Closed Bug 992377 Opened 11 years ago Closed 11 years ago

Fatal assert with gecko profiler on yammer

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 994957

People

(Reporter: bzbarsky, Assigned: djvj)

References

Details

(Keywords: assertion, Whiteboard: [js:p1])

Steps to reproduce: 1) Install Gecko profiler extension 2) Log in to Yammer ACTUAL RESULTS: Some of the time (2 out of 3 loads so far for me) I get a fatal assert: Assertion failure: offset < length(), at ../../../mozilla/js/src/jsscript.h:944 Program received signal EXC_BAD_ACCESS, Could not access memory. Reason: KERN_INVALID_ADDRESS at address: 0x0000000000000000 [Switching to process 61779 thread 0xd857] JSScript::offsetToPC (this=0x136c6fe70, offset=43) at jsscript.h:944 944 JS_ASSERT(offset < length()); (gdb) bt #0 JSScript::offsetToPC (this=0x136c6fe70, offset=43) at jsscript.h:944 #1 0x0000000102cecf00 in js::ProfileEntry::pc (this=0x1006771e0) at SPSProfiler.cpp:330 #2 0x00000001073e1cbf in addProfileEntry (entry=@0x1006771e0, aProfile=@0x112d32860, stack=0x100677000, lastpc=0x0) at TableTicker.cpp:345 #3 0x00000001073d88b6 in doSampleStackTrace (aStack=0x100677000, aProfile=@0x112d32860, sample=0x12b98ce08) at TableTicker.cpp:555 #4 0x00000001073d86b8 in TableTicker::InplaceTick (this=0x11304bce0, sample=0x12b98ce08) at TableTicker.cpp:634 #5 0x00000001073d849a in TableTicker::Tick (this=0x11304bce0, sample=0x12b98ce08) at TableTicker.cpp:572 #6 0x00000001073ef0b3 in SamplerThread::SampleContext (this=0x114085280, sampler=0x11304bce0, thread_profile=0x112d32860) at platform-macos.cc:269 #7 0x00000001073eeed2 in SamplerThread::Run (this=0x114085280) at platform-macos.cc:222 #8 0x00000001073dbfdc in ThreadEntry (arg=0x114085280) at platform-macos.cc:103 #9 0x00007fff97d94772 in _pthread_start () #10 0x00007fff97d811a1 in thread_start () (gdb) frame 0 #0 JSScript::offsetToPC (this=0x136c6fe70, offset=43) at jsscript.h:944 944 JS_ASSERT(offset < length()); (gdb) p offset $12 = 43 (gdb) p length() $13 = 21 (gdb) p filename() $15 = 0x1358c9600 "https://c64.assets-yammer.com/assets/vendor-4debc085c4ec407eb4852954143be359.js" (gdb) p lineno() $17 = 24 (sadly, this is minified script; I _think_ this is jQuery). (gdb) frame 3 #3 0x00000001073d88b6 in doSampleStackTrace (aStack=0x100677000, aProfile=@0x112d32860, sample=0x12b98ce08) at TableTicker.cpp:555 555 addProfileEntry(aStack->mStack[i], aProfile, aStack, nullptr); (gdb) p i $21 = 15 (gdb) p aStack->mStack[i] $22 = { <js::ProfileEntry> = { string = 0x140386d60 "._data (https://c64.assets-yammer.com/assets/vendor-4debc085c4ec407eb4852954143be359.js:24)", sp = 0x0, script_ = 0x136c6fe70, idx = 43, static NullPCIndex = -1, static NoCopyBit = 1 }, <No data fields>}
I guess this is related to the removal of the update for inlined functions, we might still update the pc-offset based on the inlined function and not based on the outer-most.
Flags: needinfo?(kvijayan)
Keywords: assertion
Whiteboard: [js:p1]
This is likely a dup of bug 994957.
Assignee: nobody → kvijayan
Flags: needinfo?(kvijayan)
Depends on: 994957
Cleaning up old bugs.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.