Closed
Bug 706104
Opened 14 years ago
Closed 7 years ago
Crash in js::analyze::ScriptAnalysis::addJump
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
WONTFIX
People
(Reporter: scoobidiver, Unassigned)
References
Details
(Keywords: crash, regression, Whiteboard: [startupcrash])
Crash Data
It's #52 top crasher in 10.0a2 over the last 3 days;
It first appeared in 10.a1/20111031. The regression range is:
http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=abdbf0646a21&tochange=04b4ea333800
It no longer happens from 11.0a1/20111121. The fixing range is:
http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=78cd6a30e250&tochange=8ceaedf06a57
Signature js::analyze::ScriptAnalysis::addJump(JSContext*, unsigned int, unsigned int*, unsigned int*, unsigned int)
UUID 45fe6a4f-e45b-4759-8f7e-df2582111128
Date Processed 2011-11-28 22:37:10.789171
Uptime 717
Install Age 1.6 hours since version was first installed.
Install Time 2011-11-29 05:03:40
Product Firefox
Version 10.0a2
Build ID 20111128042018
Release Channel aurora
OS Windows NT
OS Version 6.1.7601 Service Pack 1
Build Architecture x86
Build Architecture Info GenuineIntel family 6 model 37 stepping 5
Crash Reason EXCEPTION_ACCESS_VIOLATION_READ
Crash Address 0x532c39d4
App Notes AdapterVendorID: 8086, AdapterDeviceID: 0046, AdapterSubsysID: 17021043, AdapterDriverVersion: 8.15.10.2538
D2D? D2D+
DWrite? DWrite+
D3D10 Layers? D3D10 Layers+
EMCheckCompatibility True
Crashing Thread
Frame Module Signature [Expand] Source
0 mozjs.dll js::analyze::ScriptAnalysis::addJump js/src/jsanalyze.cpp:80
1 mozjs.dll js::analyze::ScriptAnalysis::analyzeBytecode js/src/jsanalyze.cpp:493
2 mozjs.dll JSScript::makeAnalysis js/src/jsinfer.cpp:5507
3 mozjs.dll JSScript::ensureRanAnalysis js/src/jsinferinlines.h:1270
4 mozjs.dll js::types::TypeMonitorCall js/src/jsinferinlines.h:327
5 mozjs.dll js::InvokeKernel js/src/jsinterp.cpp:631
6 mozjs.dll js::Invoke js/src/jsinterp.cpp:679
7 mozjs.dll JS_CallFunctionValue js/src/jsapi.cpp:5199
8 xul.dll nsJSContext::CallEventHandler dom/base/nsJSEnvironment.cpp:1937
9 xul.dll nsJSEventListener::HandleEvent dom/src/events/nsJSEventListener.cpp:211
10 xul.dll nsCxPusher::RePush content/base/src/nsContentUtils.cpp:2610
11 @0x44b
12 xul.dll nsScriptLoader::FireScriptEvaluated content/base/src/nsScriptLoader.cpp:844
13 xul.dll nsScriptLoader::ProcessRequest content/base/src/nsScriptLoader.cpp:811
14 mozutils.dll je_free memory/jemalloc/jemalloc.c:6497
More reports at:
https://crash-stats.mozilla.com/report/list?signature=js%3A%3Aanalyze%3A%3AScriptAnalysis%3A%3AaddJump%28JSContext*%2C%20unsigned%20int%2C%20unsigned%20int*%2C%20unsigned%20int*%2C%20unsigned%20int%29
|
||
Comment 1•14 years ago
|
||
This signature has quickly risen up to #2 on trunk in yesterday's data!
|
Reporter | |
Comment 2•14 years ago
|
||
A similar form of the crash signature exists in 9.0.
It's #122 top crasher in 9.0b4 and #115 in 10.0a2.
Crash Signature: [@ js::analyze::ScriptAnalysis::addJump(JSContext*, unsigned int, unsigned int*, unsigned int*, unsigned int) ] → [@ js::analyze::ScriptAnalysis::addJump(JSContext*, unsigned int, unsigned int*, unsigned int*, unsigned int)]
[@ js::analyze::ScriptAnalysis::addJump(JSContext*, unsigned int, unsigned int*, unsigned int*, unsigned int, unsigned int*, unsigned int)]
Version: 10 Branch → 9 Branch
|
||
Comment 3•13 years ago
|
||
did this diminish in recent firefox releases?
|
|
Reporter | |
Comment 4•13 years ago
|
||
It's about #300 browser crasher in 11.0.
Crash Signature: [@ js::analyze::ScriptAnalysis::addJump(JSContext*, unsigned int, unsigned int*, unsigned int*, unsigned int)]
[@ js::analyze::ScriptAnalysis::addJump(JSContext*, unsigned int, unsigned int*, unsigned int*, unsigned int, unsigned int*, unsigned int)] → [@ js::analyze::ScriptAnalysis::addJump(JSContext*, unsigned int, unsigned int*, unsigned int*, unsigned int)]
[@ js::analyze::ScriptAnalysis::addJump(JSContext*, unsigned int, unsigned int*, unsigned int*, unsigned int, unsigned int* unsigned int)]
[@ …
|
|
Reporter | |
Comment 5•13 years ago
|
||
It's #12 top crasher in the first days of 12.0.
Keywords: topcrash
Whiteboard: [startupcrash]
|
|
Reporter | |
Comment 8•12 years ago
|
||
It happens at a low volume:
* 103 crashes in 22.0
* 7 in 23.0b9
|
Assignee | |
Updated•11 years ago
|
Assignee: general → nobody
|
||
Updated•10 years ago
|
Crash Signature: , unsigned int)]
[@ js::analyze::ScriptAnalysis::addJump(JSContext*, unsigned int, unsigned int*, unsigned int*, unsigned int*, unsigned int)] → , unsigned int)]
[@ js::analyze::ScriptAnalysis::addJump(JSContext*, unsigned int, unsigned int*, unsigned int*, unsigned int*, unsigned int)]
[@ js::analyze::ScriptAnalysis::addJump]
|
||
Comment 9•7 years ago
|
||
Closing because no crash reported since 12 weeks.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → WONTFIX
|
|
||
Comment 10•7 years ago
|
||
Closing because no crash reported since 12 weeks.
You need to log in
before you can comment on or make changes to this bug.
Description
•