Open Bug 622315 Opened 14 years ago Updated 2 years ago

"ASSERTION: Entry added to loadgroup twice, don't do that"

Categories

(Core :: DOM: Navigation, defect)

Product:
Core
Component:
DOM: Navigation
Type:
defect

Tracking

()

Tracking Flags:
Tracking Status
firefox8 --- unaffected
firefox9 --- unaffected
firefox10 --- affected

People

(Reporter: jruderman, Unassigned)

References

Details

(Keywords: assertion, memory-leak, testcase)

Attachments

(5 files, 2 obsolete files)

testcase
511 bytes, text/html
Details
log with assertion stacks
30.01 KB, text/plain
Details
testcase that leaks
554 bytes, text/html
Details
Updated Patch
1.33 KB, patch
bzbarsky
: review+
Details | Diff | Splinter Review
Backout
1.56 KB, patch
christian
: approval-mozilla-aurora+
christian
: approval-mozilla-beta+
Details | Diff | Splinter Review
Attached file testcase 
###!!! ASSERTION: Entry added to loadgroup twice, don't do that: 'PL_DHASH_ENTRY_IS_FREE(entry)', file netwerk/base/src/nsLoadGroup.cpp, line 537

###!!! ASSERTION: should only have one RestorePresentationEvent: '!mRestorePresentationEvent.IsPending()', file docshell/base/nsDocShell.cpp, line 6862

    
    

    
  

      
      
      
      

        Attached file
          
        testcase that leaks
      

    


  
Adding a location.replace makes it leak in addition to asserting.

    
  
Keywords: mlk

    
    

    
  
I can reproduce this on Windows.

We leak

TEST-UNEXPECTED-FAIL | automationutils.processLeakLog() | leaked 944 bytes durin
g test execution
TEST-UNEXPECTED-FAIL | automationutils.processLeakLog() | leaked 1 instance of n
sBaseChannel with size 156 bytes
TEST-UNEXPECTED-FAIL | automationutils.processLeakLog() | leaked 1 instance of n
sBaseURLParser with size 12 bytes
TEST-UNEXPECTED-FAIL | automationutils.processLeakLog() | leaked 1 instance of n
sDocShell::InterfaceRequestorProxy with size 16 bytes
TEST-UNEXPECTED-FAIL | automationutils.processLeakLog() | leaked 1 instance of n
sHashPropertyBag with size 48 bytes
TEST-UNEXPECTED-FAIL | automationutils.processLeakLog() | leaked 1 instance of n
sLoadGroup with size 8 bytes
TEST-INFO | automationutils.processLeakLog() | leaked 1 instance of nsPrincipal
with size 76 bytes
TEST-INFO | automationutils.processLeakLog() | leaked 1 instance of nsSimpleURI
with size 56 bytes
TEST-INFO | automationutils.processLeakLog() | leaked 2 instances of nsStandardU
RL with size 188 bytes each (376 bytes total)
TEST-INFO | automationutils.processLeakLog() | leaked 6 instances of nsStringBuf
fer with size 8 bytes each (48 bytes total)
TEST-INFO | automationutils.processLeakLog() | leaked 1 instance of nsTArray_bas
e with size 4 bytes
TEST-INFO | automationutils.processLeakLog() | leaked 2 instances of nsVariant w
ith size 64 bytes each (128 bytes total)
TEST-INFO | automationutils.processLeakLog() | leaked 1 instance of nsWeakRefere
nce with size 16 bytes
OS: Mac OS X → All
Hardware: x86 → DEC

    
  
Hardware: All → DEC

    
    

    
  
I think I have a patch for this, testing it on try now.

This does raise the question of what

{
history.back();
history.back();
}

should actually do.  I've raised that as Bug 12382 on the spec.
Assignee: nobody → khuey
Hardware: DEC → All

    
    

    
  

      
      
      
      

        Attached patch
          
          
        Patch (obsolete)
        — Splinter Review
      

    


  
This fixes the assertion/leak, and I don't think it breaks anything else.  It's still less than ideal though.  It goes through the motions of going back on the second history.back();, which is what the spec says to do but it also IMO wrong.

    
    

    
  

      
      
      
      

        Attached patch
          
          
        Patch (obsolete)
        — Splinter Review
      

    


  
This appears to pass tests.  We return false from canGo[Back|Forward] when there's a pending navigation.

        Attachment #522160 -
        Attachment is obsolete: true

        Attachment #524669 -
        Flags: review?(bzbarsky)

    
    

    
  

      
      
      
      

        Attached patch
          
          
        Updated PatchSplinter Review
      

    


  
bz, review ping?

        Attachment #524669 -
        Attachment is obsolete: true

        Attachment #531953 -
        Flags: review?(bzbarsky)

        Attachment #524669 -
        Flags: review?(bzbarsky)

    
    

    
  
So with this patch, what happens if the user clicks on the back button twice?  How does that compare to what happens before the patch?

    
    

    
  
(In reply to comment #8)
> So with this patch, what happens if the user clicks on the back button
> twice?  How does that compare to what happens before the patch?

I can't tell any difference in the behavior.

    
    

    
  
Comment on attachment 531953 [details] [diff] [review]
Updated Patch

OK, r=me. Can you add a crashtest?

        Attachment #531953 -
        Flags: review?(bzbarsky) → review+

    
    

    
  
(In reply to comment #10)
> Comment on attachment 531953 [details] [diff] [review] [review]
> Updated Patch
> 
> OK, r=me. Can you add a crashtest?

Not the provided testcase, since it uses window.open.  Might be able to beat it into a testable form though.

    
    

    
  
Why can't you use window.open?

    
    

    
  
(In reply to comment #12)
> Why can't you use window.open?

The reftest suite (and hence crashtests) don't support window.open ... unless we've changed that recently.

I could check in the leaking version as a mochitest though.

    
    

    
  
http://hg.mozilla.org/mozilla-central/rev/52b9e864be0e
Status: NEW → RESOLVED
Closed: 13 years ago
Flags: in-testsuite?
Resolution: --- → FIXED
Target Milestone: --- → mozilla7

    
    

    
  
I believe this patch is causing navigation to 'fail' in some cases on some sites.

Follow a link on say:
http://www.sevenforums.com/browsers-mail/

Note that at times the navigation buttons both grey out and clicking back does nothing.  

Possible STR
Follow any forum post
rather than clicking 'back' use the link at the top or bottom or the page and click on 'browsers & mail' should return to forum page with links marked as 'read' 
Its at this point I think the navigation arrows grey out, and following subsequent links will result in no way to use back/forward navigation. 

Broken in cset: 
http://hg.mozilla.org/mozilla-central/rev/52b9e864be0e
Works ok in cset:
http://hg.mozilla.org/mozilla-central/rev/93911949517c

    
    

    
  
I can't reproduce, but it's certainly possible this is to blame.  A testcase would really help here ...

    
    

    
  
Also experiencing this at:
http://forums.mozillazine.org/viewforum.php?f=23

Opening the forum in a 'new tab' and closing the old tab seems to correct the problem for awhile.

    
    

    
  
Maybe this is better:

1. visit: http://www.sevenforums.com/browsers-mail/
2. follow any forum post link
3. click 'back' or use your mouse back-button or left arrow
4. refresh the page with right-click 'reload' 
5. Now note: that the navigation arrows grey out and all following attempts to follow a post and navigate back fail.

Opening the site in a new tab restores navigation until you do step 4 above.

    
    

    
  
The cause didn't jump out at me, so I backed this out.

http://hg.mozilla.org/mozilla-central/rev/068197c2a88e
Status: RESOLVED → REOPENED
Resolution: FIXED → ---

    
    

    
  
(In reply to comment #21)
> The cause didn't jump out at me, so I backed this out.
> 
> http://hg.mozilla.org/mozilla-central/rev/068197c2a88e

Just confirming using the latest hourly that the backout indeed fixed the problem, hope you track it down without too much trouble.

    
    

    
  
> The reftest suite (and hence crashtests) don't support window.open

Oh, they get popup-blocked?  If so, and if window.open would help, then by all means mochitest your way to victory!

    
    

    
  
http://hg.mozilla.org/mozilla-central/rev/ffead16f25eb
Status: REOPENED → RESOLVED
Closed: 13 years ago13 years ago
Resolution: --- → FIXED
Whiteboard: fixed-in-cedar

    
    

    
  
Backed out of trunk per bug 690408 comment 8.

https://hg.mozilla.org/integration/mozilla-inbound/rev/c6405a1d4b22

This patch is in current Aurora (FF 9) and Beta (FF 8).  I think we want to back it out from both.

