Closed
Bug 779447
Opened 13 years ago
Closed 6 years ago
crash in js::types::TypeObject::getFromPrototypes @ js::types::TypeObject::addProperty
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
WONTFIX
Tracking | Status | |
---|---|---|
firefox15 | - | --- |
People
(Reporter: scoobidiver, Unassigned)
Details
(Keywords: crash, Whiteboard: [js:inv])
Crash Data
It's #1 top browser crasher in 15.0b1 and b2 on Mac OS X.
Signature js::types::TypeObject::addProperty More Reports Search
UUID 8ce647f7-0611-448d-a094-fc8c22120801
Date Processed 2012-08-01 09:07:25
Uptime 46
Last Crash 11.5 hours before submission
Install Age 2.7 days since version was first installed.
Install Time 2012-07-29 17:22:44
Product Firefox
Version 15.0
Build ID 20120724191344
Release Channel beta
OS Mac OS X
OS Version 10.6.8 10K549
Build Architecture amd64
Build Architecture Info family 6 model 15 stepping 10
Crash Reason EXC_BAD_ACCESS / KERN_INVALID_ADDRESS
Crash Address 0x8
App Notes
AdapterVendorID: 0x1002, AdapterDeviceID: 0x9583GL Context? GL Context+ GL Layers? GL Layers+
EMCheckCompatibility True
Adapter Vendor ID 0x1002
Adapter Device ID 0x9583
Frame Module Signature Source
0 XUL js::types::TypeObject::addProperty js/src/gc/Barrier.h:499
1 XUL js::types::TypeObject::getFromPrototypes js/src/jsinferinlines.h:1248
2 XUL TypeConstraintProp::newType js/src/jsinfer.cpp:989
3 XUL js::types::TypeSet::add js/src/jsinferinlines.h:810
4 XUL js::analyze::ScriptAnalysis::analyzeTypesBytecode js/src/jsinfer.cpp:543
5 XUL js::analyze::ScriptAnalysis::analyzeTypes js/src/jsinfer.cpp:4140
6 XUL js::mjit::Compiler::checkAnalysis js/src/jsinferinlines.h:1454
7 XUL js::mjit::Compiler::performCompilation js/src/methodjit/Compiler.cpp:503
8 XUL js::mjit::Compiler::compile js/src/methodjit/Compiler.cpp:112
9 XUL js::mjit::CanMethodJIT js/src/methodjit/Compiler.cpp:978
10 XUL js::Interpret js/src/jsinterp.cpp:1558
11 XUL js::RunScript js/src/jsinterp.cpp:266
12 XUL js::InvokeKernel js/src/jsinterp.cpp:329
...
Here are some correlations per extension:
js::types::TypeObject::addProperty|EXC_BAD_ACCESS / KERN_INVALID_ADDRESS (49 crashes)
14% (7/49) vs. 5% (30/636) personas@christopher.beard (Personas, https://addons.mozilla.org/addon/10900)
10% (5/49) vs. 1% (7/636) FFToolbar@upromise
10% (5/49) vs. 2% (12/636) {0538E3E3-7E9B-4d49-8831-A227C80A7AD3} (Forecastfox, https://addons.mozilla.org/addon/398)
More reports at:
https://crash-stats.mozilla.com/report/list?signature=js%3A%3Atypes%3A%3ATypeObject%3A%3AaddProperty
Comment 1•13 years ago
|
||
Hmmm, Mac-only, and showed up only in Beta. So I guess we don't get a regression range. It looks like mostly NPEs.
Comment 2•13 years ago
|
||
98.148 % of these crashes are on amd64 architecture - does that provoke any ideas?
Reporter | ||
Comment 3•13 years ago
|
||
(In reply to David Mandelin [:dmandelin] from comment #1)
> Hmmm, Mac-only, and showed up only in Beta. So I guess we don't get a
> regression range.
They first appeared on July 26 at 17H34 UTC, even on Android, so it's an external cause. Flash 11.3.300.268 was released this day (see http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html).
Keywords: needURLs
Comment 4•13 years ago
|
||
(In reply to Lukas Blakk [:lsblakk] from comment #2)
> 98.148 % of these crashes are on amd64 architecture - does that provoke any
> ideas?
I noticed that too, but I'm not sure what to make of it. I think it might be some crash that just happens to show a different signature on x86 vs x64.
Updated•13 years ago
|
Crash Signature: [@ js::types::TypeObject::addProperty] → [@ js::types::TypeObject::addProperty]
[@ js::types::TypeObject::getFromPrototypes]
Comment 5•13 years ago
|
||
URLs:
21 http://www.newsnow.co.uk/h/Sport/Football/Premier+League/Tottenham+Hotspur/All+S
11 http://www.newsnow.co.uk/h/Sport/Football/Premier+League/Liverpool
7 http://www.newsnow.co.uk/h/Sport/Football/Scottish+League/Rangers
6 http://www.satelliteguys.us/
5 http://www.goalsarena.org/
5 http://www.newsnow.co.uk/h/Sport/Football/Premier+League/Manchester+United/All+S
4 http://www.newsnow.co.uk/h/Sport/Football/Premier+League/Newcastle+United
3 http://www.newsnow.co.uk/h/Sport/Football/Championship/Bristol+City
3 http://www.newsnow.co.uk/h/Sport/Football/Premier+League/Manchester+City
3 http://www.newsnow.co.uk/h/Sport/Football/Premier+League/West+Ham+United
3 http://www.newsnow.co.uk/h/Sport/Football/Premier+League/Tottenham+Hotspur
3 http://www.newsnow.co.uk/h/Sport/Football/Premier+League/QPR
3 http://www.irokotv.com/
2 about:newtab
2 http://hellogiggles.com/crush-of-the-week-ryan-lochte
2 http://www.satelliteguys.us/dish-forum/289084-dish-coverage-olympics-11.html
2 http://www.salon.com/2012/07/27/olympians_you_should_boo/slide_show/8
2 http://www.satelliteguys.us/dish-forum/220908-pbs-kids-sprout-coming-dish-soon.h
2 http://hellogiggles.com/diy-t-shirt-scarf
2 http://www.salon.com/2012/07/29/mitt_romneys_unexamined_past/
2 http://www.salon.com/2012/07/28/why_mitt_screws_up/
2 http://abcnews.go.com/Sports/slideshow/best-worst-olympic-team-uniforms-16763119
Keywords: needURLs
Comment 6•12 years ago
|
||
removing topcrash from keywords as these signatures have dropped off the topcrashers for 15.
Keywords: topcrash
Updated•12 years ago
|
Whiteboard: [js:inv]
Reporter | ||
Comment 7•12 years ago
|
||
It still happens at a low volume:
* 139 crashes in 22.0
* 4 in 23.0b9
More reports at:
https://crash-stats.mozilla.com/report/list?product=Firefox&signature=js%3A%3Atypes%3A%3ATypeObject%3A%3AgetFromPrototypes%28JSContext*%2C+int%2C+js%3A%3Atypes%3A%3ATypeSet*%2C+bool%29
https://crash-stats.mozilla.com/report/list?product=Firefox&signature=js%3A%3Atypes%3A%3ATypeObject%3A%3AaddProperty%28JSContext*%2C+int%2C+js%3A%3Atypes%3A%3AProperty**%29
Crash Signature: [@ js::types::TypeObject::addProperty]
[@ js::types::TypeObject::getFromPrototypes] → [@ js::types::TypeObject::addProperty]
[@ js::types::TypeObject::addProperty(JSContext*, int, js::types::Property**) ]
[@ js::types::TypeObject::getFromPrototypes]
[@ js::types::TypeObject::getFromPrototypes(JSContext*, int, js::types::TypeSet*, bool) ]
Assignee | ||
Updated•11 years ago
|
Assignee: general → nobody
Comment 8•6 years ago
|
||
Closing because no crash reported since 12 weeks.
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → WONTFIX
Comment 9•6 years ago
|
||
Closing because no crash reported since 12 weeks.
You need to log in
before you can comment on or make changes to this bug.
Description
•