Closed
Bug 290535
Opened 20 years ago
Closed 20 years ago
Trunk crash [@ nsDOMClassInfo::MarkReachablePreservedWrappers]
Categories
(Core :: DOM: Core & HTML, defect, P1)
Core
DOM: Core & HTML
Tracking
()
RESOLVED
FIXED
mozilla1.8beta2
People
(Reporter: wgianopoulos, Assigned: dbaron)
Details
(Keywords: crash, regression, topcrash, Whiteboard: [patch])
Crash Data
Attachments
(1 file)
|
7.47 KB,
patch
|
jst
:
review+
jst
:
superreview+
asa
:
approval1.8b2+
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.7) Gecko/20050414 Firefox/1.0.3
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b2) Gecko/20050413 Firefox/1.0+
Firefox intermittently crashing when I lunch chatzilla. I filed this as a DOM
bug rather than Firefox, because talkback reports show this as a top crasher
with seamonkey as well. I did not file this as a chatzilla bug beecuase I had
been running the same version of chatzilla for a long time with no issue and
have only seen crashes recently. I have chatzilla configured to send a "msg
nickserv IDENTITY password" automatically when I connect to moznet. It is
around the time it does this that it seems to crash.
Reproducible: Sometimes
|
Reporter | |
Comment 1•20 years ago
|
||
Talkback incidents:
http://talkback-public.mozilla.org/talkback/fastfind.jsp?search=2&type=iid&id=5098610
http://talkback-public.mozilla.org/talkback/fastfind.jsp?search=2&type=iid&id=5074043
http://talkback-public.mozilla.org/talkback/fastfind.jsp?search=2&type=iid&id=5073795
http://talkback-public.mozilla.org/talkback/fastfind.jsp?search=2&type=iid&id=5070076
|
|
Reporter | |
Comment 2•20 years ago
|
||
Stack trace:
nsDOMClassInfo::MarkReachablePreservedWrappers
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.0_Depend/mozilla/dom/src/base/nsDOMClassInfo.cpp,
line 4538]
nsNodeSH::Mark
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.0_Depend/mozilla/dom/src/base/nsDOMClassInfo.cpp,
line 5459]
XPC_WN_Helper_Mark
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.0_Depend/mozilla/js/src/xpconnect/src/xpcwrappednativejsops.cpp,
line 896]
js_Mark [c:/builds/tinderbox/Fx-Trunk/WINNT_5.0_Depend/mozilla/js/src/jsobj.c,
line 3964]
MarkGCThing
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.0_Depend/mozilla/js/src/jsgc.c, line 1122]
MarkGCThing
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.0_Depend/mozilla/js/src/jsgc.c, line 1209]
MarkGCThing
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.0_Depend/mozilla/js/src/jsgc.c, line 1209]
MarkGCThing
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.0_Depend/mozilla/js/src/jsgc.c, line 1209]
MarkGCThing
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.0_Depend/mozilla/js/src/jsgc.c, line 1209]
MarkGCThing
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.0_Depend/mozilla/js/src/jsgc.c, line 1209]
js_MarkGCThing
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.0_Depend/mozilla/js/src/jsgc.c, line 1422]
XPC_WN_Shared_Proto_Mark
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.0_Depend/mozilla/js/src/xpconnect/src/xpcwrappednativejsops.cpp,
line 1386]
MarkGCThing
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.0_Depend/mozilla/js/src/jsgc.c, line 1122]
js_MarkGCThing
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.0_Depend/mozilla/js/src/jsgc.c, line 1422]
XPC_WN_Helper_Mark
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.0_Depend/mozilla/js/src/xpconnect/src/xpcwrappednativejsops.cpp,
line 896]
js_Mark [c:/builds/tinderbox/Fx-Trunk/WINNT_5.0_Depend/mozilla/js/src/jsobj.c,
line 3964]
MarkGCThing
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.0_Depend/mozilla/js/src/jsgc.c, line 1122]
MarkGCThing
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.0_Depend/mozilla/js/src/jsgc.c, line 1209]
js_MarkGCThing
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.0_Depend/mozilla/js/src/jsgc.c, line 1422]
MarkGCThing
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.0_Depend/mozilla/js/src/jsgc.c, line 1122]
MarkGCThing
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.0_Depend/mozilla/js/src/jsgc.c, line 1209]
MarkGCThing
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.0_Depend/mozilla/js/src/jsgc.c, line 1209]
MarkGCThing
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.0_Depend/mozilla/js/src/jsgc.c, line 1209]
MarkGCThing
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.0_Depend/mozilla/js/src/jsgc.c, line 1209]
MarkGCThing
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.0_Depend/mozilla/js/src/jsgc.c, line 1209]
MarkGCThing
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.0_Depend/mozilla/js/src/jsgc.c, line 1209]
js_MarkGCThing
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.0_Depend/mozilla/js/src/jsgc.c, line 1422]
nsNodeSH::Mark
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.0_Depend/mozilla/dom/src/base/nsDOMClassInfo.cpp,
line 5459]
XPC_WN_Helper_Mark
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.0_Depend/mozilla/js/src/xpconnect/src/xpcwrappednativejsops.cpp,
line 896]
