Closed Bug 609254 Opened 15 years ago Closed 12 years ago

crash [@ js::mjit::JITScript::purgePICs() ]

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Platform:
x86
Windows 7
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: scoobidiver, Unassigned)

Details

(Keywords: crash, regression)

Crash Data

It is a new crash signature. Crashes first appeared in 4.0b8pre/20101014 build. It is #116 top crasher in 4.0b8pre for the last week. Signature js::mjit::JITScript::purgePICs() UUID e183dfae-a88a-49d8-b6b5-6f7592101102 Time 2010-11-02 14:16:45.547483 Uptime 365 Install Age 16187 seconds (4.5 hours) since version was first installed. Product Firefox Version 4.0b8pre Build ID 20101102042148 Branch 2.0 OS Windows NT OS Version 6.1.7600 CPU x86 CPU Info GenuineIntel family 6 model 23 stepping 10 Crash Reason EXCEPTION_ACCESS_VIOLATION_READ Crash Address 0xffffffff9896804c App Notes AdapterVendorID: 8086, AdapterDeviceID: 2a42 Frame Module Signature [Expand] Source 0 mozjs.dll js::mjit::JITScript::purgePICs js/src/methodjit/PolyIC.cpp:2283 1 mozjs.dll JSCompartment::purge js/src/jscompartment.cpp:366 2 mozjs.dll PreGCCleanup js/src/jsgc.cpp:2136 3 mozjs.dll GCUntilDone js/src/jsgc.cpp:2511 4 mozjs.dll JS_GC js/src/jsapi.cpp:2513 5 xul.dll nsXPConnect::Collect js/src/xpconnect/src/nsXPConnect.cpp:404 6 xul.dll nsXPConnect::GarbageCollect js/src/xpconnect/src/nsXPConnect.cpp:412 7 xul.dll nsJSContext::CC dom/base/nsJSEnvironment.cpp:3627 8 xul.dll nsJSContext::IntervalCC dom/base/nsJSEnvironment.cpp:3716 9 xul.dll nsUserActivityObserver::Observe dom/base/nsJSEnvironment.cpp:294 10 xul.dll nsObserverList::NotifyObservers xpcom/ds/nsObserverList.cpp:130 11 xul.dll nsObserverService::NotifyObservers xpcom/ds/nsObserverService.cpp:182 12 xul.dll nsUITimerCallback::Notify content/events/src/nsEventStateManager.cpp:292 13 xul.dll nsTimerImpl::Fire xpcom/threads/nsTimerImpl.cpp:428 14 xul.dll nsTimerEvent::Run xpcom/threads/nsTimerImpl.cpp:517 15 xul.dll nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:609 16 xul.dll mozilla::ipc::MessagePump::Run ipc/glue/MessagePump.cpp:110 17 xul.dll xul.dll@0xb034db 18 xul.dll MessageLoop::RunHandler ipc/chromium/src/base/message_loop.cc:202 19 xul.dll _SEH_epilog4 20 xul.dll MessageLoop::Run ipc/chromium/src/base/message_loop.cc:176 21 xul.dll nsBaseAppShell::Run widget/src/xpwidgets/nsBaseAppShell.cpp:181 22 xul.dll xul.dll@0xb034db 23 xul.dll nsAppShell::Run widget/src/windows/nsAppShell.cpp:243 The regression range is: http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=f6e81dd5a125&tochange=ad0a0be8be74 More reports at: http://crash-stats.mozilla.com/report/list?product=Firefox&query_search=signature&query_type=exact&query=&range_value=4&range_unit=weeks&hang_type=any&process_type=any&plugin_field=&plugin_query_type=&plugin_query=&do_query=1&admin=&signature=js%3A%3Amjit%3A%3AJITScript%3A%3ApurgePICs%28%29
It is #35 top crasher in 4.0b10.
Crash Signature: [@ js::mjit::JITScript::purgePICs() ]
In the past 4 weeks we have over 10K of these crashes across multiple versions. Appearing at #45 on 8.0.1 with 376 crashes in the past week. For 8.0, it's at #44 with 1328 in the past week. Probably worth looking at this one.
This appears to be another script corruption bug within GC. It crashes in PurgePICs right at the beginning, apparently with a bad |this| pointer. |this| comes as script->jitNormal, so |script| probably has garbage.
JM is gone.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.