Closed
Bug 1339145
Opened 7 years ago
Closed 6 years ago
Crash in jit | NOT_JIT_CODE
Categories
(Core :: JavaScript Engine: JIT, defect, P3)
Tracking
()
RESOLVED
WONTFIX
People
(Reporter: marcia, Assigned: h4writer)
Details
(Keywords: crash)
Crash Data
This bug was filed from the Socorro interface and is report bp-c4118826-2528-46e8-9138-0eef62170213. ============================================================= Seen while looking at B5 crash stats: http://bit.ly/2lcrtAI. This increased a bit from Beta 4.
Reporter | ||
Comment 1•7 years ago
|
||
Discussed this crash in the Channel meeting today - ni on Naveed to see if he can help ascertain what might have caused the increase in this signature.
Flags: needinfo?(nihsanullah)
Comment 2•7 years ago
|
||
this signature also increased on aurora since 53.0a2 build 20170209004018 common patches that have landed in the two channels in this regression range would be: bug 1334933 - Inaccessible bug 1329796 - Inaccessible bug 1335272 - Security Error: Content at about:cache?storage=disk&context= may not load or link to about:cache-entry?storage=disk&context=&eid=&uri=... bug 1337304 - Inaccessible bug 1336291 - Lots of "TypeError: this._browsers is null: _getBrowserRefs@resource://app/modules/NewTabWebChannel.jsm:149" logspam during browser_remotenewtab_pageloads.js bug 1324952 - Intermittent netwerk/test/unit/test_be_conservative.js | xpcshell return code: 0 | - error should be NS_BASE_STREAM_CLOSED - 2152398864 == 2152136706 bug 1322897 - Awful blurry fonts in text in long tab titles after landing patch from bug #658467 bug 1334876 - Inaccessible bug 1319513 - Disabled "Clear Downloads" text is not grayed on Linux bug 1321579 - SIGSEGV on aarch64 in nsLayoutUtils::GetLastSibling when compiling with gcc6
Comment 3•7 years ago
|
||
I've got a bad feeling this is going to come back to bug 1334933.
Comment 4•7 years ago
|
||
From the jit-crash-categorize tool: if (raw_info->region_size != 0x10000) { printf("NOT_JIT_CODE\n"); return 0; } So we report NOT_JIT_CODE if we're not inside a 64 K region. It's definitely possible and expected we use bigger memory regions now for JIT code since bug 1334933. Based on that, I expect this to be a shift from other "jit |" signatures but not a new kind of crash.
Comment 5•7 years ago
|
||
Oh and we should fix the categorize tool. It should check something like: if (raw_info->region_size < 0x10000 || (raw_info->region_size % 0x10000) != 0) { printf("NOT_JIT_CODE\n"); return 0; }
Comment 6•7 years ago
|
||
this is how jit crash signatures shifted from before 52.0b5 to afterwards: http://bit.ly/2le8nux
> if (raw_info->region_size < 0x10000 || (raw_info->region_size % 0x10000) != 0) {
This wouldn't be useful since all address space regions come in multiples of 64K.
Comment 8•7 years ago
|
||
Is this Windows-only? But right, maybe we should just remove the check then...
Yeah, just Windows: https://github.com/mozilla/socorro/blob/master/socorro/processor/breakpad_transform_rules.py#L692 Also, this is a good time for a periodic sanity-check of line 703: Is Enter{Baseline,Ion} still the right set of things to be looking for these days?
Comment 10•7 years ago
|
||
(In reply to David Major [:dmajor] from comment #9) > Yeah, just Windows: > https://github.com/mozilla/socorro/blob/master/socorro/processor/ > breakpad_transform_rules.py#L692 Hm, the next line checks |processed_crash.cpu_name != 'x86'|. Should we include 'amd64' now? > Also, this is a good time for a periodic sanity-check of line 703: Is > Enter{Baseline,Ion} still the right set of things to be looking for these > days? Can't hurt to add js::jit::FastInvoke and js::jit::IonCannon (this is EnterIon's only caller so I wouldn't be surprised if EnterIon gets inlined into it). Maybe also irregexp::ExecuteCode.
Comment 11•7 years ago
|
||
> Hm, the next line checks |processed_crash.cpu_name != 'x86'|. Should we
> include 'amd64' now?
My memory is fuzzy but I want to say this was a limitation of the disassembler.
Comment 12•7 years ago
|
||
> > Also, this is a good time for a periodic sanity-check of line 703: Is > > Enter{Baseline,Ion} still the right set of things to be looking for these > > days? > > Can't hurt to add js::jit::FastInvoke and js::jit::IonCannon (this is > EnterIon's only caller so I wouldn't be surprised if EnterIon gets inlined > into it). Maybe also irregexp::ExecuteCode. I filed bug 1339960 for that.
Updated•7 years ago
|
Assignee: nobody → hv1989
Flags: needinfo?(nihsanullah)
Assignee | ||
Updated•7 years ago
|
Priority: -- → P3
Comment 13•7 years ago
|
||
Mass wontfix for bugs affecting firefox 52.
Comment 14•6 years ago
|
||
Closing because no crash reported since 12 weeks.
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•