Closed Bug 609254 Opened 14 years ago Closed 11 years ago

crash [@ js::mjit::JITScript::purgePICs() ]

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Platform:
x86
Windows 7
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: scoobidiver, Unassigned)

Details

(Keywords: crash, regression)

Crash Data

It is a new crash signature. Crashes first appeared in 4.0b8pre/20101014 build.
It is #116 top crasher in 4.0b8pre for the last week.

Signature	js::mjit::JITScript::purgePICs()
UUID	e183dfae-a88a-49d8-b6b5-6f7592101102
Time 	2010-11-02 14:16:45.547483
Uptime	365
Install Age	16187 seconds (4.5 hours) since version was first installed.
Product	Firefox
Version	4.0b8pre
Build ID	20101102042148
Branch	2.0
OS	Windows NT
OS Version	6.1.7600
CPU	x86
CPU Info	GenuineIntel family 6 model 23 stepping 10
Crash Reason	EXCEPTION_ACCESS_VIOLATION_READ
Crash Address	0xffffffff9896804c
App Notes 	AdapterVendorID: 8086, AdapterDeviceID: 2a42

Frame 	Module 	Signature [Expand] 	Source
0 	mozjs.dll 	js::mjit::JITScript::purgePICs 	js/src/methodjit/PolyIC.cpp:2283
1 	mozjs.dll 	JSCompartment::purge 	js/src/jscompartment.cpp:366
2 	mozjs.dll 	PreGCCleanup 	js/src/jsgc.cpp:2136
3 	mozjs.dll 	GCUntilDone 	js/src/jsgc.cpp:2511
4 	mozjs.dll 	JS_GC 	js/src/jsapi.cpp:2513
5 	xul.dll 	nsXPConnect::Collect 	js/src/xpconnect/src/nsXPConnect.cpp:404
6 	xul.dll 	nsXPConnect::GarbageCollect 	js/src/xpconnect/src/nsXPConnect.cpp:412
7 	xul.dll 	nsJSContext::CC 	dom/base/nsJSEnvironment.cpp:3627
8 	xul.dll 	nsJSContext::IntervalCC 	dom/base/nsJSEnvironment.cpp:3716
9 	xul.dll 	nsUserActivityObserver::Observe 	dom/base/nsJSEnvironment.cpp:294
10 	xul.dll 	nsObserverList::NotifyObservers 	xpcom/ds/nsObserverList.cpp:130
11 	xul.dll 	nsObserverService::NotifyObservers 	xpcom/ds/nsObserverService.cpp:182
12 	xul.dll 	nsUITimerCallback::Notify 	content/events/src/nsEventStateManager.cpp:292
13 	xul.dll 	nsTimerImpl::Fire 	xpcom/threads/nsTimerImpl.cpp:428
14 	xul.dll 	nsTimerEvent::Run 	xpcom/threads/nsTimerImpl.cpp:517
15 	xul.dll 	nsThread::ProcessNextEvent 	xpcom/threads/nsThread.cpp:609
16 	xul.dll 	mozilla::ipc::MessagePump::Run 	ipc/glue/MessagePump.cpp:110
17 	xul.dll 	xul.dll@0xb034db 	
18 	xul.dll 	MessageLoop::RunHandler 	ipc/chromium/src/base/message_loop.cc:202
19 	xul.dll 	_SEH_epilog4 	
20 	xul.dll 	MessageLoop::Run 	ipc/chromium/src/base/message_loop.cc:176
21 	xul.dll 	nsBaseAppShell::Run 	widget/src/xpwidgets/nsBaseAppShell.cpp:181
22 	xul.dll 	xul.dll@0xb034db 	
23 	xul.dll 	nsAppShell::Run 	widget/src/windows/nsAppShell.cpp:243

The regression range is:
http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=f6e81dd5a125&tochange=ad0a0be8be74

More reports at:
http://crash-stats.mozilla.com/report/list?product=Firefox&query_search=signature&query_type=exact&query=&range_value=4&range_unit=weeks&hang_type=any&process_type=any&plugin_field=&plugin_query_type=&plugin_query=&do_query=1&admin=&signature=js%3A%3Amjit%3A%3AJITScript%3A%3ApurgePICs%28%29
It is #35 top crasher in 4.0b10.
Crash Signature: [@ js::mjit::JITScript::purgePICs() ]
In the past 4 weeks we have over 10K of these crashes across multiple versions. Appearing at #45 on 8.0.1 with 376 crashes in the past week. For 8.0, it's at #44 with 1328 in the past week. Probably worth looking at this one.
This appears to be another script corruption bug within GC. It crashes in PurgePICs right at the beginning, apparently with a bad |this| pointer. |this| comes as script->jitNormal, so |script| probably has garbage.
JM is gone.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.