Closed
Bug 1027155
Opened 10 years ago
Closed 10 years ago
crash in js::types::TypeSet::hasType(js::types::Type) const
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
People
(Reporter: kbrosnan, Unassigned)
Details
(Keywords: crash, topcrash-android-armv7)
Crash Data
This bug was filed from the Socorro interface and is report bp-eb919e20-752b-4325-8bdd-2fb9e2140613. ============================================================= 0 libxul.so js::types::TypeSet::hasType(js::types::Type) const js/src/jsinfer.h 1 libxul.so js::types::TypeMonitorResult(JSContext*, JSScript*, unsigned char*, JS::Value const&) js/src/jsinfer.cpp 2 libxul.so js::jit::DoGetPropFallback js/src/jsinferinlines.h 3 @0x473d6112 4 dalvik-heap (deleted) dalvik-heap (deleted)@0xf0a03e 5 dalvik-heap (deleted) dalvik-heap (deleted)@0x273492d 6 libxul.so js_Date(JSContext*, unsigned int, JS::Value*) js/src/jsdate.cpp 7 @0xffffff80
|
Reporter | |
Updated•10 years ago
|
tracking-firefox31:
--- → ?
tracking-firefox33:
--- → ?
|
||
Comment 1•10 years ago
|
||
Top crash. Tracking.
|
||
Comment 2•10 years ago
|
||
Naveed, top crash on beta, can we get an assignee?
tracking-fennec: ? → 31+
Flags: needinfo?(nihsanullah)
|
||
Comment 3•10 years ago
|
||
Am I reading the data correctly that this signature started spiking about a week ago? Can we get a regression range. Brian can you please start an investigation on why TypeMonitorResult callback is crashing here?
Flags: needinfo?(nihsanullah) → needinfo?(bhackett1024)
|
|
Reporter | |
Comment 4•10 years ago
|
||
This is new on beta going from 30 to 31. Aurora and Nightly are difficult to monitor for anything other than extremely common. The code that caused this regression is likely to be at least 8 weeks old and up to 14 for something that landed at the binging of the 31 nightly cycle. There is a smaller chance that a 32 uplift caused the issue.
|
||
Comment 5•10 years ago
|
||
(In reply to Naveed Ihsanullah [:naveed] from comment #3) > Am I reading the data correctly that this signature started spiking about a > week ago? Can we get a regression range. > > Brian can you please start an investigation on why TypeMonitorResult > callback is crashing here? Well, it looks like a null crash so presumably the TypeSet being passed in is null, and on the crash in comment 0 the code is being called from baseline. This stuff hasn't changed so far as I know since last october (bug 928562) so the regressing problem could be something totally unrelated and without STR I don't see many options here.
Flags: needinfo?(bhackett1024)
|
||
Updated•10 years ago
|
Keywords: steps-wanted
|
|
Reporter | |
Comment 6•10 years ago
|
||
No crashes since 31b2 marking wfm
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → WORKSFORME
|
|
||
Comment 7•10 years ago
|
||
WFM, untracking.
|
||
Comment 8•1 year ago
|
||
Removing steps-wanted keyword because this bug has been resolved.
Keywords: steps-wanted
You need to log in
before you can comment on or make changes to this bug.
Description
•