Closed Bug 683207 Opened 8 years ago Closed 8 years ago

crash js::mjit::EnterMethodJIT

Categories

(Core :: JavaScript Engine, defect, critical)

x86_64
Windows 7
defect
Not set
critical

Tracking

()

RESOLVED FIXED
mozilla9
Tracking Status
firefox7 - ---
firefox8 - ---
firefox9 + fixed

People

(Reporter: olrrm2020, Unassigned)

References

()

Details

(Keywords: crash, Whiteboard: js-triage-needed [qa-])

Crash Data

Attachments

(1 file)

This bug was filed from the Socorro interface and is 
report bp-e5e6d8d2-718b-40f7-8d3e-cf7c62110830 .
============================================================= 

I am filing this bug for the user who actually experienced it.

More crash reports for the page in question:
https://crash-stats.mozilla.com/report/index/35465366-ddf6-4538-b332-6ac9d2110830
https://crash-stats.mozilla.com/report/index/bp-4bbf8cb0-8a29-4b38-b3cf-e3f062110830

Also, not sure of the proper component, so chose General for the moment.
Assignee: nobody → general
Component: General → JavaScript Engine
Product: Firefox → Core
QA Contact: general → general
Does the linked URL crash reliably, or only sometimes?
Depends on: SadJägerMonkey
Whiteboard: js-triage-needed
No longer depends on: SadJägerMonkey
For me that link has crashed every time I let Noscript to "allow all this page" but not if I allow only rchelicopterfun.com...
For me, it has not crashed at all. Others in the mozillazine forum (http://forums.mozillazine.org/viewtopic.php?p=11194661#p11194661) evidently are only seeing this intermittently if they seeing more than one crash.
For me, its 100%, even with a new profile.

Win7 64bit..
I tried, again, after disabling AdBlock Plus and got this crash:

https://crash-stats.mozilla.com/report/index/bp-4d85502a-7593-46ae-b0a9-8b1622110830
For me this page crashes reliably in a TI nightly from a few days ago.  Looking into now...

http://www.rchelicopterfun.com/best-rc-helicopter.html
This page crashes it every time for me on today's nightly (built from e6591ea9b27b):
http://www.favbrowser.com/mozilla-previews-firefox-for-tablets/
Attached patch patchSplinter Review
Patch for the rchelicopters.com crash.  Regalloc bug when hoisting computations from accesses like arguments[x].  I'm not sure how many of the EnterMethodJIT crashes this will address (this is a blanket signature for all jitcode crashes), but all the crashes I looked at *could* have been caused by this bug.
Attachment #557071 - Flags: review?(dvander)
Attachment #557071 - Flags: review?(dvander) → review+
Just tested with an hourly build based on cset:
http://hg.mozilla.org/mozilla-central/rev/005bce677a00 

and no more crashes on the linked URL as reported.  Thanks for the quick work.  Do want to leave this open, or should it be now be closed ?
Lets close this one, future jitcode crashes with this signature will be for different reasons.  I also tested the link in comment 7 with and without this patch, and it looks to be the same (fixed) issue.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla9
Scooby, this isn't the bug you're looking for. This is brand new code.
Can someone on this bug who was able to reproduce it before please verify the fix on Firefox 9?
Whiteboard: js-triage-needed → js-triage-needed [qa-]
At least for for me, no crash anymore using Firefox 9b4: 
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0) Gecko/20100101 Firefox/9.0 ID:20111130065942
You need to log in before you can comment on or make changes to this bug.