Closed
Bug 949220
Opened 11 years ago
Closed 2 years ago
Object creation should be an atomic operation, such that if it succeeds, and reserved slots are immediately written to, finalizers can depend upon those writes having happened
Categories
(Core :: JavaScript Engine, defect)
Core
JavaScript Engine
Tracking
()
RESOLVED
FIXED
People
(Reporter: decoder, Unassigned)
References
Details
(4 keywords, Whiteboard: [jsbugmon:])
Crash Data
Attachments
(36 files, 2 obsolete files)
|
2.96 KB,
patch
|
efaust
:
review+
|
Details | Diff | Splinter Review |
|
47 bytes,
text/x-phabricator-request
|
Details | Review | |
|
47 bytes,
text/x-phabricator-request
|
Details | Review | |
|
47 bytes,
text/x-phabricator-request
|
Details | Review | |
|
47 bytes,
text/x-phabricator-request
|
Details | Review | |
|
47 bytes,
text/x-phabricator-request
|
Details | Review | |
|
47 bytes,
text/x-phabricator-request
|
Details | Review | |
|
47 bytes,
text/x-phabricator-request
|
Details | Review | |
|
47 bytes,
text/x-phabricator-request
|
Details | Review | |
|
47 bytes,
text/x-phabricator-request
|
Details | Review | |
|
47 bytes,
text/x-phabricator-request
|
Details | Review | |
|
47 bytes,
text/x-phabricator-request
|
Details | Review | |
|
Bug 949220 - Split out NewRegExpStringIteratorTemplate from NewRegExpStringIteratorObject. r=jandem!
47 bytes,
text/x-phabricator-request
|
Details | Review | |
|
47 bytes,
text/x-phabricator-request
|
Details | Review | |
|
47 bytes,
text/x-phabricator-request
|
Details | Review | |
|
47 bytes,
text/x-phabricator-request
|
Details | Review | |
|
47 bytes,
text/x-phabricator-request
|
Details | Review | |
|
47 bytes,
text/x-phabricator-request
|
Details | Review | |
|
47 bytes,
text/x-phabricator-request
|
Details | Review | |
|
47 bytes,
text/x-phabricator-request
|
Details | Review | |
|
47 bytes,
text/x-phabricator-request
|
Details | Review | |
|
47 bytes,
text/x-phabricator-request
|
Details | Review | |
|
47 bytes,
text/x-phabricator-request
|
Details | Review | |
|
47 bytes,
text/x-phabricator-request
|
Details | Review | |
|
47 bytes,
text/x-phabricator-request
|
Details | Review | |
|
47 bytes,
text/x-phabricator-request
|
Details | Review | |
|
47 bytes,
text/x-phabricator-request
|
Details | Review | |
|
47 bytes,
text/x-phabricator-request
|
Details | Review | |
|
47 bytes,
text/x-phabricator-request
|
Details | Review | |
|
47 bytes,
text/x-phabricator-request
|
Details | Review | |
|
47 bytes,
text/x-phabricator-request
|
Details | Review | |
|
47 bytes,
text/x-phabricator-request
|
Details | Review | |
|
47 bytes,
text/x-phabricator-request
|
Details | Review | |
|
47 bytes,
text/x-phabricator-request
|
Details | Review | |
|
47 bytes,
text/x-phabricator-request
|
Details | Review | |
|
47 bytes,
text/x-phabricator-request
|
Details | Review |
The following testcase asserts on mozilla-central revision 3ea3d3baa67b (run with --fuzzing-safe):
oomAfterAllocations(16);
Intl.DateTimeFormat.prototype.constructor;
|
Reporter | |
Comment 1•11 years ago
|
||
Jason is working on this one already :)
Assignee: general → jorendorff
Crash Signature: [@ udat_close_50]
Keywords: crash
QA Contact: general
Whiteboard: [jsbugmon:update]
|
||
Comment 2•11 years ago
|
||
Given UDATE_FORMAT_SLOT in DateTimeFormat objects is initialized immediately after object construction in every place, I think this is a duplicate of bug 915336 -- GlobalObject::createBlankPrototype can create an object that the GC can observe (and attempt to finalize, before its reserved slots have been initialized to be GC-safe) but still return nullptr.
|
|
Reporter | |
Comment 3•11 years ago
|
||
Jason and Waldo, I know you guys have been working on fixing these OOM crashes [@ u(num|col|dat)_close_50] in several bugs. Is there any progress on this? I'm still seeing pretty much all of them in the fuzzer. That wouldn't be such a big issue (although it's very annoying and costs processing time), but the assertion tied to this (the DOUBLE_IMPL) is quite generic and possibly covers other security bugs.
Flags: needinfo?(jwalden+bmo)
Flags: needinfo?(jorendorff)
|
|
||
Comment 4•11 years ago
|
||
Fine, I'll look. The way type objects are set is honestly a disaster, so this is going to be a messy patch, and it might take awhile to finish it.
Flags: needinfo?(jwalden+bmo)
|
||
Comment 5•11 years ago
|
||
Yeah, I only had the obvious (narrow) fix for this. Waldo's way is better.
Flags: needinfo?(jorendorff)
|
|
||
Comment 6•11 years ago
|
||
At this point, given a DOM work week next week, dealing with bug 948583 fallout/patch incompleteness before uplift, dealing with bug 961494 before (another) uplift, getting ICU updated before uplift, and probably one or two other things I've forgotten -- not to mention the incomplete patchwork isn't quite on a machine I can use -- this is not going to happen before the next uplift. Once these other things wrap up, perhaps. No sooner.
|
|
Reporter | |
Updated•11 years ago
|
Whiteboard: [jsbugmon:update] → [jsbugmon:]
|
|
Reporter | |
Comment 7•11 years ago
|
||
JSBugMon: Cannot process bug: Error: Failed to compile specified revision 3ea3d3baa67b (maybe try another?)
|
|
Reporter | |
Updated•11 years ago
|
Whiteboard: [jsbugmon:] → [jsbugmon:update]
|
|
Reporter | |
Updated•11 years ago
|
Whiteboard: [jsbugmon:update] → [jsbugmon:update,ignore]
|
|
Reporter | |
Comment 8•11 years ago
|
||
JSBugMon: The testcase found in this bug no longer reproduces (tried revision 3d34a3b6443a).
|
|
Reporter | |
Updated•11 years ago
|
Whiteboard: [jsbugmon:update,ignore] → [jsbugmon:bisectfix]
|
|
Reporter | |
Updated•11 years ago
|
Whiteboard: [jsbugmon:bisectfix] → [jsbugmon:]
|
|
Reporter | |
Comment 9•11 years ago
|
||
JSBugMon: Fix Bisection requested, result:
=== Tinderbox Build Bisection Results by autoBisect ===
The "bad" changeset has the timestamp "20140414165901" and the hash "ba29a8ec2973".
The "good" changeset has the timestamp "20140414172403" and the hash "21aca7217e7a".
Likely fix window: https://hg.mozilla.org/integration/mozilla-inbound/pushloghtml?fromchange=ba29a8ec2973&tochange=21aca7217e7a
|
||
Comment 11•10 years ago
|
||
:Waldo duped bug 1100480 here, and this seemed like it's going to fall off the radar, so assigning and setting needinfo? to him, as per real-life conversation.
Assignee: jorendorff → jwalden+bmo
Flags: needinfo?(jwalden+bmo)
|
|
||
Comment 12•10 years ago
|
||
The deal is that when we allocate Intl objects, *internally* we do so in a three-step process:
1) allocate the object
2) allocate a thing for its typeobject
3) init its reserved slot to privatevalue(nullptr)
or something like that, memory hazy. If we succeed in step 1 but fail in step 2, then the reserved slot is still UndefinedValue() -- but the finalizer will get called when the object's GC'd. Hack around this stupidity by detecting the still-undefined case.
Attachment #8554921 -
Flags: review?(efaustbmo)
|
||
Comment 14•10 years ago
|
||
Comment on attachment 8554921 [details] [diff] [review]
Hackaround
Review of attachment 8554921 [details] [diff] [review]:
-----------------------------------------------------------------
OK, this is like the third dumbest thing. r=me
Attachment #8554921 -
Flags: review?(efaustbmo) → review+
|
|
||
Comment 15•10 years ago
|
||
Landed a hackaround for now. The underlying issue still remains, just that these three finalizers defend against it happening.
https://hg.mozilla.org/integration/mozilla-inbound/rev/1c33995cc288
Hopefully I can get back to fixing the object-creation process to not have this visibly-two-step process in case of OOM after the first step at some point. Leaving open until that happens and we can remove the extra defensive code this hack added.
