Closed Bug 779447 Opened 13 years ago Closed 6 years ago

crash in js::types::TypeObject::getFromPrototypes @ js::types::TypeObject::addProperty

Categories

(Core :: JavaScript Engine, defect)

15 Branch
x86_64
macOS
defect
Not set
critical

Tracking

()

RESOLVED WONTFIX
Tracking Status
firefox15 - ---

People

(Reporter: scoobidiver, Unassigned)

Details

(Keywords: crash, Whiteboard: [js:inv])

Crash Data

It's #1 top browser crasher in 15.0b1 and b2 on Mac OS X. Signature js::types::TypeObject::addProperty More Reports Search UUID 8ce647f7-0611-448d-a094-fc8c22120801 Date Processed 2012-08-01 09:07:25 Uptime 46 Last Crash 11.5 hours before submission Install Age 2.7 days since version was first installed. Install Time 2012-07-29 17:22:44 Product Firefox Version 15.0 Build ID 20120724191344 Release Channel beta OS Mac OS X OS Version 10.6.8 10K549 Build Architecture amd64 Build Architecture Info family 6 model 15 stepping 10 Crash Reason EXC_BAD_ACCESS / KERN_INVALID_ADDRESS Crash Address 0x8 App Notes AdapterVendorID: 0x1002, AdapterDeviceID: 0x9583GL Context? GL Context+ GL Layers? GL Layers+ EMCheckCompatibility True Adapter Vendor ID 0x1002 Adapter Device ID 0x9583 Frame Module Signature Source 0 XUL js::types::TypeObject::addProperty js/src/gc/Barrier.h:499 1 XUL js::types::TypeObject::getFromPrototypes js/src/jsinferinlines.h:1248 2 XUL TypeConstraintProp::newType js/src/jsinfer.cpp:989 3 XUL js::types::TypeSet::add js/src/jsinferinlines.h:810 4 XUL js::analyze::ScriptAnalysis::analyzeTypesBytecode js/src/jsinfer.cpp:543 5 XUL js::analyze::ScriptAnalysis::analyzeTypes js/src/jsinfer.cpp:4140 6 XUL js::mjit::Compiler::checkAnalysis js/src/jsinferinlines.h:1454 7 XUL js::mjit::Compiler::performCompilation js/src/methodjit/Compiler.cpp:503 8 XUL js::mjit::Compiler::compile js/src/methodjit/Compiler.cpp:112 9 XUL js::mjit::CanMethodJIT js/src/methodjit/Compiler.cpp:978 10 XUL js::Interpret js/src/jsinterp.cpp:1558 11 XUL js::RunScript js/src/jsinterp.cpp:266 12 XUL js::InvokeKernel js/src/jsinterp.cpp:329 ... Here are some correlations per extension: js::types::TypeObject::addProperty|EXC_BAD_ACCESS / KERN_INVALID_ADDRESS (49 crashes) 14% (7/49) vs. 5% (30/636) personas@christopher.beard (Personas, https://addons.mozilla.org/addon/10900) 10% (5/49) vs. 1% (7/636) FFToolbar@upromise 10% (5/49) vs. 2% (12/636) {0538E3E3-7E9B-4d49-8831-A227C80A7AD3} (Forecastfox, https://addons.mozilla.org/addon/398) More reports at: https://crash-stats.mozilla.com/report/list?signature=js%3A%3Atypes%3A%3ATypeObject%3A%3AaddProperty
Hmmm, Mac-only, and showed up only in Beta. So I guess we don't get a regression range. It looks like mostly NPEs.
98.148 % of these crashes are on amd64 architecture - does that provoke any ideas?
(In reply to David Mandelin [:dmandelin] from comment #1) > Hmmm, Mac-only, and showed up only in Beta. So I guess we don't get a > regression range. They first appeared on July 26 at 17H34 UTC, even on Android, so it's an external cause. Flash 11.3.300.268 was released this day (see http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html).
Keywords: needURLs
(In reply to Lukas Blakk [:lsblakk] from comment #2) > 98.148 % of these crashes are on amd64 architecture - does that provoke any > ideas? I noticed that too, but I'm not sure what to make of it. I think it might be some crash that just happens to show a different signature on x86 vs x64.
Crash Signature: [@ js::types::TypeObject::addProperty] → [@ js::types::TypeObject::addProperty] [@ js::types::TypeObject::getFromPrototypes]
removing topcrash from keywords as these signatures have dropped off the topcrashers for 15.
Whiteboard: [js:inv]
Crash Signature: [@ js::types::TypeObject::addProperty] [@ js::types::TypeObject::getFromPrototypes] → [@ js::types::TypeObject::addProperty] [@ js::types::TypeObject::addProperty(JSContext*, int, js::types::Property**) ] [@ js::types::TypeObject::getFromPrototypes] [@ js::types::TypeObject::getFromPrototypes(JSContext*, int, js::types::TypeSet*, bool) ]
Assignee: general → nobody
Closing because no crash reported since 12 weeks.
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → WONTFIX
Closing because no crash reported since 12 weeks.
You need to log in before you can comment on or make changes to this bug.