Closed Bug 1339145 Opened 8 years ago Closed 7 years ago

Crash in jit | NOT_JIT_CODE

Categories

(Core :: JavaScript Engine: JIT, defect, P3)

Product:
Core
Component:
JavaScript Engine: JIT
Version:
52 Branch
Platform:
x86
Windows 7
Type:
defect

Tracking

()

Status:
RESOLVED WONTFIX
Tracking Flags:
Tracking Status
firefox51 --- affected
firefox52 --- wontfix
firefox53 --- affected

People

(Reporter: marcia, Assigned: h4writer)

Details

(Keywords: crash)

Crash Data

This bug was filed from the Socorro interface and is report bp-c4118826-2528-46e8-9138-0eef62170213. ============================================================= Seen while looking at B5 crash stats: http://bit.ly/2lcrtAI. This increased a bit from Beta 4.
Discussed this crash in the Channel meeting today - ni on Naveed to see if he can help ascertain what might have caused the increase in this signature.
Flags: needinfo?(nihsanullah)
this signature also increased on aurora since 53.0a2 build 20170209004018 common patches that have landed in the two channels in this regression range would be: bug 1334933 - Inaccessible bug 1329796 - Inaccessible bug 1335272 - Security Error: Content at about:cache?storage=disk&context= may not load or link to about:cache-entry?storage=disk&context=&eid=&uri=... bug 1337304 - Inaccessible bug 1336291 - Lots of "TypeError: this._browsers is null: _getBrowserRefs@resource://app/modules/NewTabWebChannel.jsm:149" logspam during browser_remotenewtab_pageloads.js bug 1324952 - Intermittent netwerk/test/unit/test_be_conservative.js | xpcshell return code: 0 | - error should be NS_BASE_STREAM_CLOSED - 2152398864 == 2152136706 bug 1322897 - Awful blurry fonts in text in long tab titles after landing patch from bug #658467 bug 1334876 - Inaccessible bug 1319513 - Disabled "Clear Downloads" text is not grayed on Linux bug 1321579 - SIGSEGV on aarch64 in nsLayoutUtils::GetLastSibling when compiling with gcc6
I've got a bad feeling this is going to come back to bug 1334933.
From the jit-crash-categorize tool: if (raw_info->region_size != 0x10000) { printf("NOT_JIT_CODE\n"); return 0; } So we report NOT_JIT_CODE if we're not inside a 64 K region. It's definitely possible and expected we use bigger memory regions now for JIT code since bug 1334933. Based on that, I expect this to be a shift from other "jit |" signatures but not a new kind of crash.
Oh and we should fix the categorize tool. It should check something like: if (raw_info->region_size < 0x10000 || (raw_info->region_size % 0x10000) != 0) { printf("NOT_JIT_CODE\n"); return 0; }
this is how jit crash signatures shifted from before 52.0b5 to afterwards: http://bit.ly/2le8nux
> if (raw_info->region_size < 0x10000 || (raw_info->region_size % 0x10000) != 0) { This wouldn't be useful since all address space regions come in multiples of 64K.
Is this Windows-only? But right, maybe we should just remove the check then...
Yeah, just Windows: https://github.com/mozilla/socorro/blob/master/socorro/processor/breakpad_transform_rules.py#L692 Also, this is a good time for a periodic sanity-check of line 703: Is Enter{Baseline,Ion} still the right set of things to be looking for these days?
(In reply to David Major [:dmajor] from comment #9) > Yeah, just Windows: > https://github.com/mozilla/socorro/blob/master/socorro/processor/ > breakpad_transform_rules.py#L692 Hm, the next line checks |processed_crash.cpu_name != 'x86'|. Should we include 'amd64' now? > Also, this is a good time for a periodic sanity-check of line 703: Is > Enter{Baseline,Ion} still the right set of things to be looking for these > days? Can't hurt to add js::jit::FastInvoke and js::jit::IonCannon (this is EnterIon's only caller so I wouldn't be surprised if EnterIon gets inlined into it). Maybe also irregexp::ExecuteCode.
> Hm, the next line checks |processed_crash.cpu_name != 'x86'|. Should we > include 'amd64' now? My memory is fuzzy but I want to say this was a limitation of the disassembler.
> > Also, this is a good time for a periodic sanity-check of line 703: Is > > Enter{Baseline,Ion} still the right set of things to be looking for these > > days? > > Can't hurt to add js::jit::FastInvoke and js::jit::IonCannon (this is > EnterIon's only caller so I wouldn't be surprised if EnterIon gets inlined > into it). Maybe also irregexp::ExecuteCode. I filed bug 1339960 for that.
Assignee: nobody → hv1989
Flags: needinfo?(nihsanullah)
Priority: -- → P3
Mass wontfix for bugs affecting firefox 52.
status-firefox52: affectedwontfix
Closing because no crash reported since 12 weeks.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.