Flags: needinfo?(jwalden+bmo)
Keywords: leave-open
OS: Linux → All
Hardware: x86_64 → All
Summary: Assertion failure: JSVAL_IS_DOUBLE_IMPL(data), at dist/include/js/Value.h:1170 or Crash [@ udat_close_50] with OOM → Object creation should be an atomic operation, such that if it succeeds, and reserved slots are immediately written to, finalizers can depend upon those writes having happened
|
||
Comment 17•6 years ago
|
||
Closing because no crash reported since 12 weeks.
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → WONTFIX
|
|
||
Comment 18•6 years ago
|
||
Closing because no crash reported since 12 weeks.
|
|
||
Comment 19•6 years ago
|
||
This issue still exists, and "no crash" is not an indicator of its having been fixed. We're still just hacking around this everywhere.
Status: RESOLVED → REOPENED
Resolution: WONTFIX → ---
|
||
Comment 20•6 years ago
|
||
The leave-open keyword is there and there is no activity for 6 months.
:sdetar, maybe it's time to close this bug?
Flags: needinfo?(sdetar)
|
||
Comment 21•6 years ago
|
||
Jeff, should still leave this bug open (leave-open keyword)?
Flags: needinfo?(sdetar) → needinfo?(jwalden)
|
|
||
Comment 22•5 years ago
|
||
The leave-open keyword is there and there is no activity for 6 months.
:sdetar, maybe it's time to close this bug?
Flags: needinfo?(sdetar)
|
|
||
Comment 23•5 years ago
|
||
Jeff could you help determine if the leave-open keyword should be removed from this bug?
Flags: needinfo?(sdetar)
|
|
||
Comment 24•5 years ago
|
||
The leave-open keyword is there and there is no activity for 6 months.
:Waldo, maybe it's time to close this bug?
Flags: needinfo?(jwalden)
|
|
||
Comment 25•5 years ago
|
||
Going from code inspection, this is no longer a problem most of the time. js::NewObjectWithGivenTaggedProto now first creates and roots an ObjectGroup, then it creates the JSObject* that will use it.
However, "creates the JSObject*" expands to 1) get the initial shape (which is fine), 2) create the object (fine), 3) if we are creating a SingletonObject perform JSObject::setSingleton on it. And that last step is not fine, because it means if that last step fails, a finalizer can't rely on the user having initialized those reserved slots.
All of which means, for most object allocations, this doesn't matter -- but singleton objects still have problems. I don't immediately know how many places we allocate objects as singletons, that also have finalizers that when called want to assume post-creation initialization happens.
I have in the past wanted to fix up our singleton story, so that objects are allocated from the start as singletons -- not munged into singleton status after creation. It seems to me that's what we still need to do to fix this. Bug 987807 is one small instance of this, but I'm not sure we have a generalized bug dedicated to the entire problem just yet, at least not off the top of my head.
Flags: needinfo?(jwalden)
|
||
Comment 26•5 years ago
|
||
Note that the singleton story will hopefully change quite a bit in the future so it might not be worth doing a lot of work here for now.
|
|
||
Comment 27•5 years ago
|
||
Bugbug thinks this bug is a regression, but please revert this change in case of error.
Keywords: regression
|
|
||
Comment 28•5 years ago
|
||
|
|
||
Comment 29•5 years ago
|
||
Depends on D70487
|
|
||
Comment 30•5 years ago
|
||
Depends on D70488
|
|
||
Comment 31•5 years ago
|
||
Depends on D70489
|
|
||
Comment 32•5 years ago
|
||
Depends on D70490
|
|
||
Comment 33•5 years ago
|
||
Depends on D70491
|
|
||
Comment 34•5 years ago
|
||
Depends on D70492
|
|
||
Comment 35•5 years ago
|
||
Depends on D70493
|
|
||
Comment 36•5 years ago
|
||
Depends on D70494
|
|
||
Comment 37•5 years ago
|
||
Depends on D70495
|
|
||
Comment 38•5 years ago
|
||
Depends on D70496
|
|
||
Comment 39•5 years ago
|
||
Depends on D70497
|
|
||
Comment 40•5 years ago
|
||
Depends on D70498
|
|
||
Comment 41•5 years ago
|
||
Depends on D70499
|
|
||
Comment 42•5 years ago
|
||
Depends on D70500
|
|
||
Comment 43•5 years ago
|
||
Depends on D70501
|
|
||
Comment 44•5 years ago
|
||
Depends on D70502
|
|
||
Comment 45•5 years ago
|
||
Depends on D70503
|
|
||
Comment 46•5 years ago
|
||
Depends on D70504
|
|
||
Comment 47•5 years ago
|
||
Depends on D70505
|
|
||
Comment 48•5 years ago
|
||
Depends on D70506
|
|
||
Comment 49•5 years ago
|
||
Depends on D70507
|
|
||
Comment 50•5 years ago
|
||
Depends on D70508
|
|
||
Comment 51•5 years ago
|
||
Depends on D70509
|
|
||
Comment 52•5 years ago
|
||
Depends on D70510
|
|
||
Comment 53•5 years ago
|
||
Depends on D70511
|
|
||
Comment 54•5 years ago
|
||
Depends on D70512
|
|
||
Comment 55•5 years ago
|
||
Depends on D70513
|
|
||
Comment 56•5 years ago
|
||
Depends on D70514
|
|
||
Comment 57•5 years ago
|
||
Depends on D70515
|
||
Comment 58•5 years ago
|
||
Pushed by jwalden@mit.edu:
https://hg.mozilla.org/integration/autoland/rev/2d677ae71924
Change callers of |NewObjectWithGivenProto| that specify a constant |SingletonObject| to instead call a new |js::NewSingletonObjectWithGivenProto| that hides away that constant argument. r=jandem
https://hg.mozilla.org/integration/autoland/rev/98ac0d0d392c
Split out of |NewObjectWithGivenProto<T>| variants that hard-code SingletonObject/TenuredObject behavior, and use them in all callers that currently pass either constant. r=jandem
https://hg.mozilla.org/integration/autoland/rev/c0d4d9557fac
Remove |NewDensePartlyAllocatedArray| as unused. r=jandem
https://hg.mozilla.org/integration/autoland/rev/54f48761a664
Make |NewDenseFullyAllocatedArrayWithTemplate|'s template object argument have type |ArrayObject*|. r=jandem
https://hg.mozilla.org/integration/autoland/rev/45e22642cd49
Split |NewTenuredDenseEmptyArray| out of |NewDenseEmptyArray|, and make the latter function invoke TenuredObject behavior. r=jandem
https://hg.mozilla.org/integration/autoland/rev/62fff9f3a631
Make all arguments to |NewArray| in Array.cpp mandatory. r=jandem
https://hg.mozilla.org/integration/autoland/rev/ddf62ab9e8cc
Add |NewObjectWithGivenProtoAndKind| that accepts a kind, and make |NewObjectWithGivenProto| always specify GenericObject. r=jandem
https://hg.mozilla.org/integration/autoland/rev/93b33661e87b
Try allocating map iterator objects first in the nursery, then tenured, without doing so using a loop. r=jandem
https://hg.mozilla.org/integration/autoland/rev/eda9a8e621b3
Try allocating set iterator objects first in the nursery, then tenured, without doing so using a loop. r=jandem
https://hg.mozilla.org/integration/autoland/rev/43ff0c2fc3dc
Split NewArrayIteratorObject into NewArrayIterator{,Template}. r=jandem
https://hg.mozilla.org/integration/autoland/rev/afb91f3ce31e
Split out NewStringIteratorTemplate from NewStringIterator. r=jandem
