Open Bug 622978 Opened 9 years ago Updated 3 years ago

Crash in nsDisplayList::ComputeVisibilityForSublist

Categories

(Core :: Web Painting, defect, critical)

x86
Windows XP
defect
Not set
critical

Tracking

()

Tracking Status
blocking2.0 --- -

People

(Reporter: scoobidiver, Unassigned)

Details

(Keywords: crash)

Crash Data

It is a residual crash signature that exists in trunk builds.
It is #34 top crasher in 4.0b9pre for the last week.

Signature	nsDisplayList::ComputeVisibilityForSublist(nsDisplayListBuilder*, nsRegion*, nsRect const&)
UUID	a41cde21-9838-46fd-bdeb-d3b872110104
Time 	2011-01-04 10:39:42.532570
Uptime	2196
Last Crash	69043 seconds (19.2 hours) before submission
Install Age	82818 seconds (23.0 hours) since version was first installed.
Product	Firefox
Version	4.0b9pre
Build ID	20110103030359
Branch	2.0
OS	Windows NT
OS Version	5.1.2600 Service Pack 2
CPU	x86
CPU Info	AuthenticAMD family 6 model 8 stepping 1
Crash Reason	EXCEPTION_ACCESS_VIOLATION_READ
Crash Address	0x47106d93
User Comments	
App Notes 	AdapterVendorID: 10de, AdapterDeviceID: 0326

Frame 	Module 	Signature [Expand] 	Source
0 		@0x47106d93 	
1 	xul.dll 	nsDisplayList::ComputeVisibilityForSublist 	layout/base/nsDisplayList.cpp:368
2 	xul.dll 	nsDisplayClip::ComputeVisibility 	layout/base/nsDisplayList.cpp:1593
3 	xul.dll 	nsDisplayList::ComputeVisibilityForSublist 	layout/base/nsDisplayList.cpp:365
4 	xul.dll 	nsDisplayClip::ComputeVisibility 	layout/base/nsDisplayList.cpp:1593
5 	xul.dll 	nsDisplayList::ComputeVisibilityForSublist 	layout/base/nsDisplayList.cpp:365
6 	xul.dll 	nsDisplayClip::ComputeVisibility 	layout/base/nsDisplayList.cpp:1593
7 	xul.dll 	nsDisplayList::ComputeVisibilityForSublist 	layout/base/nsDisplayList.cpp:365
8 	xul.dll 	nsDisplayWrapList::ComputeVisibility 	layout/base/nsDisplayList.cpp:1322
9 	xul.dll 	nsDisplayList::ComputeVisibilityForSublist 	layout/base/nsDisplayList.cpp:365
10 	xul.dll 	nsDisplayClip::ComputeVisibility 	layout/base/nsDisplayList.cpp:1593
11 	xul.dll 	nsDisplayList::ComputeVisibilityForSublist 	layout/base/nsDisplayList.cpp:365
12 	xul.dll 	nsDisplayClip::ComputeVisibility 	layout/base/nsDisplayList.cpp:1593
13 	xul.dll 	nsDisplayList::ComputeVisibilityForSublist 	layout/base/nsDisplayList.cpp:365
14 	xul.dll 	nsDisplayClip::ComputeVisibility 	layout/base/nsDisplayList.cpp:1593
15 	xul.dll 	nsDisplayList::ComputeVisibilityForSublist 	layout/base/nsDisplayList.cpp:365
16 	xul.dll 	nsLayoutUtils::PaintFrame 	layout/base/nsLayoutUtils.cpp:1429
17 	xul.dll 	PresShell::Paint 	layout/base/nsPresShell.cpp:6108
18 	xul.dll 	nsViewManager::RenderViews 	view/src/nsViewManager.cpp:447
19 	xul.dll 	nsViewManager::Refresh 	view/src/nsViewManager.cpp:413
20 	xul.dll 	nsViewManager::DispatchEvent 	view/src/nsViewManager.cpp:912
21 	xul.dll 	AttachedHandleEvent 	view/src/nsView.cpp:193
22 	xul.dll 	nsWindow::DispatchEvent 	widget/src/windows/nsWindow.cpp:3658
23 	xul.dll 	nsWindow::DispatchWindowEvent 	widget/src/windows/nsWindow.cpp:3686
24 	xul.dll 	nsWindow::OnPaint 	
25 	user32.dll 	RealDefWindowProcWorker 	
26 	user32.dll 	HMValidateHandle 	
27 	user32.dll 	RealDefWindowProcW 	
28 	user32.dll 	WinStationSendMessageW 	
29 	user32.dll 	DefWindowProcW 	
30 	user32.dll 	DefWindowProcW 	
31 	user32.dll 	UserCallWinProcCheckWow 	

