Closed
Bug 1206247
Opened 9 years ago
Closed 9 years ago
Crash [@ js::GetCodeCoverageSummary]
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
FIXED
mozilla44
People
(Reporter: gkw, Assigned: nbp)
References
Details
(Keywords: crash, regression, testcase, Whiteboard: [fuzzblocker][jsbugmon:update])
Crash Data
Attachments
(2 files)
|
(deleted),
text/plain
|
Details | |
|
(deleted),
patch
|
bhackett1024
:
review+
|
Details | Diff | Splinter Review |
evaluate("", {
fileName: null
});
// Adapted from randomly chosen test: js/src/jit-test/tests/coverage/bug1203695.js
getLcovInfo();
crashes js debug shell on m-c changeset de0e763b5210 with --fuzzing-safe --no-threads --no-ion --no-baseline at js::GetCodeCoverageSummary
Configure options:
CC="clang -Qunused-arguments" CXX="clang++ -Qunused-arguments" AR=ar AUTOCONF=/usr/local/Cellar/autoconf213/2.13/bin/autoconf213 sh /Users/skywalker/trees/mozilla-central/js/src/configure --target=x86_64-apple-darwin12.5.0 --enable-debug --enable-nspr-build --enable-more-deterministic --with-ccache --enable-gczeal --enable-debug-symbols --disable-tests
python -u ~/funfuzz/js/compileShell.py -b "--enable-debug --enable-more-deterministic --enable-nspr-build" -r de0e763b5210
autoBisect shows this is probably related to the following changeset:
The first bad revision is:
changeset: https://hg.mozilla.org/mozilla-central/rev/8c305052960d
user: Nicolas B. Pierron
date: Sat Aug 29 01:32:37 2015 +0200
summary: Bug 1191289 part 1 - Add a JSFriendApi function to produce LCOV information about the current compartment. r=bhackett
Nicolas, is bug 1191289 a likely regressor?
Flags: needinfo?(nicolas.b.pierron)
|
Reporter | |
Comment 1•9 years ago
|
||
(lldb) bt 5
* thread #1: tid = 0x77cfe2, 0x00007fff95a8cbb0 libsystem_platform.dylib`_platform_strcmp + 176, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x0)
* frame #0: 0x00007fff95a8cbb0 libsystem_platform.dylib`_platform_strcmp + 176
frame #1: 0x00000001008a071d js-dbg-64-dm-nsprBuild-darwin-de0e763b5210`js::GetCodeCoverageSummary(JSContext*, unsigned long*) [inlined] GenerateLcovInfo(JSContext*, JSCompartment*, js::GenericPrinter&)::$_0::operator()(JSScript const*, JSScript const*) const + 1165 at jsopcode.cpp:2135
frame #2: 0x00000001008a0700 js-dbg-64-dm-nsprBuild-darwin-de0e763b5210`js::GetCodeCoverageSummary(JSContext*, unsigned long*) + 21 at stl_algo.h:2382
frame #3: 0x00000001008a06eb js-dbg-64-dm-nsprBuild-darwin-de0e763b5210`js::GetCodeCoverageSummary(JSContext*, unsigned long*) [inlined] void std::__final_insertion_sort<JSScript**, GenerateLcovInfo(JSContext*, JSCompartment*, js::GenericPrinter&)::$_0>(__first=0x000000010283e310, __last=0x000000010283e320)::$_0) + 300 at stl_algo.h:2462
frame #4: 0x00000001008a05bf js-dbg-64-dm-nsprBuild-darwin-de0e763b5210`js::GetCodeCoverageSummary(JSContext*, unsigned long*) [inlined] void std::sort<JSScript**, GenerateLcovInfo(JSContext*, JSCompartment*, js::GenericPrinter&)::$_0>(__first=0x000000010283e310, __last=0x000000010283e320)::$_0) + 15 at stl_algo.h:2868
(lldb)
|
|
Reporter | |
Comment 2•9 years ago
|
||
Can we please have some traction on this? This is causing issues with randorderfuzz as there are now tests involving getLcovInfo(), and these tests do get integrated into fuzzing.
Whiteboard: [jsbugmon:update] → [fuzzblocker][jsbugmon:update]
|
Assignee | |
Updated•9 years ago
|
Assignee: nobody → nicolas.b.pierron
|
|
Assignee | |
Comment 3•9 years ago
|
||
Attachment #8667341 -
Flags: review?(bhackett1024)
|
||
Updated•9 years ago
|
Attachment #8667341 -
Flags: review?(bhackett1024) → review+
|
||
Comment 5•9 years ago
|
||
Status: NEW → RESOLVED
Closed: 9 years ago
status-firefox44:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla44
|
|
Reporter | |
Updated•9 years ago
|
Flags: needinfo?(nicolas.b.pierron)
You need to log in
before you can comment on or make changes to this bug.
Description
•