https://hg.mozilla.org/integration/autoland/rev/69e8d2e49ee1
Split out NewRegExpStringIteratorTemplate from NewRegExpStringIteratorObject. r=jandem
https://hg.mozilla.org/integration/autoland/rev/53a89cfb8c24
Remove NewObjectWithGivenProtoAndKind. r=jandem
https://hg.mozilla.org/integration/autoland/rev/a4a124e8f193
Remove |NewObjectWithNullTaggedProto<T>| in favor of just |NewObjectWithGivenProto<T>(cx, nullptr)|. r=jandem
https://hg.mozilla.org/integration/autoland/rev/53c4c74abb23
Split NewBuiltinClassInstance into a generic form, a tenured form, and a kind-specified form. r=jandem
https://hg.mozilla.org/integration/autoland/rev/cf4659d06791
Make |NewProxyObject| return only non-singletons, and add |NewSingletonProxyObject| for the singleton case. r=jandem
https://hg.mozilla.org/integration/autoland/rev/a2a3821dcc6e
Make the |NewObjectKind| argument to |DeepCloneObjectLiteral| mandatory. r=jandem
https://hg.mozilla.org/integration/autoland/rev/097d29b3ed26
Remove the |NewObjectKind| argument from |DeepCloneObjectLiteral|. r=jandem
https://hg.mozilla.org/integration/autoland/rev/817de77f7cf1
Remove both |NewNativeObjectWithGivenProto| overloads. r=jandem
https://hg.mozilla.org/integration/autoland/rev/c8322158294f
Remove |NewNativeObjectWith{GivenTagged,Class}Proto| as unused. r=jandem
https://hg.mozilla.org/integration/autoland/rev/ca28434cf70f
Make |NewObjectWithGivenProto| (the overload that doesn't take an |allocKind|) use GenericObject. r=jandem
https://hg.mozilla.org/integration/autoland/rev/42312dec52aa
Rename a |NewObjectWithGivenProto| overload to |NewObjectWithGivenProtoAndKinds| to better distinguish it as not hard-coding a |NewObjectKind|. r=jandem
https://hg.mozilla.org/integration/autoland/rev/5c07df930240
Fold |NewObjectWithClassProtoCommon| into its sole caller. r=jandem
https://hg.mozilla.org/integration/autoland/rev/e1ac27ee38e2
Split out a |NewObjectWithClassProtoAndKind| from |NewObjectWithClassProto| so the latter can always use |GenericObject| semantics. r=jandem
https://hg.mozilla.org/integration/autoland/rev/b7459076dbf5
Copy |ProxyObject::create| over to |ProxyObject::createSingleton|, preparing for simplifying both code paths. r=jandem
https://hg.mozilla.org/integration/autoland/rev/650ccbbc2e15
Inline |Proxy::createSingleton| into its caller. r=jandem
https://hg.mozilla.org/integration/autoland/rev/761005340836
Introduce an |ObjectGroup::lazySingletonGroup| that doesn't require providing an old group. r=jandem
https://hg.mozilla.org/integration/autoland/rev/9043d3f4ea6f
Make |ProxyObject::NewSingleton| create a singleton |ObjectGroup| right from the start, avoiding the need to call |JSObject::setSingleton| after the fact. r=jandem
https://hg.mozilla.org/integration/autoland/rev/437dc6f1a0b1
Inline |ProxyObject::create| into its sole caller, and simplify the resulting code. r=jandem
https://hg.mozilla.org/integration/autoland/rev/b077b434866d
Remove |NurseryAllocatedProxy| now that it's unused. r=jandem
|
||
Comment 59•5 years ago
|
||
Backed out 30 changesets (bug 949220) for assertion failure on JSObject.cpp
Backout link: https://hg.mozilla.org/integration/autoland/rev/71f4061ed1ef409ca54176ddea93ddf04fcbe35b
Failure log: https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=297489863&repo=autoland&lineNumber=13753
[task 2020-04-14T09:48:33.714Z] 09:48:33 INFO - TEST-START | layout/style/test/test_value_cloning.html
[task 2020-04-14T09:48:35.478Z] 09:48:35 INFO - GECKO(4980) | [Child 1816, Main Thread] WARNING: We shouldn't be backing up more than once! Someone must have set a break opportunity beyond the available width, even though there were better break opportunities before it: file /builds/worker/checkouts/gecko/layout/generic/nsBlockFrame.cpp, line 4345
[task 2020-04-14T09:48:35.673Z] 09:48:35 INFO - GECKO(4980) | [Child 1816, Main Thread] WARNING: We shouldn't be backing up more than once! Someone must have set a break opportunity beyond the available width, even though there were better break opportunities before it: file /builds/worker/checkouts/gecko/layout/generic/nsBlockFrame.cpp, line 4345
[task 2020-04-14T09:48:38.028Z] 09:48:38 INFO - GECKO(4980) | Assertion failure: heap == gc::TenuredHeap, at /builds/worker/checkouts/gecko/js/src/vm/JSObject.cpp:4314
[task 2020-04-14T09:48:38.163Z] 09:48:38 INFO - GECKO(4980) | [Parent 1060, Main Thread] WARNING: IPC message discarded: actor cannot send: file /builds/worker/checkouts/gecko/ipc/glue/ProtocolUtils.cpp, line 475
[task 2020-04-14T09:48:38.163Z] 09:48:38 INFO - GECKO(4980) | [Parent 1060, Main Thread] WARNING: IPC message discarded: actor cannot send: file /builds/worker/checkouts/gecko/ipc/glue/ProtocolUtils.cpp, line 475
[task 2020-04-14T09:48:38.164Z] 09:48:38 INFO - GECKO(4980) | [Parent 1060, Main Thread] WARNING: IPC message discarded: actor cannot send: file /builds/worker/checkouts/gecko/ipc/glue/ProtocolUtils.cpp, line 475
[task 2020-04-14T09:48:38.267Z] 09:48:38 ERROR - GECKO(4980) | A content process crashed and MOZ_CRASHREPORTER_SHUTDOWN is set, shutting down
[task 2020-04-14T09:48:38.502Z] 09:48:38 INFO - GECKO(4980) | [Parent 1060, Main Thread] WARNING: '!inner', file /builds/worker/checkouts/gecko/dom/ipc/JSWindowActorService.cpp, line 188
[task 2020-04-14T09:48:38.502Z] 09:48:38 INFO - GECKO(4980) | [Parent 1060, Main Thread] WARNING: '!inner', file /builds/worker/checkouts/gecko/dom/ipc/JSWindowActorService.cpp, line 188
[task 2020-04-14T09:48:38.509Z] 09:48:38 INFO - GECKO(4980) | [Parent 1060, Gecko_IOThread] WARNING: file /builds/worker/checkouts/gecko/ipc/chromium/src/base/process_util_win.cc, line 166
[task 2020-04-14T09:48:38.549Z] 09:48:38 INFO - GECKO(4980) | [Parent 1060, Main Thread] WARNING: NS_ENSURE_SUCCESS(rv, rv) failed with result 0x80040111 (NS_ERROR_NOT_AVAILABLE): file /builds/worker/checkouts/gecko/netwerk/cache/nsCacheService.cpp, line 853
[task 2020-04-14T09:48:38.549Z] 09:48:38 INFO - GECKO(4980) | [Parent 1060, Main Thread] WARNING: NS_ENSURE_SUCCESS(rv, rv) failed with result 0x80040111 (NS_ERROR_NOT_AVAILABLE): file /builds/worker/checkouts/gecko/netwerk/cache/nsCacheService.cpp, line 816
[task 2020-04-14T09:48:38.549Z] 09:48:38 INFO - GECKO(4980) | [Parent 1060, Main Thread] WARNING: NS_ENSURE_SUCCESS(rv, rv) failed with result 0x80040111 (NS_ERROR_NOT_AVAILABLE): file /builds/worker/checkouts/gecko/netwerk/cache/nsApplicationCacheService.cpp, line 161
[task 2020-04-14T09:48:38.632Z] 09:48:38 INFO - GECKO(4980) | [Child 5636, Main Thread] WARNING: NS_ENSURE_SUCCESS(rv, rv) failed with result 0x80004005 (NS_ERROR_FAILURE): file /builds/worker/checkouts/gecko/netwerk/base/nsNetUtil.cpp, line 2307
[task 2020-04-14T09:48:38.632Z] 09:48:38 INFO - GECKO(4980) | [Child 5636, Main Thread] WARNING: 'NS_FAILED(rv)', file /builds/worker/checkouts/gecko/caps/ContentPrincipal.cpp, line 398
[task 2020-04-14T09:48:38.632Z] 09:48:38 INFO - GECKO(4980) | [Child 5636, Main Thread] WARNING: NS_ENSURE_SUCCESS(rv, rv) failed with result 0x80004005 (NS_ERROR_FAILURE): file /builds/worker/checkouts/gecko/caps/ContentPrincipal.cpp, line 423
[task 2020-04-14T09:48:38.633Z] 09:48:38 INFO - GECKO(4980) | [Child 5636, Main Thread] WARNING: NS_ENSURE_SUCCESS(rv, rv) failed with result 0x80004005 (NS_ERROR_FAILURE): file /builds/worker/checkouts/gecko/netwerk/base/nsNetUtil.cpp, line 2307
[task 2020-04-14T09:48:38.633Z] 09:48:38 INFO - GECKO(4980) | [Child 5636, Main Thread] WARNING: 'NS_FAILED(rv)', file /builds/worker/checkouts/gecko/caps/ContentPrincipal.cpp, line 398
[task 2020-04-14T09:48:38.633Z] 09:48:38 INFO - GECKO(4980) | [Child 5636, Main Thread] WARNING: NS_ENSURE_SUCCESS(rv, rv) failed with result 0x80004005 (NS_ERROR_FAILURE): file /builds/worker/checkouts/gecko/caps/ContentPrincipal.cpp, line 423
[task 2020-04-14T09:48:38.636Z] 09:48:38 INFO - GECKO(4980) | [Child 5636, Main Thread] WARNING: NS_ENSURE_SUCCESS(rv, rv) failed with result 0x80004005 (NS_ERROR_FAILURE): file /builds/worker/checkouts/gecko/netwerk/base/nsNetUtil.cpp, line 2307
[task 2020-04-14T09:48:38.636Z] 09:48:38 INFO - GECKO(4980) | [Child 5636, Main Thread] WARNING: 'NS_FAILED(rv)', file /builds/worker/checkouts/gecko/caps/ContentPrincipal.cpp, line 398
[task 2020-04-14T09:48:38.636Z] 09:48:38 INFO - GECKO(4980) | [Child 5636, Main Thread] WARNING: NS_ENSURE_SUCCESS(rv, rv) failed with result 0x80004005 (NS_ERROR_FAILURE): file /builds/worker/checkouts/gecko/caps/ContentPrincipal.cpp, line 423
[task 2020-04-14T09:48:38.636Z] 09:48:38 INFO - GECKO(4980) | [Child 5636, Main Thread] WARNING: NS_ENSURE_SUCCESS(rv, rv) failed with result 0x80004005 (NS_ERROR_FAILURE): file /builds/worker/checkouts/gecko/netwerk/base/nsNetUtil.cpp, line 2307
[task 2020-04-14T09:48:38.636Z] 09:48:38 INFO - GECKO(4980) | [Child 5636, Main Thread] WARNING: 'NS_FAILED(rv)', file /builds/worker/checkouts/gecko/caps/ContentPrincipal.cpp, line 398
[task 2020-04-14T09:48:38.636Z] 09:48:38 INFO - GECKO(4980) | [Child 5636, Main Thread] WARNING: NS_ENSURE_SUCCESS(rv, rv) failed with result 0x80004005 (NS_ERROR_FAILURE): file /builds/worker/checkouts/gecko/caps/ContentPrincipal.cpp, line 423
[task 2020-04-14T09:48:38.655Z] 09:48:38 INFO - GECKO(4980) | [Child 5636, Main Thread] WARNING: Extra shutdown CC: 'i < NORMAL_SHUTDOWN_COLLECTIONS', file /builds/worker/checkouts/gecko/xpcom/base/nsCycleCollector.cpp, line 3352
[task 2020-04-14T09:48:38.690Z] 09:48:38 INFO - GECKO(4980) | [2020-04-14T09:48:38Z WARN xulstore::persist] tried to remove key that isn't in the store
[task 2020-04-14T09:48:38.690Z] 09:48:38 INFO - GECKO(4980) | [2020-04-14T09:48:38Z WARN xulstore::persist] tried to remove key that isn't in the store
[task 2020-04-14T09:48:38.910Z] 09:48:38 INFO - GECKO(4980) | [Child 5076, Main Thread] WARNING: 'NS_FAILED(GetAccentColor(unused))', file /builds/worker/checkouts/gecko/widget/windows/nsLookAndFeel.cpp, line 481
[task 2020-04-14T09:48:39.089Z] 09:48:39 INFO - GECKO(4980) | [Child 2636, Main Thread] WARNING: NS_ENSURE_SUCCESS(rv, rv) failed with result 0x80004005 (NS_ERROR_FAILURE): file /builds/worker/checkouts/gecko/netwerk/base/nsNetUtil.cpp, line 2307
[task 2020-04-14T09:48:39.089Z] 09:48:39 INFO - GECKO(4980) | [Child 2636, Main Thread] WARNING: 'NS_FAILED(rv)', file /builds/worker/checkouts/gecko/caps/ContentPrincipal.cpp, line 398
[task 2020-04-14T09:48:39.089Z] 09:48:39 INFO - GECKO(4980) | [Child 2636, Main Thread] WARNING: NS_ENSURE_SUCCESS(rv, rv) failed with result 0x80004005 (NS_ERROR_FAILURE): file /builds/worker/checkouts/gecko/caps/ContentPrincipal.cpp, line 423
[task 2020-04-14T09:48:39.104Z] 09:48:39 INFO - GECKO(4980) | [Child 2636, Main Thread] WARNING: Extra shutdown CC: 'i < NORMAL_SHUTDOWN_COLLECTIONS', file /builds/worker/checkouts/gecko/xpcom/base/nsCycleCollector.cpp, line 3352
[task 2020-04-14T09:48:39.343Z] 09:48:39 INFO - GECKO(4980) | 1586857719317 Marionette TRACE Received observer notification xpcom-will-shutdown
[task 2020-04-14T09:48:39.343Z] 09:48:39 INFO - GECKO(4980) | 1586857719318 Marionette INFO Stopped listening on port 2828
[task 2020-04-14T09:48:39.343Z] 09:48:39 INFO - GECKO(4980) | 1586857719318 Marionette DEBUG Marionette stopped listening
[task 2020-04-14T09:48:39.398Z] 09:48:39 INFO - GECKO(4980) | [Parent 1060, Main Thread] WARNING: NS_ENSURE_SUCCESS(rv, rv) failed with result 0x80004005 (NS_ERROR_FAILURE): file /builds/worker/checkouts/gecko/js/xpconnect/loader/mozJSComponentLoader.cpp, line 228
[task 2020-04-14T09:48:39.399Z] 09:48:39 INFO - GECKO(4980) | [Parent 1060, Main Thread] WARNING: NS_ENSURE_SUCCESS(rv, rv) failed with result 0x80004005 (NS_ERROR_FAILURE): file /builds/worker/checkouts/gecko/js/xpconnect/loader/mozJSComponentLoader.cpp, line 255
[task 2020-04-14T09:48:40.154Z] 09:48:40 INFO - GECKO(4980) | [Parent 1060, Main Thread] WARNING: NS_ENSURE_SUCCESS(rv, rv) failed with result 0x80004005 (NS_ERROR_FAILURE): file /builds/worker/checkouts/gecko/netwerk/base/nsNetUtil.cpp, line 2307
[task 2020-04-14T09:48:40.154Z] 09:48:40 INFO - GECKO(4980) | [Parent 1060, Main Thread] WARNING: 'NS_FAILED(rv)', file /builds/worker/checkouts/gecko/caps/ContentPrincipal.cpp, line 398
[task 2020-04-14T09:48:40.154Z] 09:48:40 INFO - GECKO(4980) | [Parent 1060, Main Thread] WARNING: NS_ENSURE_SUCCESS(rv, rv) failed with result 0x80004005 (NS_ERROR_FAILURE): file /builds/worker/checkouts/gecko/caps/ContentPrincipal.cpp, line 423
[task 2020-04-14T09:48:40.161Z] 09:48:40 INFO - GECKO(4980) | [Parent 1060, Main Thread] WARNING: NS_ENSURE_SUCCESS(rv, rv) failed with result 0x80004005 (NS_ERROR_FAILURE): file /builds/worker/checkouts/gecko/netwerk/base/nsNetUtil.cpp, line 2307
[task 2020-04-14T09:48:40.161Z] 09:48:40 INFO - GECKO(4980) | [Parent 1060, Main Thread] WARNING: 'NS_FAILED(rv)', file /builds/worker/checkouts/gecko/caps/ContentPrincipal.cpp, line 398
[task 2020-04-14T09:48:40.161Z] 09:48:40 INFO - GECKO(4980) | [Parent 1060, Main Thread] WARNING: NS_ENSURE_SUCCESS(rv, rv) failed with result 0x80004005 (NS_ERROR_FAILURE): file /builds/worker/checkouts/gecko/caps/ContentPrincipal.cpp, line 423
[task 2020-04-14T09:48:40.182Z] 09:48:40 INFO - GECKO(4980) | [Parent 1060, Main Thread] WARNING: Extra shutdown CC: 'i < NORMAL_SHUTDOWN_COLLECTIONS', file /builds/worker/checkouts/gecko/xpcom/base/nsCycleCollector.cpp, line 3352
[task 2020-04-14T09:48:40.297Z] 09:48:40 INFO - TEST-INFO | Main app process: exit 0
[task 2020-04-14T09:48:40.297Z] 09:48:40 INFO - runtests.py | Application ran for: 0:04:00.545000
[task 2020-04-14T09:48:40.297Z] 09:48:40 INFO - zombiecheck | Reading PID log: c:\users\task_1586855817\appdata\local\temp\tmpbdpupopidlog
