Crash [@ js::CurrentThreadCanAccessRuntime] during GC with WeakMap
Categories
(Core :: JavaScript: GC, defect)
Tracking
()
People
(Reporter: decoder, Assigned: sfink)
References
Details
(5 keywords, Whiteboard: [jsbugmon:update][sg:dos])
Crash Data
Attachments
(3 files, 1 obsolete file)
(deleted),
patch
|
jonco
:
review+
RyanVM
:
approval-mozilla-beta+
|
Details | Diff | Splinter Review |
(deleted),
patch
|
jonco
:
review+
|
Details | Diff | Splinter Review |
(deleted),
text/x-phabricator-request
|
Details |
Updated•6 years ago
|
Updated•6 years ago
|
Comment 1•6 years ago
|
||
Reporter | ||
Comment 2•6 years ago
|
||
Updated•6 years ago
|
Comment hidden (obsolete) |
Comment hidden (obsolete) |
Comment 6•6 years ago
|
||
Updated•6 years ago
|
Updated•6 years ago
|
Updated•6 years ago
|
Assignee | ||
Comment 7•6 years ago
|
||
Assignee | ||
Comment 8•6 years ago
|
||
Assignee | ||
Updated•6 years ago
|
Comment 9•6 years ago
|
||
Assignee | ||
Comment 10•6 years ago
|
||
Comment 11•6 years ago
|
||
Steve, can you prioritize this bug using the (Importance) field as per your judgement?
Assignee | ||
Comment 12•6 years ago
|
||
Set to major, which might be a bit too high -- crashes are bad, but this seems like it shouldn't happen that much in practice.
Fortunately, I just need to get back to this and split the patch up a bit; the existing patch seems to work and fix the problem.
Assignee | ||
Comment 13•6 years ago
|
||
Assignee | ||
Updated•6 years ago
|
Updated•6 years ago
|
Comment 14•6 years ago
|
||
Comment 15•6 years ago
|
||
bugherder |
Comment 16•6 years ago
|
||
Can we land the testcase for this? Also, please nominate this for Beta approval when you get a chance.
Assignee | ||
Comment 17•6 years ago
|
||
Comment on attachment 9036075 [details] [diff] [review]
mark implicit edges via mark stack instead of eagerly
[Beta/Release Uplift Approval Request]
Feature/Bug causing the regression: Bug 1164294
User impact if declined: Denial-of-service type of crash, which is possible to stumble across with real code. Especially if that code is buggy.
Is this code covered by automated tests?: No
Has the fix been verified in Nightly?: Yes
Needs manual test from QE?: No
If yes, steps to reproduce: I will be landing a test here soon, and would probably want to uplift it along with this.
List of other uplifts needed: None
Risk to taking this patch: Low
Why is the change risky/not risky? (and alternatives if risky): It doesn't change what happens, just when. It's the sort of thing that is pretty likely to show up in automated tests if it was busted.
String changes made/needed: none
Assignee | ||
Comment 18•6 years ago
|
||
Assignee | ||
Comment 19•6 years ago
|
||
(In reply to Steve Fink [:sfink] [:s:] from comment #17)
Is this code covered by automated tests?: No
Or rather, "sorta". This code is executed by many different automated tests. The bug in question is not exercised by any of them, but will be once the test I just attached lands.
Updated•6 years ago
|
Comment 20•6 years ago
|
||
Updated•6 years ago
|
Comment 21•6 years ago
|
||
Backed out changeset 1e7a80d93de5 (bug 1507322) for causing build bustages deep-weakmap.js
deep-weakmap.js test failed
push that caused the failure: https://treeherder.mozilla.org/#/jobs?repo=mozilla-inbound&resultStatus=testfailed%2Cbusted%2Cexception&classifiedState=unclassified&revision=1e7a80d93de52175695270169634e3a51134b9d7
backout: https://hg.mozilla.org/integration/mozilla-inbound/rev/706add84af1aefd035b2450d08ac1d7c0d658b4f
Assignee | ||
Comment 22•6 years ago
|
||
Comment 23•6 years ago
|
||
Assignee | ||
Comment 24•6 years ago
|
||
I should run the test once before landing. Was missing the jstests-required reportCompare call.
Comment 25•6 years ago
|
||
bugherder |
Comment 26•6 years ago
|
||
Comment on attachment 9036075 [details] [diff] [review]
mark implicit edges via mark stack instead of eagerly
[Triage Comment]
Fixes an OOM crash seen in the wild. Thanks for landing a test too. Approved for 65.0b12.
Comment 27•6 years ago
|
||
bugherder uplift |
https://hg.mozilla.org/releases/mozilla-beta/rev/e758e8df7f9a
https://hg.mozilla.org/releases/mozilla-beta/rev/69143a6c191d
Description
•