Closed Bug 861503 Opened 12 years ago Closed 10 years ago

crash in js::ion::EnterBaselineMethod @ EnterBaseline

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Version:
23 Branch
Platform:
x86
Windows 7
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED DUPLICATE of bug 858032
Tracking Flags:
Tracking Status
firefox22 --- unaffected
firefox23 --- affected

People

(Reporter: scoobidiver, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: crash, regression)

Crash Data

There are crashes remaining after the fix of bug 858022 and bug 858083. Here are some stack traces: Frame Module Signature Source 0 @0x22aafff 1 @0x18c23de 2 mozjs.dll EnterBaseline js/src/ion/BaselineJIT.cpp:154 3 mozjs.dll js::ion::EnterBaselineMethod js/src/ion/BaselineJIT.cpp:180 4 mozjs.dll js::RunScript js/src/jsinterp.cpp:341 5 mozjs.dll js::CloneFunctionObjectIfNotSingleton js/src/jsfuninlines.h:206 6 mozjs.dll js::Interpret js/src/jsinterp.cpp:2393 7 mozjs.dll js::ion::CanEnterBaselineJIT js/src/ion/BaselineJIT.cpp:256 8 xul.dll XPCLazyCallContext::GetXPCCallContext js/xpconnect/src/xpcprivate.h:1414 9 xul.dll XPCConvert::NativeInterface2JSObject js/xpconnect/src/XPCConvert.cpp:972 Frame Module Signature Source 0 @0x27227928 1 @0x25b1f06 2 mozjs.dll EnterBaseline js/src/ion/BaselineJIT.cpp:154 3 mozjs.dll js::ion::EnterBaselineMethod js/src/ion/BaselineJIT.cpp:180 4 mozjs.dll js::Interpret js/src/jsinterp.cpp:2444 5 mozjs.dll js::RunScript js/src/jsinterp.cpp:357 6 mozjs.dll js::ion::IonFrameIterator::machineState js/src/ion/IonFrames.cpp:272 7 mozjs.dll js::Invoke js/src/jsinterp.h:135 8 mozjs.dll js::CallOrConstructBoundFunction js/src/jsfun.cpp:1161 9 mozjs.dll js::InvokeKernel js/src/jsinterp.cpp:408 10 mozjs.dll js_fun_apply js/src/jsfun.cpp:1032 11 mozjs.dll js::types::TypeScript::SetArgument js/src/jsinferinlines.h:1125 More reports at: https://crash-stats.mozilla.com/report/list?signature=EnterBaseline
Is the stack trace useful or should this bug be duplicated to bug 858032?
Flags: needinfo?(jdemooij)
I guess that what's probably needed will be some anylysis of the JIT code called from EnterBaseline, which in the stack only appears as base addresses. Developers will probably need to run some analysis against the raw minidumps there (as those contain some snippets of memory, AFAIK the pieces holding the JITed code are usually in there). If any devs need access to those, please contact me, we can set that up.
(In reply to Scoobidiver from comment #1) > Is the stack trace useful or should this bug be duplicated to bug 858032? EnterBaseline means we are crashing in JIT code somewhere but it's impossible to say more without looking at the crash dumps... (In reply to Robert Kaiser (:kairo@mozilla.com) from comment #2) > If any devs need access to those, please contact me, we can set that up. Yeah that would be nice. There are not many EnterBaseline crashes left, so the remaining ones are probably non-trivial/complicated to track down, but it's possible the dumps will tell us something.
Flags: needinfo?(jdemooij)
Assignee: general → nobody
Blocks: shutdownkill
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.