js_Mark [c:/builds/tinderbox/Fx-Trunk/WINNT_5.0_Depend/mozilla/js/src/jsobj.c,
line 3964]
MarkGCThing
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.0_Depend/mozilla/js/src/jsgc.c, line 1122]
MarkGCThing
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.0_Depend/mozilla/js/src/jsgc.c, line 1209]
js_MarkGCThing
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.0_Depend/mozilla/js/src/jsgc.c, line 1422]
XPC_WN_Shared_Proto_Mark
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.0_Depend/mozilla/js/src/xpconnect/src/xpcwrappednativejsops.cpp,
line 1386]
MarkGCThing
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.0_Depend/mozilla/js/src/jsgc.c, line 1122]
js_MarkGCThing
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.0_Depend/mozilla/js/src/jsgc.c, line 1422]
XPC_WN_Helper_Mark
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.0_Depend/mozilla/js/src/xpconnect/src/xpcwrappednativejsops.cpp,
line 896]
js_Mark [c:/builds/tinderbox/Fx-Trunk/WINNT_5.0_Depend/mozilla/js/src/jsobj.c,
line 3964]
MarkGCThing
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.0_Depend/mozilla/js/src/jsgc.c, line 1122]
js_MarkGCThing
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.0_Depend/mozilla/js/src/jsgc.c, line 1422]
js_GC [c:/builds/tinderbox/Fx-Trunk/WINNT_5.0_Depend/mozilla/js/src/jsgc.c,
line 1677]
js_ForceGC
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.0_Depend/mozilla/js/src/jsgc.c, line 1486]
nsXPCWrappedJSClass::CallMethod
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.0_Depend/mozilla/js/src/xpconnect/src/xpcwrappedjsclass.cpp,
line 1588]
nsXPCWrappedJS::CallMethod
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.0_Depend/mozilla/js/src/xpconnect/src/xpcwrappedjs.cpp,
line 450]
SharedStub
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.0_Depend/mozilla/xpcom/reflect/xptcall/src/md/win32/xptcstubs.cpp,
line 147]
nsIOService::NewURI
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.0_Depend/mozilla/netwerk/base/src/nsIOService.cpp,
line 422]
NS_NewURI [../../dist/include/necko/nsNetUtil.h, line 121]
nsContentUtils::NewURIWithDocumentCharset
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.0_Depend/mozilla/content/base/src/nsContentUtils.cpp,
line 1530]
nsGenericHTMLElement::GetHrefURIForAnchors
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.0_Depend/mozilla/content/html/content/src/nsGenericHTMLElement.cpp,
line 1646]
nsHTMLAreaElement::GetHrefURI
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.0_Depend/mozilla/content/html/content/src/nsHTMLAreaElement.cpp,
line 493]
RuleProcessorData::RuleProcessorData
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.0_Depend/mozilla/layout/style/nsCSSStyleSheet.cpp,
line 2710]
nsStyleSet::ResolveStyleFor
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.0_Depend/mozilla/layout/style/nsStyleSet.cpp,
line 580]
nsElementSH::PostCreate
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.0_Depend/mozilla/dom/src/base/nsDOMClassInfo.cpp,
line 5675]
XPCWrappedNative::GetNewOrUsed
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.0_Depend/mozilla/js/src/xpconnect/src/xpcwrappednative.cpp,
line 438]
XPCWrappedNative::GetNewOrUsed
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.0_Depend/mozilla/js/src/xpconnect/src/xpcwrappednative.cpp,
line 318]
XPCConvert::NativeInterface2JSObject
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.0_Depend/mozilla/js/src/xpconnect/src/xpcconvert.cpp,
line 1065]
nsXPConnect::WrapNative
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.0_Depend/mozilla/js/src/xpconnect/src/nsXPConnect.cpp,
line 567]
nsDOMClassInfo::WrapNative
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.0_Depend/mozilla/dom/src/base/nsDOMClassInfo.cpp,
line 1254]
nsArraySH::GetProperty
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.0_Depend/mozilla/dom/src/base/nsDOMClassInfo.cpp,
line 5776]
nsNamedArraySH::GetProperty
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.0_Depend/mozilla/dom/src/base/nsDOMClassInfo.cpp,
line 5821]
XPC_WN_Helper_GetProperty
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.0_Depend/mozilla/js/src/xpconnect/src/xpcwrappednativejsops.cpp,
line 812]
js_GetProperty
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.0_Depend/mozilla/js/src/jsobj.c, line 2726]
js_Interpret
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.0_Depend/mozilla/js/src/jsinterp.c, line 3431]
js_Invoke
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.0_Depend/mozilla/js/src/jsinterp.c, line 1334]
|
|
||
Comment 3•20 years ago
|
||
This is a topcrasher on the Trunk:
http://talkback-public.mozilla.org/talkback/fastfind.jsp?search=1&searchby=stacksig&match=contains&searchfor=%09+nsDOMClassInfo%3A%3AMarkReachablePreservedWrappers&vendor=All&product=All&platform=All&buildid=&sdate=&stime=&edate=&etime=&sortby=bbid
Looks like the check in for bug 283129 might have exposed this bug, assigning to
dbaron for now. Not sure if it's a regression, but adding keyword to get this on
our radar.
