Closed
Bug 727980
Opened 13 years ago
Closed 13 years ago
Crash @ js::gc::MarkRootRange<JSAtom>
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
FIXED
mozilla13
People
(Reporter: scoobidiver, Assigned: terrence)
References
Details
(Keywords: crash, regression, Whiteboard: startupcrash)
Crash Data
Attachments
(1 file)
|
2.20 KB,
patch
|
billm
:
review+
|
Details | Diff | Splinter Review |
It's a new crash signature that first appeared in today's build.
The regression range is:
http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=d45c7d7b0079&tochange=a853f4017192
It's likely a regression from bug 721463.
Signature js::gc::MarkRootRange<JSAtom> More Reports Search
UUID ea9c9cce-ad73-4115-bc45-20e872120216
Date Processed 2012-02-16 19:41:36
Uptime 3
Last Crash 5.7 weeks before submission
Install Age 2.7 hours since version was first installed.
Install Time 2012-02-16 16:58:01
Product Firefox
Version 13.0a1
Build ID 20120216031231
Release Channel nightly
OS Windows NT
OS Version 6.1.7601 Service Pack 1
Build Architecture x86
Build Architecture Info GenuineIntel family 6 model 23 stepping 7
Crash Reason EXCEPTION_ACCESS_VIOLATION_READ
Crash Address 0x0
User Comments
App Notes
AdapterVendorID: 0x10de, AdapterDeviceID: 0x05e3, AdapterSubsysID: 040110b0, AdapterDriverVersion: 8.17.12.8562
D2D? D2D+
DWrite? DWrite+
D3D10 Layers? D3D10 Layers+
EMCheckCompatibility True
Total Virtual Memory 4294836224
Available Virtual Memory 3813576704
System Memory Use Percentage 38
Available Page File 3446640640
Available Physical Memory 2644324352
Frame Module Signature [Expand] Source
0 mozjs.dll js::gc::MarkRootRange<JSAtom> js/src/jsgcmark.cpp:161
1 mozjs.dll js::gc::MarkChildren js/src/jsgcmark.cpp:672
2 mozjs.dll js::gc::PushMarkStack js/src/jsgcmark.cpp:440
3 mozjs.dll js::gc::MarkScriptRoot js/src/jsgcmark.cpp:110
4 mozjs.dll js::gc::MarkKind js/src/jsgcmark.cpp:225
5 mozjs.dll js::MarkIfGCThingWord js/src/jsgc.cpp:1033
6 mozjs.dll js::MarkConservativeStackRoots js/src/jsgc.cpp:1094
7 mozjs.dll js::MarkRuntime js/src/jsgc.cpp:2037
8 mozjs.dll BeginMarkPhase js/src/jsgc.cpp:2651
9 mozjs.dll MarkAndSweep js/src/jsgc.cpp:2830
10 mozjs.dll js::Vector<JSC::ExecutablePool*,2,js::SystemAllocPolicy>::growStorageBy obj-firefox/dist/include/js/Vector.h:667
11 mozjs.dll GCCycle js/src/jsgc.cpp:2912
12 mozjs.dll js_GC js/src/jsgc.cpp:2966
13 mozjs.dll js::gc::ArenaLists::refillFreeList js/src/jsgc.cpp:1637
14 mozjs.dll js_NewGCString js/src/jsgcinlines.h:445
15 mozjs.dll js_NewStringCopyN js/src/jsstr.cpp:3277
16 mozjs.dll js_AtomizeChars js/src/jsatom.cpp:585
17 mozjs.dll js_XDRAtom js/src/jsxdrapi.cpp:660
More reports at:
https://crash-stats.mozilla.com/report/list?signature=js%3A%3Agc%3A%3AMarkRootRange%3CJSAtom%3E
|
Assignee | |
Comment 1•13 years ago
|
||
This expands the loop inline, rather than adding an Unbarriered range marker just for this one case. Also fixes two style nits from that checkin.
Comment on attachment 597996 [details] [diff] [review]
v0: Don't mark script atoms as roots.
Review of attachment 597996 [details] [diff] [review]:
-----------------------------------------------------------------
Thanks for the quick fix.
::: js/src/jsgcmark.cpp
@@ +670,5 @@
>
> JS_ASSERT_IF(trc->runtime->gcCheckCompartment,
> script->compartment() == trc->runtime->gcCheckCompartment);
>
> + for (uint32_t i = 0; i < script->natoms; ++i)
Could you put braces around the for loop? I think we usually do this for multi-line stuff, even if they're not required.
Attachment #597996 -
Flags: review?(wmccloskey) → review+
|
|
Assignee | |
Comment 3•13 years ago
|
||
http://hg.mozilla.org/integration/mozilla-inbound/rev/373679b39918
Good catch, Scoobidiver! Thanks for tracking this.
|
Reporter | |
Updated•13 years ago
|
Keywords: regression
Version: 12 Branch → 13 Branch
|
||
Comment 4•13 years ago
|
||
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla13
You need to log in
before you can comment on or make changes to this bug.
Description
•