Last Comment Bug 736815 - crash in js_ValueToBoolean
: crash in js_ValueToBoolean
Status: RESOLVED FIXED
: crash, regression, topcrash
Product: Core
Classification: Components
Component: JavaScript Engine (show other bugs)
: 14 Branch
: All All
: -- critical (vote)
: mozilla14
Assigned To: general
:
: Jason Orendorff [:jorendorff]
Mentors:
Depends on: 737447
Blocks:
  Show dependency treegraph
 
Reported: 2012-03-18 01:38 PDT by Scoobidiver (away)
Modified: 2012-06-22 02:42 PDT (History)
7 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---
+
verified


Attachments

Description Scoobidiver (away) 2012-03-18 01:38:09 PDT
It's a residual crash but there's a spike in crashes from 14.0a1/20120317, all in 64-bit builds.
The regression range for the spike is:
http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=e5f6caa40409&tochange=ecaad3ae9964
It might be a regression from bug 730497 or bug 733950.

64-bit stacks are various and probably buggy:
Frame 	Module 	Signature [Expand] 	Source
0 	xul.dll 	js_ValueToBoolean 	js/src/jsbool.cpp:222
1 	xul.dll 	js::Interpret 	js/src/jsinterp.cpp:1938
2 	xul.dll 	js::mjit::stubs::TypeBarrierHelper 	js/src/methodjit/StubCalls.cpp:1651
...

Frame 	Module 	Signature [Expand] 	Source
0 	xul.dll 	js_ValueToBoolean 	js/src/jsbool.cpp:222
1 	xul.dll 	js::Interpret 	js/src/jsinterp.cpp:1938
2 	xul.dll 	nsCSSRendering::PaintBackgroundWithSC 	layout/base/nsCSSRendering.cpp:2359

Frame 	Module 	Signature [Expand] 	Source
0 	xul.dll 	js_ValueToBoolean 	js/src/jsbool.cpp:222
1 	xul.dll 	js::Interpret 	js/src/jsinterp.cpp:2389
2 	xul.dll 	nsGlobalWindow::QueryInterface 	dom/base/nsGlobalWindow.cpp:1398
3 	xul.dll 	SearchTable 	js/src/jsdhash.cpp:469
4 	nspr4.dll 	PR_ExitMonitor 	nsprpub/pr/src/threads/prmon.c:132
5 	xul.dll 	nsEventStateManager::PostHandleEvent 	content/events/src/nsEventStateManager.cpp:3460

Frame 	Module 	Signature [Expand] 	Source
0 	xul.dll 	js_ValueToBoolean 	js/src/jsbool.cpp:222
1 	xul.dll 	js::Interpret 	js/src/jsinterp.cpp:1938
2 	nspr4.dll 	PR_GetCurrentThread 	nsprpub/pr/src/threads/prcthr.c:174
3 	nspr4.dll 	PR_GetCurrentThread 	nsprpub/pr/src/threads/prcthr.c:174
4 	xul.dll 	XPCCallContext::Init 	js/xpconnect/src/XPCCallContext.cpp:157
5 	xul.dll 	XPCCallContext::~XPCCallContext 	js/xpconnect/src/XPCCallContext.cpp:350
6 	xul.dll 	nsGlobalWindow::SetTimeoutOrInterval 	dom/base/nsGlobalWindow.cpp:9192
7 	xul.dll 	nsXPCWrappedJSClass::DelegatedQueryInterface 	js/xpconnect/src/XPCWrappedJSClass.cpp:785
8 	nspr4.dll 	PR_GetCurrentThread 	nsprpub/pr/src/threads/prcthr.c:174
...

Frame 	Module 	Signature [Expand] 	Source
0 	xul.dll 	js_ValueToBoolean 	js/src/jsbool.cpp:222
1 	xul.dll 	js::Interpret 	js/src/jsinterp.cpp:1938
2 	KERNELBASE.dll 	SystemTimeToFileTime 	
3 	nspr4.dll 	PR_Unlock 	nsprpub/pr/src/threads/combined/prulock.c:347
4 	xul.dll 	nsJSContext::ScriptEvaluated 	dom/base/nsJSEnvironment.cpp:2967
5 	xul.dll 	nsRefPtr<nsIDOMEventListener>::~nsRefPtr<nsIDOMEventListener> 	obj-firefox/dist/include/nsAutoPtr.h:908
6 	xul.dll 	XPCCallContext::~XPCCallContext 	js/xpconnect/src/XPCCallContext.cpp:350
7 	xul.dll 	AutoScriptEvaluate::~AutoScriptEvaluate 	js/xpconnect/src/XPCWrappedJSClass.cpp:119
...

Frame 	Module 	Signature [Expand] 	Source
0 	xul.dll 	js_ValueToBoolean 	js/src/jsbool.cpp:222
1 	xul.dll 	js::Interpret 	js/src/jsinterp.cpp:1914
2 	xul.dll 	XPCWrappedNative::GetWrappedNativeOfJSObject 	js/xpconnect/src/XPCWrappedNative.cpp:1773
3 	mozglue.dll 	arena_run_split 	memory/jemalloc/jemalloc.c:3333
4 	mozglue.dll 	choose_arena 	memory/jemalloc/jemalloc.c:2972
5 	mozglue.dll 	je_malloc 	memory/jemalloc/jemalloc.c:6299
6 	xul.dll 	js::TokenStream::getTokenInternal 	js/src/frontend/TokenStream.cpp:2143
7 	mozglue.dll 	choose_arena 	memory/jemalloc/jemalloc.c:2972
8 	xul.dll 	js_NewStringCopyN 	js/src/jsstr.cpp:3209
9 	xul.dll 	js::Parser::memberExpr 	js/src/frontend/Parser.cpp:5770
...

Frame 	Module 	Signature [Expand] 	Source
0 	xul.dll 	js_ValueToBoolean 	js/src/jsbool.cpp:222
1 	xul.dll 	js::Interpret 	js/src/jsinterp.cpp:1914
2 	xul.dll 	xul.dll@0xd4baf 	
3 	mozglue.dll 	je_malloc 	memory/jemalloc/jemalloc.c:6299
4 	xul.dll 	js::TokenStream::getTokenInternal 	js/src/frontend/TokenStream.cpp:2143
5 	xul.dll 	js_NewStringCopyN 	js/src/jsstr.cpp:3209
6 	xul.dll 	js::Parser::memberExpr 	js/src/frontend/Parser.cpp:5770
...

Frame 	Module 	Signature [Expand] 	Source
0 	xul.dll 	js_ValueToBoolean 	js/src/jsbool.cpp:222
1 	xul.dll 	js::Interpret 	js/src/jsinterp.cpp:1914
2 	xul.dll 	nsDocShell::QueryInterface 	docshell/base/nsDocShell.cpp:907
3 	mozglue.dll 	choose_arena 	memory/jemalloc/jemalloc.c:2972
4 	xul.dll 	nsDocShell::FindChildWithName 	docshell/base/nsDocShell.cpp:3315
5 	mozglue.dll 	je_malloc 	memory/jemalloc/jemalloc.c:6299
6 	xul.dll 	js::TokenStream::getTokenInternal 	js/src/frontend/TokenStream.cpp:2143
7 	mozglue.dll 	choose_arena 	memory/jemalloc/jemalloc.c:2972
8 	xul.dll 	js_NewStringCopyN 	js/src/jsstr.cpp:3209
9 	xul.dll 	js::Parser::memberExpr 	js/src/frontend/Parser.cpp:5770
...

More crash reports at:
https://crash-stats.mozilla.com/report/list?signature=js_ValueToBoolean%28JS%3A%3AValue+const%26%29
Comment 1 Scoobidiver (away) 2012-03-20 04:32:10 PDT
It's #6 top crasher in 14.0a1 over the last 3 days.
Comment 2 Bob Clary [:bc:] 2012-03-21 04:38:19 PDT
This is probably bug 737447 which has a reproducible url.
Comment 3 Luke Wagner [:luke] 2012-03-22 10:31:00 PDT
I agree with comment 2.  The fix is on m-c and should be in the next nightly, so let's see if this spike goes down.
Comment 4 David Mandelin [:dmandelin] 2012-03-30 18:34:41 PDT
Dropped off to almost nothing following 3/22. What do we do with these when they go away? Do we close WFM? Take off tracking? Mark as dup?
Comment 5 Scoobidiver (away) 2012-03-30 23:31:41 PDT
The latest crash in the trunk happened in 14.0a1/20120322. The working range is:
http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=5c13fce74f83&tochange=ab2ff3b5611f
It was fixed by bug 737388, a dupe of bug 737447.
Comment 6 Robert Kaiser 2012-04-02 04:12:45 PDT
(In reply to David Mandelin from comment #4)
> Dropped off to almost nothing following 3/22. What do we do with these when
> they go away? Do we close WFM? Take off tracking? Mark as dup?

I'd usually go WFM if we don't know what fixed it, DUPE to the fix if we know what it was.


(In reply to Scoobidiver from comment #5)
> It was fixed by bug 737388, a dupe of bug 737447.

In that case, for correctness, it would have made sense to mark it as a dupe of the bug that contains the patch that landed and fixed this. I won't change around this one though, no need for bugspamming, the important fact is that it's RESOLVED. :)
Comment 7 Scoobidiver (away) 2012-04-02 04:15:54 PDT
(In reply to Robert Kaiser (:kairo@mozilla.com) from comment #6) 
> In that case, for correctness, it would have made sense to mark it as a dupe
> of the bug that contains the patch that landed and fixed this.
I would have done it but you can't do that for security sensitive bugs.
Comment 8 Virgil Dicu [:virgil] [QA] 2012-06-22 02:42:06 PDT
(In reply to Scoobidiver from comment #0)
> More crash reports at:
> https://crash-stats.mozilla.com/report/
> list?signature=js_ValueToBoolean%28JS%3A%3AValue+const%26%29

33 crashes in b6
23 in b7

Low volume of crashes - marking as verified for 14 based on crash stats.

Note You need to log in before you can comment on or make changes to this bug.