Closed Bug 683207 Opened 14 years ago Closed 14 years ago

crash js::mjit::EnterMethodJIT

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Platform:
x86_64
Windows 7
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla9
Tracking Flags:
Tracking Status
firefox7 - ---
firefox8 - ---
firefox9 + fixed

People

(Reporter: murph.0912, Unassigned)

References

(
URL
)

Details

(Keywords: crash, Whiteboard: js-triage-needed [qa-])

Crash Data

Attachments

(1 file)

patch
1.56 KB, patch
dvander
: review+
Details | Diff | Splinter Review
This bug was filed from the Socorro interface and is report bp-e5e6d8d2-718b-40f7-8d3e-cf7c62110830 . ============================================================= I am filing this bug for the user who actually experienced it. More crash reports for the page in question: https://crash-stats.mozilla.com/report/index/35465366-ddf6-4538-b332-6ac9d2110830 https://crash-stats.mozilla.com/report/index/bp-4bbf8cb0-8a29-4b38-b3cf-e3f062110830 Also, not sure of the proper component, so chose General for the moment.
Assignee: nobody → general
Component: General → JavaScript Engine
Product: Firefox → Core
QA Contact: general → general
Does the linked URL crash reliably, or only sometimes?
Depends on: SadJägerMonkey
Whiteboard: js-triage-needed
Blocks: SadJägerMonkey
No longer depends on: SadJägerMonkey
For me that link has crashed every time I let Noscript to "allow all this page" but not if I allow only rchelicopterfun.com...
For me, it has not crashed at all. Others in the mozillazine forum (http://forums.mozillazine.org/viewtopic.php?p=11194661#p11194661) evidently are only seeing this intermittently if they seeing more than one crash.
For me, its 100%, even with a new profile. Win7 64bit..
I tried, again, after disabling AdBlock Plus and got this crash: https://crash-stats.mozilla.com/report/index/bp-4d85502a-7593-46ae-b0a9-8b1622110830
For me this page crashes reliably in a TI nightly from a few days ago. Looking into now... http://www.rchelicopterfun.com/best-rc-helicopter.html
This page crashes it every time for me on today's nightly (built from e6591ea9b27b): http://www.favbrowser.com/mozilla-previews-firefox-for-tablets/
Attached patch patchSplinter Review
Patch for the rchelicopters.com crash. Regalloc bug when hoisting computations from accesses like arguments[x]. I'm not sure how many of the EnterMethodJIT crashes this will address (this is a blanket signature for all jitcode crashes), but all the crashes I looked at *could* have been caused by this bug.
Attachment #557071 - Flags: review?(dvander)
Attachment #557071 - Flags: review?(dvander) → review+
Just tested with an hourly build based on cset: http://hg.mozilla.org/mozilla-central/rev/005bce677a00 and no more crashes on the linked URL as reported. Thanks for the quick work. Do want to leave this open, or should it be now be closed ?
Lets close this one, future jitcode crashes with this signature will be for different reasons. I also tested the link in comment 7 with and without this patch, and it looks to be the same (fixed) issue.
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
status-firefox7: --- → affected
status-firefox8: --- → affected
tracking-firefox7: --- → ?
tracking-firefox8: --- → ?
Target Milestone: --- → mozilla9
Scooby, this isn't the bug you're looking for. This is brand new code.
status-firefox7: affected → ---
status-firefox8: affected → ---
tracking-firefox7: ?-
tracking-firefox8: ?-
Can someone on this bug who was able to reproduce it before please verify the fix on Firefox 9?
Whiteboard: js-triage-needed → js-triage-needed [qa-]
At least for for me, no crash anymore using Firefox 9b4: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0) Gecko/20100101 Firefox/9.0 ID:20111130065942
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: