Crash in js::TypeScript::destroy
Categories
(Core :: JavaScript Engine: JIT, defect, P3)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox-esr60 | --- | unaffected |
| firefox63 | --- | unaffected |
| firefox64 | --- | unaffected |
| firefox65 | --- | fix-optional |
| firefox66 | --- | affected |
People
(Reporter: calixte, Unassigned)
References
(Blocks 1 open bug)
Details
(4 keywords, Whiteboard: [#jsapi:crashes-retriage])
Crash Data
This bug was filed from the Socorro interface and is report bp-288920ea-9a5d-4895-9864-c842c0181130. ============================================================= Top 10 frames of crashing thread: 0 xul.dll js::TypeScript::destroy js/src/vm/TypeInference.cpp:4937 1 xul.dll JSScript::maybeReleaseTypes js/src/vm/TypeInference.cpp:4926 2 xul.dll JS::Zone::discardJitCode js/src/gc/Zone.cpp:269 3 xul.dll js::gc::GCRuntime::beginMarkPhase js/src/gc/GC.cpp:4637 4 xul.dll js::gc::GCRuntime::incrementalSlice js/src/gc/GC.cpp:7468 5 xul.dll js::gc::GCRuntime::gcCycle js/src/gc/GC.cpp:7914 6 xul.dll js::gc::GCRuntime::collect js/src/gc/GC.cpp:8095 7 xul.dll js::gc::GCRuntime::startGC js/src/gc/GC.cpp:8191 8 xul.dll nsJSContext::GarbageCollectNow dom/base/nsJSEnvironment.cpp:1229 9 xul.dll static bool InterSliceGCRunnerFired dom/base/nsJSEnvironment.cpp:1853 ============================================================= There is 1 crash in nightly 65 with buildid 20181129214405. In analyzing the backtrace, the regression may have been introduced by patch [1] to fix bug 1499644. [1] https://hg.mozilla.org/mozilla-central/rev?node=6453222232be
|
||
Comment 1•6 years ago
|
||
Looking at recent crashes I see one crash on an older release and two crashes 5-7 days ago. They don't look actionable but I did fix some issues in this area so this might have been fixed now. https://crash-stats.mozilla.com/signature/?signature=js%3A%3ATypeScript%3A%3Adestroy&date=%3E%3D2018-11-29T16%3A12%3A04.000Z&date=%3C2018-12-06T16%3A12%3A04.000Z&_columns=date&_columns=product&_columns=version&_columns=build_id&_columns=platform&_columns=reason&_columns=address&_columns=install_time&_sort=-date&page=1#reports
|
||
Updated•5 years ago
|
|
||
Comment 2•5 years ago
|
||
not-actionable (comment 1) & low-volume => P3
|
||
Comment 3•5 years ago
|
||
addresses are semi-randomish (often things like 0x2000000, but also true wildptrs (https://crash-stats.mozilla.com/report/index/31febb6b-a3c7-4af8-bd24-e9f050181224)).
Should be re-triaged
|
||
Comment 4•5 years ago
|
||
nbp: We should re-triage this bug as suggested jesup
|
|
||
Comment 5•5 years ago
|
||
Looking at the addresses, these look like a bunch of bit-flips, with a single exception reported in comment 3.
The volume being that low, I do not think we should re-triage it unless we see more crashes like comment 3, but that would not make them more actionable either.
|
||
Updated•5 years ago
|
|
||
Comment 6•5 years ago
|
||
This is not actionable.
Volume is even lower starting with Firefox 66.
|
||
Comment 7•4 years ago
|
||
Removing employee no longer with company from CC list of private bugs.
|
||
Comment 8•3 years ago
|
||
Volume has been near-zero for a long time and code is now removed from tree entirely. We didn't learn much here so closing bug.
|
||
Comment 9•3 years ago
|
||
Since the bug is closed, the stalled keyword is now meaningless.
For more information, please visit auto_nag documentation.
|
|
||
Updated•10 months ago
|
Description
•