if (ready() && data.compressed != emptySource)
> +        sourceSize = mallocSizeOf(data.compressed);

This formatting is nicer and consistent with existing reporter code:

  size_t n = mallocSizeOf(this);
  n += ready() && data.compressed != emptySource)
     ? mallocSizeOf(data.compressed)
     : 0;
  return n;
Attachment #714195 - Flags: review?(n.nethercote) → review+
https://hg.mozilla.org/integration/mozilla-inbound/rev/e4987b9b24bc

(In reply to Nicholas Nethercote [:njn] from comment #3)
>   size_t n = mallocSizeOf(this);
>   n += ready() && data.compressed != emptySource)

I assume you actually want me to put parens around the condition, right?
Assignee: general → benjamin
> I assume you actually want me to put parens around the condition, right?

Yeah.  Good idea.
https://hg.mozilla.org/mozilla-central/rev/e4987b9b24bc
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla21
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: