Closed Bug 887921 Opened 6 years ago Closed 6 years ago

Assertion failure: InSequentialOrExclusiveParallelSection(), at gc/Heap.h

Categories

(Core :: JavaScript Engine, defect, critical)

x86_64
macOS
defect
Not set
critical

Tracking

()

RESOLVED FIXED
mozilla25
Tracking Status
firefox24 --- disabled
firefox25 --- fixed
firefox-esr17 --- disabled
firefox-esr24 --- disabled
b2g18 --- disabled

People

(Reporter: gkw, Assigned: shu)

References

(Blocks 1 open bug)

Details

(Keywords: assertion, regression, testcase, Whiteboard: [jsbugmon:update])

Attachments

(2 files)

Attached file stack
gc();
m0 = new WeakMap;
m0.toSource = (function() {
    p1 = new ParallelArray([16289], function() {});
});
uneval(this);
Object.defineProperty(this, "o0.v1", {
    configurable: gcPreserveCode(),
});
function f0() {
    return ''
};
gcslice(182);
p1.reduce(f0);

asserts js debug shell on m-c changeset 3b955f306226 without any CLI arguments at Assertion failure: InSequentialOrExclusiveParallelSection(), at gc/Heap.h

s-s because this involves gc and bug 857094 was previously s-s. Tested with a 64-bit threadsafe js debug shell.

autoBisect shows this is probably related to the following changeset:

The first bad revision is:
changeset:   http://hg.mozilla.org/mozilla-central/rev/1aa1dc84a1a4
user:        Shu-yu Guo
date:        Thu Apr 04 08:13:22 2013 -0700
summary:     Bug 857094. (r=sstangl)
Flags: needinfo?(shu)
Attached patch fixSplinter Review
Don't toggle pre barriers for parallel execution, as IGC doesn't run anyways during it.
Assignee: general → shu
Attachment #768690 - Flags: review?(sstangl)
Flags: needinfo?(shu)
Attachment #768690 - Flags: review?(sstangl) → review+
https://hg.mozilla.org/mozilla-central/rev/870d2959d44d
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla25
This should have gone through a security rating and sec approval since it crosses multiple branches. Now we need to decide whether we need it for ESR24 or not. 

Can someone please think about a security rating for this?
This needs a security rating and may need an ESR patch for 24 ESR depending on severity. We're running out of time to take ESR patches as well.
Flags: needinfo?(shu)
This is a PJS bug, and PJS is ifdef'd out in all branches except Nightly.
Group: core-security
You need to log in before you can comment on or make changes to this bug.