jit crash in js::CurrentThreadCanAccessZone(Zone* zone)

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

jit crash in js::CurrentThreadCanAccessZone(Zone* zone)

孙科
Following is the gdb debugging log:

Thread 1 "js" received signal SIGSEGV, Segmentation fault.
js::CurrentThreadCanAccessZone (zone=zone@entry=0x0) at
/home/kylin/mozilla-central/js/src/vm/Runtime.cpp:876
876    if (CurrentThreadCanAccessRuntime(zone->runtime_))
(gdb) bt
#0  js::CurrentThreadCanAccessZone (zone=zone@entry=0x0) at
/home/kylin/mozilla-central/js/src/vm/Runtime.cpp:876
#1  0x0000000000ab0a48 in js::gc::TenuredCell::zone (this=0x7ffff88000) at
/home/kylin/mozilla-central/js/src/gc/Heap.h:1261
#2  JSRope::flatten (this=this@entry=0x7ffff88000,
maybecx=maybecx@entry=0x7fb791a400)
at /home/kylin/mozilla-central/js/src/vm/String.cpp:562
#3  0x00000000004efaec in JSString::ensureLinear (cx=0x7fb791a400,
this=0x7ffff88000) at /home/kylin/mozilla-central/js/src/vm/String.h:1254
#4  js::AtomizeString (cx=0x7fb791a400, str=0x7ffff88000,
pin=pin@entry=js::DoNotPinAtom)
at /home/kylin/mozilla-central/js/src/jsatom.cpp:396
#5  0x00000000004f3d28 in js::ToAtom<(js::AllowGC)1> (cx=cx@entry=0x7fb791a400,
v=..., v@entry=...)
    at /home/kylin/mozilla-central/js/src/jsatom.cpp:510
#6  0x00000000004dfb00 in js::ValueToId<(js::AllowGC)1> (cx=0x7fb791a400,
v=..., idp=...) at /home/kylin/mozilla-central/js/src/jsatominlines.h:87
#7  0x00000000005ae088 in js::ToPropertyKey (cx=0x7fb791a400, argument=...,
result=...) at /home/kylin/mozilla-central/js/src/jsobjinlines.h:606
#8  0x00000000009f0cb4 in js::SetObjectElement (cx=cx@entry=0x7fb791a400,
obj=..., obj@entry=..., index=..., index@entry=..., value=...,
    value@entry=..., receiver=..., receiver@entry=..., strict=true,
script=..., script@entry=..., pc=pc@entry=0x7fb30850b6 "9QV")
    at /home/kylin/mozilla-central/js/src/vm/Interpreter.cpp:4398
#9  0x000000000059ce90 in js::jit::DoSetElemFallback (cx=0x7fb791a400,
frame=<optimized out>, stub_=<optimized out>, stack=0x7fb791a400, objv=...,
    index=..., rhs=...) at
/home/kylin/mozilla-central/js/src/jit/BaselineIC.cpp:2550
#10 0x0000007fb7fd0690 in ?? ()

Thanks,
sk
_______________________________________________
dev-tech-js-engine mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-js-engine
Reply | Threaded
Open this post in threaded view
|

Re: jit crash in js::CurrentThreadCanAccessZone(Zone* zone)

Nicolas B. Pierron
Hi,

I think this kind of communication should go on bugzilla [1], in the
Core::JavaScript Engine component.  This is where you will find the most
constructive communications, and where this communication will not bother
all persons who subscribed to the mailing list.

Also, it might be good to detail the context of where you saw the crash.
Are you embedding SpiderMonkey, porting it?  On which architecture and so on.

Anyway, Thanks for reporting.

On 05/20/2016 02:54 PM, 孙科 wrote:
> Following is the gdb debugging log:
>
> Thread 1 "js" received signal SIGSEGV, Segmentation fault.

[1]
https://bugzilla.mozilla.org/enter_bug.cgi?assigned_to=nobody%40mozilla.org&bug_file_loc=http%3A%2F%2F&bug_ignored=0&bug_severity=normal&bug_status=NEW&cf_backlog=---&cf_blocking_b2g=---&cf_blocking_fennec=---&cf_feature_b2g=---&cf_fx_iteration=---&cf_fx_points=---&cf_status_b2g_2_0=---&cf_status_b2g_2_0m=---&cf_status_b2g_2_1=---&cf_status_b2g_2_1_s=---&cf_status_b2g_2_2=---&cf_status_b2g_2_2r=---&cf_status_b2g_2_5=---&cf_status_b2g_2_6=---&cf_status_b2g_master=---&cf_status_firefox46=---&cf_status_firefox47=---&cf_status_firefox48=---&cf_status_firefox49=affected&cf_status_firefox_esr38=---&cf_status_firefox_esr45=---&cf_status_thunderbird_esr38=---&cf_status_thunderbird_esr45=---&cf_tracking_b2g=---&cf_tracking_e10s=---&cf_tracking_firefox46=---&cf_tracking_firefox47=---&cf_tracking_firefox48=---&cf_tracking_firefox49=---&cf_tracking_firefox_esr38=---&cf_tracking_firefox_esr45=---&cf_tracking_firefox_relnote=---&cf_tracking_relnote_b2g=---&cf_tracking_thunderbird_esr38=---&cf_track
ing_thunderbird_esr45=---&component=JavaScript%20Engine&contenttypemethod=autodetect&contenttypeselection=text%2Fplain&defined_groups=1&flag_type-203=X&flag_type-37=X&flag_type-4=X&flag_type-41=X&flag_type-5=X&flag_type-607=X&flag_type-720=X&flag_type-721=X&flag_type-737=X&flag_type-781=X&flag_type-787=X&flag_type-799=X&flag_type-800=X&flag_type-803=X&flag_type-835=X&flag_type-846=X&flag_type-855=X&flag_type-863=X&flag_type-864=X&flag_type-875=X&flag_type-889=X&flag_type-892=X&flag_type-901=X&flag_type-905=X&flag_type-908=X&form_name=enter_bug&maketemplate=Remember%20values%20as%20bookmarkable%20template&op_sys=Unspecified&priority=--&product=Core&rep_platform=Unspecified&target_milestone=---&version=Trunk

--
Nicolas B. Pierron
_______________________________________________
dev-tech-js-engine mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-js-engine