[task 2020-04-14T09:48:40.297Z] 09:48:40 INFO - ==> process 1060 launched child process 5076 ("Z:\task_1586855817\build\application\firefox\firefox.exe" -contentproc --channel="1060.0.1945827918\477124026" -childID 1 -isForBrowser -prefsHandle 2164 -prefMapHandle 2156 -prefsLen 1 -prefMapSize 232373 -parentBuildID 20200414084730 -appdir "Z:\task_1586855817\build\application\firefox\browser" - 1060 "\\.\pipe\gecko-crash-server-pipe.1060" 2208 tab)
[task 2020-04-14T09:48:40.297Z] 09:48:40 INFO - ==> process 1060 launched child process 5636 ("Z:\task_1586855817\build\application\firefox\firefox.exe" -contentproc --channel="1060.6.2139818494\1979809957" -childID 2 -isForBrowser -prefsHandle 2468 -prefMapHandle 2464 -prefsLen 507 -prefMapSize 232373 -parentBuildID 20200414084730 -appdir "Z:\task_1586855817\build\application\firefox\browser" - 1060 "\\.\pipe\gecko-crash-server-pipe.1060" 2480 tab)
[task 2020-04-14T09:48:40.297Z] 09:48:40 INFO - ==> process 1060 launched child process 1816 ("Z:\task_1586855817\build\application\firefox\firefox.exe" -contentproc --channel="1060.12.1425078889\1157077265" -childID 3 -isForBrowser -prefsHandle 4700 -prefMapHandle 4696 -prefsLen 568 -prefMapSize 232373 -parentBuildID 20200414084730 -appdir "Z:\task_1586855817\build\application\firefox\browser" - 1060 "\\.\pipe\gecko-crash-server-pipe.1060" 4712 tab)
[task 2020-04-14T09:48:40.298Z] 09:48:40 INFO - ==> process 1060 launched child process 2636 ("Z:\task_1586855817\build\application\firefox\firefox.exe" -contentproc --channel="1060.18.253357977\1089895843" -childID 4 -isForBrowser -prefsHandle 3668 -prefMapHandle 3664 -prefsLen 10636 -prefMapSize 232373 -parentBuildID 20200414084730 -appdir "Z:\task_1586855817\build\application\firefox\browser" - 1060 "\\.\pipe\gecko-crash-server-pipe.1060" 3612 tab)
[task 2020-04-14T09:48:40.298Z] 09:48:40 INFO - zombiecheck | Checking for orphan process with PID: 1816
[task 2020-04-14T09:48:40.298Z] 09:48:40 INFO - zombiecheck | Checking for orphan process with PID: 5636
[task 2020-04-14T09:48:40.298Z] 09:48:40 INFO - zombiecheck | Checking for orphan process with PID: 2636
[task 2020-04-14T09:48:40.298Z] 09:48:40 INFO - zombiecheck | Checking for orphan process with PID: 5076
[task 2020-04-14T09:48:40.298Z] 09:48:40 INFO - mozcrash Copy/paste: Z:/task_1586855817/fetches\minidump_stackwalk\minidump_stackwalk.exe c:\users\task_1586855817\appdata\local\temp\tmpouaspb.mozrunner\minidumps\188e0ec9-fc03-42df-9c55-862d762116f4.dmp Z:\task_1586855817\build\symbols
[task 2020-04-14T09:48:56.521Z] 09:48:56 INFO - mozcrash Saved minidump as Z:\task_1586855817\build\blobber_upload_dir\188e0ec9-fc03-42df-9c55-862d762116f4.dmp
[task 2020-04-14T09:48:56.524Z] 09:48:56 INFO - mozcrash Saved app info as Z:\task_1586855817\build\blobber_upload_dir\188e0ec9-fc03-42df-9c55-862d762116f4.extra
[task 2020-04-14T09:48:56.593Z] 09:48:56 INFO - PROCESS-CRASH | Main app process exited normally | application crashed [@ static JSObject::debugCheckNewObject(js::ObjectGroup*, js::Shape*, js::gc::AllocKind, js::gc::InitialHeap)]
[task 2020-04-14T09:48:56.593Z] 09:48:56 INFO - Mozilla crash reason: MOZ_ASSERT(heap == gc::TenuredHeap)
[task 2020-04-14T09:48:56.593Z] 09:48:56 INFO - Crash dump filename: c:\users\task_1586855817\appdata\local\temp\tmpouaspb.mozrunner\minidumps\188e0ec9-fc03-42df-9c55-862d762116f4.dmp
[task 2020-04-14T09:48:56.593Z] 09:48:56 INFO - Operating system: Windows NT
[task 2020-04-14T09:48:56.593Z] 09:48:56 INFO - 6.1.7601 Service Pack 1
[task 2020-04-14T09:48:56.594Z] 09:48:56 INFO - CPU: x86
[task 2020-04-14T09:48:56.594Z] 09:48:56 INFO - GenuineIntel family 6 model 63 stepping 2
[task 2020-04-14T09:48:56.594Z] 09:48:56 INFO - 8 CPUs
[task 2020-04-14T09:48:56.594Z] 09:48:56 INFO -
[task 2020-04-14T09:48:56.594Z] 09:48:56 INFO - GPU: UNKNOWN
[task 2020-04-14T09:48:56.594Z] 09:48:56 INFO -
[task 2020-04-14T09:48:56.594Z] 09:48:56 INFO - Crash reason: EXCEPTION_BREAKPOINT
[task 2020-04-14T09:48:56.594Z] 09:48:56 INFO - Crash address: 0x59e1e4f2
[task 2020-04-14T09:48:56.594Z] 09:48:56 INFO - Assertion: Unknown assertion type 0x00000000
[task 2020-04-14T09:48:56.594Z] 09:48:56 INFO - Process uptime: 236 seconds
[task 2020-04-14T09:48:56.594Z] 09:48:56 INFO -
[task 2020-04-14T09:48:56.594Z] 09:48:56 INFO - Thread 0 (crashed)
[task 2020-04-14T09:48:56.594Z] 09:48:56 INFO - 0 xul.dll!static JSObject::debugCheckNewObject(js::ObjectGroup*, js::Shape*, js::gc::AllocKind, js::gc::InitialHeap) [JSObject.cpp:b077b434866d8522790e29a10b47bd9ef46d4d2e : 0 + 0x6]
[task 2020-04-14T09:48:56.594Z] 09:48:56 INFO - eip = 0x59e1e4f2 esp = 0x001ac11c ebp = 0x001ac128 ebx = 0x0d50baa8
[task 2020-04-14T09:48:56.594Z] 09:48:56 INFO - esi = 0x00000000 edi = 0x00000000 eax = 0x6a6ce8ac ecx = 0x000010da
[task 2020-04-14T09:48:56.594Z] 09:48:56 INFO - edx = 0x6a5fe340 efl = 0x00000202
[task 2020-04-14T09:48:56.595Z] 09:48:56 INFO - Found by: given as instruction pointer in context
[task 2020-04-14T09:48:56.595Z] 09:48:56 INFO - 1 xul.dll!static js::ProxyObject::New(JSContext*, js::BaseProxyHandler const*, JS::Handle<JS::Value>, js::TaggedProto, JSClass const*) [ProxyObject.cpp:b077b434866d8522790e29a10b47bd9ef46d4d2e : 134 + 0x17]
[task 2020-04-14T09:48:56.595Z] 09:48:56 INFO - eip = 0x59ea91fc esp = 0x001ac130 ebp = 0x001ac1b4 ebx = 0x00000004
[task 2020-04-14T09:48:56.595Z] 09:48:56 INFO - esi = 0x06a09800 edi = 0x00000000
[task 2020-04-14T09:48:56.595Z] 09:48:56 INFO - Found by: call frame info
[task 2020-04-14T09:48:56.595Z] 09:48:56 INFO - 2 xul.dll!js::NewProxyObject(JSContext*, js::BaseProxyHandler const*, JS::Handle<JS::Value>, JSObject*, js::ProxyOptions const&) [Proxy.cpp:b077b434866d8522790e29a10b47bd9ef46d4d2e : 795 + 0x10]
[task 2020-04-14T09:48:56.595Z] 09:48:56 INFO - eip = 0x59cb087f esp = 0x001ac1bc ebp = 0x001ac1e4 ebx = 0x001ac210
[task 2020-04-14T09:48:56.595Z] 09:48:56 INFO - esi = 0x06a09800 edi = 0x0cf565d0
[task 2020-04-14T09:48:56.595Z] 09:48:56 INFO - Found by: call frame info
[task 2020-04-14T09:48:56.595Z] 09:48:56 INFO - 3 xul.dll!mozilla::dom::BindingJSObjectCreator<nsDOMCSSDeclaration>::CreateProxyObject(JSContext*, JSClass const*, mozilla::dom::DOMProxyHandler const*, JS::Handle<JSObject *>, bool, nsDOMCSSDeclaration*, JS::Handle<JS::Value>, JS::MutableHandle<JSObject *>) [BindingUtils.h:b077b434866d8522790e29a10b47bd9ef46d4d2e : 2633 + 0xb]
[task 2020-04-14T09:48:56.595Z] 09:48:56 INFO - eip = 0x562d0400 esp = 0x001ac1ec ebp = 0x001ac230 esi = 0x001ac2d8
[task 2020-04-14T09:48:56.595Z] 09:48:56 INFO - edi = 0x001ac278
[task 2020-04-14T09:48:56.595Z] 09:48:56 INFO - Found by: call frame info
[task 2020-04-14T09:48:56.595Z] 09:48:56 INFO - 4 xul.dll!mozilla::dom::CSS2Properties_Binding::Wrap(JSContext*, nsDOMCSSDeclaration*, nsWrapperCache*, JS::Handle<JSObject *>, JS::MutableHandle<JSObject *>) [CSS2PropertiesBinding.cpp: : 56852 + 0x24]
[task 2020-04-14T09:48:56.595Z] 09:48:56 INFO - eip = 0x562d0088 esp = 0x001ac238 ebp = 0x001ac2b4 ebx = 0x19ff4244
[task 2020-04-14T09:48:56.595Z] 09:48:56 INFO - esi = 0x19ff4240 edi = 0x001ac2d8
[task 2020-04-14T09:48:56.595Z] 09:48:56 INFO - Found by: call frame info
[task 2020-04-14T09:48:56.596Z] 09:48:56 INFO - 5 xul.dll!nsDOMCSSDeclaration::WrapObject(JSContext*, JS::Handle<JSObject *>) [nsDOMCSSDeclaration.cpp:b077b434866d8522790e29a10b47bd9ef46d4d2e : 31 + 0x2c]
[task 2020-04-14T09:48:56.596Z] 09:48:56 INFO - eip = 0x58428c22 esp = 0x001ac2bc ebp = 0x001ac2e8 ebx = 0x06a09800
[task 2020-04-14T09:48:56.596Z] 09:48:56 INFO - esi = 0x001ac2d8 edi = 0x001ac2d0
[task 2020-04-14T09:48:56.596Z] 09:48:56 INFO - Found by: call frame info
[task 2020-04-14T09:48:56.596Z] 09:48:56 INFO - 6 xul.dll!mozilla::dom::binding_detail::DoGetOrCreateDOMReflector<nsICSSDeclaration,mozilla::dom::binding_detail::eWrapIntoContextCompartment>(JSContext*, nsICSSDeclaration*, JS::Handle<JSObject *>, JS::MutableHandle<JS::Value>) [BindingUtils.h:b077b434866d8522790e29a10b47bd9ef46d4d2e : 1056 + 0xf]
[task 2020-04-14T09:48:56.596Z] 09:48:56 INFO - eip = 0x563e371b esp = 0x001ac2f0 ebp = 0x001ac318 esi = 0x19ff4244
[task 2020-04-14T09:48:56.596Z] 09:48:56 INFO - edi = 0x19ff4240
[task 2020-04-14T09:48:56.596Z] 09:48:56 INFO - Found by: call frame info
[task 2020-04-14T09:48:56.596Z] 09:48:56 INFO - 7 xul.dll!mozilla::dom::Window_Binding::getComputedStyle(JSContext*, JS::Handle<JSObject *>, void*, JSJitMethodCallArgs const&) [WindowBinding.cpp: : 3790 + 0x17]
[task 2020-04-14T09:48:56.596Z] 09:48:56 INFO - eip = 0x56cb9e14 esp = 0x001ac320 ebp = 0x001ac438 ebx = 0x001ac301
[task 2020-04-14T09:48:56.596Z] 09:48:56 INFO - esi = 0x001ac454 edi = 0x19ff4240
[task 2020-04-14T09:48:56.596Z] 09:48:56 INFO - Found by: call frame info
[task 2020-04-14T09:48:56.596Z] 09:48:56 INFO - 8 xul.dll!mozilla::dom::binding_detail::GenericMethod<mozilla::dom::binding_detail::MaybeCrossOriginObjectThisPolicy,mozilla::dom::binding_detail::ThrowExceptions>(JSContext*, unsigned int, JS::Value*) [BindingUtils.cpp:b077b434866d8522790e29a10b47bd9ef46d4d2e : 3205 + 0xa]
[task 2020-04-14T09:48:56.596Z] 09:48:56 INFO - eip = 0x5718bfff esp = 0x001ac440 ebp = 0x001ac49c ebx = 0x001ac400
[task 2020-04-14T09:48:56.596Z] 09:48:56 INFO - esi = 0x5c1f3170 edi = 0x00000001
[task 2020-04-14T09:48:56.596Z] 09:48:56 INFO - Found by: call frame info
[task 2020-04-14T09:48:56.596Z] 09:48:56 INFO - 9 xul.dll!CallJSNative(JSContext*, bool (*)(JSContext*, unsigned int, JS::Value*), js::CallReason, JS::CallArgs const&) [Interpreter.cpp:b077b434866d8522790e29a10b47bd9ef46d4d2e : 490 + 0x7]
[task 2020-04-14T09:48:56.597Z] 09:48:56 INFO - eip = 0x59b8f790 esp = 0x001ac4a4 ebp = 0x001ac508 ebx = 0x06a09800
[task 2020-04-14T09:48:56.597Z] 09:48:56 INFO - esi = 0x5718bd80 edi = 0x001ac640
[task 2020-04-14T09:48:56.597Z] 09:48:56 INFO - Found by: call frame info
[task 2020-04-14T09:48:56.597Z] 09:48:56 INFO - 10 xul.dll!js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) [Interpreter.cpp:b077b434866d8522790e29a10b47bd9ef46d4d2e : 582 + 0xb]
[task 2020-04-14T09:48:56.597Z] 09:48:56 INFO - eip = 0x59b8f182 esp = 0x001ac510 ebp = 0x001ac570 ebx = 0x00000000
[task 2020-04-14T09:48:56.597Z] 09:48:56 INFO - esi = 0x001ac640 edi = 0x5718bd80
[task 2020-04-14T09:48:56.597Z] 09:48:56 INFO - Found by: call frame info
[task 2020-04-14T09:48:56.597Z] 09:48:56 INFO - 11 xul.dll!InternalCall(JSContext*, js::AnyInvokeArgs const&, js::CallReason) [Interpreter.cpp:b077b434866d8522790e29a10b47bd9ef46d4d2e : 645 + 0xc]
[task 2020-04-14T09:48:56.597Z] 09:48:56 INFO - eip = 0x59b904ef esp = 0x001ac578 ebp = 0x001ac5b8 ebx = 0x00000000
[task 2020-04-14T09:48:56.597Z] 09:48:56 INFO - esi = 0x001ac590 edi = 0x001ac640
[task 2020-04-14T09:48:56.597Z] 09:48:56 INFO - Found by: call frame info
[task 2020-04-14T09:48:56.597Z] 09:48:56 INFO - 12 xul.dll!js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>, js::CallReason) [Interpreter.cpp:b077b434866d8522790e29a10b47bd9ef46d4d2e : 662 + 0x6]
[task 2020-04-14T09:48:56.597Z] 09:48:56 INFO - eip = 0x59b90721 esp = 0x001ac5c0 ebp = 0x001ac5d0 ebx = 0x00000008
[task 2020-04-14T09:48:56.597Z] 09:48:56 INFO - esi = 0x001ac640 edi = 0x00000001
[task 2020-04-14T09:48:56.597Z] 09:48:56 INFO - Found by: call frame info
[task 2020-04-14T09:48:56.597Z] 09:48:56 INFO - 13 xul.dll!js::jit::InvokeFunction(JSContext*, JS::Handle<JSObject *>, bool, bool, unsigned int, JS::Value*, JS::MutableHandle<JS::Value>) [VMFunctions.cpp:b077b434866d8522790e29a10b47bd9ef46d4d2e : 267 + 0x14]
[task 2020-04-14T09:48:56.597Z] 09:48:56 INFO - eip = 0x5acfe7f9 esp = 0x001ac5d8 ebp = 0x001ac73c ebx = 0x00000008
[task 2020-04-14T09:48:56.598Z] 09:48:56 INFO - esi = 0x001ac6c0
[task 2020-04-14T09:48:56.598Z] 09:48:56 INFO - Found by: call frame info
[task 2020-04-14T09:48:56.598Z] 09:48:56 INFO - 14 xul.dll!truncf + 0x10766b8
[task 2020-04-14T09:48:56.598Z] 09:48:56 INFO - eip = 0x5cc74d00 esp = 0x001ac770 ebp = 0x001acd00 ebx = 0x001ac764
[task 2020-04-14T09:48:56.598Z] 09:48:56 INFO - esi = 0xffffff8c edi = 0x00000001
[task 2020-04-14T09:48:56.598Z] 09:48:56 INFO - Found by: call frame info with scanning
[task 2020-04-14T09:48:56.598Z] 09:48:56 INFO - 15 0x6a09838
[task 2020-04-14T09:48:56.598Z] 09:48:56 INFO - eip = 0x06a09838 esp = 0x001acd08 ebp = 0x001ad220
[task 2020-04-14T09:48:56.598Z] 09:48:56 INFO - Found by: previous frame's frame pointer
[task 2020-04-14T09:48:56.598Z] 09:48:56 INFO - 16 0x6a09838
[task 2020-04-14T09:48:56.598Z] 09:48:56 INFO - eip = 0x06a09838 esp = 0x001ad228 ebp = 0x00000000
[task 2020-04-14T09:48:56.598Z] 09:48:56 INFO - Found by: previous frame's frame pointer
[task 2020-04-14T09:48:56.598Z] 09:48:56 INFO - 17 xul.dll!js::ProxyGetProperty(JSContext*, JS::Handle<JSObject *>, JS::Handle<JS::PropertyKey>, JS::MutableHandle<JS::Value>) [Proxy.cpp:b077b434866d8522790e29a10b47bd9ef46d4d2e : 345 + 0x10]
[task 2020-04-14T09:48:56.598Z] 09:48:56 INFO - eip = 0x59cb2566 esp = 0x001ad23c ebp = 0x00000000
[task 2020-04-14T09:48:56.598Z] 09:48:56 INFO - Found by: stack scanning
[task 2020-04-14T09:48:56.598Z] 09:48:56 INFO - 18 xul.dll + 0x2554d0
[task 2020-04-14T09:48:56.598Z] 09:48:56 INFO - eip = 0x549954d0 esp = 0x001ad25c ebp = 0x001ad288
[task 2020-04-14T09:48:56.599Z] 09:48:56 INFO - Found by: stack scanning
[task 2020-04-14T09:48:56.599Z] 09:48:56 INFO - 19 0xffffff8c
[task 2020-04-14T09:48:56.599Z] 09:48:56 INFO - eip = 0xffffff8c esp = 0x001ad290 ebp = 0x0c2751c0
[task 2020-04-14T09:48:56.599Z] 09:48:56 INFO - Found by: stack scanning
...
Flags: needinfo?(jwalden)
|
|
||
Comment 60•5 years ago
|
||
wut
This has tryservered at various times in the past, so I am confuse. Will do some testing and relanding piecemeal, I guess.
Flags: needinfo?(jwalden)
|
|
||
Comment 61•5 years ago
|
||
Pushed by jwalden@mit.edu:
https://hg.mozilla.org/integration/autoland/rev/0c40d004b57c
Change callers of |NewObjectWithGivenProto| that specify a constant |SingletonObject| to instead call a new |js::NewSingletonObjectWithGivenProto| that hides away that constant argument. r=jandem
https://hg.mozilla.org/integration/autoland/rev/f43782ba7d9b
Split out of |NewObjectWithGivenProto<T>| variants that hard-code SingletonObject/TenuredObject behavior, and use them in all callers that currently pass either constant. r=jandem
https://hg.mozilla.org/integration/autoland/rev/0effb22db897
Remove |NewDensePartlyAllocatedArray| as unused. r=jandem
https://hg.mozilla.org/integration/autoland/rev/5ee921665bfe
Make |NewDenseFullyAllocatedArrayWithTemplate|'s template object argument have type |ArrayObject*|. r=jandem
https://hg.mozilla.org/integration/autoland/rev/8a54c7c199dc
Split |NewTenuredDenseEmptyArray| out of |NewDenseEmptyArray|, and make the latter function invoke TenuredObject behavior. r=jandem
https://hg.mozilla.org/integration/autoland/rev/459ac8a6fc25
Make all arguments to |NewArray| in Array.cpp mandatory. r=jandem
https://hg.mozilla.org/integration/autoland/rev/fb2826055610
Add |NewObjectWithGivenProtoAndKind| that accepts a kind, and make |NewObjectWithGivenProto| always specify GenericObject. r=jandem
https://hg.mozilla.org/integration/autoland/rev/6bfc66e2dd9a
Try allocating map iterator objects first in the nursery, then tenured, without doing so using a loop. r=jandem
https://hg.mozilla.org/integration/autoland/rev/ef8c9f8eaa0e
Try allocating set iterator objects first in the nursery, then tenured, without doing so using a loop. r=jandem
https://hg.mozilla.org/integration/autoland/rev/d72d52e40733
Split NewArrayIteratorObject into NewArrayIterator{,Template}. r=jandem
https://hg.mozilla.org/integration/autoland/rev/9c74164ea82f
Split out NewStringIteratorTemplate from NewStringIterator. r=jandem
https://hg.mozilla.org/integration/autoland/rev/5ef5c4e6b312
Split out NewRegExpStringIteratorTemplate from NewRegExpStringIteratorObject. r=jandem
https://hg.mozilla.org/integration/autoland/rev/ee062bce8602
Remove NewObjectWithGivenProtoAndKind. r=jandem
https://hg.mozilla.org/integration/autoland/rev/ddf3ed2c3a1b
Remove |NewObjectWithNullTaggedProto<T>| in favor of just |NewObjectWithGivenProto<T>(cx, nullptr)|. r=jandem
https://hg.mozilla.org/integration/autoland/rev/01ced0fd2198
Split NewBuiltinClassInstance into a generic form, a tenured form, and a kind-specified form. r=jandem
https://hg.mozilla.org/integration/autoland/rev/7ad1607be0b8
Make |NewProxyObject| return only non-singletons, and add |NewSingletonProxyObject| for the singleton case. r=jandem
https://hg.mozilla.org/integration/autoland/rev/0df9f2cf61a8
Make the |NewObjectKind| argument to |DeepCloneObjectLiteral| mandatory. r=jandem
https://hg.mozilla.org/integration/autoland/rev/673d41c6f7bb
Remove the |NewObjectKind| argument from |DeepCloneObjectLiteral|. r=jandem
https://hg.mozilla.org/integration/autoland/rev/396397bcb38b
Remove both |NewNativeObjectWithGivenProto| overloads. r=jandem
https://hg.mozilla.org/integration/autoland/rev/8d6c7503f22f
Remove |NewNativeObjectWith{GivenTagged,Class}Proto| as unused. r=jandem
https://hg.mozilla.org/integration/autoland/rev/c9deed70f209
Make |NewObjectWithGivenProto| (the overload that doesn't take an |allocKind|) use GenericObject. r=jandem
https://hg.mozilla.org/integration/autoland/rev/39566c2dd7c7
Rename a |NewObjectWithGivenProto| overload to |NewObjectWithGivenProtoAndKinds| to better distinguish it as not hard-coding a |NewObjectKind|. r=jandem
https://hg.mozilla.org/integration/autoland/rev/0721eefdd313
Fold |NewObjectWithClassProtoCommon| into its sole caller. r=jandem
https://hg.mozilla.org/integration/autoland/rev/6f104bf1520f
Split out a |NewObjectWithClassProtoAndKind| from |NewObjectWithClassProto| so the latter can always use |GenericObject| semantics. r=jandem
https://hg.mozilla.org/integration/autoland/rev/b9ba8d904b0f
Copy |ProxyObject::create| over to |ProxyObject::createSingleton|, preparing for simplifying both code paths. r=jandem
https://hg.mozilla.org/integration/autoland/rev/0d355fc784ab
Inline |Proxy::createSingleton| into its caller. r=jandem
https://hg.mozilla.org/integration/autoland/rev/68876db19421
Introduce an |ObjectGroup::lazySingletonGroup| that doesn't require providing an old group. r=jandem
https://hg.mozilla.org/integration/autoland/rev/bf2723998f5c
Make |ProxyObject::NewSingleton| create a singleton |ObjectGroup| right from the start, avoiding the need to call |JSObject::setSingleton| after the fact. r=jandem
|
||
Comment 62•5 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/0c40d004b57c
https://hg.mozilla.org/mozilla-central/rev/f43782ba7d9b
https://hg.mozilla.org/mozilla-central/rev/0effb22db897
https://hg.mozilla.org/mozilla-central/rev/5ee921665bfe
https://hg.mozilla.org/mozilla-central/rev/8a54c7c199dc
https://hg.mozilla.org/mozilla-central/rev/459ac8a6fc25
https://hg.mozilla.org/mozilla-central/rev/fb2826055610
https://hg.mozilla.org/mozilla-central/rev/6bfc66e2dd9a
https://hg.mozilla.org/mozilla-central/rev/ef8c9f8eaa0e
https://hg.mozilla.org/mozilla-central/rev/d72d52e40733
https://hg.mozilla.org/mozilla-central/rev/9c74164ea82f
https://hg.mozilla.org/mozilla-central/rev/5ef5c4e6b312
https://hg.mozilla.org/mozilla-central/rev/ee062bce8602
https://hg.mozilla.org/mozilla-central/rev/ddf3ed2c3a1b
https://hg.mozilla.org/mozilla-central/rev/01ced0fd2198
https://hg.mozilla.org/mozilla-central/rev/7ad1607be0b8
https://hg.mozilla.org/mozilla-central/rev/0df9f2cf61a8
https://hg.mozilla.org/mozilla-central/rev/673d41c6f7bb
https://hg.mozilla.org/mozilla-central/rev/396397bcb38b
https://hg.mozilla.org/mozilla-central/rev/8d6c7503f22f
https://hg.mozilla.org/mozilla-central/rev/c9deed70f209
https://hg.mozilla.org/mozilla-central/rev/39566c2dd7c7
https://hg.mozilla.org/mozilla-central/rev/0721eefdd313
https://hg.mozilla.org/mozilla-central/rev/6f104bf1520f
https://hg.mozilla.org/mozilla-central/rev/b9ba8d904b0f
https://hg.mozilla.org/mozilla-central/rev/0d355fc784ab
https://hg.mozilla.org/mozilla-central/rev/68876db19421
https://hg.mozilla.org/mozilla-central/rev/bf2723998f5c
|
|
||
Comment 63•5 years ago
|
||
|
|
||
Comment 64•5 years ago
|
||
Depends on D71111
|
||
Comment 65•5 years ago
|
||
Comment on attachment 9140895 [details]
Bug 949220 - Move PlainObject to vm/PlainObject{,-inl}.h. r=jandem!
Revision D71111 was moved to bug 1630346. Setting attachment 9140895 [details] to obsolete.
Attachment #9140895 -
Attachment is obsolete: true
|
|
||
Comment 66•5 years ago
|
||
Comment on attachment 9140896 [details]
Bug 949220 - Move various create-this functions that deal in |PlainObject*| to PlainObject.*. r=jandem!
Revision D71112 was moved to bug 1630346. Setting attachment 9140896 [details] to obsolete.
Attachment #9140896 -
Attachment is obsolete: true
|
|
||
Comment 67•5 years ago
|
||
Depends on D70516
|
|
||
Comment 68•5 years ago
|
||
Depends on D71270
|
|
||
Comment 69•5 years ago
|
||
Depends on D71271
|
|
||
Comment 70•5 years ago
|
||
Depends on D71272
|
|
||
Comment 71•5 years ago
|
||
Depends on D71273
|
|
||
Comment 72•5 years ago
|
||
Pushed by jwalden@mit.edu:
https://hg.mozilla.org/integration/autoland/rev/b25d763a3d67
Inline |ProxyObject::create| into its sole caller, and simplify the resulting code. r=jandem
https://hg.mozilla.org/integration/autoland/rev/6c60e7fceaa0
Remove |NurseryAllocatedProxy| now that it's unused. r=jandem
https://hg.mozilla.org/integration/autoland/rev/d85d4d198864
Adjust some |NewObjectWithGivenTaggedProto| overloads so fewer users must specify an object kind. r=jandem
https://hg.mozilla.org/integration/autoland/rev/ba0ef525da5d
Add |NewSingletonObjectWithGivenTaggedProtoAndKind| to encode singleton-ness into function name for one caller. r=jandem
https://hg.mozilla.org/integration/autoland/rev/0c6e7d41cb06
Make |js::CloneObject| take a |JSObject*| prototype argument, not a |TaggedProto|. r=jandem
https://hg.mozilla.org/integration/autoland/rev/50526bdc2a82
Inline |js::CloneObject| into its sole caller. r=jandem
https://hg.mozilla.org/integration/autoland/rev/f44d32cba0ec
Make |NewObjectWithGivenTaggedProto| accept three arguments and take |NewObjectKind| as template parameter. r=jandem
|
||
Comment 73•5 years ago
|
||
Backed out 7 changesets for causing failures in Compartment.h
Backout link: https://hg.mozilla.org/integration/autoland/rev/5befd8ec1e64755f779bd64517938219cf899193
Push with failures: https://treeherder.mozilla.org/#/jobs?repo=autoland&resultStatus=testfailed%2Cbusted%2Cexception%2Crunnable&revision=f44d32cba0ece1254c2c65286be2fdc9472bce22&selectedJob=298156457
Failure log: https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=298156457&repo=autoland&lineNumber=5213
Flags: needinfo?(jwalden)
|
|
||
Comment 74•5 years ago
|
||
Pushed by jwalden@mit.edu:
https://hg.mozilla.org/integration/autoland/rev/5c98ae55c819
Inline |ProxyObject::create| into its sole caller, and simplify the resulting code. r=jandem
https://hg.mozilla.org/integration/autoland/rev/b22d46e3f075
Remove |NurseryAllocatedProxy| now that it's unused. r=jandem
https://hg.mozilla.org/integration/autoland/rev/f218f8a4397f
Adjust some |NewObjectWithGivenTaggedProto| overloads so fewer users must specify an object kind. r=jandem
https://hg.mozilla.org/integration/autoland/rev/e35319d52752
Add |NewSingletonObjectWithGivenTaggedProtoAndKind| to encode singleton-ness into function name for one caller. r=jandem
https://hg.mozilla.org/integration/autoland/rev/3730826d5f09
Make |js::CloneObject| take a |JSObject*| prototype argument, not a |TaggedProto|. r=jandem
https://hg.mozilla.org/integration/autoland/rev/785f96e2d9ca
Inline |js::CloneObject| into its sole caller. r=jandem
https://hg.mozilla.org/integration/autoland/rev/c0376a215632
Make |NewObjectWithGivenTaggedProto| accept three arguments and take |NewObjectKind| as template parameter. r=jandem
|
||
Comment 75•5 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/5c98ae55c819
https://hg.mozilla.org/mozilla-central/rev/b22d46e3f075
https://hg.mozilla.org/mozilla-central/rev/f218f8a4397f
https://hg.mozilla.org/mozilla-central/rev/e35319d52752
https://hg.mozilla.org/mozilla-central/rev/3730826d5f09
https://hg.mozilla.org/mozilla-central/rev/785f96e2d9ca
https://hg.mozilla.org/mozilla-central/rev/c0376a215632
|
|
||
Comment 76•4 years ago
|
||
The leave-open keyword is there and there is no activity for 6 months.
:sdetar, maybe it's time to close this bug?
Flags: needinfo?(sdetar)
|
||
Comment 77•4 years ago
|
||
Jan / Waldo, can you close this bug if it is completed, and remove the leave-open tag?
Otherwise mention what remains to be done, and maybe open another bug.
Flags: needinfo?(sdetar) → needinfo?(jdemooij)
|
|
||
Comment 78•4 years ago
|
||
Leaving the NI for Waldo, but it might make sense to close this bug so that we don't have a bug with patches spanning multiple releases (over 6+ months even).
Flags: needinfo?(jdemooij)
|
|
||
Comment 79•4 years ago
|
||
The leave-open keyword is there and there is no activity for 6 months.
:sdetar, maybe it's time to close this bug?
Flags: needinfo?(sdetar)
|
|
||
Comment 81•3 years ago
|
||
The leave-open keyword is there and there is no activity for 6 months.
:sdetar, maybe it's time to close this bug?
Flags: needinfo?(sdetar)
|
|
||
Updated•3 years ago
|
Flags: needinfo?(sdetar)
|
|
||
Comment 82•2 years ago
|
||
The bug assignee didn't login in Bugzilla in the last months and this bug has severity 'critical'.
:sdetar, could you have a look please?
For more information, please visit auto_nag documentation.
Assignee: jwalden → nobody
Flags: needinfo?(sdetar)
|
|
||
Comment 83•2 years ago
|
||
Redirect a needinfo that is pending on an inactive user to the triage owner.
:sdetar, since the bug has high severity, could you have a look please?
For more information, please visit auto_nag documentation.
Flags: needinfo?(jwalden) → needinfo?(sdetar)
|
|
||
Comment 84•2 years ago
|
||
Singleton objects no longer exist, so setSingleton is not an issue anymore. Also, a lot of changes landed in this bug a long time ago, I think we should close this.
Status: REOPENED → RESOLVED
Closed: 6 years ago → 2 years ago
Flags: needinfo?(sdetar)
Resolution: --- → FIXED
|
|
||
Updated•2 years ago
|
Keywords: leave-open
You need to log in
before you can comment on or make changes to this bug.
Description
•