Subj : Re: crash in JS_NewContext To : netscape.public.mozilla.jseng From : Weiyang Zhou Date : Fri Sep 09 2005 05:58 pm I used the -S options to generate .s file, but I don't know how to find the corresponding line. Here is the code for js_Atomize function. js_Atomize: .frame $fp,128,$31 # vars= 104, regs= 2/0, args= 16, extra= 0 .mask 0xc0000000,-4 .fmask 0x00000000,0 subu $sp,$sp,128 $LCFI100: sw $31,124($sp) $LCFI101: sw $fp,120($sp) $LCFI102: move $fp,$sp $LCFI103: sw $4,128($fp) sw $5,132($fp) sw $6,136($fp) sw $7,140($fp) $LBB29: .loc 1 721 0 lw $2,136($fp) sltu $2,$2,32 beq $2,$0,$L190 .loc 1 722 0 addu $2,$fp,48 move $4,$2 lw $5,132($fp) lw $6,136($fp) jal js_InflateStringToBuffer .loc 1 723 0 addu $2,$fp,48 sw $2,16($fp) j $L191 $L190: .loc 1 725 0 lw $4,128($fp) lw $5,132($fp) lw $6,136($fp) jal js_InflateString sw $2,16($fp) .loc 1 726 0 lw $2,16($fp) bne $2,$0,$L192 .loc 1 727 0 sw $0,112($fp) j $L189 $L192: .loc 1 728 0 lw $2,140($fp) ori $2,$2,0x40 sw $2,140($fp) $L191: .loc 1 731 0 addu $3,$fp,32 addu $2,$fp,32 andi $2,$2,0x7 subu $2,$3,$2 addu $2,$2,8 sw $2,20($fp) .loc 1 733 0 lw $3,20($fp) lw $2,16($fp) sw $2,4($3) .loc 1 734 0 lw $3,20($fp) lw $2,136($fp) sw $2,0($3) .loc 1 735 0 lw $2,140($fp) ori $2,$2,0x80 lw $4,128($fp) lw $5,20($fp) move $6,$2 jal js_AtomizeString sw $2,24($fp) .loc 1 736 0 addu $3,$fp,48 lw $2,16($fp) beq $2,$3,$L193 lw $2,24($fp) beq $2,$0,$L194 lw $2,24($fp) lw $3,8($2) li $2,-8 # 0xfffffffffffffff8 and $2,$3,$2 lw $3,4($2) lw $2,16($fp) bne $3,$2,$L194 j $L193 $L194: .loc 1 737 0 lw $4,128($fp) lw $5,16($fp) jal JS_free $L193: .loc 1 738 0 lw $2,24($fp) sw $2,112($fp) $LBE29: .loc 1 739 0 $L189: lw $2,112($fp) move $sp,$fp lw $31,124($sp) lw $fp,120($sp) addu $sp,$sp,128 j $31 .end js_Atomize I apologize for posting the stack trace previously if there are any misunderstanding. It wasn't actually coming from the target device. It is difficult to get stack/arguments/variable information on the target device. But when the firmware crashes, it gives me an address on where it crashed. By looking at the map file, the address in in js_CompareStrings. Also, by putting a couple of printf in the firmware I am pretty sure it crashed when calling js_NewContext -> js_InitAtomStates-> js_InitPinnedAtoms->js_Atomize. So what I did is set a breakpoint in js_CompareStrings in the simulated environment on Windows and hit run the js engine, when it hits the breakpoint, I assume the stack is the stack in the firmware. We will be testing GCC 3.3.4 soon. We have tried gcc 3.3.4 on another device with the same processor with optimized js engine and it works. Although it runs on Linux and uses uclibc instead of newlib. Thanks, Weiyang "Brendan Eich" wrote in message news:dfqsg5$l6k1@ripley.aoltw.net... > Weiyang Zhou wrote: >> I have tried with GCC 3.3.1. With optimization turned on, it still >> crashes. > > Ok, but there are newer versions than that, and you still have not shown > the assembly code for that line. > > How about also showing the argument and local variable values along the > stack backtrace you showed? > > /be .