Startup Crash in [@ js::frontend::EmitterScope::lookup] [@ js::frontend::BytecodeEmitter::emitAssignmentOrInit]
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox-esr78 | --- | unaffected |
| firefox89 | --- | unaffected |
| firefox90 | --- | unaffected |
| firefox91 | blocking | fixed |
People
(Reporter: aryx, Assigned: jonco)
References
(Regression)
Details
(Keywords: crash, regression)
Crash Data
Attachments
(2 files)
Ted, can you check what's going on here / started this and if this persists with the next Nightly?
Observed since last Nightly (91.0a1 20210616214200) on Windows: [@ js::frontend::EmitterScope::lookup] (2 installations affected), [@ js::frontend::BytecodeEmitter::emitAssignmentOrInit] (5 installations)
Crash report: https://crash-stats.mozilla.org/report/index/c1bfb3b0-86b6-420c-9241-3fa6f0210617
Reason: EXCEPTION_STACK_OVERFLOW
Top 10 frames of crashing thread:
0 xul.dll js::frontend::EmitterScope::lookup js/src/frontend/EmitterScope.cpp:990
1 @0x1ccf6
2 xul.dll js::frontend::BytecodeEmitter::emitTree js/src/frontend/BytecodeEmitter.cpp:11137
3 xul.dll js::frontend::BytecodeEmitter::emitAssignmentOrInit js/src/frontend/BytecodeEmitter.cpp:4543
4 xul.dll js::frontend::BytecodeEmitter::emitTree js/src/frontend/BytecodeEmitter.cpp:11137
5 xul.dll js::frontend::BytecodeEmitter::emitAssignmentOrInit js/src/frontend/BytecodeEmitter.cpp:4543
6 xul.dll js::frontend::BytecodeEmitter::emitTree js/src/frontend/BytecodeEmitter.cpp:11137
7 xul.dll js::frontend::BytecodeEmitter::emitAssignmentOrInit js/src/frontend/BytecodeEmitter.cpp:4543
8 xul.dll js::frontend::BytecodeEmitter::emitTree js/src/frontend/BytecodeEmitter.cpp:11137
9 xul.dll js::frontend::BytecodeEmitter::emitAssignmentOrInit js/src/frontend/BytecodeEmitter.cpp:4543
|
Reporter | |
Updated•4 years ago
|
|
||
Updated•4 years ago
|
|
|
Reporter | |
Comment 1•4 years ago
|
||
Jan, any idea what causes these crashes?
|
||
Comment 2•4 years ago
|
||
This is likely from switching background tasks to the TaskController system. emitTree does an over-recursion check and I suspect we're not calling JS_SetNativeStackQuota for those threads?
|
||
Updated•4 years ago
|
|
|
||
Comment 3•4 years ago
|
||
Oh more likely is that HELPER_STACK_QUOTA is not sufficient for the external thread stacks.
|
||
Updated•4 years ago
|
|
Assignee | |
Comment 4•4 years ago
|
||
Yes, it looks like we're setting the recursion limits based on the old helper thread size rather that what TaskController actually uses.
|
|
Assignee | |
Comment 6•4 years ago
|
||
This adds plumbing to make the JS engine set the stack quota based on the
actual stack size for external thread pool threads (and internal thread pool
ones).
The quota is calculated as 90% of the size, which is currently hardcoded into
the constants.
|
|
Assignee | |
Comment 7•4 years ago
|
||
This increases the stack size used for task controller threads to the size
previously used for JS helper threads. Some parsing use cases can use a lot of
stack.
Depends on D118183
|
|
Reporter | |
Updated•4 years ago
|
|
||
Comment 9•4 years ago
•
|
||
We've got a webcompat report where Firefox crashes when accessing https://online.sberbank.ru/#/
I can reproduce the crash in the latest Nightly 91.0a1 (2021-06-17). Crash report is linked to this bug: https://crash-stats.mozilla.org/report/index/2a4ea9f6-7235-4200-82c5-e39ce0210617
|
|
||
Comment 10•4 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/71ad06caf9b6
https://hg.mozilla.org/mozilla-central/rev/28926a04f38c
|
||
Updated•4 years ago
|
Description
•