crash in js_ValueToBoolean

RESOLVED FIXED in Firefox 14

Status

()

Product:
Core
Component:
JavaScript Engine
--
critical
RESOLVED FIXED
Reported:
6 years ago
Modified:
5 years ago

People

(Reporter: Scoobidiver (away), Unassigned)

Tracking

({crash, regression, topcrash})

Version:
14 Branch
Target:
mozilla14
Keywords:
crash, regression, topcrash
Points:
---

Firefox Tracking Flags

(firefox14+ verified)

Details

(crash signature)

(Reporter)

Description

6 years ago 
It's a residual crash but there's a spike in crashes from 14.0a1/20120317, all in 64-bit builds.
The regression range for the spike is:
http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=e5f6caa40409&tochange=ecaad3ae9964
It might be a regression from bug 730497 or bug 733950.

64-bit stacks are various and probably buggy:
Frame 	Module 	Signature [Expand] 	Source
0 	xul.dll 	js_ValueToBoolean 	js/src/jsbool.cpp:222
1 	xul.dll 	js::Interpret 	js/src/jsinterp.cpp:1938
2 	xul.dll 	js::mjit::stubs::TypeBarrierHelper 	js/src/methodjit/StubCalls.cpp:1651
...

Frame 	Module 	Signature [Expand] 	Source
0 	xul.dll 	js_ValueToBoolean 	js/src/jsbool.cpp:222
1 	xul.dll 	js::Interpret 	js/src/jsinterp.cpp:1938
2 	xul.dll 	nsCSSRendering::PaintBackgroundWithSC 	layout/base/nsCSSRendering.cpp:2359

Frame 	Module 	Signature [Expand] 	Source
0 	xul.dll 	js_ValueToBoolean 	js/src/jsbool.cpp:222
1 	xul.dll 	js::Interpret 	js/src/jsinterp.cpp:2389
2 	xul.dll 	nsGlobalWindow::QueryInterface 	dom/base/nsGlobalWindow.cpp:1398
3 	xul.dll 	SearchTable 	js/src/jsdhash.cpp:469
4 	nspr4.dll 	PR_ExitMonitor 	nsprpub/pr/src/threads/prmon.c:132
5 	xul.dll 	nsEventStateManager::PostHandleEvent 	content/events/src/nsEventStateManager.cpp:3460

Frame 	Module 	Signature [Expand] 	Source
0 	xul.dll 	js_ValueToBoolean 	js/src/jsbool.cpp:222
1 	xul.dll 	js::Interpret 	js/src/jsinterp.cpp:1938
2 	nspr4.dll 	PR_GetCurrentThread 	nsprpub/pr/src/threads/prcthr.c:174
3 	nspr4.dll 	PR_GetCurrentThread 	nsprpub/pr/src/threads/prcthr.c:174
4 	xul.dll 	XPCCallContext::Init 	js/xpconnect/src/XPCCallContext.cpp:157
5 	xul.dll 	XPCCallContext::~XPCCallContext 	js/xpconnect/src/XPCCallContext.cpp:350
6 	xul.dll 	nsGlobalWindow::SetTimeoutOrInterval 	dom/base/nsGlobalWindow.cpp:9192
7 	xul.dll 	nsXPCWrappedJSClass::DelegatedQueryInterface 	js/xpconnect/src/XPCWrappedJSClass.cpp:785
8 	nspr4.dll 	PR_GetCurrentThread 	nsprpub/pr/src/threads/prcthr.c:174
...

Frame 	Module 	Signature [Expand] 	Source
0 	xul.dll 	js_ValueToBoolean 	js/src/jsbool.cpp:222
1 	xul.dll 	js::Interpret 	js/src/jsinterp.cpp:1938
2 	KERNELBASE.dll 	SystemTimeToFileTime 	
3 	nspr4.dll 	PR_Unlock 	nsprpub/pr/src/threads/combined/prulock.c:347
4 	xul.dll 	nsJSContext::ScriptEvaluated 	dom/base/nsJSEnvironment.cpp:2967
5 	xul.dll 	nsRefPtr<nsIDOMEventListener>::~nsRefPtr<nsIDOMEventListener> 	obj-firefox/dist/include/nsAutoPtr.h:908
6 	xul.dll 	XPCCallContext::~XPCCallContext 	js/xpconnect/src/XPCCallContext.cpp:350
7 	xul.dll 	AutoScriptEvaluate::~AutoScriptEvaluate 	js/xpconnect/src/XPCWrappedJSClass.cpp:119
...

Frame 	Module 	Signature [Expand] 	Source
0 	xul.dll 	js_ValueToBoolean 	js/src/jsbool.cpp:222
1 	xul.dll 	js::Interpret 	js/src/jsinterp.cpp:1914
2 	xul.dll 	XPCWrappedNative::GetWrappedNativeOfJSObject 	js/xpconnect/src/XPCWrappedNative.cpp:1773
3 	mozglue.dll 	arena_run_split 	memory/jemalloc/jemalloc.c:3333
4 	mozglue.dll 	choose_arena 	memory/jemalloc/jemalloc.c:2972
5 	mozglue.dll 	je_malloc 	memory/jemalloc/jemalloc.c:6299
6 	xul.dll 	js::TokenStream::getTokenInternal 	js/src/frontend/TokenStream.cpp:2143
7 	mozglue.dll 	choose_arena 	memory/jemalloc/jemalloc.c:2972
8 	xul.dll 	js_NewStringCopyN 	js/src/jsstr.cpp:3209
9 	xul.dll 	js::Parser::memberExpr 	js/src/frontend/Parser.cpp:5770
...

Frame 	Module 	Signature [Expand] 	Source
0 	xul.dll 	js_ValueToBoolean 	js/src/jsbool.cpp:222
1 	xul.dll 	js::Interpret 	js/src/jsinterp.cpp:1914
2 	xul.dll 	xul.dll@0xd4baf 	
3 	mozglue.dll 	je_malloc 	memory/jemalloc/jemalloc.c:6299
4 	xul.dll 	js::TokenStream::getTokenInternal 	js/src/frontend/TokenStream.cpp:2143
5 	xul.dll 	js_NewStringCopyN 	js/src/jsstr.cpp:3209
6 	xul.dll 	js::Parser::memberExpr 	js/src/frontend/Parser.cpp:5770
...

Frame 	Module 	Signature [Expand] 	Source
0 	xul.dll 	js_ValueToBoolean 	js/src/jsbool.cpp:222
1 	xul.dll 	js::Interpret 	js/src/jsinterp.cpp:1914
2 	xul.dll 	nsDocShell::QueryInterface 	docshell/base/nsDocShell.cpp:907
3 	mozglue.dll 	choose_arena 	memory/jemalloc/jemalloc.c:2972
4 	xul.dll 	nsDocShell::FindChildWithName 	docshell/base/nsDocShell.cpp:3315
5 	mozglue.dll 	je_malloc 	memory/jemalloc/jemalloc.c:6299
6 	xul.dll 	js::TokenStream::getTokenInternal 	js/src/frontend/TokenStream.cpp:2143
7 	mozglue.dll 	choose_arena 	memory/jemalloc/jemalloc.c:2972
8 	xul.dll 	js_NewStringCopyN 	js/src/jsstr.cpp:3209
9 	xul.dll 	js::Parser::memberExpr 	js/src/frontend/Parser.cpp:5770
...

More crash reports at:
https://crash-stats.mozilla.com/report/list?signature=js_ValueToBoolean%28JS%3A%3AValue+const%26%29
 (Reporter)

Comment 1

6 years ago 
It's #6 top crasher in 14.0a1 over the last 3 days.
Keywords: topcrash

Comment 2

6 years ago 
This is probably bug 737447 which has a reproducible url.
 (Reporter)

Updated

6 years ago
Depends on: 737447
 (Reporter)

Updated

6 years ago
Crash Signature: [@ js_ValueToBoolean(JS::Value const&)] → [@ js_ValueToBoolean(JS::Value const&)] [@ js_ValueToBoolean]
OS: Windows 7 → All
Hardware: x86_64 → All
 (Reporter)

Updated

6 years ago
tracking-firefox14: --- → ?

Comment 3

6 years ago 
I agree with comment 2.  The fix is on m-c and should be in the next nightly, so let's see if this spike goes down.
tracking-firefox14: ? → +

Comment 4

6 years ago 
Dropped off to almost nothing following 3/22. What do we do with these when they go away? Do we close WFM? Take off tracking? Mark as dup?
 (Reporter)

Comment 5

6 years ago 
The latest crash in the trunk happened in 14.0a1/20120322. The working range is:
http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=5c13fce74f83&tochange=ab2ff3b5611f
It was fixed by bug 737388, a dupe of bug 737447.
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → FIXED

Comment 6

6 years ago 
(In reply to David Mandelin from comment #4)
> Dropped off to almost nothing following 3/22. What do we do with these when
> they go away? Do we close WFM? Take off tracking? Mark as dup?

I'd usually go WFM if we don't know what fixed it, DUPE to the fix if we know what it was.


(In reply to Scoobidiver from comment #5)
> It was fixed by bug 737388, a dupe of bug 737447.

In that case, for correctness, it would have made sense to mark it as a dupe of the bug that contains the patch that landed and fixed this. I won't change around this one though, no need for bugspamming, the important fact is that it's RESOLVED. :)
 (Reporter)

Comment 7

6 years ago 
(In reply to Robert Kaiser (:kairo@mozilla.com) from comment #6) 
> In that case, for correctness, it would have made sense to mark it as a dupe
> of the bug that contains the patch that landed and fixed this.
I would have done it but you can't do that for security sensitive bugs.
 (Reporter)

Updated

6 years ago
Target Milestone: --- → mozilla14

Updated

5 years ago
status-firefox14: --- → fixed

Comment 8

5 years ago 
(In reply to Scoobidiver from comment #0)
> More crash reports at:
> https://crash-stats.mozilla.com/report/
> list?signature=js_ValueToBoolean%28JS%3A%3AValue+const%26%29

33 crashes in b6
23 in b7

Low volume of crashes - marking as verified for 14 based on crash stats.
status-firefox14: fixed → verified
You need to log in before you can comment on or make changes to this bug.