Open
Bug 960513
Opened 11 years ago
Updated 3 years ago
Assertion failure: fun->isInterpretedLazy(), at js/src/../../js/src/jscompartment.cpp:732
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
REOPENED
mozilla29
People
(Reporter: past, Unassigned)
References
Details
(Keywords: assertion)
Attachments
(4 files)
fx-team tip with the patch from bug 933212 applied, and I follow the STR for bug 912924:
1) open http://jsfiddle.net/davibe/BsrKz/19/
2) open debugger
3) boom
Top of the stack:
0 JSCompartment::ensureDelazifyScriptsForDebugMode(JSContext*) + 1448 (jscntxt.h:359)
1 js::Debugger::ScriptQuery::addCompartment(JSCompartment*) + 64 (Debugger.cpp:2542)
2 js::Debugger::ScriptQuery::matchAllDebuggeeGlobals() + 198 (Debugger.cpp:2566)
3 js::Debugger::findScripts(JSContext*, unsigned int, JS::Value*) + 408 (Debugger.cpp:2441)
4 js::CallJSNative(JSContext*, bool (*)(JSContext*, unsigned int, JS::Value*), JS::CallArgs const&) + 97 (jscntxtinlines.h:220)
5 js::Invoke(JSContext*, JS::CallArgs, js::MaybeConstruct) + 869 (Interpreter.cpp:457)
6 Interpret(JSContext*, js::RunState&) + 39004 (Interpreter.cpp:2609)
7 js::RunScript(JSContext*, js::RunState&) + 541 (Interpreter.cpp:421)
Not 100% reproducible.
|
||
Comment 1•11 years ago
|
||
This is almost certainly my bug, in that it's probably a regression from bug 886193. :(
Will look into it.
Assignee: nobody → till
Status: NEW → ASSIGNED
|
Reporter | |
Comment 2•11 years ago
|
||
Reproduced it on plain fx-team tip without any other patches.
|
|
Reporter | |
Comment 3•11 years ago
|
||
Seems to be fixed today.
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → WORKSFORME
|
|
Reporter | |
Comment 4•11 years ago
|
||
I found a new reliable way to reproduce this in bug 900045 comment 0. Copying here for your convenience:
1. Open this web page: http://well.blogs.nytimes.com/2013/07/31/how-exercise-changes-fat-and-muscle-cells/?_r=3&
2. Open the web console or the inspector
3. Open the debugger
Status: RESOLVED → REOPENED
Resolution: WORKSFORME → ---
|
||
Comment 5•11 years ago
|
||
Here's a stack trace:
(gdb) where
#0 0x00007ffff53cbb56 in CreateLazyScriptsForCompartment (cx=0x9121e0) at /home/jimb/moz/dbg/js/src/../../js/src/jscompartment.cpp:732
#1 JSCompartment::ensureDelazifyScriptsForDebugMode (this=<optimized out>, cx=0x9121e0) at /home/jimb/moz/dbg/js/src/../../js/src/jscompartment.cpp:764
#2 0x00007ffff54eb9af in js::Debugger::ScriptQuery::addCompartment (this=this@entry=0x7fffffff7810, comp=0x5985f00) at /home/jimb/moz/dbg/js/src/../../js/src/vm/Debugger.cpp:2542
#3 0x00007ffff54ebefd in js::Debugger::ScriptQuery::matchAllDebuggeeGlobals (this=this@entry=0x7fffffff7810) at /home/jimb/moz/dbg/js/src/../../js/src/vm/Debugger.cpp:2566
#4 0x00007ffff550dae2 in omittedQuery (this=0x7fffffff7810) at /home/jimb/moz/dbg/js/src/../../js/src/vm/Debugger.cpp:2441
#5 js::Debugger::findScripts (cx=0x9121e0, argc=0, vp=<optimized out>) at /home/jimb/moz/dbg/js/src/../../js/src/vm/Debugger.cpp:2687
#6 0x00007ffff54ad607 in js::CallJSNative (cx=cx@entry=0x9121e0, native=0x7ffff550d7a0 <js::Debugger::findScripts(JSContext*, unsigned int, JS::Value*)>, args=...) at /home/jimb/moz/dbg/js/src/../../js/src/jscntxtinlines.h:220
#7 0x00007ffff54ff610 in js::Invoke (cx=cx@entry=0x9121e0, args=..., construct=construct@entry=js::NO_CONSTRUCT) at /home/jimb/moz/dbg/js/src/../../js/src/vm/Interpreter.cpp:464
#8 0x00007ffff54f8ce1 in Interpret (cx=cx@entry=0x9121e0, state=...) at /home/jimb/moz/dbg/js/src/../../js/src/vm/Interpreter.cpp:2609
#9 0x00007ffff54ff10c in js::RunScript (cx=cx@entry=0x9121e0, state=...) at /home/jimb/moz/dbg/js/src/../../js/src/vm/Interpreter.cpp:421
#10 0x00007ffff54ff7eb in js::Invoke (cx=cx@entry=0x9121e0, args=..., construct=construct@entry=js::NO_CONSTRUCT) at /home/jimb/moz/dbg/js/src/../../js/src/vm/Interpreter.cpp:483
#11 0x00007ffff53d2b5e in js::CallOrConstructBoundFunction (cx=<optimized out>, argc=2, vp=<optimized out>) at /home/jimb/moz/dbg/js/src/../../js/src/jsfun.cpp:1346
#12 0x00007ffff54ad607 in js::CallJSNative (cx=cx@entry=0x9121e0, native=0x7ffff53d2628 <js::CallOrConstructBoundFunction(JSContext*, unsigned int, JS::Value*)>, args=...) at /home/jimb/moz/dbg/js/src/../../js/src/jscntxtinlines.h:220
#13 0x00007ffff54ff610 in js::Invoke (cx=cx@entry=0x9121e0, args=..., construct=construct@entry=js::NO_CONSTRUCT) at /home/jimb/moz/dbg/js/src/../../js/src/vm/Interpreter.cpp:464
#14 0x00007ffff54f8ce1 in Interpret (cx=cx@entry=0x9121e0, state=...) at /home/jimb/moz/dbg/js/src/../../js/src/vm/Interpreter.cpp:2609
#15 0x00007ffff54ff10c in js::RunScript (cx=cx@entry=0x9121e0, state=...) at /home/jimb/moz/dbg/js/src/../../js/src/vm/Interpreter.cpp:421
#16 0x00007ffff54ff7eb in js::Invoke (cx=cx@entry=0x9121e0, args=..., construct=construct@entry=js::NO_CONSTRUCT) at /home/jimb/moz/dbg/js/src/../../js/src/vm/Interpreter.cpp:483
#17 0x00007ffff53d4688 in js_fun_apply (cx=0x9121e0, argc=<optimized out>, vp=0x736138) at /home/jimb/moz/dbg/js/src/../../js/src/jsfun.cpp:1069
#18 0x00007ffff54ad607 in js::CallJSNative (cx=cx@entry=0x9121e0, native=0x7ffff53d3f80 <js_fun_apply(JSContext*, unsigned int, JS::Value*)>, args=...) at /home/jimb/moz/dbg/js/src/../../js/src/jscntxtinlines.h:220
#19 0x00007ffff54ff610 in js::Invoke (cx=cx@entry=0x9121e0, args=..., construct=construct@entry=js::NO_CONSTRUCT) at /home/jimb/moz/dbg/js/src/../../js/src/vm/Interpreter.cpp:464
#20 0x00007ffff54f8ce1 in Interpret (cx=cx@entry=0x9121e0, state=...) at /home/jimb/moz/dbg/js/src/../../js/src/vm/Interpreter.cpp:2609
#21 0x00007ffff54ff10c in js::RunScript (cx=cx@entry=0x9121e0, state=...) at /home/jimb/moz/dbg/js/src/../../js/src/vm/Interpreter.cpp:421
#22 0x00007ffff54ff7eb in js::Invoke (cx=cx@entry=0x9121e0, args=..., construct=construct@entry=js::NO_CONSTRUCT) at /home/jimb/moz/dbg/js/src/../../js/src/vm/Interpreter.cpp:483
#23 0x00007ffff5501d43 in js::Invoke (cx=cx@entry=0x9121e0, thisv=..., fval=..., argc=argc@entry=0, argv=argv@entry=0x7fffffffc0d0, rval=JSVAL_VOID) at /home/jimb/moz/dbg/js/src/../../js/src/vm/Interpreter.cpp:520
#24 0x00007ffff53d86d2 in JS_CallFunctionValue (cx=cx@entry=0x9121e0, objArg=<optimized out>, fval=$jsval((JSObject *) 0x7fff298817c0 [object Function "makeInfallible/<"]), argc=argc@entry=0, argv=argv@entry=0x7fffffffc0d0, rval=rval@entry=0x7fffffffbfb0) at /home/jimb/moz/dbg/js/src/../../js/src/jsapi.cpp:5016
#25 0x00007ffff3b92fd3 in nsXPCWrappedJSClass::CallMethod (this=0x744d780, wrapper=<optimized out>, methodIndex=3, info_=0x5b3360, nativeParams=0x7fffffffc3a0) at /home/jimb/moz/dbg/js/xpconnect/src/XPCWrappedJSClass.cpp:1293
#26 0x00007ffff3b71e57 in nsXPCWrappedJS::CallMethod (this=0x6cee960, methodIndex=<optimized out>, info=0x5b3360, params=0x7fffffffc3a0) at /home/jimb/moz/dbg/js/xpconnect/src/XPCWrappedJS.cpp:519
#27 0x00007ffff2d2eded in PrepareAndDispatch (self=0x486d680, methodIndex=<optimized out>, args=<optimized out>, gpregs=0x7fffffffc490, fpregs=0x7fffffffc4c0) at /home/jimb/moz/dbg/xpcom/reflect/xptcall/src/md/unix/xptcstubs_x86_64_linux.cpp:122
#28 0x00007ffff2d2e087 in SharedStub () from /home/jimb/moz/dbg/obj-bug/dist/bin/libxul.so
#29 0x00007ffff2d2390e in nsThread::ProcessNextEvent (this=0x52cae0, mayWait=false, result=0x7fffffffc5bf) at /home/jimb/moz/dbg/xpcom/threads/nsThread.cpp:637
#30 0x00007ffff2c9f321 in NS_ProcessNextEvent (thread=<optimized out>, mayWait=mayWait@entry=false) at /home/jimb/moz/dbg/xpcom/glue/nsThreadUtils.cpp:263
#31 0x00007ffff301972c in mozilla::ipc::MessagePump::Run (this=0x529600, aDelegate=0x5288b0) at /home/jimb/moz/dbg/ipc/glue/MessagePump.cpp:95
#32 0x00007ffff2fff348 in MessageLoop::RunInternal (this=this@entry=0x5288b0) at /home/jimb/moz/dbg/ipc/chromium/src/base/message_loop.cc:226
#33 0x00007ffff2fff375 in RunHandler (this=0x5288b0) at /home/jimb/moz/dbg/ipc/chromium/src/base/message_loop.cc:219
#34 MessageLoop::Run (this=0x5288b0) at /home/jimb/moz/dbg/ipc/chromium/src/base/message_loop.cc:193
#35 0x00007ffff3acd4a7 in nsBaseAppShell::Run (this=0x8d9c60) at /home/jimb/moz/dbg/widget/xpwidgets/nsBaseAppShell.cpp:157
#36 0x00007ffff4b8cfbb in nsAppStartup::Run (this=0x8e3c40) at /home/jimb/moz/dbg/toolkit/components/startup/nsAppStartup.cpp:276
#37 0x00007ffff4b181e0 in XREMain::XRE_mainRun (this=this@entry=0x7fffffffca50) at /home/jimb/moz/dbg/toolkit/xre/nsAppRunner.cpp:4023
#38 0x00007ffff4b1865e in XREMain::XRE_main (this=this@entry=0x7fffffffca50, argc=argc@entry=4, argv=argv@entry=0x7fffffffdf28, aAppData=aAppData@entry=0x7fffffffcc50) at /home/jimb/moz/dbg/toolkit/xre/nsAppRunner.cpp:4091
#39 0x00007ffff4b18906 in XRE_main (argc=4, argv=0x7fffffffdf28, aAppData=0x7fffffffcc50, aFlags=<optimized out>) at /home/jimb/moz/dbg/toolkit/xre/nsAppRunner.cpp:4331
#40 0x0000000000404109 in do_main (argc=argc@entry=4, argv=argv@entry=0x7fffffffdf28, xreDirectory=0x41d010) at /home/jimb/moz/dbg/browser/app/nsBrowserApp.cpp:280
#41 0x0000000000404238 in main (argc=4, argv=0x7fffffffdf28) at /home/jimb/moz/dbg/browser/app/nsBrowserApp.cpp:648
(gdb)
|
|
||
Comment 6•11 years ago
|
||
The proper fix here would be to turn LazyScript::script_ into a WeakPtr and get rid of quite a bit of fragility in the setup. I won't be able to implement that before the uplift, though, so this has to do for now.
Attachment #8369117 -
Flags: review?(jdemooij)
|
||
Comment 7•11 years ago
|
||
Comment on attachment 8369117 [details] [diff] [review]
Ensure LazyScript has script set for non-lazy canonical functions.
Review of attachment 8369117 [details] [diff] [review]:
-----------------------------------------------------------------
::: js/src/jsscriptinlines.h
@@ +64,3 @@
> function_->setUnlazifiedScript(const_cast<JSScript *>(this));
> + // If this script has a LazyScript, make sure the LazyScript has a
> + // reference to the script when delazifying it's canonical function.
Nit: s/it's/its
Attachment #8369117 -
Flags: review?(jdemooij) → review+
|
|
||
Comment 8•11 years ago
|
||
|
||
Comment 9•11 years ago
|
||
Status: REOPENED → RESOLVED
Closed: 11 years ago → 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla29
|
|
Reporter | |
Comment 10•11 years ago
|
||
I still get the assertion even with this patch.
$ hg log -r 05fd25b6979e
changeset: 166535:05fd25b6979e
user: Till Schneidereit <till@tillschneidereit.net>
date: Sat Feb 01 23:31:57 2014 +0100
summary: Bug 960513 - Ensure LazyScript has script set for non-lazy canonical functions. r=jandem
I'm attaching the new crash log as the line numbers have shifted a bit.
|
|
Reporter | |
Updated•11 years ago
|
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
This happens a lot to me when using the debugger. It's pretty annoying.
Just hit this while *opening* the debugger.
|
||
Comment 13•11 years ago
|
||
(In reply to David Baron [:dbaron] (UTC-8) (needinfo? for questions) from comment #12)
> Just hit this while *opening* the debugger.
Same here just now.
cx JSContext * 0x1139f41c0 0x00000001139f41c0
lazyFunctions JS::AutoObjectVector
JS::AutoVectorRooter<JSObject *> JS::AutoVectorRooter<JSObject *>
_mCheckNotUsedAsTemporary mozilla::detail::GuardObjectNotificationReceiver
mStatementDone bool true true
i js::gc::ZoneCellIter
js::gc::ZoneCellIterImpl js::gc::ZoneCellIterImpl
noAlloc JS::AutoAssertNoAlloc
lists js::gc::ArenaLists * NULL 0x0000000000000000
kind js::gc::AllocKind FINALIZE_LAZY_SCRIPT FINALIZE_LAZY_SCRIPT
lazy js::LazyScript * 0x13c9774c0 0x000000013c9774c0
fun JSFunction * 0x13c975680 0x000000013c975680
js::NativeObject js::NativeObject
nargs_ uint16_t 0 0
flags_ uint16_t 193 193
u JSFunction::U
atom_ js::HeapPtrAtom
|
||
Comment 14•10 years ago
|
||
I can reproduce this consistently by going to a web site, and opening the JS debugger:
backtrace:
Assertion failure: fun->isInterpretedLazy(), at /Users/jyavenard/Work/Mozilla/mozilla-central/js/src/jscompartment.cpp:769
(lldb) bt
* thread #1: tid = 0x344913, 0x00000001095854aa XUL`CreateLazyScriptsForCompartment(cx=0x0000000100430c40) + 410 at jscompartment.cpp:769, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x0)
* frame #0: 0x00000001095854aa XUL`CreateLazyScriptsForCompartment(cx=0x0000000100430c40) + 410 at jscompartment.cpp:769
