Closed Bug 732346 Opened 10 years ago Closed 8 years ago

Crash in js::CheckScript

Categories

(Core :: JavaScript Engine, defect)

All
Windows 7
defect
Not set
critical

Tracking

()

RESOLVED WORKSFORME

People

(Reporter: scoobidiver, Unassigned)

References

Details

(Keywords: crash)

Crash Data

It's a new crash signature that first appeared in 13.0a1/20120216. The regression window is:
http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=d45c7d7b0079&tochange=a853f4017192

Stacks are various:
Frame 	Module 	Signature [Expand] 	Source
0 	mozglue.dll 	MOZ_Crash 	mfbt/Assertions.cpp:70
1 	mozglue.dll 	MOZ_Assert 	mfbt/Assertions.cpp:88
2 	mozjs.dll 	js::CheckScript 	js/src/jsscript.cpp:333
3 	mozjs.dll 	js::gc::MarkChildren 	js/src/jsgcmark.cpp:684
4 	mozjs.dll 	js::gc::PushMarkStack 	js/src/jsgcmark.cpp:475
5 	mozjs.dll 	js::gc::MarkScript 	js/src/jsgcmark.cpp:209
6 	mozjs.dll 	JSFunction::trace 	js/src/jsfun.cpp:1101
7 	mozjs.dll 	fun_trace 	js/src/jsfun.cpp:1110
8 	mozjs.dll 	js::GCMarker::processMarkStackTop 	js/src/jsgcmark.cpp:1129
9 	mozjs.dll 	js::GCMarker::drainMarkStack 	js/src/jsgcmark.cpp:1172
...

Frame 	Module 	Signature [Expand] 	Source
0 	mozglue.dll 	MOZ_Crash 	mfbt/Assertions.cpp:70
1 	mozglue.dll 	MOZ_Assert 	mfbt/Assertions.cpp:88
2 	mozjs.dll 	js::CheckScript 	js/src/jsscript.cpp:333
3 		@0x1f3036f 	
4 	mozjs.dll 	GCCycle 	js/src/jsgc.cpp:2892
5 	mozjs.dll 	js_GC 	js/src/jsgc.cpp:2946
6 	mozjs.dll 	js::GCForReason 	js/src/jsfriendapi.cpp:135
7 	xul.dll 	nsXPConnect::Collect 	js/xpconnect/src/nsXPConnect.cpp:429
8 	xul.dll 	ShrinkGCBuffersTimerFired 	dom/base/nsJSEnvironment.cpp:3368
9 	xul.dll 	nsAppShell::ProcessNextNativeEvent 	widget/windows/nsAppShell.cpp:361
...

Frame 	Module 	Signature [Expand] 	Source
0 	mozglue.dll 	MOZ_Crash 	mfbt/Assertions.cpp:70
1 	xul.dll 	xul.dll@0x3a99df 	
2 	mozglue.dll 	MOZ_Assert 	mfbt/Assertions.cpp:88
3 	msvcr90.dll 	get_fpsr 	
4 	xul.dll 	js::GCMarker::appendGrayRoot 	js/src/jsgc.cpp:2108
5 	xul.dll 	js::CheckScript 	js/src/jsscript.cpp:333


More reports at:
https://crash-stats.mozilla.com/report/list?signature=MOZ_Crash
Note that MOZ_Crash was only recently added, and it effectively replaces CrashInJS (just as MOZ_Assert replaces JS_Assert).  So this is probably not new, and you can probably find these crashes with those functions at the top of the stack if you look a little bit.
Here are crash reports for the old crash signature:
https://crash-stats.mozilla.com/report/list?signature=CrashInJS%20|%20js%3A%3ACheckScript%28JSScript*%2C%20JSScript*%29
Crash Signature: [@ MOZ_Crash] → [@ MOZ_Crash] [@ CrashInJS | js::CheckScript(JSScript*, JSScript*)]
Keywords: regression
Version: 13 Branch → unspecified
Depends on: 733235
Crashed like bp-40a81912-de0b-475c-b82f-3f27e2120326 this morning while starting up 2012-03-23 Nightly.

Crashing Thread looks different to the ones in comment 0, is this the same bug or a different one?

Frame 	Module 	Signature [Expand] 	Source
0 	mozglue.dll 	MOZ_Crash 	mfbt/Assertions.cpp:70
1 	mozglue.dll 	MOZ_Assert 	mfbt/Assertions.cpp:88
2 	xul.dll 	nsXPConnect::Push 	js/xpconnect/src/nsXPConnect.cpp:2558
3 	xul.dll 	nsThread::ProcessNextEvent 	xpcom/threads/nsThread.cpp:622
4 	xul.dll 	std::deque<MessageLoop::PendingTask,std::allocator<MessageLoop::PendingTask> >::front 	deque:1204
5 	xul.dll 	MessageLoop::DoWork 	ipc/chromium/src/base/message_loop.cc:412
(In reply to alex_mayorga from comment #3)
> Crashing Thread looks different to the ones in comment 0, is this the same
> bug or a different one?
It's bug 739027.
Summary: Crash in js::CheckScript @ MOZ_Crash → Crash in js::CheckScript
Crash Signature: [@ MOZ_Crash] [@ CrashInJS | js::CheckScript(JSScript*, JSScript*)] → [@ MOZ_Crash] [@ js::CheckScript(JSScript*, JSScript*)] [@ CrashInJS | js::CheckScript(JSScript*, JSScript*)]
There have been no crashes for the last four weeks.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.