More reports at:
http://crash-stats.mozilla.com/report/list?range_value=4&range_unit=weeks&signature=nsDisplayList%3A%3AComputeVisibilityForSublist%28nsDisplayListBuilder*%2C%20nsRegion*%2C%20nsRect%20const%26%29
blocking2.0: --- → ?
Don't want to block without steps to reproduce
blocking2.0: ? → -
Crash Signature: [@ nsDisplayList::ComputeVisibilityForSublist(nsDisplayListBuilder*, nsRegion*, nsRect const&) ]
Crash Signature: [@ nsDisplayList::ComputeVisibilityForSublist(nsDisplayListBuilder*, nsRegion*, nsRect const&) ] → nsRect const&)] [@ @0x0 | nsDisplayList::ComputeVisibilityForSublist(nsDisplayListBuilder*, nsRegion*, nsRect const&, nsRect const&)] [@ nsDisplayList::ComputeVisibilityForSublist(nsDisplayListBuilder*, nsRegion*, nsRect const&, nsRect const&)] [@ _pure…
Summary: crash [@ nsDisplayList::ComputeVisibilityForSublist(nsDisplayListBuilder*, nsRegion*, nsRect const&) ] → Crash in nsDisplayList::ComputeVisibilityForSublist
This signature is on the rise, now at #42 in FF 22.0a2 topcrash list.
Combined signatures are at ~2000 incidents in the past 4 weeks for FF/all versions.
Crash Signature: , nsRect const&)] [@ @0x0 | nsDisplayList::ComputeVisibilityForSublist(nsDisplayListBuilder*, nsRegion*, nsRect const&, nsRect const&)] → , nsRect const&)] [@ @0x0 | nsDisplayList::ComputeVisibilityForSublist(nsDisplayListBuilder*, nsRegion*, nsRect const&, nsRect const&)] [@ nsDisplayList::ComputeVisibilityForSublist(nsDisplayListBuilder*, nsDisplayItem*, nsRegion*, nsRect const&, nsRect…
Keywords: crashtopcrash
(In reply to Mats Palmgren [:mats] from comment #2)
> This signature is on the rise, now at #42 in FF 22.0a2 topcrash list.
It's not enough to qualify it for the topcrash keyword (see https://wiki.mozilla.org/CrashKill/Topcrash). In addition, it's above #90 crasher in any channels.
Keywords: topcrashcrash
That's not a very useful definition of topcrash.  The top 20 crashes are
almost always useless EMPTY, GC, CC, JIT, wrapping stuff, moz_abort etc.
IOW, generic crashes that almost always have a root cause in some other code.

I think it would be more useful for developers if "topcrash" means "a worrying
crash high in the rankings that a developer really should try to investigate soon".
With the current definition I'm more inclined to *ignore* crashes that are marked
topcrash, which is unfortunate.
A worrying crash can be tracked in the version it appeared using tracking flags without being flagged as topcrash.
It's much harder to query tracking flags and they are a moving target.

Ideally, I think topcrash bugs should be the 1-2% of crash bugs that
deserves extra attention and effort from developers and/or QA.
(In reply to Mats Palmgren [:mats] from comment #4)
> That's not a very useful definition of topcrash.

Please discuss that definition in the stability@m.o list and not in bugs. That said, for now, the definition stands as it is, but it has some loopholes for things that are deemed to be "interesting" in solving problems larger than their pure volume, as you can see in the wiki page. Still, please take anything that isn't specific on this one crash up to the list and not the bug report.
Crash Signature: , nsRect const&)] [@ @0x0 | nsDisplayList::ComputeVisibilityForSublist(nsDisplayListBuilder*, nsDisplayItem*, nsRegion*, nsRect const&, nsRect const&)] → , nsRect const&)] [@ @0x0 | nsDisplayList::ComputeVisibilityForSublist(nsDisplayListBuilder*, nsDisplayItem*, nsRegion*, nsRect const&, nsRect const&)] [@ nsDisplayList::ComputeVisibilityForSublist] [@ _purecall | nsDisplayList::ComputeVisibilityForSub…
Component: Layout → Layout: Web Painting
You need to log in before you can comment on or make changes to this bug.