Closed
Bug 595668
Opened 14 years ago
Closed 14 years ago
Twitter.com crash after JM merge [@ nsJSUtils::GetStaticScriptGlobal(JSContext*, JSObject*)]
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
FIXED
| Tracking | Status | |
|---|---|---|
| blocking2.0 | --- | beta7+ |
People
(Reporter: geeknik, Assigned: luke)
References
Details
(Keywords: crash, Whiteboard: fixed-in-tracemonkey)
Crash Data
Attachments
(3 files)
Twitter.com starts loading in Minefield and then after about 90% is loaded, the browser crashes.
http://crash-stats.mozilla.com/report/index/bp-db7caee2-72f7-4ffc-b5e5-753662100912
Latest nightly (12 September 2010) crashes. Hourly build 84baf90b040c does not crash, but the crashing starts with hourly build f1bd314e64ac and even continues with hourly build cd3c926a7413.
|
Reporter | |
Comment 1•14 years ago
|
||
|
||
Comment 2•14 years ago
|
||
Luke, this looks like fallout from slow native elimination, maybe?
/be
|
||
Comment 3•14 years ago
|
||
Is this still happening? Twitter loads fine for me in today's nightlies of both m-c and TM.
|
|
Reporter | |
Comment 4•14 years ago
|
||
Still crashing with the latest nightly:
http://crash-stats.mozilla.com/report/index/95b4c7e6-9fc3-4b5f-8be3-418f92100913
I have javascript.options.methodjit.content set to False or I can't use Gmail and it still crashes. javascript.options.tracejit.chrome and javascript.options.tracejit.content are set to true.
|
|
||
Comment 5•14 years ago
|
||
(In reply to comment #4)
> Still crashing with the latest nightly:
>
> http://crash-stats.mozilla.com/report/index/95b4c7e6-9fc3-4b5f-8be3-418f92100913
>
> I have javascript.options.methodjit.content set to False or I can't use Gmail
> and it still crashes. javascript.options.tracejit.chrome and
> javascript.options.tracejit.content are set to true.
I still can't repro this. It may be related to script versioning, which we are fixing now. Now that I think of it, that seems especially likely given your stack trace. We should have this fixed in a day or two.
One thing you could try is starting up with a clean profile to see if it still happens.
|
|
Reporter | |
Comment 6•14 years ago
|
||
It doesn't crash with a new profile.
Here are my add-ons:
Add-on Compatibility Reporter 0.6
Imgur uploader 0.3
Open Image In New Tab 1.1
Bugzilla Tweaks 1.2
Stylish 1.0.11
StumbleUpon 3.73
DownThemAll! 2.0b2
Greasemonkey 0.8.20100408.6.3
firefusk 1.9
Grafx Bot 0.1.23
Beef Taco (Targeted Advertising Cookie Opt-Out) 1.3.1
BetterPrivacy 1.48.3
Password Hasher 1.1.6
Element Hiding Helper for Adblock Plus 1.1a.20100831
Adblock Plus 1.3a.20100907
And I just went through and disabled them all, and re-enabled them all 1 at a time until I found the problem. Big surprise, it's Greasemonkey.
|
|
||
Comment 7•14 years ago
|
||
I'm thinking it might not be Greasemonkey's fault per se, but rather our forgetting to bump the script format version. Would you mind trying with this build on your normal profile:
http://ftp.mozilla.org/pub/mozilla.org/firefox/tinderbox-builds/tracemonkey-win32/1284411999/
which is a tinderbox build from this afternoon.
|
|
Reporter | |
Comment 8•14 years ago
|
||
I downloaded that build, ran it with my normal profile and I still crashed on Twitter.com with Greasemonkey enabled.
|
|
||
Comment 9•14 years ago
|
||
Hmmm, OK, I guess we need to try out Greasemonkey.
|
|
Reporter | |
Comment 10•14 years ago
|
||
I posted about this on http://groups.google.com/group/greasemonkey-users. I don't know of any quicker way to get the devs attention.
|
||
Comment 11•14 years ago
|
||
That's because there isn't one (well, except perhaps using the greasemonkey-dev list instead, but most/all of us listen to -users as well).
From my perspective as a JS-only extension developer, my naive opinion is that if it's a _crash_ then it's got to be the platform's fault. I may very well be wrong, but if so, I'll definitely need informing as to what's broken on our side and what needs to change.
|
Assignee | |
Comment 12•14 years ago
|
||
The offending cset is most likely
http://hg.mozilla.org/tracemonkey/rev/d008c236ac46
|
|
Assignee | |
Comment 13•14 years ago
|
||
Do you have any greasemonkey scripts installed? I am unable to repro with a fresh greasemonkey install on a linux debug TM nightly.
|
|
Reporter | |
Comment 14•14 years ago
|
||
I do have Greasemonkey scripts installed, but nothing that is modifying Twitter.
|
|
Assignee | |
Comment 15•14 years ago
|
||
(In reply to comment #14)
Do you suppose you could bisect down to a particular script which, when present, causes twitter to crash and post that?
|
|
Reporter | |
Comment 16•14 years ago
|
||
I did have something being activated on Twitter.com since I had Twitter pinned to an app tab. It is a userscript called Twitter Favicon Alerts.
|
|
Assignee | |
Comment 17•14 years ago
|
||
(Bumping the maxVersion in the xpi) I am able to install greasemonkey-0.8.20100408.6 on 4.0b6 and a TM nightly, but I am unable to actually load any user.js scripts, neither through the Tools menu or by opening the user.js file. Are you doing anything in particular to get greasemonkey working?
|
|
||
Comment 18•14 years ago
|
||
No public release of GM is compatible with Firefox 4. My best guess is they're using a GM nightly build.
|
|
Reporter | |
Comment 19•14 years ago
|
||
As per Comment #6, I am using Greasemonkey 0.8.20100408.6.3, last updated on July 17th, according to about:addons. Addon Compatibility Reporter says that this addon is marked compatible by the Developer.
|
|
||
Comment 20•14 years ago
|
||
Well, the date is embedded in the version: April 8th, 2010.
And this version has definitely *not* been marked compatible by the developer (me), as the a.m.o. page also shows:
https://addons.mozilla.org/en-US/firefox/addon/748/
"Works with Firefox 1.5 - 3.6.*"
|
|
Assignee | |
Comment 21•14 years ago
|
||
Oh, duh, I don't know why I was getting hung up on trying to repro; the evidence is in the crash stack. This is a null-deref (0x14 == offsetof(XPCCallContext::mJSContext) and, surprise surprise, XPC_NW_Construct isn't pushing an XPCCallContext. Blake, can you spot any other call/construct calls that wind up in nsContentUtils::GetDocumentFromCaller? I grepped, and the rest seem to call into JSAPI. Also, I just copy/pasted this XPCCallContext code, not sure if there are any subtleties I'm missing here.
|
||
Comment 23•14 years ago
|
||
we should try to get this in for beta 7.
|
||
Comment 24•14 years ago
|
||
Comment on attachment 476678 [details] [diff] [review]
patch
AFAIK, this is the last way that we can call a C++ function from JS.
Attachment #476678 -
Flags: review?(mrbkap) → review+
|
|
Assignee | |
Comment 25•14 years ago
|
||
Whiteboard: fixed-in-tracemonkey
|
||
Comment 26•14 years ago
|
||
Status: ASSIGNED → RESOLVED
blocking2.0: ? → beta7+
Closed: 14 years ago
Resolution: --- → FIXED
|
||
Updated•14 years ago
|
Crash Signature: [@ nsJSUtils::GetStaticScriptGlobal(JSContext*, JSObject*)]
You need to log in
before you can comment on or make changes to this bug.
Description
•