Closed
Bug 1299804
Opened 8 years ago
Closed 4 years ago
Crash in js::jit::GenericAssembler::spew
Categories
(Core :: JavaScript Engine, defect, P3)
Tracking
()
RESOLVED
WORKSFORME
| Tracking | Status | |
|---|---|---|
| firefox51 | --- | affected |
People
(Reporter: baffclan, Unassigned)
Details
(Keywords: crash, triage-deferred)
Crash Data
This bug was filed from the Socorro interface and is report bp-c0f4f3d5-3cc5-4bcc-98a0-88dc72160901. ============================================================= Crashing Thread (0) Frame Module Signature Source 0 xul.dll js::jit::GenericAssembler::spew(char const*, ...) js/src/jit/x86-shared/AssemblerBuffer-x86-shared.h:195 1 xul.dll js::jit::X86Encoding::BaseAssembler::cmpl_ir(int, js::jit::X86Encoding::RegisterID) js/src/jit/x86-shared/BaseAssembler-x86-shared.h:1724 2 xul.dll js::jit::MacroAssembler::branch32<js::jit::Label*>(js::jit::AssemblerX86Shared::Condition, js::jit::Register, js::jit::Imm32, js::jit::Label*) js/src/jit/x86-shared/MacroAssembler-x86-shared-inl.h:471 3 @0x79 4 xul.dll EmitDoubleBoundaryTest js/src/irregexp/RegExpEngine.cpp:3268 5 xul.dll GenerateBranches js/src/irregexp/RegExpEngine.cpp:3476 6 xul.dll GenerateBranches js/src/irregexp/RegExpEngine.cpp:3589 7 xul.dll EmitCharClass js/src/irregexp/RegExpEngine.cpp:3697 8 xul.dll js::irregexp::TextNode::TextEmitPass(js::irregexp::RegExpCompiler*, js::irregexp::TextNode::TextEmitPassType, bool, js::irregexp::Trace*, bool, int*) js/src/irregexp/RegExpEngine.cpp:3947 9 xul.dll js::irregexp::TextNode::Emit(js::irregexp::RegExpCompiler*, js::irregexp::Trace*) js/src/irregexp/RegExpEngine.cpp:4023 10 xul.dll js::irregexp::ChoiceNode::EmitOutOfLineContinuation(js::irregexp::RegExpCompiler*, js::irregexp::Trace*, js::irregexp::GuardedAlternative, js::irregexp::AlternativeGeneration*, int, bool) js/src/irregexp/RegExpEngine.cpp:4536 11 xul.dll js::irregexp::ChoiceNode::Emit(js::irregexp::RegExpCompiler*, js::irregexp::Trace*) js/src/irregexp/RegExpEngine.cpp:4502 12 xul.dll js::irregexp::ChoiceNode::EmitOutOfLineContinuation(js::irregexp::RegExpCompiler*, js::irregexp::Trace*, js::irregexp::GuardedAlternative, js::irregexp::AlternativeGeneration*, int, bool) js/src/irregexp/RegExpEngine.cpp:4536 13 xul.dll js::irregexp::ChoiceNode::Emit(js::irregexp::RegExpCompiler*, js::irregexp::Trace*) js/src/irregexp/RegExpEngine.cpp:4502 14 xul.dll js::irregexp::LoopChoiceNode::Emit(js::irregexp::RegExpCompiler*, js::irregexp::Trace*) js/src/irregexp/RegExpEngine.cpp:4059 15 xul.dll js::irregexp::Trace::Flush(js::irregexp::RegExpCompiler*, js::irregexp::RegExpNode*) js/src/irregexp/RegExpEngine.cpp:2836 16 xul.dll js::irregexp::LoopChoiceNode::Emit(js::irregexp::RegExpCompiler*, js::irregexp::Trace*) js/src/irregexp/RegExpEngine.cpp:4056 17 xul.dll js::irregexp::TextNode::Emit(js::irregexp::RegExpCompiler*, js::irregexp::Trace*) js/src/irregexp/RegExpEngine.cpp:4036 18 xul.dll js::irregexp::ChoiceNode::Emit(js::irregexp::RegExpCompiler*, js::irregexp::Trace*) js/src/irregexp/RegExpEngine.cpp:4476 19 xul.dll js::irregexp::ChoiceNode::Emit(js::irregexp::RegExpCompiler*, js::irregexp::Trace*) js/src/irregexp/RegExpEngine.cpp:4476 20 xul.dll js::irregexp::LoopChoiceNode::Emit(js::irregexp::RegExpCompiler*, js::irregexp::Trace*) js/src/irregexp/RegExpEngine.cpp:4059 21 xul.dll js::irregexp::Trace::Flush(js::irregexp::RegExpCompiler*, js::irregexp::RegExpNode*) js/src/irregexp/RegExpEngine.cpp:2836 22 xul.dll js::irregexp::LoopChoiceNode::Emit(js::irregexp::RegExpCompiler*, js::irregexp::Trace*) js/src/irregexp/RegExpEngine.cpp:4056 23 xul.dll js::irregexp::TextNode::Emit(js::irregexp::RegExpCompiler*, js::irregexp::Trace*) js/src/irregexp/RegExpEngine.cpp:4036 24 xul.dll js::irregexp::ActionNode::Emit(js::irregexp::RegExpCompiler*, js::irregexp::Trace*) js/src/irregexp/RegExpEngine.cpp:4590 25 xul.dll js::irregexp::TextNode::Emit(js::irregexp::RegExpCompiler*, js::irregexp::Trace*) js/src/irregexp/RegExpEngine.cpp:4036 26 xul.dll js::irregexp::ChoiceNode::Emit(js::irregexp::RegExpCompiler*, js::irregexp::Trace*) js/src/irregexp/RegExpEngine.cpp:4476 27 xul.dll js::irregexp::ActionNode::Emit(js::irregexp::RegExpCompiler*, js::irregexp::Trace*) js/src/irregexp/RegExpEngine.cpp:4590 28 xul.dll js::irregexp::TextNode::Emit(js::irregexp::RegExpCompiler*, js::irregexp::Trace*) js/src/irregexp/RegExpEngine.cpp:4036 29 xul.dll js::irregexp::ActionNode::Emit(js::irregexp::RegExpCompiler*, js::irregexp::Trace*) js/src/irregexp/RegExpEngine.cpp:4590 30 xul.dll js::irregexp::ChoiceNode::EmitOutOfLineContinuation(js::irregexp::RegExpCompiler*, js::irregexp::Trace*, js::irregexp::GuardedAlternative, js::irregexp::AlternativeGeneration*, int, bool) js/src/irregexp/RegExpEngine.cpp:4552 31 xul.dll js::irregexp::ChoiceNode::Emit(js::irregexp::RegExpCompiler*, js::irregexp::Trace*) js/src/irregexp/RegExpEngine.cpp:4502 32 xul.dll js::irregexp::LoopChoiceNode::Emit(js::irregexp::RegExpCompiler*, js::irregexp::Trace*) js/src/irregexp/RegExpEngine.cpp:4059 33 xul.dll js::irregexp::RegExpCompiler::Assemble(JSContext*, js::irregexp::RegExpMacroAssembler*, js::irregexp::RegExpNode*, int) js/src/irregexp/RegExpEngine.cpp:1755 34 xul.dll js::irregexp::CompilePattern(JSContext*, js::RegExpShared*, js::irregexp::RegExpCompileData*, JS::Handle<JSLinearString*>, bool, bool, bool, bool, bool, bool, bool) js/src/irregexp/RegExpEngine.cpp:1912 35 xul.dll js::RegExpShared::compile(JSContext*, JS::Handle<JSAtom*>, JS::Handle<JSLinearString*>, js::RegExpShared::CompilationMode, js::RegExpShared::ForceByteCodeEnum) js/src/vm/RegExpObject.cpp:588 36 xul.dll js::RegExpShared::compile(JSContext*, JS::Handle<JSLinearString*>, js::RegExpShared::CompilationMode, js::RegExpShared::ForceByteCodeEnum) js/src/vm/RegExpObject.cpp:563 37 xul.dll js::RegExpShared::compileIfNecessary(JSContext*, JS::Handle<JSLinearString*>, js::RegExpShared::CompilationMode, js::RegExpShared::ForceByteCodeEnum) js/src/vm/RegExpObject.cpp:616 38 xul.dll js::RegExpShared::execute(JSContext*, JS::Handle<JSLinearString*>, unsigned __int64, js::MatchPairs*, unsigned __int64*) js/src/vm/RegExpObject.cpp:630 39 xul.dll ExecuteRegExp js/src/builtin/RegExp.cpp:908 40 xul.dll js::regexp_test_no_statics(JSContext*, unsigned int, JS::Value*) js/src/builtin/RegExp.cpp:1161 41 xul.dll js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) js/src/vm/Interpreter.cpp:454 42 xul.dll Interpret js/src/vm/Interpreter.cpp:2916 43 xul.dll js::RunScript(JSContext*, js::RunState&) js/src/vm/Interpreter.cpp:400 44 xul.dll js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) js/src/vm/Interpreter.cpp:472 45 xul.dll Interpret js/src/vm/Interpreter.cpp:2916 46 xul.dll js::RunScript(JSContext*, js::RunState&) js/src/vm/Interpreter.cpp:400 47 xul.dll js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) js/src/vm/Interpreter.cpp:472 48 xul.dll Interpret js/src/vm/Interpreter.cpp:2916 49 xul.dll js::RunScript(JSContext*, js::RunState&) js/src/vm/Interpreter.cpp:400 50 xul.dll js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) js/src/vm/Interpreter.cpp:472 51 xul.dll Interpret js/src/vm/Interpreter.cpp:2916 52 xul.dll js::RunScript(JSContext*, js::RunState&) js/src/vm/Interpreter.cpp:400 53 xul.dll js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) js/src/vm/Interpreter.cpp:472 54 xul.dll Interpret js/src/vm/Interpreter.cpp:2916 55 xul.dll js::RunScript(JSContext*, js::RunState&) js/src/vm/Interpreter.cpp:400 56 xul.dll js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) js/src/vm/Interpreter.cpp:472 57 xul.dll Interpret js/src/vm/Interpreter.cpp:2916 58 xul.dll js::RunScript(JSContext*, js::RunState&) js/src/vm/Interpreter.cpp:400 59 xul.dll js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) js/src/vm/Interpreter.cpp:472 60 xul.dll Interpret js/src/vm/Interpreter.cpp:2916 61 xul.dll js::RunScript(JSContext*, js::RunState&) js/src/vm/Interpreter.cpp:400 62 xul.dll js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) js/src/vm/Interpreter.cpp:472 63 xul.dll Interpret js/src/vm/Interpreter.cpp:2916 64 xul.dll js::RunScript(JSContext*, js::RunState&) js/src/vm/Interpreter.cpp:400 65 xul.dll js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) js/src/vm/Interpreter.cpp:472 66 xul.dll js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>) js/src/vm/Interpreter.cpp:518 67 xul.dll GetInternals js/src/builtin/Intl.cpp:585 68 xul.dll NewUCollator js/src/builtin/Intl.cpp:921 69 xul.dll js::intl_CompareStrings(JSContext*, unsigned int, JS::Value*) js/src/builtin/Intl.cpp:1103 70 xul.dll js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) js/src/vm/Interpreter.cpp:454 71 xul.dll Interpret js/src/vm/Interpreter.cpp:2916 72 xul.dll js::RunScript(JSContext*, js::RunState&) js/src/vm/Interpreter.cpp:400 73 xul.dll js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) js/src/vm/Interpreter.cpp:472 74 xul.dll Interpret js/src/vm/Interpreter.cpp:2916 75 xul.dll js::RunScript(JSContext*, js::RunState&) js/src/vm/Interpreter.cpp:400 76 xul.dll js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) js/src/vm/Interpreter.cpp:472 77 xul.dll Interpret js/src/vm/Interpreter.cpp:2916 78 xul.dll js::RunScript(JSContext*, js::RunState&) js/src/vm/Interpreter.cpp:400 79 xul.dll js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) js/src/vm/Interpreter.cpp:472 80 xul.dll Interpret js/src/vm/Interpreter.cpp:2916 81 xul.dll js::RunScript(JSContext*, js::RunState&) js/src/vm/Interpreter.cpp:400 82 xul.dll js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) js/src/vm/Interpreter.cpp:472 83 xul.dll Interpret js/src/vm/Interpreter.cpp:2916 84 xul.dll js::RunScript(JSContext*, js::RunState&) js/src/vm/Interpreter.cpp:400 85 xul.dll js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) js/src/vm/Interpreter.cpp:472 86 xul.dll js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>) js/src/vm/Interpreter.cpp:518 87 xul.dll js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::MutableHandle<JS::Value>) js/src/vm/Interpreter.h:104 88 xul.dll js::array_sort(JSContext*, unsigned int, JS::Value*) js/src/jsarray.cpp:1887 89 xul.dll js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) js/src/vm/Interpreter.cpp:454 112 xul.dll NS_CreateServicesFromCategory(char const*, nsISupports*, char const*, char16_t const*) xpcom/components/nsCategoryManager.cpp:824 113 xul.dll nsXREDirProvider::DoStartup() toolkit/xre/nsXREDirProvider.cpp:1170 114 xul.dll XREMain::XRE_mainRun() toolkit/xre/nsAppRunner.cpp:4160 115 xul.dll XREMain::XRE_main(int, char** const, nsXREAppData const*) toolkit/xre/nsAppRunner.cpp:4445 116 xul.dll XRE_main toolkit/xre/nsAppRunner.cpp:4536 117 firefox.exe do_main browser/app/nsBrowserApp.cpp:259 118 firefox.exe wmain toolkit/xre/nsWindowsWMain.cpp:115 119 firefox.exe __scrt_common_main_seh f:/dd/vctools/crt/vcstartup/src/startup/exe_common.inl:255 120 kernel32.dll BaseThreadInitThunk 121 ntdll.dll RtlUserThreadStart Application Basics: Name: Firefox Version: 51.0a1 Build ID: 20160901030202 User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:51.0) Gecko/20100101 Firefox/51.0 OS: Windows_NT 10.0 In start-up immediately after updating the Nightly.
|
||
Comment 1•8 years ago
|
||
This signature is complete non-sense, if we do not take into account any potential memory corruption. Looking at various reports with the same signature, the only way to cause these crashes is to either override the BaseAssembler pointer or to override the printer field of the BaseAssembler.
|
||
Updated•7 years ago
|
Keywords: triage-deferred
Priority: -- → P3
|
||
Comment 2•4 years ago
|
||
Closing because no crashes reported for 12 weeks.
Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•