Closed Bug 926512 Opened 6 years ago Closed 6 years ago

Assertion failure: js::CurrentThreadCanAccessRuntime(runtime_), at ../vm/Runtime.h:1788 or Assertion failure: !thing->zoneFromAnyThread()->needsBarrier(), at ../jsgcinlines.h:64

Categories

(Core :: JavaScript Engine, defect, critical)

x86_64
Linux
defect
Not set
critical

Tracking

()

RESOLVED FIXED
mozilla27

People

(Reporter: decoder, Assigned: shu)

References

(Blocks 1 open bug)

Details

(Keywords: assertion, testcase)

Attachments

(2 files, 1 obsolete file)

The following testcase asserts on mozilla-central revision 211337f7fb83 (threadsafe build, run with --fuzzing-safe --thread-count=2 --ion-eager --ion-regalloc=backtracking --ion-compile-try-catch --ion-eager --ion-check-range-analysis --ion-parallel-compile=on):


gczeal(4);
function assertArraySeqParResultsEq(arr, op, func) {
  while(true) {
    (function (m) { return arr[op + "Par"].apply(arr, [func, m]); })();
  }
}
function set(a, n) {
  for (var i = 0; i < n; i++)
    a[i] = i;
}
assertArraySeqParResultsEq(
  [0, 1, 2, 3, 4, 5, 6, 7, 8, 9],
  "map",
  function (i) {
    var a1 = [];
    set(a1, i+1);
  }
);
Needinfo from shu, as this is PJS code I think.

I also messed up the options in comment 0, in fact no options are required at all to reproduce :)
Keywords: sec-high
Flags: needinfo?(shu)
Attachment #816668 - Attachment is obsolete: true
This bug is caused by barrier verifier being on while being inside a fork join
section. PJS has the assumption that needsBarrier is false inside parallel
code, and we ensure this by finishing all incremental GC work prior to entering
a fork join section. But since needsBarrier can also be true during barrier
verifier, we're asserting. This patch pauses verification during PJS.

Christian, this bug can probably be opened because it can only be triggered by
GC zeal's barrier verification setting.
Attachment #816832 - Flags: review?(wmccloskey)
Assignee: general → shu
Status: NEW → ASSIGNED
Additional note about the patch: I had to move ForkJoinActivation outside of Stack.h so I couldn't #include GCInternals for AutoStopVerifyingBarriers without blowing up the compiler.
Flags: needinfo?(shu)
Attachment #816832 - Flags: review?(wmccloskey) → review+
Unhiding per comment 4, as this is a bug in the verifier, not actually in the GC itself.
Group: core-security
Keywords: sec-high
Duplicate of this bug: 893747
https://hg.mozilla.org/mozilla-central/rev/7664c5abfdbd
Status: ASSIGNED → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla27
Duplicate of this bug: 911796
You need to log in before you can comment on or make changes to this bug.