Closed GoogleCodeExporter closed 9 years ago
Changing summary to attract other reports.
Original comment by classi...@floodgap.com
on 16 May 2011 at 1:04
The more I look at this, the more I think the stack corruption is not a
manifestation of issue 37. The call is for an immediate quantity only, and the
crash is at the tracer level, not the nanojit, so this is occurring even before
execution. The terminal crash is at fmod(). I wonder if this is a MacOS bug,
but if so, why here and why these machines only?
I suppose the other option is to write an assembly version of d2u and inline it
into jstracer.cpp but that seems rather drastic. We're pretty sure that the
nanojit version works.
Original comment by classi...@floodgap.com
on 16 May 2011 at 1:29
Crash report Amazon Sign-in TFF4.0.2pre G3 10.4.11
Original comment by chtru...@web.de
on 16 May 2011 at 2:08
Attachments:
Crash report Amazon Sign-in TFF4.0.2pre G4 7450 10.5.8
Original comment by chtru...@web.de
on 16 May 2011 at 2:09
Attachments:
If the Sign-In page has already successfully loaded once, e.g. by loading it
with JS disabled or nanojit disabled, the crash doesn't *always* occur the next
time you try (because it is in the cache?). The crash always occurs with a
fresh user profile for TFF (trash ~/Library/Application Spport/Firefox).
Sometimes the crash occurs directly after clicking "Sign in", sometimes the
browser stalls for 10-20 seconds before crashing, sometimes you see (parts of)
the Sign-In page (the Name & Password mask), sometimes you don't.
Original comment by chtru...@web.de
on 16 May 2011 at 2:25
That's a totally different crash signature in all three reports. This is a real
mess. This might be issue 37 after all.
I don't think I can do anything else other than block the trace at this point,
but I really don't want to do this because it's not immediately obvious where
the actual failure exists. I don't think the cache has to do with this, but you
could try Shift+Reload to see (that bypasses the cache). It's not cookies,
because I deleted them all just to see if it was coming from a cookie set
routine, and it's not HTML Local Storage. When I get back from the office, I'll
start in the Profile Manager and see if I can trigger it on the G5.
Original comment by classi...@floodgap.com
on 16 May 2011 at 3:23
Looking through the stack traces, these are all worst-case native calls. I
could block at those points too as a stopgap. Are those crash signatures
stable, i.e., when you crash, do you *always* crash with that signature on
those machines? We could RETURN_STOP and maybe save the generated trace so far.
Original comment by classi...@floodgap.com
on 16 May 2011 at 3:33
I get different signatures, but there seems to be a limited set of 3-4 for each
processor. Attached results from crash tests. Once more I could also confirm
that TFF crashes every time with a clean user account.
Original comment by chtru...@web.de
on 16 May 2011 at 4:23
Attachments:
Thanks, that's very helpful and yes, while the crash point varies, it is still
all within the same set of basic functions.
I still suspect issue 37 but I really don't want to make a massive low-level
fix for 4.0. So I'm going to block the trace in those functions and run off a
sample build. If performance is not too bad, then I'll work it into 4.0.2 final
since this should be a very safe fix.
Original comment by classi...@floodgap.com
on 16 May 2011 at 4:37
Changing summary to remove architecture dependence
Original comment by classi...@floodgap.com
on 16 May 2011 at 4:38
I'VE GOT IT! Follow up in issue 37!
Original comment by classi...@floodgap.com
on 17 May 2011 at 4:38
Original issue reported on code.google.com by
classi...@floodgap.com
on 16 May 2011 at 12:58Attachments: