Closed Bug 762137 Opened 12 years ago Closed 12 years ago

crash in js::types::TypeScript::SetArgument

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Platform:
x86_64
Windows 7
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED DUPLICATE of bug 705423

People

(Reporter: marcia, Unassigned)

Details

(Keywords: crash, topcrash)

Crash Data

This bug was filed from the Socorro interface and is 
report bp-fcff7264-d126-443d-9a8d-bf9172120606 .
============================================================= 

Seen while looking at the one day diff of trunk crashes. Crashes started showing up using the 2012060603 build.  http://tinyurl.com/7wpemaw links to the crashes.

Possible regression range based on crash stats: http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=a7a905fd70d5&tochange=6338a8988917

Adding Brian Hackett to the bug.

Frame 	Module 	Signature 	Source
0 	xul.dll 	js::types::TypeScript::SetArgument 	js/src/jsinferinlines.h:750
1 	xul.dll 	xul.dll@0x427d5f 	
2 	xul.dll 	xul.dll@0xa9aff 	
3 	xul.dll 	js::ObjectImpl::nativeLookup 	js/src/vm/ObjectImpl.cpp:265
4 	xul.dll 	js::HashSet<js::ReadBarriered<js::types::TypeObject>,js::types::TypeObjectEntry, 	obj-firefox/dist/include/js/HashTable.h:1274
5 	xul.dll 	CallResolveOp 	js/src/jsobj.cpp:4642
6 	xul.dll 	ArgSetter 	js/src/vm/ArgumentsObject.cpp:185
7 	xul.dll 	JSObject::getNewType 	js/src/jsinfer.cpp:5684
8 	xul.dll 	xul.dll@0x24285f 	
9 	xul.dll 	js::Shape::set 	js/src/jsscopeinlines.h:310
10 	xul.dll 	js::LookupPropertyWithFlags 	js/src/jsobj.cpp:4734
11 	xul.dll 	js_NativeSet 	js/src/jsobj.cpp:4977
12 	xul.dll 	js::baseops::SetPropertyHelper 	js/src/jsobj.cpp:5381
13 	xul.dll 	xul.dll@0xfb60f 	
14 	xul.dll 	xul.dll@0x5d426f 	
15 	xul.dll 	js_ConcatStrings 	js/src/vm/String.cpp:294
16 	xul.dll 	js::Interpret 	js/src/jsinterp.cpp:2377
17 	xul.dll 	xul.dll@0xfb60f 	
18 	xul.dll 	xul.dll@0x5d426f 	
19 	xul.dll 	js::NewObjectWithClassProto 	js/src/jsobj.cpp:2826
20 	xul.dll 	XPCPerThreadData::GetData 	js/xpconnect/src/xpcprivate.h:3644
21 	xul.dll 	XPCCallContext::XPCCallContext 	js/xpconnect/src/XPCCallContext.cpp:33
22 	xul.dll 	nsXPConnect::GetNativeOfWrapper 	js/xpconnect/src/nsXPConnect.cpp:1420
23 	xul.dll 	nsCOMPtr_base::assign_from_qi 	obj-firefox/xpcom/build/nsCOMPtr.cpp:65
24 	xul.dll 	XPCWrappedNative::InitTearOff 	js/xpconnect/src/XPCWrappedNative.cpp:2186
25 	xul.dll 	xul.dll@0x19f43f 	
26 	nspr4.dll 	MD_CURRENT_THREAD 	nsprpub/pr/src/md/windows/w95thred.c:276
27 	xul.dll 	JS_DHashTableOperate 	js/src/jsdhash.cpp:619
28 	nspr4.dll 	PR_ExitMonitor 	nsprpub/pr/src/threads/prmon.c:100
29 	xul.dll 	FinishCreate 	js/xpconnect/src/XPCWrappedNative.cpp:700
30 	xul.dll 	nsRefPtr<nsXPCClassInfo>::~nsRefPtr<nsXPCClassInfo> 	obj-firefox/xpcom/build/nsCOMPtr.cpp:48
31 	xul.dll 	XPCWrappedNative::GetNewOrUsed 	js/xpconnect/src/XPCWrappedNative.cpp:662
32 	mozglue.dll 	choose_arena 	memory/jemalloc/jemalloc.c:2969
33 	mozglue.dll 	je_malloc 	memory/jemalloc/jemalloc.c:6267
34 	xul.dll 	js::PropertyTree::insertChild 	js/src/jspropertytree.cpp:92
35 	mozglue.dll 	je_malloc 	memory/jemalloc/jemalloc.c:6267
36 	xul.dll 	JS_WrapObject 	js/src/jsapi.cpp:1501
37 	xul.dll 	JSContext::new_<js::types::TypeScriptNesting> 	js/src/jscntxt.h:1277
38 	xul.dll 	js::types::TypeSet::addType 	js/src/jsinferinlines.h:1116
39 	xul.dll 	JSContext::new_<js::types::TypeScriptNesting> 	js/src/jscntxt.h:1277
40 	xul.dll 	js::RunScript 	js/src/jsinterp.cpp:267
41 	xul.dll 	js::InvokeKernel 	js/src/jsinterp.cpp:322
42 	mozglue.dll 	choose_arena 	memory/jemalloc/jemalloc.c:2969
43 	xul.dll 	js::Invoke 	js/src/jsinterp.cpp:354
44 	xul.dll 	nsCycleCollectingAutoRefCnt::decr 	obj-firefox/dist/include/nsISupportsImpl.h:180
45 	xul.dll 	DoDeferredRelease<nsISupports* __ptr64> 	js/xpconnect/src/XPCJSRuntime.cpp:597
46 	xul.dll 	JS_CallFunctionValue 	js/src/jsapi.cpp:5515
47 	xul.dll 	nsXPCWrappedJSClass::CallMethod 	js/xpconnect/src/XPCWrappedJSClass.cpp:1474
48 	nvStereoApiI64.dll 	nvStereoApiI64.dll@0x4004
It's currently #4 top crasher in today's build.
Keywords: topcrash
OS: Windows NT → Windows 7
Hardware: All → x86_64
Hopefully we have a fix to this in bug 761863.
I think it's a dupe of bug 705423 because of ArgSetter in the stack.
Hah, I just mid-aired saying the same thing.  This is just the 64-bit version (hence different NULL crash offset; hasTypes is called inline by SetArgument).
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.