Most comments mention starting Chatzilla, so that looks like one of the
extensions this migth have effected.
Assignee: general → dbaron
Summary: crash @nsDOMClassInfo::MarkReachablePreservedWrappers → Trunk crash [@ nsDOMClassInfo::MarkReachablePreservedWrappers]
|
|
||
Comment 4•20 years ago
|
||
William: Can you try reproducing this with a Firefox nightly build before 3/29
to see if we can get a regression window for this crash? Thanks.
|
|
Reporter | |
Comment 5•20 years ago
|
||
actually I am getting a similar crash occaisionally starting the Lotus/IBM JAVA
sametime meetingroom plug-in.
|
|
Reporter | |
Comment 6•20 years ago
|
||
Talkback URL for sametime lauch crash
http://talkback-public.mozilla.org/talkback/fastfind.jsp?search=2&type=iid&id=5200781
Flags: blocking1.8b2?
Flags: blocking-aviary1.1?
|
|
Reporter | |
Comment 7•20 years ago
|
||
This definitely crashes with the 2005033007 build of Firefox, and so far I have
not been able to make it crash with the 20050329 build, nor does talkback show
any crashes with this stack signature with builds prior to 20050330.
|
|
Reporter | |
Comment 8•20 years ago
|
||
Based on the regression window, I would definitely suspect the check-in for bug
283129 as the culprit here.
|
Assignee | |
Comment 9•20 years ago
|
||
The changes to DOMGCCallback in this patch fix the crash that I can reproduce
with chatzilla. (The other changes are just cleanup.) The assertions I used
to find the problem are heavily intertwined with my patch to bug 241518 so
they'll appear in the next version of my patch there. The assertions are that
I added to the beginning of nsDOMClassInfo::PreserveWrapper (and the
equivalent to ReleaseWrapper):
NS_PRECONDITION(aKey, "unexpected null pointer");
NS_PRECONDITION(aWrapper, "unexpected null pointer");
NS_PRECONDITION(aParticipant, "unexpected null pointer");
NS_ASSERTION(!sWrapperSCCTable.ops,
"cannot change preserved wrapper table during mark phase");
It was the last of these assertions that was firing, and the problem would
cause the sWrapperSCCTable to have bad pointers the next time we did a GC.
It is a little ugly, though. Perhaps we should add a new JS_GC_* callback
value (either adding JS_GC_MARK_BEGIN or splitting JS_GC_MARK_END would fix
it). It ought to work reliably, though, I think...
Attachment #181332 -
Flags: review?(jst)
|
|
Assignee | |
Updated•20 years ago
|
Status: NEW → ASSIGNED
OS: Windows XP → All
Priority: -- → P1
Hardware: PC → All
Whiteboard: [patch]
Target Milestone: --- → mozilla1.8beta2
|
|
Reporter | |
Comment 10•20 years ago
|
||
(In reply to comment #9)
> Created an attachment (id=181332) [edit]
> patch
>
This patch appears to fix the problem I originally reported.
|
||
Comment 11•20 years ago
|
||
If we get a review in time, please request approval to land, if not, then this
goes into beta3
Flags: blocking1.8b3+
Flags: blocking1.8b2?
Flags: blocking1.8b2-
|
|
Assignee | |
Comment 12•20 years ago
|
||
Comment on attachment 181332 [details] [diff] [review]
patch
>+ // XXX This relies on our callback being registered after XPCJSRuntime's.
Actually, that's not true. It relies on the fact that XPCJSRuntime::GCCallback
calls the old callback at the end. If it called the old callback at the
beginning, then it would rely on registration order, but relying on what's
actually clear in the code is safer...
|
||
Comment 13•20 years ago
|
||
Comment on attachment 181332 [details] [diff] [review]
patch
r+sr=jst. I think this is good enough for now, JS API changes would help here,
but this'll do for now IMO.
Attachment #181332 -
Flags: superreview+
Attachment #181332 -
Flags: review?(jst)
Attachment #181332 -
Flags: review+
|
|
Assignee | |
Comment 14•20 years ago
|
||
Comment on attachment 181332 [details] [diff] [review]
patch
low-risk topcrash fix
Attachment #181332 -
Flags: approval1.8b2?
|
|
||
Comment 15•20 years ago
|
||
Comment on attachment 181332 [details] [diff] [review]
patch
a=asa
Attachment #181332 -
Flags: approval1.8b2? → approval1.8b2+
|
|
Assignee | |
Comment 16•20 years ago
|
||
Fix checked in to trunk, 2005-04-25 18:23 -0700.
Status: ASSIGNED → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
|
|
||
Comment 17•20 years ago
|
||
dbaron, please bug me if you want a new JSGC_* callback cookie.
/be
|
|
||
Updated•20 years ago
|
Flags: blocking-aviary1.1?
|
||
Updated•14 years ago
|
Crash Signature: [@ nsDOMClassInfo::MarkReachablePreservedWrappers]
|
|
||
Updated•6 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•