Closed
Bug 935022
Opened 11 years ago
Closed 11 years ago
GenerationalGC: Assertion failure: currentEnd_ == chunk(currentChunk_).end(), at ../gc/Nursery.h:199
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
FIXED
mozilla28
People
(Reporter: decoder, Assigned: jonco)
References
Details
(Keywords: assertion, testcase, Whiteboard: [jsbugmon:ignore])
Attachments
(1 file)
|
(deleted),
patch
|
terrence
:
review+
|
Details | Diff | Splinter Review |
The following testcase asserts on mozilla-central built with --enable-exact-rooting --enable-gcgenerational, revision 3dd1dc64123a (run with --fuzzing-safe):
function callback(obj) {}
setObjectMetadataCallback(callback);
gczeal(7);
var statusitems = [];
|
Assignee | |
Updated•11 years ago
|
Assignee: general → jcoppeard
|
|
Assignee | |
Comment 1•11 years ago
|
||
This problem is related to the fact that setObjectMetadataCallback() disables GGC, which was the fix for bug 929151.
Nursery::enterZealMode() currently sets numActiveChunks_, which will cause isEnabled() to return true, even if the nursery was disabled before.
The patch checks makes enterZealMode() check whether we are enabled before changing this, and also makes sure enterZealMode() gets called again when the nursery is re-enabled.
Attachment #827466 -
Flags: review?(sphink)
|
||
Comment 2•11 years ago
|
||
Comment on attachment 827466 [details] [diff] [review]
bug935022-metadata-fuzz
Review of attachment 827466 [details] [diff] [review]:
-----------------------------------------------------------------
D'oh! I missed an edge case. :-(
r=me And thanks for giving us more fuzzing time, Christian!
::: js/src/gc/Nursery.cpp
@@ +98,5 @@
>
> void *
> js::Nursery::allocate(size_t size)
> {
> + JS_ASSERT(isEnabled());
Nice!
Attachment #827466 -
Flags: review?(sphink) → review+
|
||
Comment 3•11 years ago
|
||
(In reply to Jon Coppeard (:jonco) from comment #1)
> The patch checks makes enterZealMode() check whether we are enabled before
> changing this, and also makes sure enterZealMode() gets called again when
> the nursery is re-enabled.
I didn't see the latter? Or maybe I'm not understanding. I thought this meant that if you set a metadata callback, called enterZealMode (which would not take effect), and then cleared the metadata callback, that you'd automatically make enterZealMode() take effect? Or did you just mean that clearing the metadata callback would allow future enterZealMode()s work?
|
|
||
Comment 4•11 years ago
|
||
(In reply to Steve Fink [:sfink] from comment #3)
> (In reply to Jon Coppeard (:jonco) from comment #1)
> > The patch checks makes enterZealMode() check whether we are enabled before
> > changing this, and also makes sure enterZealMode() gets called again when
> > the nursery is re-enabled.
>
> I didn't see the latter? Or maybe I'm not understanding. I thought this
> meant that if you set a metadata callback, called enterZealMode (which would
> not take effect), and then cleared the metadata callback, that you'd
> automatically make enterZealMode() take effect? Or did you just mean that
> clearing the metadata callback would allow future enterZealMode()s work?
This only fixes the nursery: I think the metadata callback still perma-disables the nursery.
|
|
Assignee | |
Comment 5•11 years ago
|
||
|
||
Comment 6•11 years ago
|
||
Status: NEW → RESOLVED
Closed: 11 years ago
Flags: in-testsuite+
Resolution: --- → FIXED
Target Milestone: --- → mozilla28
You need to log in
before you can comment on or make changes to this bug.
Description
•