Closed
Bug 492028
Opened 15 years ago
Closed 15 years ago
TM: Crash [@ nsEventReceiverSH::AddEventListenerHelper]
Categories
(Core :: JavaScript Engine, defect, P1)
Core
JavaScript Engine
Tracking
()
VERIFIED
FIXED
mozilla1.9.2a1
People
(Reporter: bc, Assigned: gal)
References
Details
(Keywords: crash, regression, verified1.9.1, Whiteboard: fixed-in-tracemonkey)
Crash Data
Attachments
(1 file, 2 obsolete files)
8.23 KB,
patch
|
mrbkap
:
review+
|
Details | Diff | Splinter Review |
Beginning with today's build (20090508) on linux, Minefield crashes on startup. It may be related to my add-ons and/or profile. It appears related to JIT however. bp-a9eacfeb-8c91-4d9c-80c9-e15802090508 bp-3ed42d7d-fe5c-4dce-a714-b73da2090508 bp-4a067ff4-8fec-4113-951a-593262090508 bp-16c147ab-68f5-4fbf-a3d5-1b7622090508 bp-d442ad74-25c2-42b7-9d17-306ef2090508 bp-be8970d5-dfce-4824-ae56-106252090508 bp-31add23c-3581-45d5-9b7f-125732090508 top o' stack: 0 libxul.so nsEventReceiverSH::AddEventListenerHelper jsobj.h:254 1 @0x673af37 2 @0xbfb40787 3 libmozjs.so js_MonitorLoopEdge js/src/jstracer.cpp:4667 4 libmozjs.so js_Interpret js/src/jsinterp.cpp:3279 5 libmozjs.so js_Invoke js/src/jsinterp.cpp:1375 6 libmozjs.so js_InternalInvoke js/src/jsinterp.cpp:1428 7 libmozjs.so JS_CallFunctionValue js/src/jsapi.cpp:5191 I'll try to narrow down the variables.
Assignee | ||
Updated•15 years ago
|
Flags: blocking1.9.1?
Priority: -- → P1
Summary: Crash [@ nsEventReceiverSH::AddEventListenerHelper] → TM: Crash [@ nsEventReceiverSH::AddEventListenerHelper]
Updated•15 years ago
|
Priority: P1 → --
Assignee | ||
Comment 1•15 years ago
|
||
Bob, can you identify the guilty patch? I assume its this one: http://hg.mozilla.org/tracemonkey/rev/b8cf788763a0 But confirmation would be good.
Priority: -- → P1
Comment 2•15 years ago
|
||
can this be duped to Bug 492029 or vv ?
Reporter | ||
Comment 3•15 years ago
|
||
The crash only occurs with chrome jit. I'll try before and after the patch, but this is a relatively slow T42 and it'll take a little while. You make the call, but I beat him by seconds! ;-)
Assignee | ||
Comment 4•15 years ago
|
||
Looks like we are passing the wrong object here?
Comment 6•15 years ago
|
||
This also happens on Vista HP SP1, Platform = All ?
Reporter | ||
Updated•15 years ago
|
OS: Linux → All
Reporter | ||
Comment 7•15 years ago
|
||
(In reply to comment #1) > Bob, can you identify the guilty patch? I assume its this one: > > http://hg.mozilla.org/tracemonkey/rev/b8cf788763a0 > > But confirmation would be good. yes, bug 487134 confirmed to be the regressor.
Blocks: 487134
Comment 8•15 years ago
|
||
I hit this multiple times doing a trunk nightly update to Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.2a1pre) Gecko/20090508 Minefield/3.6a1pre today. It must be something with my profile though. After doing the software update, restarting minefield will immediately crash and pop open the crash reporter. This is on OSX. http://crash-stats.mozilla.com/report/index/6bf8d92e-2ca8-48af-a32e-9df842090508 http://crash-stats.mozilla.com/report/index/955bfe99-11dd-45fe-a024-4ecc82090508 http://crash-stats.mozilla.com/report/index/b6babaa2-1328-4afd-8c44-5c5d42090508 http://crash-stats.mozilla.com/report/index/94b7bc0d-b03b-4591-9700-83def2090508 http://crash-stats.mozilla.com/report/index/57e88229-d772-48ee-aed3-391ac2090508 http://crash-stats.mozilla.com/report/index/76a1cfd4-9d31-459c-a361-8039d2090508
Comment 9•15 years ago
|
||
if needed, i have a profile that reproductively causes the crash. let me know if its needed for further investigation.
Comment 11•15 years ago
|
||
nightly update 20090509 continues to cause a crash after install of the update, same as yesterday's This crash is unrecoverable. Firefox/Minefield crashes upon starting also after installation of the full download
Updated•15 years ago
|
Flags: blocking1.9.1? → blocking1.9.1+
Comment 12•15 years ago
|
||
Same for update 20090511
Comment 13•15 years ago
|
||
(In reply to comment #12) > Same for update 20090511 Thanks but daily reports of 'still not working' is not needed. Please follow along with the bug, its not even assigned to anyone yet, when it is, they will write a patch, ask for review and then it will be checked into M-C, until then.. there is no need for repeated postings of still having a problem. Thanks
Comment 14•15 years ago
|
||
Who owns this?
Comment 15•15 years ago
|
||
Bisect help? /be
Reporter | ||
Comment 16•15 years ago
|
||
see comment 7 for the results of bisection already done.
Comment 17•15 years ago
|
||
By the look of it, this is now #1 topcrash on trunk. Crashes start 20090508. Clear spike from 0 to several thousand occurrences.
Comment 18•15 years ago
|
||
Whoops, already bisected :) urr.
Comment 19•15 years ago
|
||
Duh, sorry -- Andreas, you want to take this one? /be
Assignee | ||
Comment 20•15 years ago
|
||
Jorendorff is the better match for this. Or we just back out the offending patch. Its not a 3.5 blocker.
Assignee | ||
Comment 21•15 years ago
|
||
We have a fuzzer bug open for the same bug. If sayrer feels we have the time to go after that right now, I will try to fix that and then we can see if this goes away.
Comment 22•15 years ago
|
||
Per Comment 20, if the offending bug is not a blocker, is there a reason why this is a blocker? Andreas, what's the bug you are referring to in Comment 21? I don't have to say that any pruning of blockers we can do now...
Assignee | ||
Comment 23•15 years ago
|
||
The story is a bit complicated. This is the offending patch is bug 487134. It allows us to trace constructors, which fixes a few performance issues (i.e. creating a lot of Date object on trace). This is NOT a blocker, but "wanted?" by brendan. While 487134 is not a blocker, it fixes bug 487240, which IS a blocker. We have no separate patch for 487134, but it can be done without too much effort. Backing out 487134 will be some mild pain though. I am looking into bug 491989, which is also a regression from bug 487134 and I can probably fix it quickly. I don't think its the same issue though. I can't reach jorendorff. If he is still on vacation today, I don't think we have time for bug 487134 (even though its very wanted), and we should back out. Any other opinions? Brendan?
Assignee | ||
Comment 24•15 years ago
|
||
I just landed 2 patches for 487134. Might be worth retesting with TM tip. https://bugzilla.mozilla.org/show_bug.cgi?id=491965
Assignee | ||
Comment 26•15 years ago
|
||
Marginal improvement on SS, but measurable speedup on v8 benchmarks (which are very OO-ish).
Assignee | ||
Comment 27•15 years ago
|
||
Attachment #377031 -
Attachment is obsolete: true
Assignee | ||
Comment 28•15 years ago
|
||
My try server run was hit by the maintenance window, but it seems I cycled all the columns that didn't get killed. I can't land my patch without Blake's part of this since we are not wrapping 'this' any more which is blatantly unsafe. We are hoping that we can get the security changes done tonight and then land it tonight. trunk users are really hurting ...
Assignee | ||
Comment 29•15 years ago
|
||
Attachment #377032 -
Attachment is obsolete: true
Assignee | ||
Updated•15 years ago
|
Attachment #377289 -
Flags: review?(mrbkap)
Comment 30•15 years ago
|
||
Comment on attachment 377289 [details] [diff] [review] v2 Holding my breath... It would be amazing if we could actually systematically verify the assumptions this patch is based on. :-/
Attachment #377289 -
Flags: review?(mrbkap) → review+
Assignee | ||
Comment 31•15 years ago
|
||
I appologize for taking so long to fix this. It took us a while go figure out the right approach. http://hg.mozilla.org/tracemonkey/rev/22ef5690efbf
Whiteboard: fixed-in-tracemonkey
Comment 32•15 years ago
|
||
http://hg.mozilla.org/mozilla-central/rev/22ef5690efbf
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
Comment 34•15 years ago
|
||
http://hg.mozilla.org/releases/mozilla-1.9.1/rev/9f29a5a5eb14
Keywords: fixed1.9.1
Comment 35•15 years ago
|
||
No more crashes listed for nsEventReceiverSH::AddEventListenerHelper in the last days since those fixes were checked in. Marking as verified.
Updated•13 years ago
|
Crash Signature: [@ nsEventReceiverSH::AddEventListenerHelper]
You need to log in
before you can comment on or make changes to this bug.
Description
•