crash in js::ion::EnterBaselineMethod @ EnterBaseline

RESOLVED DUPLICATE of bug 858032

Status

()

defect
--
critical
RESOLVED DUPLICATE of bug 858032
6 years ago
3 years ago

People

(Reporter: scoobidiver, Unassigned)

Tracking

(Blocks 1 bug, {crash, regression})

23 Branch
x86
Windows 7
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(firefox22 unaffected, firefox23 affected)

Details

(crash signature)

(Reporter)

Description

6 years ago
There are crashes remaining after the fix of bug 858022 and bug 858083.

Here are some stack traces:
Frame 	Module 	Signature 	Source
0 		@0x22aafff 	
1 		@0x18c23de 	
2 	mozjs.dll 	EnterBaseline 	js/src/ion/BaselineJIT.cpp:154
3 	mozjs.dll 	js::ion::EnterBaselineMethod 	js/src/ion/BaselineJIT.cpp:180
4 	mozjs.dll 	js::RunScript 	js/src/jsinterp.cpp:341
5 	mozjs.dll 	js::CloneFunctionObjectIfNotSingleton 	js/src/jsfuninlines.h:206
6 	mozjs.dll 	js::Interpret 	js/src/jsinterp.cpp:2393
7 	mozjs.dll 	js::ion::CanEnterBaselineJIT 	js/src/ion/BaselineJIT.cpp:256
8 	xul.dll 	XPCLazyCallContext::GetXPCCallContext 	js/xpconnect/src/xpcprivate.h:1414
9 	xul.dll 	XPCConvert::NativeInterface2JSObject 	js/xpconnect/src/XPCConvert.cpp:972

Frame 	Module 	Signature 	Source
0 		@0x27227928 	
1 		@0x25b1f06 	
2 	mozjs.dll 	EnterBaseline 	js/src/ion/BaselineJIT.cpp:154
3 	mozjs.dll 	js::ion::EnterBaselineMethod 	js/src/ion/BaselineJIT.cpp:180
4 	mozjs.dll 	js::Interpret 	js/src/jsinterp.cpp:2444
5 	mozjs.dll 	js::RunScript 	js/src/jsinterp.cpp:357
6 	mozjs.dll 	js::ion::IonFrameIterator::machineState 	js/src/ion/IonFrames.cpp:272
7 	mozjs.dll 	js::Invoke 	js/src/jsinterp.h:135
8 	mozjs.dll 	js::CallOrConstructBoundFunction 	js/src/jsfun.cpp:1161
9 	mozjs.dll 	js::InvokeKernel 	js/src/jsinterp.cpp:408
10 	mozjs.dll 	js_fun_apply 	js/src/jsfun.cpp:1032
11 	mozjs.dll 	js::types::TypeScript::SetArgument 	js/src/jsinferinlines.h:1125

More reports at:
https://crash-stats.mozilla.com/report/list?signature=EnterBaseline
(Reporter)

Comment 1

6 years ago
Is the stack trace useful or should this bug be duplicated to bug 858032?
Flags: needinfo?(jdemooij)

Comment 2

6 years ago
I guess that what's probably needed will be some anylysis of the JIT code called from EnterBaseline, which in the stack only appears as base addresses. Developers will probably need to run some analysis against the raw minidumps there (as those contain some snippets of memory, AFAIK the pieces holding the JITed code are usually in there). If any devs need access to those, please contact me, we can set that up.
(In reply to Scoobidiver from comment #1)
> Is the stack trace useful or should this bug be duplicated to bug 858032?

EnterBaseline means we are crashing in JIT code somewhere but it's impossible to say more without looking at the crash dumps...

(In reply to Robert Kaiser (:kairo@mozilla.com) from comment #2)
> If any devs need access to those, please contact me, we can set that up.

Yeah that would be nice. There are not many EnterBaseline crashes left, so the remaining ones are probably non-trivial/complicated to track down, but it's possible the dumps will tell us something.
Flags: needinfo?(jdemooij)
Assignee: general → nobody
Blocks: shutdownkill
Status: NEW → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: SadJit
You need to log in before you can comment on or make changes to this bug.