Closed
Bug 810659
Opened 12 years ago
Closed 8 years ago
crash in js::frontend::FoldConstants
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
WORKSFORME
Tracking | Status | |
---|---|---|
firefox17 | --- | wontfix |
firefox18 | --- | wontfix |
firefox19 | --- | wontfix |
firefox20 | --- | wontfix |
firefox21 | --- | wontfix |
firefox22 | --- | wontfix |
firefox23 | --- | wontfix |
firefox24 | --- | wontfix |
firefox48 | --- | wontfix |
firefox49 | --- | fix-optional |
firefox50 | --- | fix-optional |
firefox51 | --- | fix-optional |
People
(Reporter: scoobidiver, Unassigned, NeedInfo)
Details
(Keywords: crash, regression, Whiteboard: [js:p2])
Crash Data
Attachments
(1 file)
It's #28 top browser crasher w/o hangs in 17.0b5 and #119 in 18.0a2. It first showed up in 17.0a1/20120722. The regression range might be: http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=446b788ab99d&tochange=462106f027af Signature js::frontend::FoldConstants(JSContext*, js::frontend::ParseNode*, js::frontend::Parser*, bool, bool) More Reports Search UUID 46318ba8-09ec-448b-a24d-8170b2121111 Date Processed 2012-11-11 04:00:27 Uptime 31 Last Crash 31.2 minutes before submission Install Age 1.7 days since version was first installed. Install Time 2012-11-09 10:01:47 Product Firefox Version 17.0 Build ID 20121106195758 Release Channel beta OS Windows NT OS Version 6.1.7600 Build Architecture x86 Build Architecture Info GenuineIntel family 6 model 42 stepping 7 Crash Reason EXCEPTION_ACCESS_VIOLATION_READ Crash Address 0xffffffff803a4760 App Notes AdapterVendorID: 0x10de, AdapterDeviceID: 0x0a65, AdapterSubsysID: 35251458, AdapterDriverVersion: 8.17.11.9646 D3D10 Layers? D3D10 Layers- D3D9 Layers? D3D9 Layers- EMCheckCompatibility True Adapter Vendor ID 0x10de Adapter Device ID 0x0a65 Total Virtual Memory 2147352576 Available Virtual Memory 1758089216 System Memory Use Percentage 40 Available Page File 4978884608 Available Physical Memory 1893294080 Frame Module Signature Source 0 mozjs.dll js::frontend::FoldConstants js/src/frontend/FoldConstants.cpp:408 1 mozjs.dll js::frontend::FoldConstants js/src/frontend/FoldConstants.cpp:426 2 mozjs.dll js::frontend::FoldConstants js/src/frontend/FoldConstants.cpp:410 3 mozjs.dll js::frontend::FoldConstants js/src/frontend/FoldConstants.cpp:426 4 mozjs.dll js::frontend::CompileScript js/src/frontend/BytecodeCompiler.cpp:193 5 mozjs.dll JS::Evaluate js/src/jsapi.cpp:5659 6 xul.dll xpc_EvalInSandbox js/xpconnect/src/XPCComponents.cpp:3923 7 xul.dll nsXPCComponents_Utils::EvalInSandbox js/xpconnect/src/XPCComponents.cpp:3834 8 xul.dll NS_InvokeByIndex_P xpcom/reflect/xptcall/src/md/win32/xptcinvoke.cpp:70 9 xul.dll XPCWrappedNative::CallMethod js/xpconnect/src/XPCWrappedNative.cpp:2406 10 xul.dll XPC_WN_CallMethod js/xpconnect/src/XPCWrappedNativeJSOps.cpp:1478 11 mozjs.dll js::InvokeKernel js/src/jsinterp.cpp:352 12 mozjs.dll js::Interpret js/src/jsinterp.cpp:2414 .... More reports at: https://crash-stats.mozilla.com/report/list?signature=js%3A%3Afrontend%3A%3AFoldConstants%28JSContext*%2C+js%3A%3Afrontend%3A%3AParseNode*%2C+js%3A%3Afrontend%3A%3AParser*%2C+bool%2C+bool%29
Comment 1•12 years ago
|
||
Marcia is going to pull URLs and correlation reports for us to try to reproduce, although this isn't strictly a topcrash as of today.
