Closed Bug 1478402 Opened 7 years ago Closed 7 years ago

Intermittent SUMMARY: ThreadSanitizer: data race /builds/worker/workspace/build/src/js/src/gc/ArenaList-inl.h:135:21 in takeNextArena

Categories

(Core :: JavaScript: GC, defect, P5)

Product:
Core
Component:
JavaScript: GC
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla63
Tracking Flags:
Tracking Status
firefox-esr52 --- unaffected
firefox-esr60 --- unaffected
firefox61 --- unaffected
firefox62 --- unaffected
firefox63 --- fixed

People

(Reporter: intermittent-bug-filer, Assigned: jonco)

References

Details

(Keywords: csectype-race, intermittent-failure, sec-moderate, Whiteboard: [post-critsmash-triage])

Attachments

(1 file)

bug1478402-parallel-alloc
5.48 KB, patch
sfink
: review+
Details | Diff | Splinter Review
Filed by: apavel [at] mozilla.com https://treeherder.mozilla.org/logviewer.html#?job_id=190044025&repo=mozilla-central https://queue.taskcluster.net/v1/task/TgJj1TNYSdmnurhWm78-jg/runs/0/artifacts/public/logs/live_backing.log [task 2018-07-25T14:34:17.645Z] Thread T5 'JS Helper' (tid=23601, running) created by main thread at: [task 2018-07-25T14:34:17.645Z] #0 pthread_create /builds/worker/workspace/moz-toolchain/src/llvm/projects/compiler-rt/lib/tsan/rtl/tsan_interceptors.cc:889:3 (js+0x45f123) [task 2018-07-25T14:34:17.645Z] #1 js::Thread::create(void* (*)(void*), void*) /builds/worker/workspace/build/src/js/src/threading/posix/Thread.cpp:115:7 (js+0xcc1b15) [task 2018-07-25T14:34:17.645Z] #2 init<void (&)(void *), js::HelperThread *> /builds/worker/workspace/build/src/js/src/threading/Thread.h:124:12 (js+0xdaad75) [task 2018-07-25T14:34:17.645Z] #3 js::GlobalHelperThreadState::ensureInitialized() /builds/worker/workspace/build/src/js/src/vm/HelperThreads.cpp:987 (js+0xdaad75) [task 2018-07-25T14:34:17.646Z] #4 js::EnsureHelperThreadsInitialized() /builds/worker/workspace/build/src/js/src/vm/HelperThreads.cpp:70:32 (js+0xdaaa66) [task 2018-07-25T14:34:17.646Z] #5 JSRuntime::init(JSContext*, unsigned int, unsigned int) /builds/worker/workspace/build/src/js/src/vm/Runtime.cpp:204:34 (js+0xe7f71f) [task 2018-07-25T14:34:17.646Z] #6 js::NewContext(unsigned int, unsigned int, JSRuntime*) /builds/worker/workspace/build/src/js/src/vm/JSContext.cpp:154:19 (js+0xdc5c86) [task 2018-07-25T14:34:17.646Z] #7 JS_NewContext(unsigned int, unsigned int, JSRuntime*) /builds/worker/workspace/build/src/js/src/jsapi.cpp:474:12 (js+0xc2c9a6) [task 2018-07-25T14:34:17.646Z] #8 main /builds/worker/workspace/build/src/js/src/shell/js.cpp:9385:21 (js+0x4ce24b) [task 2018-07-25T14:34:17.646Z] [task 2018-07-25T14:34:17.646Z] SUMMARY: ThreadSanitizer: data race /builds/worker/workspace/build/src/js/src/gc/ArenaList-inl.h:135:21 in takeNextArena [task 2018-07-25T14:34:17.646Z] ================== [task 2018-07-25T14:34:17.646Z] ThreadSanitizer: reported 1 warnings [task 2018-07-25T14:34:17.646Z] Exit code: 66 [task 2018-07-25T14:34:17.646Z] FAIL - gc/bug-1374797.js [task 2018-07-25T14:34:17.646Z] TEST-UNEXPECTED-FAIL | js/src/jit-test/tests/gc/bug-1374797.js | ================== (code 66, args "--no-baseline --no-ion") [4.1 s] [task 2018-07-25T14:34:17.646Z] {"action": "test_start", "jitflags": "--no-baseline --no-ion", "pid": 23576, "source": "jittests", "test": "gc/bug-1374797.js", "thread": "main", "time": 