惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

D
DataBreaches.Net
S
Schneier on Security
T
The Exploit Database - CXSecurity.com
Webroot Blog
Webroot Blog
AI
AI
P
Palo Alto Networks Blog
Attack and Defense Labs
Attack and Defense Labs
WordPress大学
WordPress大学
月光博客
月光博客
阮一峰的网络日志
阮一峰的网络日志
Spread Privacy
Spread Privacy
T
Tor Project blog
罗磊的独立博客
小众软件
小众软件
S
Security Affairs
酷 壳 – CoolShell
酷 壳 – CoolShell
量子位
Apple Machine Learning Research
Apple Machine Learning Research
T
Threatpost
NISL@THU
NISL@THU
博客园_首页
PCI Perspectives
PCI Perspectives
大猫的无限游戏
大猫的无限游戏
IT之家
IT之家
N
News and Events Feed by Topic
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Forbes - Security
Forbes - Security
博客园 - 叶小钗
D
Darknet – Hacking Tools, Hacker News & Cyber Security
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
Last Week in AI
Last Week in AI
L
LINUX DO - 热门话题
T
Threat Research - Cisco Blogs
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
腾讯CDC
Security Latest
Security Latest
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
The Cloudflare Blog
A
About on SuperTechFans
爱范儿
爱范儿
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
TaoSecurity Blog
TaoSecurity Blog
宝玉的分享
宝玉的分享
G
GRAHAM CLULEY
雷峰网
雷峰网
F
Full Disclosure
I
Intezer
Cloudbric
Cloudbric
博客园 - 三生石上(FineUI控件)
U
Unit 42

David Baron's Weblog

Software engineering, responsibility, and ownership Software engineering, responsibility, and ownership David Baron's weblog: Security and Inequality Running animations on the compositor thread David Baron's weblog: Tying ecosystems through browsers David Baron's weblog: Payments on the Web Thoughts on migrating to a secure Web David Baron's weblog: The need for government David Baron's weblog: Priority of constituencies How browser developers should seek feedback from Web developers A possible approach to shorter release cycles David Baron's weblog: Fifteen years Why debug builds (and assertions) are important Ten years of the Mozilla Foundation Open licensing at the W3C Why adding compositing and blending to CSS is harder than it looks How you can help with removing -moz- prefixes Moving bug history out of the primary display of a bug report Beware of locale-specific behavior in the C library Eating dogfood and shipping software Specification style and the future of the Web The bug system I wish I had CSS border-image changes and unprefixing Improving font size readability on Firefox for Android David Baron's weblog: CSS Animations, part 2 Hue-preserving color inversion with SVG filters Changes to handling of @-moz-keyframes David Baron's weblog: window.matchMedia() David Baron's weblog: CSS Animations What does a blur radius mean? Crash analysis in the future David Baron's weblog: calc() David Baron's weblog: colorDepth David Baron's weblog: Hidden complexity in specifications The most important field in a bug report: the summary WOFF font format submitted to W3C David Baron's weblog: :-moz-any() selector grouping setTimeout with a shorter delay Faster repainting in SVG foreignObject David Baron's weblog: Distributed Extensibility David Baron's weblog: Broadening crash analysis David Baron's weblog: ex-HTML Downloadable font formats for the Web Web Accessibility as a Political Movement David Baron's weblog: CSS priorities David Baron's weblog: Bug priorities David Baron's weblog: Semi-vacation Some new CSS features in Firefox 3 David Baron's weblog: New selectors David Baron's weblog: The age of bugs Seeking a good Linux distribution David Baron's weblog: Teaching to the test David Baron's weblog: March 2008 David Baron's weblog: February 2008 David Baron's weblog: January 2008 David Baron's weblog: October 2007 David Baron's weblog: September 2007 David Baron's weblog: August 2007 David Baron's weblog: June 2007 David Baron's weblog: April 2007 David Baron's weblog: March 2007 David Baron's weblog: January 2007 David Baron's weblog: September 2006 David Baron's weblog: August 2006 David Baron's weblog: July 2006 David Baron's weblog: May 2006 David Baron's weblog: February 2006 David Baron's weblog: January 2006 David Baron's weblog: December 2005 David Baron's weblog: October 2005 David Baron's weblog: September 2005 David Baron's weblog: June 2005 David Baron's weblog: May 2005 David Baron's weblog: April 2005 David Baron's weblog: March 2005 David Baron's weblog: February 2005 David Baron's weblog: October 2004 David Baron's weblog: September 2004 David Baron's weblog: August 2004 David Baron's weblog: June 2004 David Baron's weblog: May 2004 David Baron's weblog: April 2004 David Baron's weblog: March 2004 David Baron's weblog: February 2004 David Baron's weblog: January 2004 David Baron's weblog: November 2003 David Baron's weblog: October 2003 David Baron's weblog: September 2003 David Baron's weblog: August 2003 David Baron's weblog: July 2003 David Baron's weblog: June 2003 David Baron's weblog: May 2003 David Baron's weblog: April 2003 David Baron's weblog: March 2003 David Baron's weblog: February 2003 David Baron's weblog: January 2003 David Baron's weblog: December 2002 David Baron's weblog: November 2002 David Baron's weblog: September 2002
Correlating crashes with binary extensions or plugins
David Baron · 2009-09-23 · via David Baron's Weblog

Update (2009-09-27): I've moved this page to a permanent location and I have added new data there. Read that page instead of this one.

Firefox ships with an automated crash reporting system that can send reports of crashes back to Mozilla so that we can make Firefox crash less often. Anybody can search the reports to help find and fix problems. We categorize these crashes by their signature, which is the function, library, or address where we're executing code when Firefox crashes. However, it's sometimes hard to tell why a particular crash happens. If it's specific to a particular action or website, users will often mention that in the comments they submit, or we can sometimes tell based on the code that was running at the time of the crash. But sometimes we still can't get the browser to crash for ourselves based on what users said, or figure out a possible fix based only on the data in the crash report. Some crashes are also specific to particular plugins or extensions that users might have installed (or that might have been installed without the user's knowledge). If we know this, it gets us closer to fixing the crash, whether it's a problem in the extension or plugin, or a problem in our code triggered by it.

One of the pieces of data in a crash report is the list of shared libraries (modules containing code that is executed) that were loaded at the time of the crash (and the memory addresses at which they were loaded). These libraries could be parts of the operating system, parts of Firefox, or parts of extensions or plugins that are loaded. This list is essential for making sense of the crash report, since to know what code was executing when Firefox crashed, we need to be able to map a memory address of code that was executing. (Those addresses are themselves figured out after the crash report is submitted, using debugging information that we save after compiling Firefox, but don't ship to users, in order to reconstruct the execution stack at the time of the crash.)

However, the list of shared libraries that's loaded also tells us what plugins or extensions are running, which we can use to figure out which crashes might be related to particular extensions. In the past we've done this by looking at the list of modules by hand. But today, Mike Morgan and Aravind Gottipati helped me get a random sample of just under 10000 crash reports from a recent 24 hour period, all from Firefox 3.5.3. I wrote a script that processes those reports (which are essentially a JSON version of the data that show up in a crash report on the Web interface) that lists modules that might be related to causing the crash.

The output of my script is available for data based on:

This output looks like this:

  nsGlobalWindow::cycleCollection::UnmarkPurple(nsISupports*) (97 crashes)
     65% (63/97) vs.   2% (158/7100) FFComm.dll
     63% (61/97) vs.   2% (134/7100) bdGUICtl.dll
     63% (61/97) vs.   2% (134/7100) BDUtils.dll

What this output is saying is that the data have 97 occurrences of the crash with signature nsGlobalWindow::cycleCollection::UnmarkPurple(nsISupports*). Of these 97 crashes, in 63 the library FFComm.dll was loaded (65% of the time). However, out of all 7100 crashes, FFComm.dll was only loaded at the time of 158 of the crashes (2% of the time). This suggests that the presence of this library may be related to the cause of the crash.

There's a lot of data here to look through, so I'm posting it so everybody can look, and add data to existing bug reports.

I intentionally set the thresholds low as a starting point, so there's a good bit of noise in these reports. Future enhancements might include looking at the versions of the modules (in case a crash is only present in older versions of a plugin), using better thresholds, and perhaps also showing modules that appear to fix a crash in addition to those that appear to cause it. And perhaps even nicer-looking output.