810659 - crash in js::frontend::FoldConstants

Reporter

Description

•

12 years ago

It's #28 top browser crasher w/o hangs in 17.0b5 and #119 in 18.0a2.
It first showed up in 17.0a1/20120722. The regression range might be:
http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=446b788ab99d&tochange=462106f027af

Signature 	js::frontend::FoldConstants(JSContext*, js::frontend::ParseNode*, js::frontend::Parser*, bool, bool) More Reports Search
UUID	46318ba8-09ec-448b-a24d-8170b2121111
Date Processed	2012-11-11 04:00:27
Uptime	31
Last Crash	31.2 minutes before submission
Install Age	1.7 days since version was first installed.
Install Time	2012-11-09 10:01:47
Product	Firefox
Version	17.0
Build ID	20121106195758
Release Channel	beta
OS	Windows NT
OS Version	6.1.7600
Build Architecture	x86
Build Architecture Info	GenuineIntel family 6 model 42 stepping 7
Crash Reason	EXCEPTION_ACCESS_VIOLATION_READ
Crash Address	0xffffffff803a4760
App Notes 	
AdapterVendorID: 0x10de, AdapterDeviceID: 0x0a65, AdapterSubsysID: 35251458, AdapterDriverVersion: 8.17.11.9646
D3D10 Layers? D3D10 Layers- D3D9 Layers? D3D9 Layers- 
EMCheckCompatibility	True
Adapter Vendor ID	0x10de
Adapter Device ID	0x0a65
Total Virtual Memory	2147352576
Available Virtual Memory	1758089216
System Memory Use Percentage	40
Available Page File	4978884608
Available Physical Memory	1893294080

Frame 	Module 	Signature 	Source
0 	mozjs.dll 	js::frontend::FoldConstants 	js/src/frontend/FoldConstants.cpp:408
1 	mozjs.dll 	js::frontend::FoldConstants 	js/src/frontend/FoldConstants.cpp:426
2 	mozjs.dll 	js::frontend::FoldConstants 	js/src/frontend/FoldConstants.cpp:410
3 	mozjs.dll 	js::frontend::FoldConstants 	js/src/frontend/FoldConstants.cpp:426
4 	mozjs.dll 	js::frontend::CompileScript 	js/src/frontend/BytecodeCompiler.cpp:193
5 	mozjs.dll 	JS::Evaluate 	js/src/jsapi.cpp:5659
6 	xul.dll 	xpc_EvalInSandbox 	js/xpconnect/src/XPCComponents.cpp:3923
7 	xul.dll 	nsXPCComponents_Utils::EvalInSandbox 	js/xpconnect/src/XPCComponents.cpp:3834
8 	xul.dll 	NS_InvokeByIndex_P 	xpcom/reflect/xptcall/src/md/win32/xptcinvoke.cpp:70
9 	xul.dll 	XPCWrappedNative::CallMethod 	js/xpconnect/src/XPCWrappedNative.cpp:2406
10 	xul.dll 	XPC_WN_CallMethod 	js/xpconnect/src/XPCWrappedNativeJSOps.cpp:1478
11 	mozjs.dll 	js::InvokeKernel 	js/src/jsinterp.cpp:352
12 	mozjs.dll 	js::Interpret 	js/src/jsinterp.cpp:2414
....

More reports at:
https://crash-stats.mozilla.com/report/list?signature=js%3A%3Afrontend%3A%3AFoldConstants%28JSContext*%2C+js%3A%3Afrontend%3A%3AParseNode*%2C+js%3A%3Afrontend%3A%3AParser*%2C+bool%2C+bool%29

Alex Keybl [:akeybl]

Comment 1

•

12 years ago

Marcia is going to pull URLs and correlation reports for us to try to reproduce, although this isn't strictly a topcrash as of today.

