Closed Bug 1035077 Opened 10 years ago Closed 10 years ago

The keyboard app would crash after switching to pinyin (Simplified Chinese) layout

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Platform:
All
Gonk (Firefox OS)
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1035286
Tracking Flags:
Tracking Status
b2g-v2.0 --- unaffected
b2g-v2.1 --- affected

People

(Reporter: rudyl, Unassigned)

Details

(Keywords: regression) 

STR
===
 1. Enable pinyin layout for Settings,
   Settings app > Keyboards > Selected Keyboards > Add more keyboards.

 2. Launch keyboard and switch to pinyin layout.

Expected: You can type something in Chinese.
Actual:   The keyboard app would crash repeatedly.

Nothing comes out of my mind about any Gaia changes that might cause this, so I would suspect this was regressed by a Gecko change or something.
Nominate this as v2.1? because this is a serious bug and also a regression.
blocking-b2g: --- → 2.1?
Keywords: regression, regressionwindow-wanted
Cannot reproduce this on the latest build of v2.0,
==
Gaia      ef67af27dff3130d41a9139d6ae7ed640c34d922
Gecko     https://hg.mozilla.org/releases/mozilla-aurora/rev/f53099796238
BuildID   20140706160201
Version   32.0a2
ro.build.version.incremental=324
ro.build.date=Thu Dec 19 14:04:55 CST 2013
status-b2g-v2.0: --- → unaffected
status-b2g-v2.1: --- → affected
Thanks for Cervantes' help, we locate this crash to,

--
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 15592.15595]
0x41899cc2 in mozalloc_abort (msg=<value optimized out>) at /mnt/SSD/data/hg/mozilla-central/memory/mozalloc/mozalloc_abort.cpp:30
30          MOZ_CRASH();
(gdb) bt
#0  0x41899cc2 in mozalloc_abort (msg=<value optimized out>) at /mnt/SSD/data/hg/mozilla-central/memory/mozalloc/mozalloc_abort.cpp:30
#1  0x41899d3a in abort () at /mnt/SSD/data/hg/mozilla-central/memory/mozalloc/mozalloc_abort.cpp:39
#2  0x416c2646 in js::jit::BacktrackingAllocator::splitAcrossCalls (this=0x43028428, interval=0x45566ab8) at /mnt/SSD/data/hg/mozilla-central/js/src/jit/BacktrackingAllocator.cpp:1882
#3  0x416c362a in js::jit::BacktrackingAllocator::processInterval (this=0x43028428, interval=0x45566ab8) at /mnt/SSD/data/hg/mozilla-central/js/src/jit/BacktrackingAllocator.cpp:585
#4  0x416c41ca in js::jit::BacktrackingAllocator::go (this=0x43028428) at /mnt/SSD/data/hg/mozilla-central/js/src/jit/BacktrackingAllocator.cpp:156
#5  0x41716cd2 in js::jit::GenerateLIR (mir=0x45564088) at /mnt/SSD/data/hg/mozilla-central/js/src/jit/Ion.cpp:1624
#6  0x418353cc in js::HelperThread::handleAsmJSWorkload (this=0x431041e8) at /mnt/SSD/data/hg/mozilla-central/js/src/vm/HelperThreads.cpp:781
#7  js::HelperThread::threadLoop (this=0x431041e8) at /mnt/SSD/data/hg/mozilla-central/js/src/vm/HelperThreads.cpp:1092
#8  0x4183566c in js::HelperThread::ThreadMain (arg=0x431041e8) at /mnt/SSD/data/hg/mozilla-central/js/src/vm/HelperThreads.cpp:754
#9  0x4223c6f0 in _pt_root (arg=<value optimized out>) at /mnt/SSD/data/hg/mozilla-central/nsprpub/pr/src/pthreads/ptthread.c:212
#10 0x4010bce4 in _thread_create_startup (arg=0x4035c000) at /mnt/SSD/data/hg/mozilla-central/mozglue/build/Nuwa.cpp:557
#11 thread_create_startup (arg=0x4035c000) at /mnt/SSD/data/hg/mozilla-central/mozglue/build/Nuwa.cpp:588
#12 0x4002fe18 in __thread_entry (func=0x43028f00, arg=0x4035c000, tls=<value optimized out>) at bionic/libc/bionic/pthread.c:217
#13 0x4002f96c in pthread_create (thread_out=<value optimized out>, attr=0x4035c014, start_routine=0x4010bca5 <thread_create_startup>, arg=0x4035c000) at bionic/libc/bionic/pthread.c:357
#14 0x43028d68 in ?? ()
#15 0x43028d68 in ?? ()
Backtrace stopped: previous frame identical to this frame (corrupt stack?)
(gdb) fr 2
#2  0x416c2646 in js::jit::BacktrackingAllocator::splitAcrossCalls (this=0x43028428, interval=0x45566ab8) at /mnt/SSD/data/hg/mozilla-central/js/src/jit/BacktrackingAllocator.cpp:1882
1882                IonSpewCont(IonSpew_RegAlloc, "%u", range->from);
(gdb) list
1877        for (size_t i = fixedIntervalsUnion->numRanges(); i > 0; i--) {
1878            const LiveInterval::Range *range = fixedIntervalsUnion->getRange(i - 1);
1879            if (interval->covers(range->from) && interval->covers(range->from.previous())) {
1880                if (!callPositions.empty())
1881                    IonSpewCont(IonSpew_RegAlloc, ", ");
1882                IonSpewCont(IonSpew_RegAlloc, "%u", range->from);
1883                if (!callPositions.append(range->from))
1884                    return false;
1885            }
1886        }

--
According to his suggestion, change the component to JS component.
Component: Gaia::Keyboard → JavaScript Engine
Product: Firefox OS → Core
QA Contact: jharvey
Depends on: 1035286
Status: NEW → RESOLVED
blocking-b2g: 2.1? → ---
Closed: 10 years ago
No longer depends on: 1035286
Keywords: regressionwindow-wanted
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.