1532529253.544859} [task 2018-07-25T14:34:17.646Z] {"action": "test_end", "extra": {"jitflags": "--no-baseline --no-ion", "pid": 23576}, "jitflags": "--no-baseline --no-ion", "message": "==================", "pid": 23576, "source": "jittests", "status": "FAIL", "test": "gc/bug-1374797.js", "thread": "main", "time": 1532529257.631919} [task 2018-07-25T14:34:17.646Z] INFO exit-status : 66 [task 2018-07-25T14:34:17.647Z] INFO timed-out : False [task 2018-07-25T14:34:17.647Z] INFO stdout > 0 [task 2018-07-25T14:34:17.647Z] INFO stdout > 1 [task 2018-07-25T14:34:17.647Z] INFO stdout > 2 [task 2018-07-25T14:34:17.647Z] INFO stdout > 3 [task 2018-07-25T14:34:17.647Z] INFO stdout > 4 [task 2018-07-25T14:34:17.647Z] INFO stdout > 5 [task 2018-07-25T14:34:17.647Z] INFO stdout > 6 [task 2018-07-25T14:34:17.647Z] INFO stdout > 7 [task 2018-07-25T14:34:17.647Z] INFO stdout > 8 [task 2018-07-25T14:34:17.647Z] INFO stdout > 9 [task 2018-07-25T14:34:17.647Z] INFO stdout > Finished
WARNING: ThreadSanitizer: data race (pid=23576) Read of size 8 at 0x7b7400000cc0 by thread T5 (mutexes: write M652, write M45): #0 takeNextArena /builds/worker/workspace/build/src/js/src/gc/ArenaList-inl.h:135:21 (js+0x11bd006) #1 js::gc::ArenaLists::refillFreeListAndAllocate(js::gc::FreeLists&, js::gc::AllocKind, js::gc::ShouldCheckThresholds) /builds/worker/workspace/build/src/js/src/gc/Allocator.cpp:443 (js+0x11bd006) #2 refillFreeListFromMainThread /builds/worker/workspace/build/src/js/src/gc/Allocator.cpp:400:31 (js+0x11baf5e) #3 refillFreeListFromAnyThread /builds/worker/workspace/build/src/js/src/gc/Allocator.cpp:388 (js+0x11baf5e) #4 tryNewTenuredThing<js::NormalAtom, js::AllowGC::NoGC> /builds/worker/workspace/build/src/js/src/gc/Allocator.cpp:247 (js+0x11baf5e) #5 js::NormalAtom* js::Allocate<js::NormalAtom, (js::AllowGC)0>(JSContext*) /builds/worker/workspace/build/src/js/src/gc/Allocator.cpp:228 (js+0x11baf5e) #6 new_<js::AllowGC::NoGC> /builds/worker/workspace/build/src/js/src/vm/StringType-inl.h:277:38 (js+0xef0761) #7 AllocateInlineString<js::AllowGC::NoGC, unsigned char> /builds/worker/workspace/build/src/js/src/vm/StringType-inl.h:34 (js+0xef0761) #8 NewInlineStringDeflated<js::AllowGC::NoGC> /builds/worker/workspace/build/src/js/src/vm/StringType.cpp:1468 (js+0xef0761) #9 JSFlatString* NewStringDeflated<(js::AllowGC)0>(JSContext*, char16_t const*, unsigned long) /builds/worker/workspace/build/src/js/src/vm/StringType.cpp:1506 (js+0xef0761) #10 JSFlatString* js::NewStringCopyN<(js::AllowGC)0, char16_t>(JSContext*, char16_t const*, unsigned long) /builds/worker/workspace/build/src/js/src/vm/StringType.cpp:1693:16 (js+0xef3b38) #11 AllocateNewAtom<char16_t> /builds/worker/workspace/build/src/js/src/vm/JSAtom.cpp:787:26 (js+0x68390e) #12 atomizeAndCopyChars<char16_t> /builds/worker/workspace/build/src/js/src/vm/JSAtom.cpp:715 (js+0x68390e) #13 AtomizeAndCopyChars<char16_t> /builds/worker/workspace/build/src/js/src/vm/JSAtom.cpp:652 (js+0x68390e) #14 JSAtom* js::AtomizeChars<char16_t>(JSContext*, char16_t const*, unsigned long, js::PinningBehavior) /builds/worker/workspace/build/src/js/src/vm/JSAtom.cpp:871 (js+0x68390e) #15 drainCharBufferIntoAtom /builds/worker/workspace/build/src/js/src/frontend/TokenStream.h:1259:24 (js+0x11a9189) #16 js::frontend::TokenStreamSpecific<char16_t, js::frontend::ParserAnyCharsAccess<js::frontend::GeneralParser<js::frontend::FullParseHandler, char16_t> > >::getStringOrTemplateToken(char, js::frontend::Token::Modifier, js::frontend::TokenKind*) /builds/worker/workspace/build/src/js/src/frontend/TokenStream.cpp:2665 (js+0x11a9189) #17 js::frontend::TokenStreamSpecific<char16_t, js::frontend::ParserAnyCharsAccess<js::frontend::GeneralParser<js::frontend::FullParseHandler, char16_t> > >::getTokenInternal(js::frontend::TokenKind*, js::frontend::Token::Modifier) /builds/worker/workspace/build/src/js/src/frontend/TokenStream.cpp (js+0x11a503e) #18 getToken /builds/worker/workspace/build/src/js/src/frontend/TokenStream.h:2089:16 (js+0x602db6) #19 matchToken /builds/worker/workspace/build/src/js/src/frontend/TokenStream.h:2184 (js+0x602db6) #20 js::frontend::GeneralParser<js::frontend::FullParseHandler, char16_t>::argumentList(js::frontend::YieldHandling, js::frontend::ParseNode*, bool*, js::frontend::GeneralParser<js::frontend::FullParseHandler, char16_t>::PossibleError*) /builds/worker/workspace/build/src/js/src/frontend/Parser.cpp:8640 (js+0x602db6) #21 js::frontend::GeneralParser<js::frontend::FullParseHandler, char16_t>::memberExpr(js::frontend::YieldHandling, js::frontend::TripledotHandling, js::frontend::TokenKind, bool, js::frontend::GeneralParser<js::frontend::FullParseHandler, char16_t>::PossibleError*, js::frontend::ParserBase::InvokedPrediction) /builds/worker/workspace/build/src/js/src/frontend/Parser.cpp:8898:26 (js+0x60254a) #22 js::frontend::GeneralParser<js::frontend::FullParseHandler, char16_t>::unaryExpr(js::frontend::YieldHandling, js::frontend::TripledotHandling, js::frontend::GeneralParser<js::frontend::FullParseHandler, char16_t>::PossibleError*, js::frontend::ParserBase::InvokedPrediction) /builds/worker/workspace/build/src/js/src/frontend/Parser.cpp:8588:21 (js+0x600578) #23 orExpr /builds/worker/workspace/build/src/js/src/frontend/Parser.cpp:8094:14 (js+0x5f6dd3) #24 condExpr /builds/worker/workspace/build/src/js/src/frontend/Parser.cpp:8165 (js+0x5f6dd3) #25 js::frontend::GeneralParser<js::frontend::FullParseHandler, char16_t>::assignExpr(js::frontend::InHandling, js::frontend::YieldHandling, js::frontend::TripledotHandling, js::frontend::GeneralParser<js::frontend::FullParseHandler, char16_t>::PossibleError*, js::frontend::ParserBase::InvokedPrediction) /builds/worker/workspace/build/src/js/src/frontend/Parser.cpp:8292 (js+0x5f6dd3) #26 js::frontend::GeneralParser<js::frontend::FullParseHandler, char16_t>::expr(js::frontend::InHandling, js::frontend::YieldHandling, js::frontend::TripledotHandling, js::frontend::GeneralParser<js::frontend::FullParseHandler, char16_t>::PossibleError*, js::frontend::ParserBase::InvokedPrediction) /builds/worker/workspace/build/src/js/src/frontend/Parser.cpp:7958:15 (js+0x5e2b7d) #27 expressionStatement /builds/worker/workspace/build/src/js/src/frontend/Parser.cpp:6160:19 (js+0x5e4ced) #28 js::frontend::GeneralParser<js::frontend::FullParseHandler, char16_t>::statementListItem(js::frontend::YieldHandling, bool) /builds/worker/workspace/build/src/js/src/frontend/Parser.cpp:7823 (js+0x5e4ced) #29 