惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

G
Google Developers Blog
S
Schneier on Security
The Hacker News
The Hacker News
P
Proofpoint News Feed
Spread Privacy
Spread Privacy
L
LINUX DO - 热门话题
L
Lohrmann on Cybersecurity
I
Intezer
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
www.infosecurity-magazine.com
www.infosecurity-magazine.com
Schneier on Security
Schneier on Security
Security Latest
Security Latest
AWS News Blog
AWS News Blog
B
Blog RSS Feed
Microsoft Security Blog
Microsoft Security Blog
有赞技术团队
有赞技术团队
博客园 - 叶小钗
The Last Watchdog
The Last Watchdog
O
OpenAI News
月光博客
月光博客
Hacker News: Ask HN
Hacker News: Ask HN
阮一峰的网络日志
阮一峰的网络日志
S
Security @ Cisco Blogs
Google Online Security Blog
Google Online Security Blog
云风的 BLOG
云风的 BLOG
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Latest news
Latest news
P
Palo Alto Networks Blog
Last Week in AI
Last Week in AI
M
MIT News - Artificial intelligence
Google DeepMind News
Google DeepMind News
P
Proofpoint News Feed
C
CERT Recently Published Vulnerability Notes
Apple Machine Learning Research
Apple Machine Learning Research
U
Unit 42
PCI Perspectives
PCI Perspectives
博客园 - 聂微东
SecWiki News
SecWiki News
宝玉的分享
宝玉的分享
Forbes - Security
Forbes - Security
H
Heimdal Security Blog
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Hugging Face - Blog
Hugging Face - Blog
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
T
Troy Hunt's Blog
博客园 - 三生石上(FineUI控件)
Application and Cybersecurity Blog
Application and Cybersecurity Blog
罗磊的独立博客
WordPress大学
WordPress大学
D
Darknet – Hacking Tools, Hacker News & Cyber Security

David Baron's Weblog

Software engineering, responsibility, and ownership Software engineering, responsibility, and ownership David Baron's weblog: Security and Inequality Running animations on the compositor thread David Baron's weblog: Tying ecosystems through browsers David Baron's weblog: Payments on the Web Thoughts on migrating to a secure Web David Baron's weblog: The need for government David Baron's weblog: Priority of constituencies How browser developers should seek feedback from Web developers A possible approach to shorter release cycles David Baron's weblog: Fifteen years Why debug builds (and assertions) are important Ten years of the Mozilla Foundation Open licensing at the W3C Why adding compositing and blending to CSS is harder than it looks How you can help with removing -moz- prefixes Moving bug history out of the primary display of a bug report Beware of locale-specific behavior in the C library Eating dogfood and shipping software Specification style and the future of the Web The bug system I wish I had CSS border-image changes and unprefixing Improving font size readability on Firefox for Android David Baron's weblog: CSS Animations, part 2 Hue-preserving color inversion with SVG filters Changes to handling of @-moz-keyframes David Baron's weblog: window.matchMedia() David Baron's weblog: CSS Animations What does a blur radius mean? David Baron's weblog: calc() David Baron's weblog: colorDepth David Baron's weblog: Hidden complexity in specifications The most important field in a bug report: the summary WOFF font format submitted to W3C David Baron's weblog: :-moz-any() selector grouping setTimeout with a shorter delay Faster repainting in SVG foreignObject David Baron's weblog: Distributed Extensibility David Baron's weblog: Broadening crash analysis Correlating crashes with binary extensions or plugins David Baron's weblog: ex-HTML Downloadable font formats for the Web Web Accessibility as a Political Movement David Baron's weblog: CSS priorities David Baron's weblog: Bug priorities David Baron's weblog: Semi-vacation Some new CSS features in Firefox 3 David Baron's weblog: New selectors David Baron's weblog: The age of bugs Seeking a good Linux distribution David Baron's weblog: Teaching to the test David Baron's weblog: March 2008 David Baron's weblog: February 2008 David Baron's weblog: January 2008 David Baron's weblog: October 2007 David Baron's weblog: September 2007 David Baron's weblog: August 2007 David Baron's weblog: June 2007 David Baron's weblog: April 2007 David Baron's weblog: March 2007 David Baron's weblog: January 2007 David Baron's weblog: September 2006 David Baron's weblog: August 2006 David Baron's weblog: July 2006 David Baron's weblog: May 2006 David Baron's weblog: February 2006 David Baron's weblog: January 2006 David Baron's weblog: December 2005 David Baron's weblog: October 2005 David Baron's weblog: September 2005 David Baron's weblog: June 2005 David Baron's weblog: May 2005 David Baron's weblog: April 2005 David Baron's weblog: March 2005 David Baron's weblog: February 2005 David Baron's weblog: October 2004 David Baron's weblog: September 2004 David Baron's weblog: August 2004 David Baron's weblog: June 2004 David Baron's weblog: May 2004 David Baron's weblog: April 2004 David Baron's weblog: March 2004 David Baron's weblog: February 2004 David Baron's weblog: January 2004 David Baron's weblog: November 2003 David Baron's weblog: October 2003 David Baron's weblog: September 2003 David Baron's weblog: August 2003 David Baron's weblog: July 2003 David Baron's weblog: June 2003 David Baron's weblog: May 2003 David Baron's weblog: April 2003 David Baron's weblog: March 2003 David Baron's weblog: February 2003 David Baron's weblog: January 2003 David Baron's weblog: December 2002 David Baron's weblog: November 2002 David Baron's weblog: September 2002
Crash analysis in the future
David Baron · 2010-11-12 · via David Baron's Weblog

Last year I wrote about some things I was doing to analyze crash reports that Firefox users submit when they crash. I've been meaning for a while to explain a little more context about what we currently do with crash reports and what we could do in the future.

Fundamentally, we use crash reports for two different things: figuring out which crashes we should focus on, and fixing a specific crash.

We should aim to focus resources where they are most efficient, that is, where they produce the most benefit per unit cost. When we're fixing crashes, this means that:

  • We should focus on the crash bugs that happen the most often (affect the most users or crash each user most often). To put it another way, we should focus on crash reports where fixing the crash in that report will simultaneously fix the largest number of other reported crashes.
  • We should focus on crashes whose effects are more serious. For example, a crash that prevents a user from using Firefox is probably more serious that a crash that occurs intermittently, even though we will likely get more reports of an intermittent crash (since those users keep using Firefox) than of a permanent crash on startup (since those users will give up). It isn't always obvious which crashes are more important, but we're still better off thinking about it.
  • We should focus on crashes that are easier to fix. They may be easier to fix because we have relevant data (such as steps to reproduce the crash or data pointing to a particular extension that's responsible) or because the crash was recently introduced and therefore the code involved is fresh in the mind of its author.

Our current approach to focusing resources involves classifying crashes by their signature: the top meaningful frame in the stack trace of the crashing thread (or in some cases, more than one frame). We then look at which signatures are most frequent, and when new signatures appear. This fails to account for a number of common cases: when one signature shows up for multiple underlying bugs, when multiple signatures show up for a single underlying bug, or when a single underlying bug changes between different signatures over time due to unrelated code changes.

In the future, we should use better cluster detection methods to group crash reports into groups of similar crashes, based on all the data we have in the crash report (including stack trace, installed extensions and other libraries present, CPU and OS versions, and URLs being visited). We should also use the data in the crash reports (such as time since startup) and the frequency of crashes over time (since crashes that cause users to stop using Firefox will spike after a release and then fall) to detect which crashes are of the more serious types. Together, these improvements should help with prioritization of crashes.

Our use of data for fixing a specific crash is a bit closer to where I'd like it to be than our use of data for prioritizing crashes. A significant part of this is the data provided by Breakpad: the machine state at the time of the crash. In many cases, either we've been given steps from a user that are sufficient to see the crash for ourselves, or the machine state provided by breakpad is sufficient information for us to fix the problem. However, there are also many crashes where these don't happen. The tools I worked on last year provide significant additional pieces of information. However, those tools are fundamentally tools to assist in playing a game of “spot the outlier.” The process of looking for clues involves looking for what's unusual about the crash reports. Do all the users who are crashing have the same extension? Are they all on multi-core CPUs? Do they all have the same version of Windows? Right now, we have the ability to look up each of these pieces of data. However, developers' lives would be significantly easier (and they'd be less likely to miss important clues) if we had tools that automatically detected which characteristics of the crashes were unusual.

I'm hoping that future versions of Socorro will let us do many of these things.