Closed Bug 700587 Opened 14 years ago Closed 7 years ago

crash [@ js::RegExpPrivate::execute]

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Version:
10 Branch
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED WONTFIX
Tracking Flags:
Tracking Status
firefox10 --- affected
firefox11 --- affected
firefox12 --- affected
firefox13 --- affected

People

(Reporter: nhirata, Unassigned)

Details

(Keywords: crash, Whiteboard: [mobile-crash],[qa+], [native-crash])

Crash Data

This bug was filed from the Socorro interface and is report bp-9a158d84-0a7e-46eb-8963-851e42111105 . ============================================================= Crashing Thread Frame Module Signature [Expand] Source 0 @0x59f9ca24 1 libxul.so js::RegExpPrivate::execute js/src/vm/RegExpObject-inl.h:312 2 libxul.so js::ExecuteRegExp js/src/builtin/RegExp.cpp:135 3 libxul.so DoMatch js/src/jsstr.cpp:1490 4 libxul.so js::str_replace js/src/jsstr.cpp:2066 5 libxul.so js::InvokeKernel js/src/jscntxtinlines.h:297 6 libxul.so js::Interpret js/src/jsinterp.cpp:3948 7 libxul.so js::RunScript js/src/jsinterp.cpp:584 8 libxul.so js::InvokeGetterOrSetter js/src/jsinterp.cpp:647 9 libxul.so js_GetPropertyHelper js/src/jsscopeinlines.h:279 10 libxul.so js::Interpret js/src/jsinterp.cpp:3478 11 libxul.so js::RunScript js/src/jsinterp.cpp:584 12 libxul.so js::Invoke js/src/jsinterp.cpp:647 13 libxul.so JS_CallFunctionValue js/src/jsapi.cpp:5168 14 libxul.so nsXPCWrappedJSClass::CallMethod js/xpconnect/src/XPCWrappedJSClass.cpp:1533 15 libxul.so nsXPCWrappedJS::CallMethod js/xpconnect/src/XPCWrappedJS.cpp:553 16 libxul.so PrepareAndDispatch xpcom/reflect/xptcall/src/md/unix/xptcstubs_arm.cpp:131 17 libxul.so libxul.so@0x96340b 18 libxul.so nsObserverList::NotifyObservers xpcom/ds/nsObserverList.cpp:130 19 @0x601f742e 20 libxul.so nsObserverService::NotifyObservers xpcom/ds/nsObserverService.cpp:182 21 libxul.so nsHttpHandler::NotifyObservers netwerk/protocol/http/nsHttpHandler.cpp:533 22 libxul.so nsHttpChannel::AsyncOpen netwerk/protocol/http/nsHttpHandler.h:189 23 libxul.so nsXMLHttpRequest::Send content/base/src/nsXMLHttpRequest.cpp:2545 24 libxul.so nsIXMLHttpRequest_Send obj-firefox/js/xpconnect/src/dom_quickstubs.cpp:22588 25 libxul.so js::InvokeKernel js/src/jscntxtinlines.h:297 26 libxul.so js::Interpret js/src/jsinterp.cpp:3948 27 libxul.so js::RunScript js/src/jsinterp.cpp:584 28 libxul.so js::Invoke js/src/jsinterp.cpp:647 29 libxul.so JS_CallFunctionValue js/src/jsapi.cpp:5168 30 libxul.so nsJSContext::CallEventHandler dom/base/nsJSEnvironment.cpp:1937 31 libxul.so nsGlobalWindow::RunTimeout dom/base/nsGlobalWindow.cpp:9307 32 libxul.so nsGlobalWindow::TimerCallback dom/base/nsGlobalWindow.cpp:9747 33 libxul.so nsTimerImpl::Fire xpcom/threads/nsTimerImpl.cpp:425 34 libxul.so nsTimerEvent::Run xpcom/threads/nsTimerImpl.cpp:521 35 libxul.so nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:631 36 libxul.so NS_ProcessNextEvent_P obj-firefox/xpcom/build/nsThreadUtils.cpp:245 37 libxul.so mozilla::ipc::MessagePump::Run ipc/glue/MessagePump.cpp:110 38 libxul.so