1011732 - crash in js::jit::BaselineCompiler::emitBody()

Status: NEW

(Core :: JavaScript Engine: JIT, defect)

Description

[juan becerra [:juanb]]

This bug was filed from the Socorro interface and is 
report bp-f8876b97-338a-42a3-b807-670472140507.
=============================================================

This signature has been around for a while on older Fx versions, and it's been showing up in nightly 32a1 since 5/01.  It's moving up in the ranks to the top 20.

It's happening mostly in Windows 7/XP/8.1. There aren't any comments in the reports. The correlation reports are empty. URLs show mostly Facebook and Google sites.

More reports at: https://crash-stats.mozilla.com/report/list?product=Firefox&signature=js%3A%3Ajit%3A%3ABaselineCompiler%3A%3AemitBody%28%29

0 	XUL 	js::jit::BaselineCompiler::emitBody() 	js/src/assembler/assembler/X86Assembler.h
1 	XUL 	js::jit::BaselineCompiler::compile() 	js/src/jit/BaselineCompiler.cpp
2 	XUL 	js::jit::BaselineCompile(JSContext*, JSScript*) 	js/src/jit/BaselineJIT.cpp
3 	XUL 	CanEnterBaselineJIT 	js/src/jit/BaselineJIT.cpp
4 	XUL 	js::jit::CanEnterBaselineAtBranch(JSContext*, js::InterpreterFrame*, bool) 	js/src/jit/BaselineJIT.cpp
5 	XUL 	Interpret 	js/src/vm/Interpreter.cpp
6 	XUL 	js::RunScript(JSContext*, js::RunState&) 	js/src/vm/Interpreter.cpp
7 	XUL 	js::Invoke(JSContext*, JS::CallArgs, js::MaybeConstruct) 	js/src/vm/Interpreter.cpp
8 	XUL 	js::Invoke(JSContext*, JS::Value const&, JS::Value const&, unsigned int, JS::Value const*, JS::MutableHandle<JS::Value>) 	js/src/vm/Interpreter.cpp
9 	XUL 	js::jit::DoCallFallback 	js/src/jit/BaselineIC.cpp
10 		@0x1087e6238

Comment 1

[Stephen Donner [:stephend] Not actively reading bugmail]

Just saw this for myself; the crash report is: https://crash-stats.mozilla.com/report/index/c61cee92-a11f-421f-82a9-154272140618

Comment 2

[alex_mayorga]

Report ID 	Date Submitted
bp-1b9befba-0772-4bcd-9a7f-57f2f2151119
	19/11/2015	7:01

Crashing Thread
Frame 	Module 	Signature 	Source
0 	xul.dll 	js::jit::BaselineCompiler::emitBody() 	js/src/jit/BaselineCompiler.cpp
1 	xul.dll 	js::jit::BaselineCompiler::compile() 	js/src/jit/BaselineCompiler.cpp
2 	xul.dll 	js::jit::BaselineCompile(JSContext*, JSScript*, bool) 	js/src/jit/BaselineJIT.cpp
3 	xul.dll 	js::jit::CanEnterBaselineAtBranch(JSContext*, js::InterpreterFrame*, bool) 	js/src/jit/BaselineJIT.cpp
4 	xul.dll 	Interpret 	js/src/vm/Interpreter.cpp
5 	xul.dll 	js::RunScript(JSContext*, js::RunState&) 	js/src/vm/Interpreter.cpp
6 	xul.dll 	js::Invoke(JSContext*, JS::CallArgs const&, js::MaybeConstruct) 	js/src/vm/Interpreter.cpp
7 	xul.dll 	js::Invoke(JSContext*, JS::Value const&, JS::Value const&, unsigned int, JS::Value const*, JS::MutableHandle<JS::Value>) 	js/src/vm/Interpreter.cpp
8 	xul.dll 	js::jit::DoCallFallback 	js/src/jit/BaselineIC.cpp
9 		@0x281c81a1a5c

Comment 3

[BugBot [:suhaib / :marco/ :calixte]]

Crash volume for signature 'js::jit::BaselineCompiler::emitBody':
 - nightly(version 50):2 crashes from 2016-06-06.
 - aurora (version 49):1 crash from 2016-06-07.
 - beta   (version 48):82 crashes from 2016-06-06.
 - release(version 47):94 crashes from 2016-05-31.
 - esr    (version 45):1 crash from 2016-04-07.

Crash volume on the last weeks:
            W. N-1  W. N-2  W. N-3  W. N-4  W. N-5  W. N-6  W. N-7
 - nightly       1       0       1       0       0       0       0
 - aurora        0       0       0       0       0       0       1
 - beta          6      46      10       3       9       5       2
 - release      28      12      11      12       9      15       6
 - esr           0       0       0       0       0       0       1

Affected platforms: Windows, Mac OS X

Comment 4

[BugBot [:suhaib / :marco/ :calixte]]

Since the crash volume is low (less than 15 per week), the severity is downgraded to S3. Feel free to change it back if you think the bug is still critical.

For more information, please visit auto_nag documentation.