Need some help with incident

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Need some help with incident

Aleksey Chernoraenko
Folks,

Sometimes our app server crashes (in jseng, 1.5rc6a) with a stack like  
this:

  # ChildEBP RetAddr
07b4df88 005e0675 srv!js_FoldConstants(struct JSContext * cx = 0x7f91e6d0,  
struct JSParseNode * pn = 0x5d003abc, struct JSTreeContext * tc =  
0x07b4e520)+0x47  
[P:\Universal\Foreign\Sources\SpiderMonkey\1.5rc6a\jsref\src\jsparse.c @  
3308]
07b4e004 005e0761 srv!js_FoldConstants(struct JSContext * cx = 0x7f91e6d0,  
struct JSParseNode * pn = 0x7f9cb590, struct JSTreeContext * tc =  
0x07b4e520)+0xc2  
[P:\Universal\Foreign\Sources\SpiderMonkey\1.5rc6a\jsref\src\jsparse.c @  
3317]
07b4e080 005e0675 srv!js_FoldConstants(struct JSContext * cx = 0x7f91e6d0,  
struct JSParseNode * pn = 0x7f9c0bc0, struct JSTreeContext * tc =  
0x07b4e520)+0x1ae  
[P:\Universal\Foreign\Sources\SpiderMonkey\1.5rc6a\jsref\src\jsparse.c @  
3341]
07b4e0fc 005e0675 srv!js_FoldConstants(struct JSContext * cx = 0x7f91e6d0,  
struct JSParseNode * pn = 0x7f9cbd18, struct JSTreeContext * tc =  
0x07b4e520)+0xc2  
[P:\Universal\Foreign\Sources\SpiderMonkey\1.5rc6a\jsref\src\jsparse.c @  
3317]
07b4e178 005e0761 srv!js_FoldConstants(struct JSContext * cx = 0x7f91e6d0,  
struct JSParseNode * pn = 0x7f9e9070, struct JSTreeContext * tc =  
0x07b4e520)+0xc2  
[P:\Universal\Foreign\Sources\SpiderMonkey\1.5rc6a\jsref\src\jsparse.c @  
3317]
07b4e1f4 005e0675 srv!js_FoldConstants(struct JSContext * cx = 0x7f91e6d0,  
struct JSParseNode * pn = 0x7fa27258, struct JSTreeContext * tc =  
0x07b4e520)+0x1ae  
[P:\Universal\Foreign\Sources\SpiderMonkey\1.5rc6a\jsref\src\jsparse.c @  
3341]
07b4e270 005e0761 srv!js_FoldConstants(struct JSContext * cx = 0x7f91e6d0,  
struct JSParseNode * pn = 0x7f9eba10, struct JSTreeContext * tc =  
0x07b4e520)+0xc2  
[P:\Universal\Foreign\Sources\SpiderMonkey\1.5rc6a\jsref\src\jsparse.c @  
3317]
07b4e2ec 005e0675 srv!js_FoldConstants(struct JSContext * cx = 0x7f91e6d0,  
struct JSParseNode * pn = 0x7fa27288, struct JSTreeContext * tc =  
0x07b4e520)+0x1ae  
[P:\Universal\Foreign\Sources\SpiderMonkey\1.5rc6a\jsref\src\jsparse.c @  
3341]
07b4e368 005e0675 srv!js_FoldConstants(struct JSContext * cx = 0x7f91e6d0,  
struct JSParseNode * pn = 0x7f9eb920, struct JSTreeContext * tc =  
0x07b4e520)+0xc2  
[P:\Universal\Foreign\Sources\SpiderMonkey\1.5rc6a\jsref\src\jsparse.c @  
3317]
07b4e3e4 005e0791 srv!js_FoldConstants(struct JSContext * cx = 0x7f91e6d0,  
struct JSParseNode * pn = 0x7f9ec190, struct JSTreeContext * tc =  
0x07b4e520)+0xc2  
[P:\Universal\Foreign\Sources\SpiderMonkey\1.5rc6a\jsref\src\jsparse.c @  
3317]
07b4e460 005db1cd srv!js_FoldConstants(struct JSContext * cx = 0x7f91e6d0,  
struct JSParseNode * pn = 0x7fa272b8, struct JSTreeContext * tc =  
0x07b4e520)+0x1de  
