惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

F
Full Disclosure
Stack Overflow Blog
Stack Overflow Blog
H
Help Net Security
Microsoft Azure Blog
Microsoft Azure Blog
The GitHub Blog
The GitHub Blog
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
Recorded Future
Recorded Future
Y
Y Combinator Blog
Cloudbric
Cloudbric
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
S
Schneier on Security
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
C
Cybersecurity and Infrastructure Security Agency CISA
TaoSecurity Blog
TaoSecurity Blog
Security Latest
Security Latest
N
News and Events Feed by Topic
Hacker News - Newest:
Hacker News - Newest: "LLM"
D
DataBreaches.Net
Security Archives - TechRepublic
Security Archives - TechRepublic
H
Hacker News: Front Page
C
Cisco Blogs
L
LangChain Blog
aimingoo的专栏
aimingoo的专栏
Recent Commits to openclaw:main
Recent Commits to openclaw:main
V
Vulnerabilities – Threatpost
L
LINUX DO - 最新话题
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Google Online Security Blog
Google Online Security Blog
D
Darknet – Hacking Tools, Hacker News & Cyber Security
A
About on SuperTechFans
www.infosecurity-magazine.com
www.infosecurity-magazine.com
Jina AI
Jina AI
C
CXSECURITY Database RSS Feed - CXSecurity.com
Schneier on Security
Schneier on Security
T
Tenable Blog
N
News and Events Feed by Topic
W
WeLiveSecurity
有赞技术团队
有赞技术团队
AI
AI
爱范儿
爱范儿
大猫的无限游戏
大猫的无限游戏
Latest news
Latest news
T
The Blog of Author Tim Ferriss
S
Security Affairs
Know Your Adversary
Know Your Adversary
Simon Willison's Weblog
Simon Willison's Weblog
G
GRAHAM CLULEY
Google DeepMind News
Google DeepMind News
The Cloudflare Blog

David Baron's Weblog

Software engineering, responsibility, and ownership Software engineering, responsibility, and ownership David Baron's weblog: Security and Inequality Running animations on the compositor thread David Baron's weblog: Tying ecosystems through browsers David Baron's weblog: Payments on the Web Thoughts on migrating to a secure Web David Baron's weblog: The need for government David Baron's weblog: Priority of constituencies How browser developers should seek feedback from Web developers A possible approach to shorter release cycles David Baron's weblog: Fifteen years Why debug builds (and assertions) are important Ten years of the Mozilla Foundation Open licensing at the W3C Why adding compositing and blending to CSS is harder than it looks How you can help with removing -moz- prefixes Moving bug history out of the primary display of a bug report Beware of locale-specific behavior in the C library Eating dogfood and shipping software Specification style and the future of the Web The bug system I wish I had CSS border-image changes and unprefixing Improving font size readability on Firefox for Android David Baron's weblog: CSS Animations, part 2 Hue-preserving color inversion with SVG filters Changes to handling of @-moz-keyframes David Baron's weblog: window.matchMedia() David Baron's weblog: CSS Animations What does a blur radius mean? David Baron's weblog: calc() David Baron's weblog: colorDepth David Baron's weblog: Hidden complexity in specifications The most important field in a bug report: the summary WOFF font format submitted to W3C David Baron's weblog: :-moz-any() selector grouping setTimeout with a shorter delay Faster repainting in SVG foreignObject David Baron's weblog: Distributed Extensibility David Baron's weblog: Broadening crash analysis Correlating crashes with binary extensions or plugins David Baron's weblog: ex-HTML Downloadable font formats for the Web Web Accessibility as a Political Movement David Baron's weblog: CSS priorities David Baron's weblog: Bug priorities David Baron's weblog: Semi-vacation Some new CSS features in Firefox 3 David Baron's weblog: New selectors David Baron's weblog: The age of bugs Seeking a good Linux distribution David Baron's weblog: Teaching to the test David Baron's weblog: March 2008 David Baron's weblog: February 2008 David Baron's weblog: January 2008 David Baron's weblog: October 2007 David Baron's weblog: September 2007 David Baron's weblog: August 2007 David Baron's weblog: June 2007 David Baron's weblog: April 2007 David Baron's weblog: March 2007 David Baron's weblog: January 2007 David Baron's weblog: September 2006 David Baron's weblog: August 2006 David Baron's weblog: July 2006 David Baron's weblog: May 2006 David Baron's weblog: February 2006 David Baron's weblog: January 2006 David Baron's weblog: December 2005 David Baron's weblog: October 2005 David Baron's weblog: September 2005 David Baron's weblog: June 2005 David Baron's weblog: May 2005 David Baron's weblog: April 2005 David Baron's weblog: March 2005 David Baron's weblog: February 2005 David Baron's weblog: October 2004 David Baron's weblog: September 2004 David Baron's weblog: August 2004 David Baron's weblog: June 2004 David Baron's weblog: May 2004 David Baron's weblog: April 2004 David Baron's weblog: March 2004 David Baron's weblog: February 2004 David Baron's weblog: January 2004 David Baron's weblog: November 2003 David Baron's weblog: October 2003 David Baron's weblog: September 2003 David Baron's weblog: August 2003 David Baron's weblog: July 2003 David Baron's weblog: June 2003 David Baron's weblog: May 2003 David Baron's weblog: April 2003 David Baron's weblog: March 2003 David Baron's weblog: February 2003 David Baron's weblog: January 2003 David Baron's weblog: December 2002 David Baron's weblog: November 2002 David Baron's weblog: September 2002
Crash analysis in the future
David Baron · 2010-11-12 · via David Baron's Weblog

Last year I wrote about some things I was doing to analyze crash reports that Firefox users submit when they crash. I've been meaning for a while to explain a little more context about what we currently do with crash reports and what we could do in the future.

Fundamentally, we use crash reports for two different things: figuring out which crashes we should focus on, and fixing a specific crash.

We should aim to focus resources where they are most efficient, that is, where they produce the most benefit per unit cost. When we're fixing crashes, this means that:

  • We should focus on the crash bugs that happen the most often (affect the most users or crash each user most often). To put it another way, we should focus on crash reports where fixing the crash in that report will simultaneously fix the largest number of other reported crashes.
  • We should focus on crashes whose effects are more serious. For example, a crash that prevents a user from using Firefox is probably more serious that a crash that occurs intermittently, even though we will likely get more reports of an intermittent crash (since those users keep using Firefox) than of a permanent crash on startup (since those users will give up). It isn't always obvious which crashes are more important, but we're still better off thinking about it.
  • We should focus on crashes that are easier to fix. They may be easier to fix because we have relevant data (such as steps to reproduce the crash or data pointing to a particular extension that's responsible) or because the crash was recently introduced and therefore the code involved is fresh in the mind of its author.

Our current approach to focusing resources involves classifying crashes by their signature: the top meaningful frame in the stack trace of the crashing thread (or in some cases, more than one frame). We then look at which signatures are most frequent, and when new signatures appear. This fails to account for a number of common cases: when one signature shows up for multiple underlying bugs, when multiple signatures show up for a single underlying bug, or when a single underlying bug changes between different signatures over time due to unrelated code changes.

In the future, we should use better cluster detection methods to group crash reports into groups of similar crashes, based on all the data we have in the crash report (including stack trace, installed extensions and other libraries present, CPU and OS versions, and URLs being visited). We should also use the data in the crash reports (such as time since startup) and the frequency of crashes over time (since crashes that cause users to stop using Firefox will spike after a release and then fall) to detect which crashes are of the more serious types. Together, these improvements should help with prioritization of crashes.

Our use of data for fixing a specific crash is a bit closer to where I'd like it to be than our use of data for prioritizing crashes. A significant part of this is the data provided by Breakpad: the machine state at the time of the crash. In many cases, either we've been given steps from a user that are sufficient to see the crash for ourselves, or the machine state provided by breakpad is sufficient information for us to fix the problem. However, there are also many crashes where these don't happen. The tools I worked on last year provide significant additional pieces of information. However, those tools are fundamentally tools to assist in playing a game of “spot the outlier.” The process of looking for clues involves looking for what's unusual about the crash reports. Do all the users who are crashing have the same extension? Are they all on multi-core CPUs? Do they all have the same version of Windows? Right now, we have the ability to look up each of these pieces of data. However, developers' lives would be significantly easier (and they'd be less likely to miss important clues) if we had tools that automatically detected which characteristics of the crashes were unusual.

I'm hoping that future versions of Socorro will let us do many of these things.