Closed
Bug 706104
Opened 13 years ago
Closed 6 years ago
Crash in js::analyze::ScriptAnalysis::addJump
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
WONTFIX
People
(Reporter: scoobidiver, Unassigned)
References
Details
(Keywords: crash, regression, Whiteboard: [startupcrash])
Crash Data
It's #52 top crasher in 10.0a2 over the last 3 days; It first appeared in 10.a1/20111031. The regression range is: http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=abdbf0646a21&tochange=04b4ea333800 It no longer happens from 11.0a1/20111121. The fixing range is: http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=78cd6a30e250&tochange=8ceaedf06a57 Signature js::analyze::ScriptAnalysis::addJump(JSContext*, unsigned int, unsigned int*, unsigned int*, unsigned int) UUID 45fe6a4f-e45b-4759-8f7e-df2582111128 Date Processed 2011-11-28 22:37:10.789171 Uptime 717 Install Age 1.6 hours since version was first installed. Install Time 2011-11-29 05:03:40 Product Firefox Version 10.0a2 Build ID 20111128042018 Release Channel aurora OS Windows NT OS Version 6.1.7601 Service Pack 1 Build Architecture x86 Build Architecture Info GenuineIntel family 6 model 37 stepping 5 Crash Reason EXCEPTION_ACCESS_VIOLATION_READ Crash Address 0x532c39d4 App Notes AdapterVendorID: 8086, AdapterDeviceID: 0046, AdapterSubsysID: 17021043, AdapterDriverVersion: 8.15.10.2538 D2D? D2D+ DWrite? DWrite+ D3D10 Layers? D3D10 Layers+ EMCheckCompatibility True Crashing Thread Frame Module Signature [Expand] Source 0 mozjs.dll js::analyze::ScriptAnalysis::addJump js/src/jsanalyze.cpp:80 1 mozjs.dll js::analyze::ScriptAnalysis::analyzeBytecode js/src/jsanalyze.cpp:493 2 mozjs.dll JSScript::makeAnalysis js/src/jsinfer.cpp:5507 3 mozjs.dll JSScript::ensureRanAnalysis js/src/jsinferinlines.h:1270 4 mozjs.dll js::types::TypeMonitorCall js/src/jsinferinlines.h:327 5 mozjs.dll js::InvokeKernel js/src/jsinterp.cpp:631 6 mozjs.dll js::Invoke js/src/jsinterp.cpp:679 7 mozjs.dll JS_CallFunctionValue js/src/jsapi.cpp:5199 8 xul.dll nsJSContext::CallEventHandler dom/base/nsJSEnvironment.cpp:1937 9 xul.dll nsJSEventListener::HandleEvent dom/src/events/nsJSEventListener.cpp:211 10 xul.dll nsCxPusher::RePush content/base/src/nsContentUtils.cpp:2610 11 @0x44b 12 xul.dll nsScriptLoader::FireScriptEvaluated content/base/src/nsScriptLoader.cpp:844 13 xul.dll nsScriptLoader::ProcessRequest content/base/src/nsScriptLoader.cpp:811 14 mozutils.dll je_free memory/jemalloc/jemalloc.c:6497 More reports at: https://crash-stats.mozilla.com/report/list?signature=js%3A%3Aanalyze%3A%3AScriptAnalysis%3A%3AaddJump%28JSContext*%2C%20unsigned%20int%2C%20unsigned%20int*%2C%20unsigned%20int*%2C%20unsigned%20int%29
|
||
Comment 1•13 years ago
|
||
This signature has quickly risen up to #2 on trunk in yesterday's data!
|
Reporter | |
Comment 2•13 years ago
|
||
A similar form of the crash signature exists in 9.0. It's #122 top crasher in 9.0b4 and #115 in 10.0a2.
Crash Signature: [@ js::analyze::ScriptAnalysis::addJump(JSContext*, unsigned int, unsigned int*, unsigned int*, unsigned int) ] → [@ js::analyze::ScriptAnalysis::addJump(JSContext*, unsigned int, unsigned int*, unsigned int*, unsigned int)]
[@ js::analyze::ScriptAnalysis::addJump(JSContext*, unsigned int, unsigned int*, unsigned int*, unsigned int, unsigned int*, unsigned int)]
Version: 10 Branch → 9 Branch
|
||
Comment 3•12 years ago
|
||
did this diminish in recent firefox releases?
|
|
Reporter | |
Comment 4•12 years ago
|
||
It's about #300 browser crasher in 11.0.
Crash Signature: [@ js::analyze::ScriptAnalysis::addJump(JSContext*, unsigned int, unsigned int*, unsigned int*, unsigned int)]
[@ js::analyze::ScriptAnalysis::addJump(JSContext*, unsigned int, unsigned int*, unsigned int*, unsigned int, unsigned int*, unsigned int)] → [@ js::analyze::ScriptAnalysis::addJump(JSContext*, unsigned int, unsigned int*, unsigned int*, unsigned int)]
[@ js::analyze::ScriptAnalysis::addJump(JSContext*, unsigned int, unsigned int*, unsigned int*, unsigned int, unsigned int* unsigned int)]
[@ …
|
|
Reporter | |
Comment 5•12 years ago
|
||
It's #12 top crasher in the first days of 12.0.
Keywords: topcrash
Whiteboard: [startupcrash]
|
|
Reporter | |
Comment 8•11 years ago
|
||
It happens at a low volume: * 103 crashes in 22.0 * 7 in 23.0b9
|
Assignee | |
Updated•10 years ago
|
Assignee: general → nobody
|
||
Updated•9 years ago
|
Crash Signature: , unsigned int)]
[@ js::analyze::ScriptAnalysis::addJump(JSContext*, unsigned int, unsigned int*, unsigned int*, unsigned int*, unsigned int)] → , unsigned int)]
[@ js::analyze::ScriptAnalysis::addJump(JSContext*, unsigned int, unsigned int*, unsigned int*, unsigned int*, unsigned int)]
[@ js::analyze::ScriptAnalysis::addJump]
|
||
Comment 9•6 years ago
|
||
Closing because no crash reported since 12 weeks.
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → WONTFIX
|
|
||
Comment 10•6 years ago
|
||
Closing because no crash reported since 12 weeks.
You need to log in
before you can comment on or make changes to this bug.
Description
•