[P:\Universal\Foreign\Sources\SpiderMonkey\1.5rc6a\jsref\src\jsparse.c @  
3348]
07b4e484 005da99d srv!Statements(struct JSContext * cx = 0x7f91e6d0,  
struct JSTokenStream * ts = 0x7f9ebde8, struct JSTreeContext * tc =  
0x07b4e520)+0x1a7  
[P:\Universal\Foreign\Sources\SpiderMonkey\1.5rc6a\jsref\src\jsparse.c @  
1027]
07b4e504 00587746 srv!js_CompileTokenStream(struct JSContext * cx =  
0x7f91e6d0, struct JSObject * chain = 0x7f9bb768, struct JSTokenStream *  
ts = 0x7f9ebde8, struct JSCodeGenerator * cg = 0x07b4e520)+0xd8  
[P:\Universal\Foreign\Sources\SpiderMonkey\1.5rc6a\jsref\src\jsparse.c @  
452]
07b4e624 00587680 srv!CompileTokenStream(struct JSContext * cx =  
0x7f91e6d0, struct JSObject * obj = 0x7f9bb768, struct JSTokenStream * ts  
= 0x7f9ebde8, void * tempMark = 0x7f91e720, int * eofp = 0x00000000)+0x9e  
[P:\Universal\Foreign\Sources\SpiderMonkey\1.5rc6a\jsref\src\jsapi.c @  
3021]
07b4e64c 00588264 srv!JS_CompileUCScriptForPrincipals(struct JSContext *  
cx = 0x7f91e6d0, struct JSObject * obj = 0x7f9bb768, struct JSPrincipals *  
principals = 0x00000000, unsigned short * chars = 0x7f880dd8, unsigned int  
length = 0x1b5aa, char * filename = 0x03e2f008 "server side code in  
context 1", unsigned int lineno = 0)+0x56  
[P:\Universal\Foreign\Sources\SpiderMonkey\1.5rc6a\jsref\src\jsapi.c @  
3102]
07b4e67c 0058821d srv!JS_EvaluateUCScriptForPrincipals(struct JSContext *  
cx = 0x7f91e6d0, struct JSObject * obj = 0x7f9bb768, struct JSPrincipals *  
principals = 0x00000000, unsigned short * chars = 0x7f880dd8, unsigned int  
length = 0x1b5aa, char * filename = 0x03e2f008 "server side code in  
context 1", unsigned int lineno = 0, long * rval = 0x07b4ef18)+0x42  
[P:\Universal\Foreign\Sources\SpiderMonkey\1.5rc6a\jsref\src\jsapi.c @  
3555]
07b4e6a4 00588171 srv!JS_EvaluateUCScript(struct JSContext * cx =  
0x7f91e6d0, struct JSObject * obj = 0x7f9bb768, unsigned short * chars =  
0x7f880dd8, unsigned int length = 0x1b5aa, char * filename = 0x03e2f008  
"server side code in context 1", unsigned int lineno = 0, long * rval =  
0x07b4ef18)+0x26  
[P:\Universal\Foreign\Sources\SpiderMonkey\1.5rc6a\jsref\src\jsapi.c @  
3537]
07b4e6d0 005c6f22 srv!JS_EvaluateScript(struct JSContext * cx =  
0x7f91e6d0, struct JSObject * obj = 0x7f9bb768, char * bytes = 0x041d2008  
"prepare_tran( ???", unsigned int length = 0x1b5aa, char * filename =  
0x03e2f008 "server side code in context 1", unsigned int lineno = 0, long  
* rval = 0x07b4ef18)+0x48  
[P:\Universal\Foreign\Sources\SpiderMonkey\1.5rc6a\jsref\src\jsapi.c @  
3504]
07b4e860 005c5d80 srv!`anonymous namespace'::aux::evaluate_script(struct  
JSContext * cx = 0x7f91e6d0, struct JSObject * obj = 0x7f9bb768, class  
TScriptExecuteEnv * aScript = 0x07b4f1d4, long * rval = 0x07b4ef18)+0x380  
[P:\Universal\Components\Utilities\JSNetscapeInterpreter.cpp @ 409]
<....>

I'm trying to fix it or find any reasonable solution to avoid crashes like  
this but the problem is it's not reproducible at our site and I haven't  
yet solid knowledge about jseng to just fix it without reproduce.

The good news (in our case :) is that the firefox 1.5 crashes in the same  
place. You can find a lot of crashes like this on the Talkback Reports  
Site -  
http://talkback-public.mozilla.org/search/start.jsp?search=1&searchby=stacksig&match=contains&searchfor=js_FoldConstants&vendor=MozillaOrg&product=Firefox15&platform=Win32&buildid=&sdate=&stime=&edate=&etime=&sortby=bbid&rlimit=500

We are pretty sure that our crashes have the same reason as firefox's.

Probably we can fix it in the trunk version of jseng but unfortunately we  
don't know how to reproduce it in firefox either, no filed bugs. It  
crashes but it another places :) Maybe the bug #272286 is related to this  
problem but for some reason firefox 1.5 does not crash on  
http://www.spiegel.de site :(

So, what I'm asking is
- does anybody know how to reproduce this crash in any version of firefox?  
:)
- did anybody already look at this problem or knows something about it?

Any advice or information will be welcome.

--
Best regards
Aleksey Chernoraenko
_______________________________________________
dev-tech-js-engine mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-js-engine
Reply | Threaded
Open this post in threaded view
|

Re: Need some help with incident

Brendan Eich
Aleksey Chernoraenko wrote:

> Folks,
>
> Sometimes our app server crashes (in jseng, 1.5rc6a) with a stack like
> this:
>
>  # ChildEBP RetAddr
> 07b4df88 005e0675 srv!js_FoldConstants(struct JSContext * cx =
> 0x7f91e6d0, struct JSParseNode * pn = 0x5d003abc, struct JSTreeContext *
> tc = 0x07b4e520)+0x47
> [P:\Universal\Foreign\Sources\SpiderMonkey\1.5rc6a\jsref\src\jsparse.c @
> 3308]

What revision of jsparse.c is that?  CVS version if possible, or
SpiderMonkey JS1.5 Release Candidate number if that's what you used.

It looks like a fairly old version of jsparse.c is being used.  The
talkback you cite links from its top js_FoldConstants frame to
http://bonsai.mozilla.org/cvsblame.cgi?file=/mozilla/js/src/jsparse.c&mark=4474&rev=MOZILLA_1_8_BRANCH#4474 
(line 4474 on the 1.8 branch).

The best thing to do is get the crash in a debugger, and find someone on
irc.mozilla.org who can help.  At least mrbkap and I (brendan) should be
able to help if we are around.

/be
_______________________________________________
dev-tech-js-engine mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-js-engine
Reply | Threaded
Open this post in threaded view
|

Re: Need some help with incident

achernoraenko at gmail com
Brendan,

Thank you very much for your answer.

> What revision of jsparse.c is that?  CVS version if possible, or
> SpiderMonkey JS1.5 Release Candidate number if that's what you used.
>
We use 1.5rc6a + insignificant changes like includes #include
"JSRef.prefix.h", sorry...

First of all we'll switch to 1.5 (
http://ftp.mozilla.org/pub/mozilla.org/js/js-1.5.tar.gz ) and then will
try to get same crash.

> The best thing to do is get the crash in a debugger, and find someone on
> irc.mozilla.org who can help.  At least mrbkap and I (brendan) should be
> able to help if we are around.

Thank you again! I'll find one of you on the channel if we have the
same trouble.
Actually we have several dump files (created by windbg) with the same
crashes what we are analyzing. We can try to analyze it together
somehow or we can share dump files.

Best regards,
Aleksey Chernoraenko

_______________________________________________
dev-tech-js-engine mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-js-engine
Reply | Threaded
Open this post in threaded view
|

Re: Need some help with incident

Brendan Eich
achernoraenko at gmail com wrote:

> Brendan,
>
> Thank you very much for your answer.
>
>> What revision of jsparse.c is that?  CVS version if possible, or
>> SpiderMonkey JS1.5 Release Candidate number if that's what you used.
>>
> We use 1.5rc6a + insignificant changes like includes #include
> "JSRef.prefix.h", sorry...
>
> First of all we'll switch to 1.5 (
> http://ftp.mozilla.org/pub/mozilla.org/js/js-1.5.tar.gz ) and then will
> try to get same crash.
>
>> The best thing to do is get the crash in a debugger, and find someone on
>> irc.mozilla.org who can help.  At least mrbkap and I (brendan) should be
>> able to help if we are around.
>
> Thank you again! I'll find one of you on the channel if we have the
> same trouble.
> Actually we have several dump files (created by windbg) with the same
> crashes what we are analyzing. We can try to analyze it together
> somehow or we can share dump files.

And indeed, people found me (archer and ppk at least) on IRC, and we
believe this is https://bugzilla.mozilla.org/show_bug.cgi?id=283234,
which was not fixed in JS1.5 RC6a but is fixed on the trunk, in the
MOZILLA_1_8_BRANCH, and other places.

/be
_______________________________________________
dev-tech-js-engine mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-js-engine