Building dehydra against a debug build of Spidermonkey tip (rev. 25442798da4a) causes an assertion failure: /home/ehren/gcc4.5/dist.4.5.0/libexec/gcc/x86_64-unknown-linux-gnu/4.5.0/cc1plus -E -quiet -v -I/home/ehren/gcc4.5/dist.4.5.0/lib/gcc/x86_64-unknown-linux-gnu/4.5.0/plugin/include -I/home/ehren/dehydra-tests/SpiderMonkey/include/js/ - I/home/ehren/dehydra-tests/SpiderMonkey/lib -I//home/ehren/local/include/js/ -D_GNU_SOURCE -DTREEHYDRA_CONVERT_JS -DXP_UNIX -DIN_GCC -DPLUGIN_NO_POISON -DHAVE_CONFIG_H -C gcc_cp_headers.h -mtune=generic -march=x86-64 -Wall -fpermissive -fshow-column -fPIC -fplugin=./gcc_dehydra.so -fplugin-arg-gcc_dehydra-=convert_tree.js -fpch-preprocess -o gcc_cp_headers.ii Assertion failure: obj->getClass()->flags & JSCLASS_IS_GLOBAL, at ../jsobj.cpp:3410 cc1plus: internal compiler error: Aborted

Bug 561923 breaks this. This patch fails at runtime but I think something similar is required. I'm debugging but perhaps only flag changes in global_class are needed.

What error happens after your patch?

I get Assertion failure: !prev->isActive(), at ../jscntxt.h:1778 when running anything

this patch works before rev b15fd8b568e4 (bug 558754). trace with this revision: Program received signal SIGSEGV, Segmentation fault. 0x00007ffff1a7742c in js_GetGCThingRuntime (thing=0xdadadada00000000) at ../jsgc.cpp:879 879 return JSGCChunkInfo::fromChunk(chunk)->runtime; Missing separate debuginfos, use: debuginfo-install elfutils-libelf-0.145-1.fc12.x86_64 glibc-2.11.1-4.x86_64 gmp-4.3.1-5.fc12.x86_64 libgcc-4.4.3-4.fc12.x86_64 libstdc++-4.4.3-4.fc12.x86_64 (gdb) backtrace #0 0x00007ffff1a7742c in js_GetGCThingRuntime (thing=0xdadadada00000000) at ../jsgc.cpp:879 #1 0x00007ffff1b396b1 in js_GetStringBytes (cx=0x0, str=0xdadadada00000000) at ../jsstr.cpp:3939 #2 0x00007ffff1a241e0 in JS_GetStringBytes (str=0xdadadada00000000) at ../jsapi.cpp:5115 #3 0x00007ffff1e6da0d in Require (cx=0x1a76410, obj=0x7ffff1602000, argc=1, argv=0x1a84668, rval=0x7fffffffd070) at dehydra_builtins.c:154 #4 0x00007ffff1aae2e7 in js_Invoke (cx=0x1a76410, argc=1, vp=0x1a84658, flags=2) at ../jsinterp.cpp:823 #5 0x00007ffff1a9ab78 in js_Interpret (cx=0x1a76410) at ../jsops.cpp:2219 #6 0x00007ffff1aaef90 in js_Execute (cx=0x1a76410, chain=0x7ffff1602000, script=0x1a993c0, down=0x0, flags=0, result=0x7fffffffdb10) at ../jsinterp.cpp:1073 #7 0x00007ffff1a234f0 in JS_ExecuteScript (cx=0x1a76410, obj=0x7ffff1602000, script=0x1a993c0, rval=0x7fffffffdb10) at ../jsapi.cpp:4761 #8 0x00007ffff1e6e9f2 in dehydra_loadScript (this=0x7ffff20801c0, filename=0x1ab0810 "test_sys_gcc_info.js", namespace=0x7ffff1602000) at dehydra_builtins.c:437 #9 0x00007ffff1e6ec9e in Include (cx=0x1a76410, obj=0x7ffff1602000, argc=1, argv=0x7fffffffdc38, rval=0x7fffffffdc30) at dehydra_builtins.c:472 #10 0x00007ffff1e72081 in dehydra_includeScript (this=0x7ffff20801c0, script=0x1ab0a50 "test_sys_gcc_info.js") at dehydra.c:202 #11 0x00007ffff1e6d176 in gcc_plugin_init (file=0x7fffffffe2b0 "../gcc_dehydra.so", arg=0x1a265c0 "test_sys_gcc_info.js", pass=0x7fffffffdcd0, version_string=0x1948680 "4.5.0") at dehydra_plugin.c:280 #12 0x00007ffff1e6d52d in plugin_init (plugin_info=0x19fa430, version=0x19486a0) at dehydra_plugin.c:482 #13 0x0000000000b19a9f in try_init_one_plugin (plugin=0x19fa430) at ../../gcc-4.5.0/gcc/plugin.c:574 #14 0x0000000000b19af2 in init_one_plugin (slot=0x1a26518, info=0x0) at ../../gcc-4.5.0/gcc/plugin.c:596 #15 0x0000000001302fb0 in htab_traverse_noresize (htab=0x1a26490, callback=0xb19acb <init_one_plugin>, info=0x0) at ../../gcc-4.5.0/libiberty/hashtab.c:753 #16 0x0000000000b19b65 in initialize_plugins () at ../../gcc-4.5.0/gcc/plugin.c:621 #17 0x0000000000c13cd3 in toplev_main (argc=15, argv=0x7fffffffdef8) at ../../gcc-4.5.0/gcc/toplev.c:2517 #18 0x00000000007d0320 in main (argc=15, argv=0x7fffffffdef8) at ../../gcc-4.5.0/gcc/main.c:35

It looks like we're dealing with a number of independent regressions. Changing JS_GetStringBytes to JS_GetStringBytesZ fixes the segfault in comment 4. I'll file a different bug for the !prev->isActive() assertion.

(In reply to comment #5) > Created an attachment (id=449668) [details] > patch > > It looks like we're dealing with a number of independent regressions. Changing > JS_GetStringBytes to JS_GetStringBytesZ fixes the segfault in comment 4. That does not make sense. The bad address evident in comment 4's stack trace: #2 0x00007ffff1a241e0 in JS_GetStringBytes (str=0xdadadada00000000) at ../jsapi.cpp:5115 #3 0x00007ffff1e6da0d in Require (cx=0x1a76410, obj=0x7ffff1602000, argc=1, argv=0x1a84668, rval=0x7fffffffd070) at dehydra_builtins.c:154 is going to crash an JS API taking a JSString *str parameter. What's more, JS_GetStringBytesZ only differs from JS_GetStringBytes in not hiding out of memory failure by returning "" in case of OOM (JS_GetStringBytes does this only due to its age -- it lacks a cx parameter and was truly infallible ~14 years ago). It seems you passed a bad pointer into the JS engine. That could be due to a failure to use the GC exact root set management API. Maybe that bug still exists? > I'll file a different bug for the !prev->isActive() assertion. Cc'ing some people you should cc on that bug. /be

Disregard comment 5... On Saturday I could've sworn that that segfault was introduced with rev. b15fd8b568e4. Not being able to reproduce it today I suspect something was insane with my build environment. As of filing bug 570561, the only outstanding issue is bug 570546.