MessageLoop::RunInternal ipc/chromium/src/base/message_loop.cc:208 39 libxul.so MessageLoop::Run ipc/chromium/src/base/message_loop.cc:201 40 libxul.so nsBaseAppShell::Run widget/src/xpwidgets/nsBaseAppShell.cpp:189 41 libxul.so nsAppStartup::Run toolkit/components/startup/nsAppStartup.cpp:228 42 libxul.so XRE_main toolkit/xre/nsAppRunner.cpp:3551 43 libxul.so Java_org_mozilla_gecko_GeckoAppShell_nativeRun toolkit/xre/nsAndroidStartup.cpp:132 44 libmozutils.so Java_org_mozilla_gecko_GeckoAppShell_nativeRun other-licenses/android/APKOpen.cpp:232 45 libdvm.so libdvm.so@0x11f76 46 dalvik-LinearAlloc (deleted) dalvik-LinearAlloc @0x22d056 47 dalvik-heap (deleted) dalvik-heap @0x78a4ee 48 libdvm.so libdvm.so@0x41ba9 49 data@app@org.mozilla.fennec-2.apk@classes.dex data@app@org.mozilla.fennec-2.apk@classes.dex@0x14c9e 50 libmozutils.so Java_org_mozilla_gecko_GeckoAppShell_nativeInit other-licenses/android/APKOpen.cpp:231 51 dalvik-LinearAlloc (deleted) dalvik-LinearAlloc @0x22d056 52 libdvm.so libdvm.so@0x41b5f 53 dalvik-heap (deleted) dalvik-heap @0x78a4ee 54 libdvm.so libdvm.so@0x4721b 55 dalvik-LinearAlloc (deleted) dalvik-LinearAlloc @0x22d056 56 data@app@org.mozilla.fennec-2.apk@classes.dex data@app@org.mozilla.fennec-2.apk@classes.dex@0xd3cc 57 dalvik-heap (deleted) dalvik-heap @0x78a4ee 58 libdvm.so libdvm.so@0x1213e 59 libdvm.so libdvm.so@0x1719e 60 data@app@org.mozilla.fennec-2.apk@classes.dex data@app@org.mozilla.fennec-2.apk@classes.dex@0x9d4e 61 libdvm.so libdvm.so@0x1c4da 62 libdvm.so libdvm.so@0x1c44a 63 dalvik-LinearAlloc (deleted) dalvik-LinearAlloc @0x22f2c6 64 libdvm.so libdvm.so@0x1b59a 65 libdvm.so libdvm.so@0x16e1a 66 core.odex core.odex@0x116d9e 67 dalvik-heap (deleted) dalvik-heap @0x896676 68 dalvik-LinearAlloc (deleted) dalvik-LinearAlloc @0x22d536 69 dalvik-mark-stack (deleted) dalvik-mark-stack @0x4d55e6e 70 libdvm.so libdvm.so@0x16e7e 71 libdvm.so libdvm.so@0x16ef6 72 libdvm.so libdvm.so@0x16d9e 73 libdvm.so libdvm.so@0x16dc6 74 libdvm.so libdvm.so@0x16e1a 75 core.odex core.odex@0x101efa 76 core.odex core.odex@0x101ef8 77 core.odex core.odex@0x101eae 78 com.htc.android.bluetooth.odex com.htc.android.bluetooth.odex@0x6bf4b 79 com.htc.framework.odex com.htc.framework.odex@0x556a18 80 com.htc.framework.odex com.htc.framework.odex@0x5561f4 81 com.htc.framework.odex com.htc.framework.odex@0x5558e5 82 com.htc.framework.odex com.htc.framework.odex@0x8c8b4 83 com.htc.framework.odex com.htc.framework.odex@0x9c6d0 84 com.htc.framework.odex com.htc.framework.odex@0x5561f6 85 com.htc.android.bluetooth.odex com.htc.android.bluetooth.odex@0xa06ae 86 com.htc.framework.odex com.htc.framework.odex@0x555cf3 87 com.htc.framework.odex com.htc.framework.odex@0x5555ac 88 com.htc.framework.odex com.htc.framework.odex@0x5558e6 89 com.htc.framework.odex com.htc.framework.odex@0x5555a3 90 com.htc.android.bluetooth.odex com.htc.android.bluetooth.odex@0x6d876 91 com.htc.framework.odex com.htc.framework.odex@0x5561f2 92 com.htc.framework.odex com.htc.framework.odex@0x555cf4 93 com.htc.commonctrl.odex com.htc.commonctrl.odex@0x1129e5 94 com.htc.framework.odex com.htc.framework.odex@0x8c8b6 95 com.htc.framework.odex com.htc.framework.odex@0x5559b1 96 com.htc.android.bluetooth.odex com.htc.android.bluetooth.odex@0x708b9 97 dalvik-LinearAlloc (deleted) dalvik-LinearAlloc @0x185e6 Note: HTC HTC PG09410 cingular_us/htc_puccinilte/puccinilte:3.1/HMJ15/137848.3:user/release-keys More crashes : https://crash-stats.mozilla.com/report/list?signature=js%3A%3ARegExpPrivate%3A%3Aexecute
