Closed
Bug 699789
Opened 13 years ago
Closed 6 years ago
trunk crashes in js::analyze::ScriptAnalysis::analyzeBytecode and js::analyze::Bytecode::mergeDefines
Categories
(Core :: JavaScript Engine, defect)
Core
JavaScript Engine
Tracking
()
RESOLVED
WONTFIX
People
(Reporter: kairo, Unassigned)
References
Details
(Keywords: crash, Whiteboard: [mobile-crash][startupcrash])
Crash Data
This bug was filed from the Socorro interface and is report bp-b5e1cdd4-9830-40d8-8f26-00fcd2111104 . ============================================================= https://crash-stats.mozilla.com/report/list?signature=js%3A%3Aanalyze%3A%3AScriptAnalysis%3A%3AanalyzeBytecode%28JSContext*%29 https://crash-stats.mozilla.com/report/list?signature=js%3A%3Aanalyze%3A%3ABytecode%3A%3AmergeDefines%28JSContext*%2C%20js%3A%3Aanalyze%3A%3AScriptAnalysis*%2C%20bool%2C%20unsigned%20int%2C%20unsigned%20int*%2C%20unsigned%20int%29 Crashes seem to happen at address 0x72 on 32bit and 0xffffffffffffffff on 64bit builds. Both signatures have been around as residual crashes for a while but have spiked in yesterday's trunk data, with several people crashing repeatedly on startup with those signatures. The crashing builds are nightlies spread over the whole range of time viewed in the report (even when extending to a 4 week range), including yesterday's builds.
Reporter | ||
Updated•13 years ago
|
OS: Linux → Windows 7
Hardware: x86_64 → x86
Comment 1•13 years ago
|
||
This looks really strange. Rev aa953731b2c6 on 10/29 changed this code, but part of this patch was removing Bytecode::mergeDefines entirely. Why is this function still showing up in signatures from builds on 10/30 or later?
Reporter | ||
Comment 2•13 years ago
|
||
(In reply to Brian Hackett from comment #1) > This looks really strange. Rev aa953731b2c6 on 10/29 changed this code, but > part of this patch was removing Bytecode::mergeDefines entirely. Why is > this function still showing up in signatures from builds on 10/30 or later? https://crash-stats.mozilla.com/report/index/2f55f8b0-98da-454f-98c2-073122111104 is a crash from a 20111026031017 build and points to crashing at http://hg.mozilla.org/mozilla-central/annotate/cc66accc8181/js/src/jsanalyze.cpp#l74 which has a changeset from Oct 26. That's fun.
Comment 3•13 years ago
|
||
I took a look at some of the URLs - facebook and zynga showed up at the top part of the crash URLs. Wondering if they made some kind of change that triggered this.
First 3 parts of the stack also occurred in Fennec
Whiteboard: [mobile-crash]
Reporter | ||
Comment 6•13 years ago
|
||
The js::analyze::Bytecode::mergeDefines crash happens in 9.0b2, which is the most-current build from beta. All other builds that signature appears in are from 2011-11-09 or older.
Updated•13 years ago
|
Crash Signature: [@ js::analyze::ScriptAnalysis::analyzeBytecode(JSContext*)]
[@ js::analyze::Bytecode::mergeDefines(JSContext*, js::analyze::ScriptAnalysis*, bool, unsigned int, unsigned int*, unsigned int) ] → [@ js::analyze::ScriptAnalysis::analyzeBytecode(JSContext*)]
[@ js::analyze::ScriptAnalysis::analyzeBytecode ]
[@ js::analyze::Bytecode::mergeDefines(JSContext*, js::analyze::ScriptAnalysis*, bool, unsigned int, unsigned int*, unsigned int) ]
OS: Windows 7 → All
Hardware: x86 → All
Comment 8•12 years ago
|
||
Please see Bug 722926 for a 10.7 Mac user who hit one of these signatures after updating to Firefox 10. He even downloaded and new version and now cannot start Firefox.
Comment 9•12 years ago
|
||
It's #4 top crasher in 10.0 on Mac OS X.
Keywords: topcrash
Whiteboard: [mobile-crash] → [mobile-crash][startupcrash]
Comment 10•12 years ago
|
||
Another Mac OSX 10.6.8 Crashed using Firefox 10 - https://crash-stats.mozilla.com/report/index/58fbc4b1-89bf-4ace-aa0a-7f60f2120203 Not opening in Safe Mode - https://support.mozilla.org/en-US/questions/917095 Any workarounds/solutions ??
Comment 11•12 years ago
|
||
(In reply to mha007 from comment #10) > Any workarounds/solutions ?? For a startup crash, reinstall Firefox 9 and create a new profile in the first session, before the update. Then copy important data from the old profile to the new one.
Comment 12•12 years ago
|
||
Copied profile from Firefox 9 (home computer) and completely replaced Firefox 10 profile (work computer) and Firefox 10 started with no problems.
Comment 13•12 years ago
|
||
related to bug 731692?
Comment 14•12 years ago
|
||
It's #3 top browser crasher in 12.0 on Mac OS X.
Comment 15•12 years ago
|
||
It's a low volume crash, only 10 crashes in 13.0 on Mac OS X.
Keywords: topcrash
Comment 16•12 years ago
|
||
Ended up here reviewing a user's crashes on 16.0 in SUMO[1]. Linking in case there's a need to gather more data from the system with the crash. bp-4b3b4901-9a21-403b-a1aa-78c152120926 1| https://support.mozilla.org/en-US/questions/938141
Comment 17•12 years ago
|
||
(In reply to alex_mayorga from comment #16) > Ended up here reviewing a user's crashes on 16.0 in SUMO[1]. See bug 770238 comment 10.
Assignee | ||
Updated•10 years ago
|
Assignee: general → nobody
Updated•9 years ago
|
Crash Signature: [@ js::analyze::ScriptAnalysis::analyzeBytecode(JSContext*)]
[@ js::analyze::ScriptAnalysis::analyzeBytecode ]
[@ js::analyze::Bytecode::mergeDefines(JSContext*, js::analyze::ScriptAnalysis*, bool, unsigned int, unsigned int*, unsigned int) ] → [@ js::analyze::ScriptAnalysis::analyzeBytecode(JSContext*)]
[@ js::analyze::ScriptAnalysis::analyzeBytecode ]
[@ js::analyze::Bytecode::mergeDefines(JSContext*, js::analyze::ScriptAnalysis*, bool, unsigned int, unsigned int*, unsigned int) ]
[@ js::an…
Comment 18•6 years ago
|
||
Closing because no crash reported since 12 weeks.
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → WONTFIX
Comment 19•6 years ago
|
||
Closing because no crash reported since 12 weeks.
You need to log in
before you can comment on or make changes to this bug.
Description
•