Keywords: needURLs, qawanted

QA Contact: mozillamarcia.knous

Marcia Knous [:marcia]

Comment 2

•

12 years ago

here are some manual correlations from the 6th when there was a higher volume of crashes - for addons the only one showing on the radar is Internet Download Manager, and there isn't a strong correlation to one version.

js::frontend::FoldConstants(JSContext*, js::frontend::ParseNode*, js::frontend::Parser*, bool, bool)|EXCEPTION_ACCESS_VIOLATION_READ (22 crashes)
     14% (3/22) vs.   2% (1311/54226) mozilla_cc@internetdownloadmanager.com (IDM CC, https://addons.mozilla.org/addon/6973)
     91% (20/22) vs.  82% (44447/54226) testpilot@labs.mozilla.com (Mozilla Labs - Test Pilot, https://addons.mozilla.org/addon/13661)
    100% (22/22) vs.  94% (50778/54226) {972ce4c6-7e08-4474-a285-3208198ce6fd} (Default, https://addons.mozilla.org/addon/8150)

14% (3/22) vs.   2% (1311/54226) mozilla_cc@internetdownloadmanager.com (IDM CC, https://addons.mozilla.org/addon/6973)
          0% (0/22) vs.   0% (8/54226) 7.3.25
          5% (1/22) vs.   1% (289/54226) 7.3.28
          9% (2/22) vs.   2% (1014/54226) 7.3.29

js::frontend::FoldConstants(JSContext*, js::frontend::ParseNode*, js::frontend::Parser*, bool, bool)|EXCEPTION_ACCESS_VIOLATION_READ (22 crashes)
     77% (17/22) vs.  29% (15990/54226) lz32.dll
     77% (17/22) vs.  31% (16670/54226) xpsp2res.dll
     95% (21/22) vs.  50% (26935/54226) t2embed.dll
     77% (17/22) vs.  34% (18237/54226) wshtcpip.dll
     77% (17/22) vs.  34% (18249/54226) hnetcfg.dll
     68% (15/22) vs.  25% (13742/54226) cryptui.dll
     77% (17/22) vs.  37% (20041/54226) comres.dll
     77% (17/22) vs.  38% (20374/54226) ws2help.dll
     77% (17/22) vs.  38% (20418/54226) iphlpapi.dll
     68% (15/22) vs.  29% (15811/54226) wldap32.dll
    100% (22/22) vs.  64% (34972/54226) browsercomps.dll
     59% (13/22) vs.  24% (12961/54226) MSCTF.dll
    100% (22/22) vs.  65% (35260/54226) firefox.exe
    100% (22/22) vs.  65% (35297/54226) xpcom.dll
    100% (22/22) vs.  66% (35542/54226) dbghelp.dll
     82% (18/22) vs.  48% (25916/54226) imagehlp.dll
     91% (20/22) vs.  59% (31919/54226) nssckbi.dll
     91% (20/22) vs.  60% (32687/54226) freebl3.dll
     91% (20/22) vs.  60% (32687/54226) nssdbm3.dll
     91% (20/22) vs.  60% (32690/54226) softokn3.dll
     68% (15/22) vs.  39% (20905/54226) netapi32.dll
     86% (19/22) vs.  57% (30783/54226) shdocvw.dll
     91% (20/22) vs.  62% (33576/54226) feclient.dll
     91% (20/22) vs.  62% (33593/54226) winrnr.dll
    100% (22/22) vs.  72% (39261/54226) mswsock.dll
     91% (20/22) vs.  63% (34393/54226) rasadhlp.dll
    100% (22/22) vs.  73% (39790/54226) wintrust.dll
     68% (15/22) vs.  44% (23987/54226) mpr.dll
     91% (20/22) vs.  69% (37428/54226) dnsapi.dll
     27% (6/22) vs.   8% (4388/54226) idmmkb.dll
     77% (17/22) vs.  58% (31616/54226) rsaenh.dll
     36% (8/22) vs.  19% (10353/54226) d3d8thk.dll
     36% (8/22) vs.  19% (10479/54226) d3d9.dll
     32% (7/22) vs.  16% (8534/54226) MSCTFIME.IME
     14% (3/22) vs.   2% (936/54226) idmcchandler2.dll
     14% (3/22) vs.   2% (937/54226) idmmzcc.dll
     23% (5/22) vs.  11% (6018/54226) activeds.dll
     23% (5/22) vs.  11% (6019/54226) adsldpc.dll
     23% (5/22) vs.  11% (6082/54226) mprapi.dll
     36% (8/22) vs.  27% (14588/54226) samlib.dll
      9% (2/22) vs.   0% (53/54226) idle.dll
     23% (5/22) vs.  14% (7574/54226) atl.dll
      9% (2/22) vs.   0% (195/54226) ffdshowmngr.dll
     18% (4/22) vs.  10% (5414/54226) wmi.dll
     18% (4/22) vs.  10% (5414/54226) wzcsvc.dll
     18% (4/22) vs.  10% (5424/54226) esent.dll
     18% (4/22) vs.  10% (5426/54226) netman.dll
     18% (4/22) vs.  10% (5439/54226) wzcsapi.dll
     18% (4/22) vs.  10% (5522/54226) credui.dll
     18% (4/22) vs.  10% (5585/54226) netshell.dll
      9% (2/22) vs.   2% (926/54226) mslbui.dll
     41% (9/22) vs.  34% (18320/54226) msacm32.drv
     41% (9/22) vs.  34% (18361/54226) midimap.dll
     41% (9/22) vs.  34% (18460/54226) wdmaud.drv
     41% (9/22) vs.  35% (18894/54226) msacm32.dll
     18% (4/22) vs.  13% (6787/54226) tapi32.dll
     14% (3/22) vs.   8% (4439/54226) rpchrome150browserrecordhelper.dll

26 	http://www.facebook.com/
16 	about:blank
15 	https://www.facebook.com/
10 	about:sessionrestore
7 	about:home
6 	about:newtab
5 	http://www.google.co.in/
4 	https://www.facebook.com/login.php?login_attempt=1
3 	https://mail.google.com/mail/u/0/?shva=1#inbox
3 	https://mail.google.com/mail/?shva=1#inbox
2 	https://www.facebook.com/denise.brioschi.7/posts/4769139107178?comment_id=549611
2 	http://www.softpedia.com/get/Office-tools/Office-suites/Microsoft-Office.shtml
2 	http://www.facebook.com/groups/189359094450913/
2 	http://www.odnoklassniki.ru/
2 	http://www.searchnu.com/406
2 	https://mail.google.com/mail/?shva=1
1 	http://www.google.com.vn/#hl=vi&gs_nf=3&cp=14&gs_id=l9&xhr=t&q=prince+henry+the+
1 	http://video.mthai.com/player.php?id=18M1239664650M0
1 	https://mail.google.com/mail/?shva=1#inbox/
1 	http://www.yandex.ru/
1 	http://forum.index.hu/Article/showArticle?t=9068948
1 	http://www.timesjobs.com/timesjobs/zicom/careers.html
1 	http://www.xatcomtv.biz/assista-fazenda-de-verao-ao-vivo
1 	http://www.tomshardware.com/forum/9368-63-realtek-ethernet-controller-detected
1 	http://vnexpress.net/
1 	https://www.google.co.id/search?q=Pengertian+pergaulan+remaja&ie=utf-8&oe=utf-8&
1 	http://www.facebook.com/groups/yahoo.amr/
1 	http://www.youtube.com/watch?v=fLexgOxsZu0
1 	http://gawker.com/5929581/the-whole-worlds-a-sex-dungeon-for-kristen-stewart-and
1 	http://topphimhay.com/xem-phim-theo-buoc-ram-bo-2/m67469.html
1 	http://www.youtube.com/watch?v=xVtJ11BkNls&feature=youtu.be
1 	http://www.telechargement-rapide.net/page33
1 	http://www.youtube.com/watch?v=25smiUtfAXg
1 	http://www.youtube.com/watch?NR=1&v=mAuWb3Joxt8&feature=endscreen
1 	http://www.dankek.com/tutticasa/salud/bienestar
1 	http://id36.fm-p.jp/41/oneone11/index.php?module=viewbk&action=ppg&stid=3&bkid=4
1 	http://www.avclub.com/articles/neil-gaiman-to-return-to-doctor-who-cybermen-and-
1 	http://www.facebook.com/recover/initiate
1 	http://www.bt.dk/udland/bygget-med-falske-certifikater-nu-slaar-atomkraftvaerk-r
1 	https://plusone.google.com/_/+1/fastbutton?bsv=m&lang=&size=small&hl=en-US&origi
1 	about:addons
1 	http://www.ebay.in/sch/i.html?_nkw=hp+8gb+dds2&_sacat=0&LH_BIN=1&_odkw=8gb+dds2&
1 	http://www.alan4.com/video/8818/watch.html
1 	http://s.cafef.vn/hastc/PVC-tong-cong-ty-dung-dich-khoan-va-hoa-pham-dau-khictcp
1 	http://js.wlxrs.com/3xaTP4tWZOroge1dGlMz7w2-XuLliqg3SQbWEm6z7RtmtO7tkBiQU9XROIlp
1 	http://xe.mg40.mail.yahoo.com/neo/launch?.rand=53sl40t6fdjd6
1 	http://www.mysearchresults.com/?c=3507&t=07
1 	http://www.google.co.in/imghp?hl=en&tab=wi
1 	https://www.facebook.com/dialog/feed
1 	http://ph.yahoo.com/
1 	http://202.160.163.222/24online/webpages/waitrequest.jsp?url=www.d2visp.com
1 	http://medicina.ua/diagnosdiseases/diseases/2815/5308/
1 	http://www.natabanu.com/serija/izgubljena-cast/8453-izgubljena-cast-epizoda-76.h
1 	https://www.google.fr/
1 	http://ul.to/eaknmc2g
1 	http://www.allfordrama.com/4/category/2005/1.html
1 	https://www.google.com/search?q=facebook&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:
1 	http://www.youtube.com/
1 	http://www.vipbrother.bg/?module=video&video=1397
1 	http://www.comecclub.com/%d9%88%d8%a7%d8%ad%d8%af-%d8%b9%d8%af%d9%89-%d8%b9%d9%8
1 	http://www.programme-tv.net/cinema/32435-les-autres/
1 	https://apis.google.com/u/0/_/streamwidgets/hovercard?origin=https%3A%2F%2Fmail.
1 	http://www.yahoomail.com/
1 	http://th.v9.com/th?utm_source=b&utm_medium=fft

Keywords: needURLs

Naveed Ihsanullah [:naveed]

Comment 3

•

12 years ago

Changeset http://hg.mozilla.org/mozilla-central/rev/28711b9f49cd seems suspicious considering the stack. Tom can you take a look?

Assignee: general → evilpies

Whiteboard: [js:p2]

Tom S [:evilpie]

Comment 4

•

12 years ago

I took a very short peek at this. Sadly I have no real experience with crash-stats stuff. I don't really thinking my stuff is to blame here, considering that the crash is coming from
>4 	mozjs.dll 	js::frontend::CompileScript 	js/src/frontend/BytecodeCompiler.cpp:193
and not Parser.cpp.

I also looked at a few more crash reports and I think they are not coming from my stuff.

I am sorry, but I can't help you :/.

Assignee: evilpies → general

Benjamin Smedberg

Comment 5

•

12 years ago

evilpie, do you have another suggestion in the regression range? The regression range seems pretty solid (we could look one day earlier if necessary). Given the wide range of URLs and lack of other correlations, this is likely to be some kind of memory corruption or unexpected state, and so it's reasonably likely that the location of the crash stack doesn't directly relate to the regressing bug.

Patches in the range which touch js/src:

$ hg log -r "1dbd25c0205e::462106f027af" js/src
changeset:   100008:1dbd25c0205e
parent:      100002:045c11dd41a6
user:        Luke Wagner <luke@mozilla.com>
date:        Fri Jul 20 17:16:14 2012 -0700
summary:     Bug 775807 - Don't disassemble partially-compiled scripts (r=jimb)

changeset:   100015:62d352e6a480
user:        Gary Kwong <gary@rumblingedge.com>
date:        Fri Jul 20 19:10:15 2012 -0700
summary:     Add test for bug 770952.

changeset:   100016:16dd72527ae1
user:        Gary Kwong <gary@rumblingedge.com>
date:        Fri Jul 20 19:54:58 2012 -0700
summary:     Backed out changeset 62d352e6a480 for breakage.

changeset:   100017:f97fffdd56c0
user:        Gary Kwong <gary@rumblingedge.com>
date:        Fri Jul 20 19:10:15 2012 -0700
summary:     Add test for bug 770952, take two.

changeset:   100018:3bca687c261c
user:        Gary Kwong <gary@rumblingedge.com>
date:        Fri Jul 20 23:03:56 2012 -0700
summary:     Bug 632778 - Update tests to use test metalines instead, since they are in jit-test.

changeset:   100025:e9e2767a4275
user:        Gary Kwong <gary@rumblingedge.com>
date:        Fri Jul 20 22:53:17 2012 -0700
summary:     Bug 633828 - Remove bogus assert. r=luke

changeset:   100033:28711b9f49cd
user:        Tom Schuster <evilpies@gmail.com>
date:        Sat Jul 21 13:05:07 2012 +0200
summary:     Bug 646599 - Constant folding should happen before deciding whether to turn obj[A] into obj.A. r=Waldo

changeset:   100034:60b949c0eaef
user:        Tom Schuster <evilpies@gmail.com>
date:        Sat Jul 21 13:06:37 2012 +0200
summary:     Bug 775166 - Remove some ugly optimization in jsarray. r=bhackett

Tom S [:evilpie]

Comment 6

•

12 years ago

Okay I think we could just back out my patch, considering we don't usually use the decompiler anymore.

Scoobidiver (away)

Reporter

Comment 7

•

11 years ago

More reports also at:
https://crash-stats.mozilla.com/report/list?signature=js%3A%3Afrontend%3A%3AFoldConstants%28JSContext*%2C+js%3A%3Afrontend%3A%3AParseNode**%2C+js%3A%3Afrontend%3A%3AParser*%2C+bool%2C+bool%29

Crash Signature: [@ js::frontend::FoldConstants(JSContext*, js::frontend::ParseNode*, js::frontend::Parser*, bool, bool)] → [@ js::frontend::FoldConstants(JSContext*, js::frontend::ParseNode*, js::frontend::Parser*, bool, bool)] [@ js::frontend::FoldConstants(JSContext*, js::frontend::ParseNode**, js::frontend::Parser*, bool, bool)]

status-firefox20: --- → affected

status-firefox21: --- → affected

Scoobidiver (away)

Reporter

Comment 8

•

11 years ago

More reports at:
https://crash-stats.mozilla.com/report/list?signature=js%3A%3Afrontend%3A%3AFoldConstants%3Cjs%3A%3Afrontend%3A%3AFullParseHandler%3E%28JSContext*%2C+js%3A%3Afrontend%3A%3AParseNode**%2C+js%3A%3Afrontend%3A%3AParser%3Cjs%3A%3Afrontend%3A%3AFullParseHandler%3E*%2C+bool%2C+bool%29

Crash Signature: [@ js::frontend::FoldConstants(JSContext*, js::frontend::ParseNode*, js::frontend::Parser*, bool, bool)] [@ js::frontend::FoldConstants(JSContext*, js::frontend::ParseNode**, js::frontend::Parser*, bool, bool)] → [@ js::frontend::FoldConstants(JSContext*, js::frontend::ParseNode*, js::frontend::Parser*, bool, bool)] [@ js::frontend::FoldConstants(JSContext*, js::frontend::ParseNode**, js::frontend::Parser*, bool, bool)] [@ js::frontend::FoldConstants<js::fronten…

status-firefox22: --- → affected

status-firefox23: --- → affected

status-firefox24: --- → affected

Ioana (away)

Comment 9

•

11 years ago

Removing qawanted since the request was fulfilled in comment 2.

Keywords: qawanted

Nobody; OK to take it and work on it

Assignee

Updated

•

10 years ago

Assignee: general → nobody

BMO Automation

Updated

•

9 years ago

Crash Signature: , bool)] [@ js::frontend::FoldConstants<js::frontend::FullParseHandler>(JSContext*, js::frontend::ParseNode**, js::frontend::Parser<js::frontend::FullParseHandler>*, bool, bool)] → , bool)] [@ js::frontend::FoldConstants<js::frontend::FullParseHandler>(JSContext*, js::frontend::ParseNode**, js::frontend::Parser<js::frontend::FullParseHandler>*, bool, bool)] [@ js::frontend::FoldConstants] [@ js::frontend::FoldConstants<T>]

BugBot [:suhaib / :marco/ :calixte]

Comment 10

•

8 years ago

Crash volume for signature 'js::frontend::FoldConstants':
 - nightly (version 50): 0 crashes from 2016-06-06.
 - aurora  (version 49): 0 crashes from 2016-06-07.
 - beta    (version 48): 3 crashes from 2016-06-06.
 - release (version 47): 34 crashes from 2016-05-31.
 - esr     (version 45): 0 crashes from 2016-04-07.

Crash volume on the last weeks:
            W. N-1  W. N-2  W. N-3  W. N-4  W. N-5  W. N-6  W. N-7
 - nightly       0       0       0       0       0       0       0
 - aurora        0       0       0       0       0       0       0
 - beta          0       0       0       0       1       1       1
 - release       0       0       2      12       5      12       3
 - esr           0       0       0       0       0       0       0

Affected platforms: Windows, Mac OS X, Linux

status-firefox48: --- → affected

Sylvestre Ledru [:Sylvestre]

Comment 11

•

8 years ago

Very low volume, won't do anything about it.

status-firefox17: affected → wontfix

status-firefox18: affected → wontfix

status-firefox19: affected → wontfix

status-firefox20: affected → wontfix

status-firefox21: affected → wontfix

status-firefox22: affected → wontfix

status-firefox23: affected → wontfix

status-firefox24: affected → wontfix

status-firefox48: affected → wontfix

status-firefox49: --- → fix-optional

status-firefox50: --- → fix-optional

status-firefox51: --- → fix-optional

Wayne Mery (:wsmwk)

Comment 12

•

8 years ago

The current rate of crashes compared to comment 0 suggests something has since been resolved.  (or the signature has changed)

Status: NEW → RESOLVED

Closed: 8 years ago

Resolution: --- → WORKSFORME

Comment hidden (spam)

Công ty điện lạnh Nam Phú Thái chuyên cung cấp lắp đặt, thi cong kho lanh, kho lạnh công nghiệp và cung cấp các dịch vụ vật tư ngành lạnh. Công ty đã khẳng định được tên tuổi cũng như vị trí của mình trong lòng khách hàng bởi chất lượng sản phẩm, dịch vụ cũng như thái độ phục vụ khách hàng của đội ngũ nhân viên công ty.

Comment hidden (spam)

pis 2017 ==>http://www.inssconsultas.com/pis-2017-calendario-de-pagamento/

Comment hidden (spam)