        Attachment #564342 -
        Flags: approval-mozilla-beta?

        Attachment #564342 -
        Flags: approval-mozilla-aurora?

    
    

    
  
Release drivers: This backout fixes bug 682115 and may fix bug 683886.

    
  
Status: RESOLVED → REOPENED
Resolution: FIXED → ---

    
    

    
  
status-firefox10: --- ➔ affected
status-firefox9: --- ➔ fixed
status-firefox8: --- ➔ fixed

Is this correct? I don't see a backout for beta, but one for central

    
    

    
  
(In reply to Ms2ger from comment #31)
> status-firefox10: --- ➔ affected
> status-firefox9: --- ➔ fixed
> status-firefox8: --- ➔ fixed
> 
> Is this correct? I don't see a backout for beta, but one for central

Correct.  He's indicating that this bug affects FF10, since it's backed out there, but is fixed on FF9 and FF8, since it hasn't been backed out there (yet).

    
    

    
  
(In reply to Kyle Huey [:khuey] (khuey@mozilla.com) from comment #9)
> (In reply to comment #8)
> > So with this patch, what happens if the user clicks on the back button
> > twice?  How does that compare to what happens before the patch?
> 
> I can't tell any difference in the behavior.

With this patch, if I click back while the throbber is going, I don't go back.

        Attachment #564342 -
        Flags: approval-mozilla-beta?

        Attachment #564342 -
        Flags: approval-mozilla-beta+

        Attachment #564342 -
        Flags: approval-mozilla-aurora?

        Attachment #564342 -
        Flags: approval-mozilla-aurora+

    
    

    
  
/me throws up his hands.

G+ (bug 682115) is not fixed with this backout.  Forward works sometimes now, but not always.  (I didn't think to test multiple times when I tested the backout.)

The failing behavior is slightly different with the backout.  At least sometimes, when you go forward, the throbber briefly throbs.  The forward button is still stuck in this case, though.

It could be that we're doing everything correctly now and G+ simply traps the forward button.  But I'm now unsure whether we want to take this on branches.

    
    

    
  
(The reason to still take on branches would be the suspicion that this fixes bug 683886.)

        Attachment #564342 -
        Flags: approval-mozilla-beta?

        Attachment #564342 -
        Flags: approval-mozilla-beta+

        Attachment #564342 -
        Flags: approval-mozilla-aurora?

        Attachment #564342 -
        Flags: approval-mozilla-aurora+

    
    

    
  
We should still take this on branches because it does fix some known intermittent breakage (I've dropped into a debugger before and seen that this was an issue, just have never been able to reproduce the steps to get to that situation).

    
    

    
  
To be clear, you mean we should still take the backout on branches, right?

    
    

    
  
There's an approval request here but it sounds like you guys aren't sure if it fixes problems or not?  We need more info here from the triage folks to make a decision here.

    
    

    
  
(In reply to Christopher Blizzard (:blizzard) from comment #39)
> There's an approval request here but it sounds like you guys aren't sure if
> it fixes problems or not?  We need more info here from the triage folks to
> make a decision here.

It's pretty hard to tell whether the backout fixes bug 683886 or khuey's intermittent breakage (comment 36), since they happen only occasionally and don't have a reliable str.  I'm not sure how to get you more info, either.

The backout doesn't fix G+ from the user's perspective, so I don't think it's worth taking the backout on branches for the sake of that site.

    
    

    
  
Even if this doesn't fix the bug we wanted to back it out to fix, we should back it out anyways.  We backed it out of Aurora a few cycles ago because there were some problems with it, and we haven't managed to track them all down yet (and now believe that there's a fundamental problem with the patch (comment 33)).

    
  

        Attachment #564342 -
        Flags: approval-mozilla-beta?

        Attachment #564342 -
        Flags: approval-mozilla-beta+

        Attachment #564342 -
        Flags: approval-mozilla-aurora?

        Attachment #564342 -
        Flags: approval-mozilla-aurora+

    
    

    
  
I'm no longer the right owner for htis.
Assignee: khuey → nobody
Status: REOPENED → NEW
Target Milestone: mozilla8 → ---

    
  
Severity: normal → S3

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: