Closed Bug 1497568 Opened 7 years ago Closed 5 years ago

Crash in js::jit::ICCall_Scripted::ICCall_Scripted

Categories

(Core :: JavaScript Engine: JIT, defect, P3)

Product:
Core
Component:
JavaScript Engine: JIT
Version:
62 Branch
Platform:
Unspecified
Windows 7
Type:
defect

Tracking

()

Status:
RESOLVED WORKSFORME
Tracking Flags:
Tracking Status
firefox63 --- affected
firefox64 --- affected

People

(Reporter: lizzard, Unassigned)

Details

(Keywords: crash, Whiteboard: [#jsapi:crashes-retriage])

Crash Data

This bug was filed from the Socorro interface and is report bp-c56e82c3-e91a-4eaa-b876-ae99a0181008. ============================================================= This startup crash is newly showing up in the 20181008100121 nightly builds. Top 8 frames of crashing thread: 0 xul.dll js::jit::ICCall_Scripted::ICCall_Scripted js/src/jit/BaselineIC.cpp:5883 1 xul.dll class js::jit::ICCall_Scripted* js::jit::ICStubSpace::allocate<js::jit::ICCall_Scripted, js::jit::JitCode*&, js::jit::ICStub*&, JS::Rooted<JSFunction*>&, JS::Rooted<JSObject*>&, unsigned int&> js/src/jit/ICStubSpace.h:36 2 xul.dll js::jit::ICCallScriptedCompiler::getStub js/src/jit/BaselineIC.h:2311 3 xul.dll static bool js::jit::TryAttachCallStub js/src/jit/BaselineIC.cpp:3537 4 xul.dll static bool js::jit::DoCallFallback js/src/jit/BaselineIC.cpp:3779 5 @0x27badb36ab9 6 xul.dll exp2 7 xul.dll exp2 =============================================================
I do not see anything obvious from this crashes. From my point of view the only way to explain this would be if the ICStubSpace, which uses LifoAlloc allocator were to return a pointer which is not in a BumpChunk. Which does not make any sense.
status-firefox63: unaffectedaffected
Priority: -- → P3
Whiteboard: [#jsapi:crashes-retriage]

Closing because no crashes reported for 12 weeks.

Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.