1612863 - Crash [@ XPCJSContext::Initialize()] due to InitSelfHostedCode failed

Status: RESOLVED FIXED

(Core :: JavaScript Engine, defect, P1)

Description

[Pascal Chevrel:pascalc]

+++ This bug was initially created as a clone of Bug #1608690 +++

This crash was initially filed as a non-frequent intermittent failure. The crash history shows that this crash exploded with the release of 72 with about 70 startup crashes per day since we shipped 72.
These startup crashes are still visible in 73 beta and 74 nightly.

Comment 1

[Andrew McCreight [:mccr8]]

The crash reason for these crashes is MOZ_RELEASE_ASSERT(JS::InitSelfHostedCode(cx)) (InitSelfHostedCode failed)

This is a failure somewhere inside the JS engine, so I'm going to move it over there. I remember seeing some previous reports for very early crashes like this, but I don't recall the specifics.

Comment 2

[Andrew McCreight [:mccr8]]

It looks like about half of these are content process crashes, and the other half are main process crashes at startup.

Comment 4

[Ted Campbell [:tcampbell]]

Bug 1567902 is the past occurrance of this. I'll see what happens if I set the extra warnings flag locally.

Comment 5

[Jan de Mooij [:jandem]]

(In reply to Ted Campbell [:tcampbell] from comment #4)

Bug 1567902 is the past occurrance of this. I'll see what happens if I set the extra warnings flag locally.

Note that bug 1568546 enabled extraWarnings unconditionally for self-hosting code so that pref should no longer make a difference.

Comment 6

[Ted Campbell [:tcampbell]]

This started in 72 when Bug 1579367 added the release asserts. Previously the crash was Bug 1567902 which had a mix of bugs and OOM.
I'll add a diagnostic patch to separate the crash reason of OOM from other things.

Comment 7

[Ted Campbell [:tcampbell]]

Attachment: Bug 1612863 - Add JS_IsThrowingOutOfMemory API. r?jandem

Depends on D61777

Comment 8

[Ted Campbell [:tcampbell]]

Attachment: Bug 1612863 - Use OOM crash when InitSelfHostedCode fails. r?mccr8

The browser is unable to start if this operation fails, but we should track
the difference between OOM and other forms of failure. This should now
classify OOM errors correctly in crash stats.

Depends on D61778

Comment 9

[Pulsebot]

Pushed by tcampbell@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/379e31437615
Add JS_IsThrowingOutOfMemory API. r=jandem
https://hg.mozilla.org/integration/autoland/rev/301e3381a8e8
Use OOM crash when InitSelfHostedCode fails. r=mccr8

Comment 10

[Andreea Pavel [:apavel]]

https://hg.mozilla.org/mozilla-central/rev/379e31437615
https://hg.mozilla.org/mozilla-central/rev/301e3381a8e8

Comment 11

[Intermittent Failures Robot]

2 failures in 3364 pushes (0.001 failures/push) were associated with this bug in the last 7 days.

Repository breakdown:

• mozilla-central: 2

Platform breakdown:

• windows10-64-ccov: 2

For more details, see:
https://treeherder.mozilla.org/intermittent-failures.html#/bugdetails?bug=1612863&startday=2020-02-03&endday=2020-02-09&tree=all

Comment 12

[Ted Campbell [:tcampbell]]

On nightly, the patch seems to have turned the crashes into ooms which is what the theory was.
See signature: [@ OOM | unknown | NS_ABORT_OOM | XPCJSContext::Initialize ]

Once this has made it to Beta for a few days, we can take a look at if non-OOM crashes remain. Otherwise there isn't much to do here.

Comment 13

[Ted Campbell [:tcampbell]]

There are a couple of non-OOM crashes with this signature on beta, but they seem to be bizarre JIT crashes that might just be memory errors.