Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.
Sign upassertion failed: `*self.stack == mem::transmute(&*self)` in wpt #6462
Comments
|
Generally this assertion gets hit when servo panics with a RootedObject/RootedValue on stack. The panic prevents the destructor for the root from running, which then breaks this particular assertion. Destructors for GC thing roots have to be run in the correct order or all hell breaks loose. This can also happen if someone tries to return or move a RootedObject/Value without appropriate use of the new_with_addr function. |
|
Destructors should still run after a panic, though |
|
I'm convinced that this is due to SpiderMonkey being compiled with
|
|
If that's the case, the stack looks like |
|
Just keep popping until we get to the expected address, you mean? That would help with this assertion, but anything like JSAutoRequest would leave unfinished requests, etc. which will likely trigger more assertions. |
|
rust-lang/rfcs#1413 looks like it could be useful. |
|
I suspect that the best approach is to catch all panics at every in-call to Rust and kill either the thread or process immediately, or kill JavaScript execution (by returning |
…e the interrupted panic to the origin of the JS execution via TLS before resuming. Fix servo#6462.
…e the interrupted panic to the origin of the JS execution via TLS before resuming. Fix servo#6462.
…e the interrupted panic to the origin of the JS execution via TLS before resuming. Fix servo#6462.
…e the interrupted panic to the origin of the JS execution via TLS before resuming. Fix servo#6462.
Avoid unwinding into C stack frames Fix the biggest cause of #6462 by wrapping lots of JS->Rust transitions in catch_panic, and calling resume_panic after all Rust->JS transitions return. Known issue: * Finalizers can be called in response to any JS engine allocation that triggers a GC, so it's possible for a Rust object's Drop implementation that panics to leave an interrupted panic in TLS. This is why 30d8009 is part of this PR; the underlying problem is that there's no clear place to resume the panic after it is interrupted. --- - [X] `./mach build -d` does not report any errors - [X] `./mach test-tidy` does not report any errors - [X] These changes fix #6462 (github issue number if applicable). - [X] There are tests for these changes OR <!-- Reviewable:start --> --- This change is [<img src="https://reviewable.io/review_button.svg" height="35" align="absmiddle" alt="Reviewable"/>](https://reviewable.io/reviews/servo/servo/11803) <!-- Reviewable:end -->
Haven't investigated further.
CC @michaelwu @jdm @Manishearth