frame #1: 0x00000001095852cc XUL`JSCompartment::ensureDelazifyScriptsForDebugger(this=0x000000012e872f00, cx=0x0000000100430c40) + 156 at jscompartment.cpp:801
frame #2: 0x0000000108f898a6 XUL`js::Debugger::ScriptQuery::addCompartment(this=0x00007fff5fbd3068, comp=0x000000012e872f00) + 70 at Debugger.cpp:3384
frame #3: 0x0000000108f89816 XUL`js::Debugger::ScriptQuery::matchAllDebuggeeGlobals(this=0x00007fff5fbd3068) + 214 at Debugger.cpp:3408
frame #4: 0x0000000108eeee3e XUL`js::Debugger::ScriptQuery::omittedQuery(this=0x00007fff5fbd3068) + 94 at Debugger.cpp:3275
frame #5: 0x0000000108e85323 XUL`js::Debugger::findScripts(cx=0x0000000100430c40, argc=0, vp=0x00007fff5fbd3cc8) + 531 at Debugger.cpp:3534
frame #6: 0x0000000108efabcb XUL`js::CallJSNative(cx=0x0000000100430c40, native=0x0000000108e85110, args=0x00007fff5fbd3b60)(JSContext*, unsigned int, JS::Value*), JS::CallArgs const&) + 187 at jscntxtinlines.h:235
frame #7: 0x0000000108e8e755 XUL`js::Invoke(cx=0x0000000100430c40, args=CallArgs at 0x00007fff5fbd3b60, construct=NO_CONSTRUCT) + 1269 at Interpreter.cpp:498
frame #8: 0x0000000108e78174 XUL`js::Invoke(cx=0x0000000100430c40, thisv=0x000000011c3a08b0, fval=0x00007fff5fbd3da8, argc=0, argv=0x000000011c3a08b8, rval=JS::MutableHandleValue at 0x00007fff5fbd3c60) + 900 at Interpreter.cpp:554
frame #9: 0x000000010972988c XUL`js::DirectProxyHandler::call(this=0x000000010c505290, cx=0x0000000100430c40, proxy=JS::HandleObject at 0x00007fff5fbd3dd8, args=0x00007fff5fbd4080) const + 316 at DirectProxyHandler.cpp:77
frame #10: 0x000000010972967e XUL`js::CrossCompartmentWrapper::call(this=0x000000010c505290, cx=0x0000000100430c40, wrapper=JS::HandleObject at 0x00007fff5fbd3f10, args=0x00007fff5fbd4080) const + 574 at CrossCompartmentWrapper.cpp:288
frame #11: 0x000000010972fad4 XUL`js::Proxy::call(cx=0x0000000100430c40, proxy=JS::HandleObject at 0x00007fff5fbd4000, args=0x00007fff5fbd4080) + 404 at Proxy.cpp:391
frame #12: 0x0000000109731695 XUL`js::proxy_Call(cx=0x0000000100430c40, argc=0, vp=0x000000011c3a08a8) + 245 at Proxy.cpp:703
frame #13: 0x0000000108efabcb XUL`js::CallJSNative(cx=0x0000000100430c40, native=0x00000001097315a0, args=0x00007fff5fbd4980)(JSContext*, unsigned int, JS::Value*), JS::CallArgs const&) + 187 at jscntxtinlines.h:235
frame #14: 0x0000000108e8e651 XUL`js::Invoke(cx=0x0000000100430c40, args=CallArgs at 0x00007fff5fbd4980, construct=NO_CONSTRUCT) + 1009 at Interpreter.cpp:491
frame #15: 0x0000000108ea8cc5 XUL`Interpret(cx=0x0000000100430c40, state=0x00007fff5fbd7868) + 51749 at Interpreter.cpp:2596
frame #16: 0x0000000108e9c1b9 XUL`js::RunScript(cx=0x0000000100430c40, state=0x00007fff5fbd7868) + 585 at Interpreter.cpp:448
frame #17: 0x0000000108e8e896 XUL`js::Invoke(cx=0x0000000100430c40, args=CallArgs at 0x00007fff5fbd8060, construct=NO_CONSTRUCT) + 1590 at Interpreter.cpp:517
frame #18: 0x0000000108e78174 XUL`js::Invoke(cx=0x0000000100430c40, thisv=0x00007fff5fbd8248, fval=0x00007fff5fbd8280, argc=0, argv=0x0000000000000000, rval=JS::MutableHandleValue at 0x00007fff5fbd8160) + 900 at Interpreter.cpp:554
frame #19: 0x0000000108eb4e1c XUL`js::InvokeGetterOrSetter(cx=0x0000000100430c40, obj=0x00000001229f4380, fval=Value at 0x00007fff5fbd8280, argc=0, argv=0x0000000000000000, rval=JS::MutableHandleValue at 0x00007fff5fbd8278) + 172 at Interpreter.cpp:624
frame #20: 0x0000000108fe7cf7 XUL`CallGetter(cx=0x0000000100430c40, receiver=JS::HandleObject at 0x00007fff5fbd8340, shape=js::HandleShape at 0x00007fff5fbd8338, vp=JS::MutableHandleValue at 0x00007fff5fbd8330) + 247 at NativeObject.cpp:1670
frame #21: 0x0000000108f9e439 XUL`bool GetExistingProperty<(cx=0x0000000100430c40, receiver=js::MaybeRooted<JSObject *, js::AllowGC>::HandleType at 0x00007fff5fbd8430, obj=js::MaybeRooted<js::NativeObject *, js::AllowGC>::HandleType at 0x00007fff5fbd8428, shape=js::MaybeRooted<js::Shape *, js::AllowGC>::HandleType at 0x00007fff5fbd8420, vp=js::MaybeRooted<JS::Value, js::AllowGC>::MutableHandleType at 0x00007fff5fbd8418)1>(JSContext*, js::MaybeRooted<JSObject*, (js::AllowGC)1>::HandleType, js::MaybeRooted<js::NativeObject*, (js::AllowGC)1>::HandleType, js::MaybeRooted<js::Shape*, (js::AllowGC)1>::HandleType, js::MaybeRooted<JS::Value, (js::AllowGC)1>::MutableHandleType) + 809 at NativeObject.cpp:1717
frame #22: 0x0000000108f9e7ea XUL`bool NativeGetPropertyInline<(cx=0x0000000100430c40, obj=js::MaybeRooted<js::NativeObject *, js::AllowGC>::HandleType at 0x00007fff5fbd85f0, receiver=js::MaybeRooted<JSObject *, js::AllowGC>::HandleType at 0x00007fff5fbd85e8, id=js::MaybeRooted<jsid, js::AllowGC>::HandleType at 0x00007fff5fbd85e0, nameLookup=NotNameLookup, vp=js::MaybeRooted<JS::Value, js::AllowGC>::MutableHandleType at 0x00007fff5fbd85d8)1>(JSContext*, js::MaybeRooted<js::NativeObject*, (js::AllowGC)1>::HandleType, js::MaybeRooted<JSObject*, (js::AllowGC)1>::HandleType, js::MaybeRooted<jsid, (js::AllowGC)1>::HandleType, IsNameLookup, js::MaybeRooted<JS::Value, (js::AllowGC)1>::MutableHandleType) + 570 at NativeObject.cpp:1919
frame #23: 0x0000000108f9e59d XUL`js::NativeGetProperty(cx=0x0000000100430c40, obj=js::HandleNativeObject at 0x00007fff5fbd8658, receiver=JS::HandleObject at 0x00007fff5fbd8650, id=JS::HandleId at 0x00007fff5fbd8648, vp=JS::MutableHandleValue at 0x00007fff5fbd8640) + 93 at NativeObject.cpp:1953
frame #24: 0x0000000108ef0016 XUL`js::GetProperty(cx=0x0000000100430c40, obj=JS::HandleObject at 0x00007fff5fbd86e0, receiver=JS::HandleObject at 0x00007fff5fbd86d8, id=JS::HandleId at 0x00007fff5fbd86d0, vp=JS::MutableHandleValue at 0x00007fff5fbd86c8) + 214 at NativeObject.h:1425
frame #25: 0x0000000108ec867f XUL`GetPropertyOperation(cx=0x0000000100430c40, fp=0x000000011c3a0730, script=JS::HandleScript at 0x00007fff5fbd88e0, pc=0x000000012a46aa18, lval=JS::MutableHandleValue at 0x00007fff5fbd88d8, vp=JS::MutableHandleValue at 0x00007fff5fbd88d0) + 1279 at Interpreter.cpp:256
frame #26: 0x0000000108ea701e XUL`Interpret(cx=0x0000000100430c40, state=0x00007fff5fbdb7e8) + 44414 at Interpreter.cpp:2413
frame #27: 0x0000000108e9c1b9 XUL`js::RunScript(cx=0x0000000100430c40, state=0x00007fff5fbdb7e8) + 585 at Interpreter.cpp:448
frame #28: 0x0000000108e8e896 XUL`js::Invoke(cx=0x0000000100430c40, args=CallArgs at 0x00007fff5fbdbfe0, construct=NO_CONSTRUCT) + 1590 at Interpreter.cpp:517
frame #29: 0x0000000109611229 XUL`js::CallOrConstructBoundFunction(cx=0x0000000100430c40, argc=2, vp=0x000000011c3a0650) + 1145 at jsfun.cpp:1595
frame #30: 0x0000000108efabcb XUL`js::CallJSNative(cx=0x0000000100430c40, native=0x0000000109610db0, args=0x00007fff5fbdcad0)(JSContext*, unsigned int, JS::Value*), JS::CallArgs const&) + 187 at jscntxtinlines.h:235
frame #31: 0x0000000108e8e755 XUL`js::Invoke(cx=0x0000000100430c40, args=CallArgs at 0x00007fff5fbdcad0, construct=NO_CONSTRUCT) + 1269 at Interpreter.cpp:498
frame #32: 0x0000000108ea8cc5 XUL`Interpret(cx=0x0000000100430c40, state=0x00007fff5fbdf9b8) + 51749 at Interpreter.cpp:2596
frame #33: 0x0000000108e9c1b9 XUL`js::RunScript(cx=0x0000000100430c40, state=0x00007fff5fbdf9b8) + 585 at Interpreter.cpp:448
frame #34: 0x0000000108e8e896 XUL`js::Invoke(cx=0x0000000100430c40, args=CallArgs at 0x00007fff5fbe01b0, construct=NO_CONSTRUCT) + 1590 at Interpreter.cpp:517
frame #35: 0x000000010960f5b3 XUL`js::fun_apply(cx=0x0000000100430c40, argc=2, vp=0x00007fff5fbe1578) + 1747 at jsfun.cpp:1318
frame #36: 0x0000000108efabcb XUL`js::CallJSNative(cx=0x0000000100430c40, native=0x000000010960eee0, args=0x00007fff5fbe1410)(JSContext*, unsigned int, JS::Value*), JS::CallArgs const&) + 187 at jscntxtinlines.h:235
frame #37: 0x0000000108e8e755 XUL`js::Invoke(cx=0x0000000100430c40, args=CallArgs at 0x00007fff5fbe1410, construct=NO_CONSTRUCT) + 1269 at Interpreter.cpp:498
frame #38: 0x0000000108e78174 XUL`js::Invoke(cx=0x0000000100430c40, thisv=0x00007fff5fbe1810, fval=0x00007fff5fbe1840, argc=2, argv=0x00007fff5fbe19b0, rval=JS::MutableHandleValue at 0x00007fff5fbe1510) + 900 at Interpreter.cpp:554
frame #39: 0x00000001091dd3b7 XUL`js::jit::DoCallFallback(cx=0x0000000100430c40, frame=0x00007fff5fbe1a18, stub_=0x00000001206d8358, argc=2, vp=0x00007fff5fbe19a0, res=JS::MutableHandleValue at 0x00007fff5fbe18f8) + 1847 at BaselineIC.cpp:9648
frame #40: 0x00000001149d103b
100% reproduce-able.
|
||
Comment 15•10 years ago
|
||
(In reply to Jean-Yves Avenard [:jya] from comment #14)
> I can reproduce this consistently by going to a web site, and opening the JS
> debugger:
Which website, please? Do you have an URL? Or do you mean *any* website?
Flags: needinfo?(jyavenard)
|
|
||
Comment 16•10 years ago
|
||
One particular website, I can't provide the details here. I can contact you privately by email.
Flags: needinfo?(jyavenard)
|
|
||
Comment 17•10 years ago
|
||
Might be of interest for till (see comment 14 and 16)
Flags: needinfo?(till)
|
|
||
Updated•9 years ago
|
Flags: needinfo?(till)
|
|
||
Updated•4 years ago
|
Assignee: till → nobody
|
||
Updated•3 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•