js::frontend::GeneralParser<js::frontend::FullParseHandler, char16_t>::statementList(js::frontend::YieldHandling) /builds/worker/workspace/build/src/js/src/frontend/Parser.cpp:4281:21 (js+0x5e0ece) #30 js::frontend::Parser<js::frontend::FullParseHandler, char16_t>::globalBody(js::frontend::GlobalSharedContext*) /builds/worker/workspace/build/src/js/src/frontend/Parser.cpp:2293:23 (js+0x6336c5) #31 BytecodeCompiler::compileScript(JS::Handle<JSObject*>, js::frontend::SharedContext*) /builds/worker/workspace/build/src/js/src/frontend/BytecodeCompiler.cpp:339:26 (js+0x113fc4c) #32 compileGlobalScript /builds/worker/workspace/build/src/js/src/frontend/BytecodeCompiler.cpp:381:12 (js+0x11427b9) #33 js::frontend::CompileGlobalScript(JSContext*, js::LifoAlloc&, js::ScopeKind, JS::ReadOnlyCompileOptions const&, JS::SourceBufferHolder&, js::ScriptSourceObject**) /builds/worker/workspace/build/src/js/src/frontend/BytecodeCompiler.cpp:611 (js+0x11427b9) #34 js::ScriptParseTask::parse(JSContext*) /builds/worker/workspace/build/src/js/src/vm/HelperThreads.cpp:499:24 (js+0xdad3a9) #35 js::HelperThread::handleParseWorkload(js::AutoLockHelperThreadState&) /builds/worker/workspace/build/src/js/src/vm/HelperThreads.cpp:2113:15 (js+0xdb702b) #36 js::HelperThread::threadLoop() /builds/worker/workspace/build/src/js/src/vm/HelperThreads.cpp:2423:9 (js+0xdb5c4a) #37 js::HelperThread::ThreadMain(void*) /builds/worker/workspace/build/src/js/src/vm/HelperThreads.cpp:1896:38 (js+0xdb0975) #38 callMain<0> /builds/worker/workspace/build/src/js/src/threading/Thread.h:242:5 (js+0xdbc4ed) #39 js::detail::ThreadTrampoline<void (&)(void*), js::HelperThread*>::Start(void*) /builds/worker/workspace/build/src/js/src/threading/Thread.h:235 (js+0xdbc4ed) Previous write of size 8 at 0x7b7400000cc0 by main thread (mutexes: write M653): #0 takeNextArena /builds/worker/workspace/build/src/js/src/gc/ArenaList-inl.h:138:14 (js+0x11bd032) #1 js::gc::ArenaLists::refillFreeListAndAllocate(js::gc::FreeLists&, js::gc::AllocKind, js::gc::ShouldCheckThresholds) /builds/worker/workspace/build/src/js/src/gc/Allocator.cpp:443 (js+0x11bd032) #2 refillFreeListFromMainThread /builds/worker/workspace/build/src/js/src/gc/Allocator.cpp:400:31 (js+0x11baf5e) #3 refillFreeListFromAnyThread /builds/worker/workspace/build/src/js/src/gc/Allocator.cpp:388 (js+0x11baf5e) #4 tryNewTenuredThing<js::NormalAtom, js::AllowGC::NoGC> /builds/worker/workspace/build/src/js/src/gc/Allocator.cpp:247 (js+0x11baf5e) #5 js::NormalAtom* js::Allocate<js::NormalAtom, (js::AllowGC)0>(JSContext*) /builds/worker/workspace/build/src/js/src/gc/Allocator.cpp:228 (js+0x11baf5e) #6 new_<js::AllowGC::NoGC> /builds/worker/workspace/build/src/js/src/vm/StringType-inl.h:277:38 (js+0xef32c1) #7 AllocateInlineString<js::AllowGC::NoGC, unsigned char> /builds/worker/workspace/build/src/js/src/vm/StringType-inl.h:34 (js+0xef32c1) #8 NewInlineString<js::AllowGC::NoGC, unsigned char> /builds/worker/workspace/build/src/js/src/vm/StringType-inl.h:60 (js+0xef32c1) #9 JSFlatString* js::NewStringCopyNDontDeflate<(js::AllowGC)0, unsigned char>(JSContext*, unsigned char const*, unsigned long) /builds/worker/workspace/build/src/js/src/vm/StringType.cpp:1648 (js+0xef32c1) #10 JSFlatString* js::NewStringCopyN<(js::AllowGC)0, unsigned char>(JSContext*, unsigned char const*, unsigned