Closed
Bug 736815
Opened 11 years ago
Closed 11 years ago
crash in js_ValueToBoolean
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
FIXED
mozilla14
People
(Reporter: scoobidiver, Unassigned)
References
Details
(Keywords: crash, regression, topcrash)
Crash Data
It's a residual crash but there's a spike in crashes from 14.0a1/20120317, all in 64-bit builds. The regression range for the spike is: http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=e5f6caa40409&tochange=ecaad3ae9964 It might be a regression from bug 730497 or bug 733950. 64-bit stacks are various and probably buggy: Frame Module Signature [Expand] Source 0 xul.dll js_ValueToBoolean js/src/jsbool.cpp:222 1 xul.dll js::Interpret js/src/jsinterp.cpp:1938 2 xul.dll js::mjit::stubs::TypeBarrierHelper js/src/methodjit/StubCalls.cpp:1651 ... Frame Module Signature [Expand] Source 0 xul.dll js_ValueToBoolean js/src/jsbool.cpp:222 1 xul.dll js::Interpret js/src/jsinterp.cpp:1938 2 xul.dll nsCSSRendering::PaintBackgroundWithSC layout/base/nsCSSRendering.cpp:2359 Frame Module Signature [Expand] Source 0 xul.dll js_ValueToBoolean js/src/jsbool.cpp:222 1 xul.dll js::Interpret js/src/jsinterp.cpp:2389 2 xul.dll nsGlobalWindow::QueryInterface dom/base/nsGlobalWindow.cpp:1398 3 xul.dll SearchTable js/src/jsdhash.cpp:469 4 nspr4.dll PR_ExitMonitor nsprpub/pr/src/threads/prmon.c:132 5 xul.dll nsEventStateManager::PostHandleEvent content/events/src/nsEventStateManager.cpp:3460 Frame Module Signature [Expand] Source 0 xul.dll js_ValueToBoolean js/src/jsbool.cpp:222 1 xul.dll js::Interpret js/src/jsinterp.cpp:1938 2 nspr4.dll PR_GetCurrentThread nsprpub/pr/src/threads/prcthr.c:174 3 nspr4.dll PR_GetCurrentThread nsprpub/pr/src/threads/prcthr.c:174 4 xul.dll XPCCallContext::Init js/xpconnect/src/XPCCallContext.cpp:157 5 xul.dll XPCCallContext::~XPCCallContext js/xpconnect/src/XPCCallContext.cpp:350 6 xul.dll nsGlobalWindow::SetTimeoutOrInterval dom/base/nsGlobalWindow.cpp:9192 7 xul.dll nsXPCWrappedJSClass::DelegatedQueryInterface js/xpconnect/src/XPCWrappedJSClass.cpp:785 8 nspr4.dll PR_GetCurrentThread nsprpub/pr/src/threads/prcthr.c:174 ... Frame Module Signature [Expand] Source 0 xul.dll js_ValueToBoolean js/src/jsbool.cpp:222 1 xul.dll js::Interpret js/src/jsinterp.cpp:1938 2 KERNELBASE.dll SystemTimeToFileTime 3 nspr4.dll PR_Unlock nsprpub/pr/src/threads/combined/prulock.c:347 4 xul.dll nsJSContext::ScriptEvaluated dom/base/nsJSEnvironment.cpp:2967 5 xul.dll nsRefPtr<nsIDOMEventListener>::~nsRefPtr<nsIDOMEventListener> obj-firefox/dist/include/nsAutoPtr.h:908 6 xul.dll XPCCallContext::~XPCCallContext js/xpconnect/src/XPCCallContext.cpp:350 7 xul.dll AutoScriptEvaluate::~AutoScriptEvaluate js/xpconnect/src/XPCWrappedJSClass.cpp:119 ... Frame Module Signature [Expand] Source 0 xul.dll js_ValueToBoolean js/src/jsbool.cpp:222 1 xul.dll js::Interpret js/src/jsinterp.cpp:1914 2 xul.dll XPCWrappedNative::GetWrappedNativeOfJSObject js/xpconnect/src/XPCWrappedNative.cpp:1773 3 mozglue.dll arena_run_split memory/jemalloc/jemalloc.c:3333 4 mozglue.dll choose_arena memory/jemalloc/jemalloc.c:2972 5 mozglue.dll je_malloc memory/jemalloc/jemalloc.c:6299 6 xul.dll js::TokenStream::getTokenInternal js/src/frontend/TokenStream.cpp:2143 7 mozglue.dll choose_arena memory/jemalloc/jemalloc.c:2972 8 xul.dll js_NewStringCopyN js/src/jsstr.cpp:3209 9 xul.dll js::Parser::memberExpr js/src/frontend/Parser.cpp:5770 ... Frame Module Signature [Expand] Source 0 xul.dll js_ValueToBoolean js/src/jsbool.cpp:222 1 xul.dll js::Interpret js/src/jsinterp.cpp:1914 2 xul.dll xul.dll@0xd4baf 3 mozglue.dll je_malloc memory/jemalloc/jemalloc.c:6299 4 xul.dll js::TokenStream::getTokenInternal js/src/frontend/TokenStream.cpp:2143 5 xul.dll js_NewStringCopyN js/src/jsstr.cpp:3209 6 xul.dll js::Parser::memberExpr js/src/frontend/Parser.cpp:5770 ... Frame Module Signature [Expand] Source 0 xul.dll js_ValueToBoolean js/src/jsbool.cpp:222 1 xul.dll js::Interpret js/src/jsinterp.cpp:1914 2 xul.dll nsDocShell::QueryInterface docshell/base/nsDocShell.cpp:907 3 mozglue.dll choose_arena memory/jemalloc/jemalloc.c:2972 4 xul.dll nsDocShell::FindChildWithName docshell/base/nsDocShell.cpp:3315 5 mozglue.dll je_malloc memory/jemalloc/jemalloc.c:6299 6 xul.dll js::TokenStream::getTokenInternal js/src/frontend/TokenStream.cpp:2143 7 mozglue.dll choose_arena memory/jemalloc/jemalloc.c:2972 8 xul.dll js_NewStringCopyN js/src/jsstr.cpp:3209 9 xul.dll js::Parser::memberExpr js/src/frontend/Parser.cpp:5770 ... More crash reports at: https://crash-stats.mozilla.com/report/list?signature=js_ValueToBoolean%28JS%3A%3AValue+const%26%29
Reporter | ||
Comment 1•11 years ago
|
||
It's #6 top crasher in 14.0a1 over the last 3 days.
Keywords: topcrash
Comment 2•11 years ago
|
||
This is probably bug 737447 which has a reproducible url.
Reporter | ||
Updated•11 years ago
|
Crash Signature: [@ js_ValueToBoolean(JS::Value const&)] → [@ js_ValueToBoolean(JS::Value const&)]
[@ js_ValueToBoolean]
OS: Windows 7 → All
Hardware: x86_64 → All
Reporter | ||
Updated•11 years ago
|
tracking-firefox14:
--- → ?
![]() |
||
Comment 3•11 years ago
|
||
I agree with comment 2. The fix is on m-c and should be in the next nightly, so let's see if this spike goes down.
Updated•11 years ago
|
Comment 4•11 years ago
|
||
Dropped off to almost nothing following 3/22. What do we do with these when they go away? Do we close WFM? Take off tracking? Mark as dup?
Reporter | ||
Comment 5•11 years ago
|
||
The latest crash in the trunk happened in 14.0a1/20120322. The working range is: http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=5c13fce74f83&tochange=ab2ff3b5611f It was fixed by bug 737388, a dupe of bug 737447.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
![]() |
||
Comment 6•11 years ago
|
||
(In reply to David Mandelin from comment #4) > Dropped off to almost nothing following 3/22. What do we do with these when > they go away? Do we close WFM? Take off tracking? Mark as dup? I'd usually go WFM if we don't know what fixed it, DUPE to the fix if we know what it was. (In reply to Scoobidiver from comment #5) > It was fixed by bug 737388, a dupe of bug 737447. In that case, for correctness, it would have made sense to mark it as a dupe of the bug that contains the patch that landed and fixed this. I won't change around this one though, no need for bugspamming, the important fact is that it's RESOLVED. :)
Reporter | ||
Comment 7•11 years ago
|
||
(In reply to Robert Kaiser (:kairo@mozilla.com) from comment #6) > In that case, for correctness, it would have made sense to mark it as a dupe > of the bug that contains the patch that landed and fixed this. I would have done it but you can't do that for security sensitive bugs.
Reporter | ||
Updated•11 years ago
|
Target Milestone: --- → mozilla14
Updated•11 years ago
|
status-firefox14:
--- → fixed
Comment 8•11 years ago
|
||
(In reply to Scoobidiver from comment #0) > More crash reports at: > https://crash-stats.mozilla.com/report/ > list?signature=js_ValueToBoolean%28JS%3A%3AValue+const%26%29 33 crashes in b6 23 in b7 Low volume of crashes - marking as verified for 14 based on crash stats.
You need to log in
before you can comment on or make changes to this bug.
Description
•