Comment 2•12 years ago
|
||
here are some manual correlations from the 6th when there was a higher volume of crashes - for addons the only one showing on the radar is Internet Download Manager, and there isn't a strong correlation to one version. js::frontend::FoldConstants(JSContext*, js::frontend::ParseNode*, js::frontend::Parser*, bool, bool)|EXCEPTION_ACCESS_VIOLATION_READ (22 crashes) 14% (3/22) vs. 2% (1311/54226) mozilla_cc@internetdownloadmanager.com (IDM CC, https://addons.mozilla.org/addon/6973) 91% (20/22) vs. 82% (44447/54226) testpilot@labs.mozilla.com (Mozilla Labs - Test Pilot, https://addons.mozilla.org/addon/13661) 100% (22/22) vs. 94% (50778/54226) {972ce4c6-7e08-4474-a285-3208198ce6fd} (Default, https://addons.mozilla.org/addon/8150) 14% (3/22) vs. 2% (1311/54226) mozilla_cc@internetdownloadmanager.com (IDM CC, https://addons.mozilla.org/addon/6973) 0% (0/22) vs. 0% (8/54226) 7.3.25 5% (1/22) vs. 1% (289/54226) 7.3.28 9% (2/22) vs. 2% (1014/54226) 7.3.29 js::frontend::FoldConstants(JSContext*, js::frontend::ParseNode*, js::frontend::Parser*, bool, bool)|EXCEPTION_ACCESS_VIOLATION_READ (22 crashes) 77% (17/22) vs. 29% (15990/54226) lz32.dll 77% (17/22) vs. 31% (16670/54226) xpsp2res.dll 95% (21/22) vs. 50% (26935/54226) t2embed.dll 77% (17/22) vs. 34% (18237/54226) wshtcpip.dll 77% (17/22) vs. 34% (18249/54226) hnetcfg.dll 68% (15/22) vs. 25% (13742/54226) cryptui.dll 77% (17/22) vs. 37% (20041/54226) comres.dll 77% (17/22) vs. 38% (20374/54226) ws2help.dll 77% (17/22) vs. 38% (20418/54226) iphlpapi.dll 68% (15/22) vs. 29% (15811/54226) wldap32.dll 100% (22/22) vs. 64% (34972/54226) browsercomps.dll 59% (13/22) vs. 24% (12961/54226) MSCTF.dll 100% (22/22) vs. 65% (35260/54226) firefox.exe 100% (22/22) vs. 65% (35297/54226) xpcom.dll 100% (22/22) vs. 66% (35542/54226) dbghelp.dll 82% (18/22) vs. 48% (25916/54226) imagehlp.dll 91% (20/22) vs. 59% (31919/54226) nssckbi.dll 91% (20/22) vs. 60% (32687/54226) freebl3.dll 91% (20/22) vs. 60% (32687/54226) nssdbm3.dll 91% (20/22) vs. 60% (32690/54226) softokn3.dll 68% (15/22) vs. 39% (20905/54226) netapi32.dll 86% (19/22) vs. 57% (30783/54226) shdocvw.dll 91% (20/22) vs. 62% (33576/54226) feclient.dll 91% (20/22) vs. 62% (33593/54226) winrnr.dll 100% (22/22) vs. 72% (39261/54226) mswsock.dll 91% (20/22) vs. 63% (34393/54226) rasadhlp.dll 100% (22/22) vs. 73% (39790/54226) wintrust.dll 68% (15/22) vs. 44% (23987/54226) mpr.dll 91% (20/22) vs. 69% (37428/54226) dnsapi.dll 27% (6/22) vs. 8% (4388/54226) idmmkb.dll 77% (17/22) vs. 58% (31616/54226) rsaenh.dll 36% (8/22) vs. 19% (10353/54226) d3d8thk.dll 36% (8/22) vs. 19% (10479/54226) d3d9.dll 32% (7/22) vs. 16% (8534/54226) MSCTFIME.IME 14% (3/22) vs. 2% (936/54226) idmcchandler2.dll 14% (3/22) vs. 2% (937/54226) idmmzcc.dll 23% (5/22) vs. 11% (6018/54226) activeds.dll 23% (5/22) vs. 11% (6019/54226) adsldpc.dll 23% (5/22) vs. 11% (6082/54226) mprapi.dll 36% (8/22) vs. 27% (14588/54226) samlib.dll 9% (2/22) vs. 0% (53/54226) idle.dll 23% (5/22) vs. 14% (7574/54226) atl.dll 9% (2/22) vs. 0% (195/54226) ffdshowmngr.dll 18% (4/22) vs. 10% (5414/54226) wmi.dll 18% (4/22) vs. 10% (5414/54226) wzcsvc.dll 18% (4/22) vs. 10% (5424/54226) esent.dll 18% (4/22) vs. 10% (5426/54226) netman.dll 18% (4/22) vs. 10% (5439/54226) wzcsapi.dll 18% (4/22) vs. 10% (5522/54226) credui.dll 18% (4/22) vs. 10% (5585/54226) netshell.dll 9% (2/22) vs. 2% (926/54226) mslbui.dll 41% (9/22) vs. 34% (18320/54226) msacm32.drv 41% (9/22) vs. 34% (18361/54226) midimap.dll 41% (9/22) vs. 34% (18460/54226) wdmaud.drv 41% (9/22) vs. 35% (18894/54226) msacm32.dll 18% (4/22) vs. 13% (6787/54226) tapi32.dll 14% (3/22) vs. 8% (4439/54226) rpchrome150browserrecordhelper.dll 26 http://www.facebook.com/ 16 about:blank 15 https://www.facebook.com/ 10 about:sessionrestore 7 about:home 6 about:newtab 5 http://www.google.co.in/ 4 https://www.facebook.com/login.php?login_attempt=1 3 https://mail.google.com/mail/u/0/?shva=1#inbox 3 https://mail.google.com/mail/?shva=1#inbox 2 https://www.facebook.com/denise.brioschi.7/posts/4769139107178?comment_id=549611 2 http://www.softpedia.com/get/Office-tools/Office-suites/Microsoft-Office.shtml 2 http://www.facebook.com/groups/189359094450913/ 2 http://www.odnoklassniki.ru/ 2 http://www.searchnu.com/406 2 https://mail.google.com/mail/?shva=1 1 http://www.google.com.vn/#hl=vi&gs_nf=3&cp=14&gs_id=l9&xhr=t&q=prince+henry+the+ 1 http://video.mthai.com/player.php?id=18M1239664650M0 1 https://mail.google.com/mail/?shva=1#inbox/ 1 http://www.yandex.ru/ 1 http://forum.index.hu/Article/showArticle?t=9068948 1 http://www.timesjobs.com/timesjobs/zicom/careers.html 1 http://www.xatcomtv.biz/assista-fazenda-de-verao-ao-vivo 1 http://www.tomshardware.com/forum/9368-63-realtek-ethernet-controller-detected 1 http://vnexpress.net/ 1 https://www.google.co.id/search?q=Pengertian+pergaulan+remaja&ie=utf-8&oe=utf-8& 1 http://www.facebook.com/groups/yahoo.amr/ 1 http://www.youtube.com/watch?v=fLexgOxsZu0 1 http://gawker.com/5929581/the-whole-worlds-a-sex-dungeon-for-kristen-stewart-and 1 http://topphimhay.com/xem-phim-theo-buoc-ram-bo-2/m67469.html 1 http://www.youtube.com/watch?v=xVtJ11BkNls&feature=youtu.be 1 http://www.telechargement-rapide.net/page33 1 http://www.youtube.com/watch?v=25smiUtfAXg 1 http://www.youtube.com/watch?NR=1&v=mAuWb3Joxt8&feature=endscreen 1 http://www.dankek.com/tutticasa/salud/bienestar 1 http://id36.fm-p.jp/41/oneone11/index.php?module=viewbk&action=ppg&stid=3&bkid=4 1 http://www.avclub.com/articles/neil-gaiman-to-return-to-doctor-who-cybermen-and- 1 http://www.facebook.com/recover/initiate 1 http://www.bt.dk/udland/bygget-med-falske-certifikater-nu-slaar-atomkraftvaerk-r 1 https://plusone.google.com/_/+1/fastbutton?bsv=m&lang=&size=small&hl=en-US&origi 1 about:addons 1 http://www.ebay.in/sch/i.html?_nkw=hp+8gb+dds2&_sacat=0&LH_BIN=1&_odkw=8gb+dds2& 1 http://www.alan4.com/video/8818/watch.html 1 http://s.cafef.vn/hastc/PVC-tong-cong-ty-dung-dich-khoan-va-hoa-pham-dau-khictcp 1 http://js.wlxrs.com/3xaTP4tWZOroge1dGlMz7w2-XuLliqg3SQbWEm6z7RtmtO7tkBiQU9XROIlp 1 http://xe.mg40.mail.yahoo.com/neo/launch?.rand=53sl40t6fdjd6 1 http://www.mysearchresults.com/?c=3507&t=07 1 http://www.google.co.in/imghp?hl=en&tab=wi 1 https://www.facebook.com/dialog/feed 1 http://ph.yahoo.com/ 1 http://202.160.163.222/24online/webpages/waitrequest.jsp?url=www.d2visp.com 1 http://medicina.ua/diagnosdiseases/diseases/2815/5308/ 1 http://www.natabanu.com/serija/izgubljena-cast/8453-izgubljena-cast-epizoda-76.h 1 https://www.google.fr/ 1 http://ul.to/eaknmc2g 1 http://www.allfordrama.com/4/category/2005/1.html 1 https://www.google.com/search?q=facebook&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla: 1 http://www.youtube.com/ 1 http://www.vipbrother.bg/?module=video&video=1397 1 http://www.comecclub.com/%d9%88%d8%a7%d8%ad%d8%af-%d8%b9%d8%af%d9%89-%d8%b9%d9%8 1 http://www.programme-tv.net/cinema/32435-les-autres/ 1 https://apis.google.com/u/0/_/streamwidgets/hovercard?origin=https%3A%2F%2Fmail. 1 http://www.yahoomail.com/ 1 http://th.v9.com/th?utm_source=b&utm_medium=fft
Keywords: needURLs
Comment 3•12 years ago
|
||
Changeset http://hg.mozilla.org/mozilla-central/rev/28711b9f49cd seems suspicious considering the stack. Tom can you take a look?
Assignee: general → evilpies
Whiteboard: [js:p2]
Comment 4•12 years ago
|
||
I took a very short peek at this. Sadly I have no real experience with crash-stats stuff. I don't really thinking my stuff is to blame here, considering that the crash is coming from
>4 mozjs.dll js::frontend::CompileScript js/src/frontend/BytecodeCompiler.cpp:193
and not Parser.cpp.
I also looked at a few more crash reports and I think they are not coming from my stuff.
I am sorry, but I can't help you :/.
Assignee: evilpies → general
Comment 5•12 years ago
|
||
evilpie, do you have another suggestion in the regression range? The regression range seems pretty solid (we could look one day earlier if necessary). Given the wide range of URLs and lack of other correlations, this is likely to be some kind of memory corruption or unexpected state, and so it's reasonably likely that the location of the crash stack doesn't directly relate to the regressing bug. Patches in the range which touch js/src: $ hg log -r "1dbd25c0205e::462106f027af" js/src changeset: 100008:1dbd25c0205e parent: 100002:045c11dd41a6 user: Luke Wagner <luke@mozilla.com> date: Fri Jul 20 17:16:14 2012 -0700 summary: Bug 775807 - Don't disassemble partially-compiled scripts (r=jimb) changeset: 100015:62d352e6a480 user: Gary Kwong <gary@rumblingedge.com> date: Fri Jul 20 19:10:15 2012 -0700 summary: Add test for bug 770952. changeset: 100016:16dd72527ae1 user: Gary Kwong <gary@rumblingedge.com> date: Fri Jul 20 19:54:58 2012 -0700 summary: Backed out changeset 62d352e6a480 for breakage. changeset: 100017:f97fffdd56c0 user: Gary Kwong <gary@rumblingedge.com> date: Fri Jul 20 19:10:15 2012 -0700 summary: Add test for bug 770952, take two. changeset: 100018:3bca687c261c user: Gary Kwong <gary@rumblingedge.com> date: Fri Jul 20 23:03:56 2012 -0700 summary: Bug 632778 - Update tests to use test metalines instead, since they are in jit-test. changeset: 100025:e9e2767a4275 user: Gary Kwong <gary@rumblingedge.com> date: Fri Jul 20 22:53:17 2012 -0700 summary: Bug 633828 - Remove bogus assert. r=luke changeset: 100033:28711b9f49cd user: Tom Schuster <evilpies@gmail.com> date: Sat Jul 21 13:05:07 2012 +0200 summary: Bug 646599 - Constant folding should happen before deciding whether to turn obj[A] into obj.A. r=Waldo changeset: 100034:60b949c0eaef user: Tom Schuster <evilpies@gmail.com> date: Sat Jul 21 13:06:37 2012 +0200 summary: Bug 775166 - Remove some ugly optimization in jsarray. r=bhackett
Comment 6•12 years ago
|
||
Okay I think we could just back out my patch, considering we don't usually use the decompiler anymore.
Reporter | ||
Comment 7•11 years ago
|
||
More reports also at: https://crash-stats.mozilla.com/report/list?signature=js%3A%3Afrontend%3A%3AFoldConstants%28JSContext*%2C+js%3A%3Afrontend%3A%3AParseNode**%2C+js%3A%3Afrontend%3A%3AParser*%2C+bool%2C+bool%29
Crash Signature: [@ js::frontend::FoldConstants(JSContext*, js::frontend::ParseNode*, js::frontend::Parser*, bool, bool)] → [@ js::frontend::FoldConstants(JSContext*, js::frontend::ParseNode*, js::frontend::Parser*, bool, bool)]
[@ js::frontend::FoldConstants(JSContext*, js::frontend::ParseNode**, js::frontend::Parser*, bool, bool)]
status-firefox20:
--- → affected
status-firefox21:
--- → affected
Reporter | ||
Comment 8•11 years ago
|
||
More reports at: https://crash-stats.mozilla.com/report/list?signature=js%3A%3Afrontend%3A%3AFoldConstants%3Cjs%3A%3Afrontend%3A%3AFullParseHandler%3E%28JSContext*%2C+js%3A%3Afrontend%3A%3AParseNode**%2C+js%3A%3Afrontend%3A%3AParser%3Cjs%3A%3Afrontend%3A%3AFullParseHandler%3E*%2C+bool%2C+bool%29
Crash Signature: [@ js::frontend::FoldConstants(JSContext*, js::frontend::ParseNode*, js::frontend::Parser*, bool, bool)]
[@ js::frontend::FoldConstants(JSContext*, js::frontend::ParseNode**, js::frontend::Parser*, bool, bool)] → [@ js::frontend::FoldConstants(JSContext*, js::frontend::ParseNode*, js::frontend::Parser*, bool, bool)]
[@ js::frontend::FoldConstants(JSContext*, js::frontend::ParseNode**, js::frontend::Parser*, bool, bool)]
[@ js::frontend::FoldConstants<js::fronten…
status-firefox22:
--- → affected
status-firefox23:
--- → affected
status-firefox24:
--- → affected
Comment 9•11 years ago
|
||
Removing qawanted since the request was fulfilled in comment 2.
Keywords: qawanted
Assignee | ||
Updated•10 years ago
|
Assignee: general → nobody
Updated•9 years ago
|
Crash Signature: , bool)]
[@ js::frontend::FoldConstants<js::frontend::FullParseHandler>(JSContext*, js::frontend::ParseNode**, js::frontend::Parser<js::frontend::FullParseHandler>*, bool, bool)] → , bool)]
[@ js::frontend::FoldConstants<js::frontend::FullParseHandler>(JSContext*, js::frontend::ParseNode**, js::frontend::Parser<js::frontend::FullParseHandler>*, bool, bool)]
[@ js::frontend::FoldConstants]
[@ js::frontend::FoldConstants<T>]
Comment 10•8 years ago
|
||
Crash volume for signature 'js::frontend::FoldConstants': - nightly (version 50): 0 crashes from 2016-06-06. - aurora (version 49): 0 crashes from 2016-06-07. - beta (version 48): 3 crashes from 2016-06-06. - release (version 47): 34 crashes from 2016-05-31. - esr (version 45): 0 crashes from 2016-04-07. Crash volume on the last weeks: W. N-1 W. N-2 W. N-3 W. N-4 W. N-5 W. N-6 W. N-7 - nightly 0 0 0 0 0 0 0 - aurora 0 0 0 0 0 0 0 - beta 0 0 0 0 1 1 1 - release 0 0 2 12 5 12 3 - esr 0 0 0 0 0 0 0 Affected platforms: Windows, Mac OS X, Linux
status-firefox48:
--- → affected
Comment 11•8 years ago
|
||
Very low volume, won't do anything about it.
status-firefox49:
--- → fix-optional
status-firefox50:
--- → fix-optional
status-firefox51:
--- → fix-optional
Comment 12•8 years ago
|
||
The current rate of crashes compared to comment 0 suggests something has since been resolved. (or the signature has changed)
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → WORKSFORME
Comment hidden (spam) |
Comment hidden (spam) |
Comment hidden (spam) |
Comment hidden (spam) |
You need to log in
before you can comment on or make changes to this bug.
Description
•