long) /builds/worker/workspace/build/src/js/src/vm/StringType.cpp:1695:12 (js+0xef3bd9) #11 AllocateNewAtom<unsigned char> /builds/worker/workspace/build/src/js/src/vm/JSAtom.cpp:787:26 (js+0x6762ab) #12 atomizeAndCopyChars<unsigned char> /builds/worker/workspace/build/src/js/src/vm/JSAtom.cpp:715 (js+0x6762ab) #13 AtomizeAndCopyChars<unsigned char> /builds/worker/workspace/build/src/js/src/vm/JSAtom.cpp:652 (js+0x6762ab) #14 js::Atomize(JSContext*, char const*, unsigned long, js::PinningBehavior, mozilla::Maybe<unsigned int> const&) /builds/worker/workspace/build/src/js/src/vm/JSAtom.cpp:863 (js+0x6762ab) #15 PropertySpecNameToId(JSContext*, char const*, JS::MutableHandle<jsid>, js::PinningBehavior) /builds/worker/workspace/build/src/js/src/jsapi.cpp:3177:24 (js+0xc3e271) #16 DefineFunctionFromSpec /builds/worker/workspace/build/src/js/src/vm/JSObject.cpp:2957:10 (js+0xe0f5db) #17 js::DefineFunctions(JSContext*, JS::Handle<JSObject*>, JSFunctionSpec const*, js::DefineAsIntrinsic) /builds/worker/workspace/build/src/js/src/vm/JSObject.cpp:2976 (js+0xe0f5db) #18 JS_DefineFunctions(JSContext*, JS::Handle<JSObject*>, JSFunctionSpec const*) /builds/worker/workspace/build/src/js/src/jsapi.cpp:3701:12 (js+0xc40e01) #19 js::DefinePropertiesAndFunctions(JSContext*, JS::Handle<JSObject*>, JSPropertySpec const*, JSFunctionSpec const*) /builds/worker/workspace/build/src/js/src/vm/GlobalObject.cpp:767:16 (js+0xda48b9) #20 js::SymbolObject::initClass(JSContext*, JS::Handle<js::GlobalObject*>, bool) /builds/worker/workspace/build/src/js/src/builtin/Symbol.cpp:84:14 (js+0xa86483) #21 js::InitSymbolClass(JSContext*, JS::Handle<js::GlobalObject*>) /builds/worker/workspace/build/src/js/src/builtin/Symbol.cpp:237:12 (js+0xa86875) #22 js::GlobalObject::resolveConstructor(JSContext*, JS::Handle<js::GlobalObject*>, JSProtoKey) /builds/worker/workspace/build/src/js/src/vm/GlobalObject.cpp:173:16 (js+0xda5320) #23 ensureConstructor /builds/worker/workspace/build/src/js/src/vm/GlobalObject.h:155:16 (js+0xc2ee71) #24 JS_ResolveStandardClass(JSContext*, JS::Handle<JSObject*>, JS::Handle<jsid>, bool*) /builds/worker/workspace/build/src/js/src/jsapi.cpp:1051 (js+0xc2ee71) #25 global_resolve(JSContext*, JS::Handle<JSObject*>, JS::Handle<jsid>, bool*) /builds/worker/workspace/build/src/js/src/shell/js.cpp:7782:10 (js+0x4db4d0) #26 CallResolveOp /builds/worker/workspace/build/src/js/src/vm/NativeObject-inl.h:794:10 (js+0xe0427d) #27 LookupOwnPropertyInline<js::AllowGC::CanGC> /builds/worker/workspace/build/src/js/src/vm/NativeObject-inl.h:866 (js+0xe0427d) #28 LookupPropertyInline<js::AllowGC::CanGC> /builds/worker/workspace/build/src/js/src/vm/NativeObject-inl.h:938 (js+0xe0427d) #29 js::LookupProperty(JSContext*, JS::Handle<JSObject*>, JS::Handle<jsid>, JS::MutableHandle<JSObject*>, JS::MutableHandle<JS::PropertyResult>) /builds/worker/workspace/build/src/js/src/vm/JSObject.cpp:2259 (js+0xe0427d) #30 js::LookupName(JSContext*, JS::Handle<js::PropertyName*>, JS::Handle<JSObject*>, JS::MutableHandle<JSObject*>, JS::MutableHandle<JSObject*>, JS::MutableHandle<JS::PropertyResult>) /builds/worker/workspace/build/src/js/src/vm/JSObject.cpp:2269:14 (js+0xe04e07) #31 bool js::GetEnvironmentName<(js::GetNameMode)0>(JSContext*, JS::Handle<JSObject*>, JS::Handle<js::PropertyName*>, JS::MutableHandle<JS::Value>) /builds/worker/workspace/build/src/js/src/vm/Interpreter-inl.h:251:10 (js+0x670b37) #32 GetNameOperation /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:243:12 (js+0x655434) #33 Interpret(JSContext*, js::RunState&) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:3374 (js+0x655434) #34 js::RunScript(JSContext*, js::RunState&) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:424:12 (js+0x647866) #35 js::ExecuteKernel(JSContext*, JS::Handle<JSScript*>, JSObject&, JS::Value const&, js::AbstractFramePtr, JS::Value*) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:772:15 (js+0x65f97b) #36 js::Execute(JSContext*, JS::Handle<JSScript*>, JSObject&, JS::Value*) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:804:12 (js+0x65fbcd) #37 ExecuteScript(JSContext*, JS::Handle<JSObject*>, JS::Handle<JSScript*>, JS::Value*) /builds/worker/workspace/build/src/js/src/jsapi.cpp:4659:12 (js+0xc4782d) #38 JS_ExecuteScript(JSContext*, JS::Handle<JSScript*>) /builds/worker/workspace/build/src/js/src/jsapi.cpp:4692:12 (js+0xc47916) #39 RunFile /builds/worker/workspace/build/src/js/src/shell/js.cpp:849:14 (js+0x4f62ce) #40 Process(JSContext*, char const*, bool, FileKind) /builds/worker/workspace/build/src/js/src/shell/js.cpp:1319 (js+0x4f62ce) #41 ProcessArgs /builds/worker/workspace/build/src/js/src/shell/js.cpp:8565:18 (js+0x4d12ae) #42 Shell /builds/worker/workspace/build/src/js/src/shell/js.cpp:8987 (js+0x4d12ae) #43 main /builds/worker/workspace/build/src/js/src/shell/js.cpp:9465 (js+0x4d12ae)
Embarrassingly, we're somehow calling refillFreeListFromMainThread() when not on the main thread...
Component: JavaScript Engine → JavaScript: GC
(In reply to Jon Coppeard (:jonco) from comment #2) That doesn't seem to be possible and I think what's happening is that refillFreeListFromMainThread and refillFreeListFromHelperThread are being combined in opt builds as they are the same apart from assertions. ...then I got half way through explaining why this isn't a real problem before realising that it really is a problem. Thank you TSAN!
Assignee: nobody → jcoppeard
We need to mark the atoms zone ArenaLists as being used for parallel allocation when a parse task is queued on the main thread rather than when it is started on a helper thread, otherwise this can race with allocation on the main thread. The patch sets this while there are helper thread zones present.
Attachment #8995553 - Flags: review?(sphink)
Comment on attachment 8995553 [details] [diff] [review] bug1478402-parallel-alloc Review of attachment 8995553 [details] [diff] [review]: ----------------------------------------------------------------- ::: js/src/vm/Runtime.cpp @@ +800,3 @@ > zone->clearUsedByHelperThread(); > + if (numActiveHelperThreadZones-- == 1) > + gc.setParallelAtomsAllocEnabled(false); I think this would be more clear as if (--numActiveHelperThreadZones == 0)
Attachment #8995553 - Flags: review?(sphink) → review+
Blocks: 1434598
Status: NEW → RESOLVED
Closed: 7 years ago
status-firefox63: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla63
Group: javascript-core-security → core-security-release
Flags: qe-verify-
Whiteboard: [post-critsmash-triage]
Group: core-security-release
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: