Closed Bug 858923 Opened 12 years ago Closed 12 years ago

startup crash in js::MutableValueOperations (BaselineCompiler)

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Version:
23 Branch
Platform:
x86
Windows 7
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED DUPLICATE of bug 858566
Tracking Flags:
Tracking Status
firefox22 --- unaffected
firefox23 --- affected

People

(Reporter: philip.chee, Unassigned)

Details

(Keywords: crash, regression, Whiteboard: [startupcrash])

I'm building SeaMonkey from mozilla-central + comm-central daily. The last few days I've been having a startup crash: Disassembly is: 6E49D0E5 jge js::MutableValueOperations<JS::Rooted<JS::Value> >::setNumber+1Dh (6E49D0EDh) 6E49D0E7 fadd qword ptr [__real@41f0000000000000 (6E66FF10h)] 6E49D0ED fstp qword ptr [ecx] 6E49D0EF xor al,al 6E49D0F1 ret 4 6E49D0F4 mov edx,0FFFFFF81h 6E49D0F9 mov dword ptr [ecx],eax 6E49D0FB mov dword ptr [ecx+4],edx 6E49D0FE mov al,1 6E49D100 ret 4 Stack is: > mozjs.dll!js::MutableValueOperations<JS::Rooted<JS::Value> >::setNumber(unsigned int ui=0) Line 1481 + 0x29 bytes C++ mozjs.dll!js::ion::DoBinaryArithFallback(JSContext * cx=0x07ac6fc0, js::ion::BaselineFrame * frame=0x003dde3c, js::ion::ICBinaryArith_Fallback * stub=0x0a1aca80, JS::Handle<JS::Value> lhs={...}, JS::Handle<JS::Value> rhs={...}, JS::MutableHandle<JS::Value> ret={...}) Line 2395 + 0x1a3 bytes C++ 007d95dc() mozjs.dll!EnterBaseline(JSContext * cx=0x00000000, js::StackFrame * fp=0x00000000, void * jitcode=0x007df500, bool osr=false) Line 154 + 0x31 bytes C++ mozjs.dll!js::ion::EnterBaselineMethod(JSContext * cx=0x07ac6fc0, js::StackFrame * fp=0x047a0128) Line 182 + 0xc bytes C++ mozjs.dll!js::RunScript(JSContext * cx=0x07ac6fc0, js::StackFrame * fp=0x047a0128) Line 341 + 0x7 bytes C++ mozjs.dll!js::InvokeKernel(JSContext * cx=0x07ac6fc0, JS::CallArgs args={...}, js::MaybeConstruct construct=NO_CONSTRUCT) Line 425 C++ mozjs.dll!js::Interpret(JSContext * cx=0x07ac6fc0, js::StackFrame * entryFrame=0x047a0058, js::InterpMode interpMode=JSINTERP_NORMAL, bool useNewType=false) Line 2393 + 0x11 bytes C++ mozjs.dll!js::RunScript(JSContext * cx=0x07ac6fc0, js::StackFrame * fp=0x047a0058) Line 365 + 0x9 bytes C++ mozjs.dll!js::InvokeKernel(JSContext * cx=0x07ac6fc0, JS::CallArgs args={...}, js::MaybeConstruct construct=NO_CONSTRUCT) Line 425 C++ mozjs.dll!js::Invoke(JSContext * cx=0x0958bc40, const JS::Value & thisv={...}, const JS::Value & fval={...}, unsigned int argc=6, JS::Value * argv=0x003dea68, JS::Value * rval=0x003de94c) Line 455 + 0x12 bytes C++ mozjs.dll!JS_CallFunctionValue(JSContext * cx=0x07ac6fc0, JSObject * objArg=0x0958bc40, JS::Value fval={...}, unsigned int argc=6, JS::Value * argv=0x003dea68, JS::Value * rval=0x003de94c) Line 5854 + 0x46 bytes C++ xul.dll!nsXPCWrappedJSClass::CallMethod(nsXPCWrappedJS * wrapper=0x0a8c7bc0, unsigned short methodIndex=4, const XPTMethodDescriptor * info_=0x021ff0bc, nsXPTCMiniVariant * nativeParams=0x003deb34) Line 1435 C++ xul.dll!nsXPCWrappedJS::CallMethod(unsigned short methodIndex=4, const XPTMethodDescriptor * info=0x021ff0bc, nsXPTCMiniVariant * params=0x003deb34) Line 578 + 0x13 bytes C++ xul.dll!PrepareAndDispatch(nsXPTCStubBase * self=0x0a7da5f0, unsigned int methodIndex=4, unsigned int * args=0x003debec, unsigned int * stackBytesToPop=0x003debdc) Line 85 + 0x15 bytes C++ xul.dll!SharedStub() Line 113 C++ xul.dll!nsBrowserStatusFilter::MaybeSendProgress() Line 312 + 0x16 bytes C++ xul.dll!nsBrowserStatusFilter::OnProgressChange(nsIWebProgress * aWebProgress=0x00000000, nsIRequest * aRequest=0x00000000, int aCurSelfProgress=0, int aMaxSelfProgress=0, int aCurTotalProgress=1, int aMaxTotalProgress=2) Line 182 C++ xul.dll!nsBrowserStatusFilter::OnStateChange(nsIWebProgress * aWebProgress=0x0a796c14, nsIRequest * aRequest=0x0a82de28, unsigned int aStateFlags=65552, tag_nsresult aStatus=NS_OK) Line 143 C++ xul.dll!nsDocLoader::DoFireOnStateChange(nsIWebProgress * const aProgress=0x0a796c14, nsIRequest * const aRequest=0x0a82de28, int & aStateFlags=65552, tag_nsresult aStatus=NS_OK) Line 1290 + 0x14 bytes C++ xul.dll!nsDocLoader::FireOnStateChange(nsIWebProgress * aProgress=0x0a796c14, nsIRequest * aRequest=0x0a82de28, int aStateFlags=65552, tag_nsresult aStatus=NS_OK) Line 1227 + 0x15 bytes C++ xul.dll!nsDocLoader::doStopURLLoad(nsIRequest * request=0x0a82de28, tag_nsresult aStatus=NS_OK) Line 835 C++ xul.dll!nsDocLoader::OnStopRequest(nsIRequest * aRequest=0x0a82de28, nsISupports * aCtxt=0x00000000, tag_nsresult aStatus=NS_OK) Line 637 C++ xul.dll!nsLoadGroup::RemoveRequest(nsIRequest * request=0x0a82de28, nsISupports * ctxt=0x00000000, tag_nsresult aStatus=NS_OK) Line 676 + 0xf bytes C++ xul.dll!nsDocument::SetScriptGlobalObject(nsIScriptGlobalObject * aScriptGlobalObject=0x00000000) Line 4096 C++ xul.dll!nsDocumentViewer::Close(nsISHEntry * aSHEntry=0x00000000) Line 1449 C++ xul.dll!nsDocShell::SetupNewViewer(nsIContentViewer * aNewViewer=0x0940a050) Line 8265 C++ xul.dll!nsDocShell::Embed(nsIContentViewer * aContentViewer=0x0940a050, const char * aCommand=0x6b38614b, nsISupports * aExtraInfo=0x00000000) Line 6354 C++ xul.dll!nsDocShell::CreateContentViewer(const char * aContentType=0x00000000, nsIRequest * request=0x09628c2c, nsIStreamListener * * aContentHandler=0x01667b5c) Line 8076 + 0x15 bytes C++ xul.dll!nsDSURIContentListener::DoContent(const char * aContentType=0x09667af8, bool aIsContentPreferred=false, nsIRequest * request=0x00710000, nsIStreamListener * * aContentHandler=0x09667b5c, bool * aAbortProcess=0x003df067) Line 125 C++ xul.dll!nsDocumentOpenInfo::TryContentListener(nsIURIContentListener * aListener=0x008367e0, nsIChannel * aChannel=0x09667b5c) Line 661 C++ xul.dll!nsDocumentOpenInfo::DispatchContent(nsIRequest * request=0x09628c2c, nsISupports * aCtxt=0x00000000) Line 360 + 0x12 bytes C++ xul.dll!nsDocumentOpenInfo::OnStartRequest(nsIRequest * request=0x00000000, nsISupports * aCtxt=0x00000000) Line 252 + 0xe bytes C++ xul.dll!nsBaseChannel::OnStartRequest(nsIRequest * request=0x09668330, nsISupports * ctxt=0x00000000) Line 720 + 0x19 bytes C++ xul.dll!nsInputStreamPump::OnStateStart() Line 422 C++ xul.dll!nsInputStreamPump::OnInputStreamReady(nsIAsyncInputStream * stream=0x094ae6a8) Line 383 C++ xul.dll!nsOutputStreamReadyEvent::Run() Line 83 C++ xul.dll!nsThread::ProcessNextEvent(bool mayWait=true, bool * result=0x003df217) Line 627 + 0x6 bytes C++ xul.dll!NS_ProcessNextEvent(nsIThread * thread=0x01119160, bool mayWait=true) Line 238 + 0xd bytes C++ xul.dll!nsThread::Shutdown() Line 474 + 0xa bytes C++ xul.dll!nsRunnableMethodImpl<enum tag_nsresult (__stdcall nsIUrlClassifierDBServiceWorker::*)(void),1>::Run() Line 351 C++ xul.dll!nsThread::ProcessNextEvent(bool mayWait=true, bool * result=0x003df287) Line 627 + 0x6 bytes C++ xul.dll!NS_ProcessNextEvent(nsIThread * thread=0x01119160, bool mayWait=true) Line 238 + 0xd bytes C++ xul.dll!nsThread::Shutdown() Line 474 + 0xa bytes C++ xul.dll!nsRunnableMethodImpl<enum tag_nsresult (__stdcall nsIUrlClassifierDBServiceWorker::*)(void),1>::Run() Line 351 C++ xul.dll!nsThread::ProcessNextEvent(bool mayWait=true, bool * result=0x003df2f7) Line 627 + 0x6 bytes C++ xul.dll!NS_ProcessNextEvent(nsIThread * thread=0x01119160, bool mayWait=true) Line 238 + 0xd bytes C++ xul.dll!nsThread::Shutdown() Line 474 + 0xa bytes C++ xul.dll!nsRunnableMethodImpl<enum tag_nsresult (__stdcall nsIUrlClassifierDBServiceWorker::*)(void),1>::Run() Line 351 C++ xul.dll!nsThread::ProcessNextEvent(bool mayWait=true, bool * result=0x003df367) Line 627 + 0x6 bytes C++ xul.dll!NS_ProcessNextEvent(nsIThread * thread=0x01119160, bool mayWait=true) Line 238 + 0xd bytes C++ xul.dll!nsThread::Shutdown() Line 474 + 0xa bytes C++ xul.dll!nsRunnableMethodImpl<enum tag_nsresult (__stdcall nsIUrlClassifierDBServiceWorker::*)(void),1>::Run() Line 351 C++ xul.dll!nsThread::ProcessNextEvent(bool mayWait=true, bool * result=0x003df3d7) Line 627 + 0x6 bytes C++ xul.dll!NS_ProcessNextEvent(nsIThread * thread=0x01119160, bool mayWait=true) Line 238 + 0xd bytes C++ xul.dll!nsThread::Shutdown() Line 474 + 0xa bytes C++ xul.dll!nsRunnableMethodImpl<enum tag_nsresult (__stdcall nsIUrlClassifierDBServiceWorker::*)(void),1>::Run() Line 351 C++ xul.dll!nsThread::ProcessNextEvent(bool mayWait=false, bool * result=0x003df447) Line 627 + 0x6 bytes C++ xul.dll!NS_ProcessNextEvent(nsIThread * thread=0x01119160, bool mayWait=false) Line 238 + 0xd bytes C++ xul.dll!mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate * aDelegate=0x01126030) Line 82 + 0xa bytes C++ xul.dll!MessageLoop::RunInternal() Line 217 C++ xul.dll!MessageLoop::RunHandler() Line 210 C++ xul.dll!MessageLoop::Run() Line 184 C++ xul.dll!nsBaseAppShell::Run() Line 165 C++ xul.dll!nsAppShell::Run() Line 113 + 0x9 bytes C++ xul.dll!nsAppStartup::Run() Line 289 C++ xul.dll!XREMain::XRE_mainRun() Line 3881 C++ xul.dll!XREMain::XRE_main(int argc=4, char * * argv=0x01e81b40, const nsXREAppData * aAppData=0x001b32c8) Line 3947 + 0x7 bytes C++ xul.dll!XRE_main(int argc=4, char * * argv=0x01e81b40, const nsXREAppData * aAppData=0x001b32c8, unsigned int aFlags=0) Line 4152 + 0x12 bytes C++ seamonkey.exe!do_main(const char * exePath=0x003df8a0, int argc=4, char * * argv=0x00000000) Line 184 + 0x13 bytes C++ seamonkey.exe!NS_internal_main(int argc=4, char * * argv=0x01e81b40) Line 272 + 0x12 bytes C++ seamonkey.exe!wmain(int argc=31988544, wchar_t * * argv=0x01e81a88) Line 112 C++ seamonkey.exe!__tmainCRTStartup() Line 583 + 0x17 bytes C kernel32.dll!76913677() [Frames below may be incorrect and/or missing, no symbols loaded for kernel32.dll] ntdll.dll!76fe9f42() ntdll.dll!76fe9f15()
P.S. turning off turning off javascript.options.baselinejit.chrome and javascript.options.baselinejit.content stops SeaMonkey from crashing
Severity: normal → critical
status-firefox22: --- → unaffected
status-firefox23: --- → affected
Keywords: crash, regression
Summary: startup crash in mozjs.dll (BaselineCompiler) → startup crash in js::MutableValueOperations (BaselineCompiler)
Whiteboard: [startupcrash]
Version: Trunk → 23 Branch
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → DUPLICATE
No longer blocks: SadJit
Crash Signature: [@ EnterBaseline]
You need to log in before you can comment on or make changes to this bug.