We have this on desktop as well.
Crash Signature: [@ js::RegExpPrivate::execute] → [@ js::RegExpPrivate::execute] [@ js::detail::RegExpPrivate::execute] [@ js::detail::RegExpPrivate::execute(JSContext*, wchar_t const*, unsigned __int64, unsigned __int64*, js::LifoAllocScope&, js::MatchPairs**)]
Crash Signature: [@ js::RegExpPrivate::execute] [@ js::detail::RegExpPrivate::execute] [@ js::detail::RegExpPrivate::execute(JSContext*, wchar_t const*, unsigned __int64, unsigned __int64*, js::LifoAllocScope&, js::MatchPairs**)] → [@ js::RegExpPrivate::execute] [@ js::detail::RegExpPrivate::execute] [@ js::detail::RegExpPrivate::execute(JSContext*, wchar_t const*, unsigned __int64, unsigned __int64*, js::LifoAllocScope&, js::MatchPairs**)] [@ @0x0 | js::RegExpPrivate::execute ]
OS: Android → All
Hardware: ARM → All
Whiteboard: [mobile-crash] → [mobile-crash],[native-crash]
No crashes any more with builds from 2011-11-15 or later, it seems. Fixed by bug 701761 perhaps?
Setting to P1 as this may have been resolved. just need to do follow up work to verify Comment 3.
Whiteboard: [mobile-crash],[native-crash] → [mobile-crash],[native-crash:P1],[qa+]
It seems to be fixed on desktop but not on mobile: bp-423350cb-e6db-4943-a87e-3dcff2111121
https://crash-stats.mozilla.com/report/list?signature=js%3A%3Adetail%3A%3ARegExpPrivate%3A%3Aexecute seems to say it's there at least on Fennec on builds from the 21st, yes. :(
This crash changed signature due to a JS-internal change, so make sure you look for the one with "detail::" in it"! (In reply to Naoki Hirata :nhirata from comment #7) > No native crash : https://crash-stats.mozilla.com/report/list?signature=js%3A%3Adetail%3A%3ARegExpPrivate%3A%3Aexecute only gives me native results, none in XUL, so from there it looks native-only. Of course, due to almost no users on XUL on Aurora or Nightly (as it's even hard to stay on XUL for a tablet user, and we don't want phone users to use XUL at all, of course), it might just have low enough frequency on XUL to show up with the new signature. Still, this is around on native, we know that for sure, you should put native-crash back.
My mistake. I missed the internal change info. XUL wouldn't have the detail, so it makes sense that I only saw XUL and not native. FYI, you could have just put in the native-crash without asking me to do so. :)
Whiteboard: [mobile-crash],[qa+] → [mobile-crash],[qa+], [native-crash]
Assignee: general → nobody
Closing because no crash reported since 12 weeks.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → WONTFIX
Closing because no crash reported since 12 weeks.
You need to log in before you can comment on or make changes to this bug.