Closed Bug 713069 Opened 13 years ago Closed 13 years ago

Remove AutoEnterCompartment calls from finalizers and assert

Categories

(Core :: DOM: Core & HTML, defect)

Product:
Core
Component:
DOM: Core & HTML
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla12

People

(Reporter: billm, Assigned: bent.mozilla)

References

Details

Attachments

(1 file, 1 obsolete file)

Patch, v1.1
6.37 KB, patch
bent.mozilla
: review+
Details | Diff | Splinter Review 
For bug 712480, it would be nice to be able to assert that we don't use AutoEnterCompartment from within a finalizer. Entering a compartment is often a prelude to running JS code, and that's what we want to catch.

Basically, it looks like there are a few of these calls that happen with the following stack:

 1  libxul.so!CrashInJS [jsutil.cpp : 98 + 0xb]
    eip = 0x024b190e   esp = 0xbf8abc20   ebp = 0xbf8abc38
    Found by: previous frame's frame pointer
 2  libxul.so!JSAutoEnterCompartment::enter [jsapi.cpp : 241 + 0x2b]
    eip = 0x02300cf6   esp = 0xbf8abc40   ebp = 0xbf8abc88   ebx = 0x02b71878
    Found by: call frame info
 3  libxul.so!mozilla::dom::workers::WorkerPrivateParent<mozilla::dom::workers::WorkerPrivate>::FinalizeInstance [WorkerPrivate.cpp : 1886 + 0x7]
    eip = 0x0197f4ca   esp = 0xbf8abc90   ebp = 0xbf8abd08   ebx = 0x02b71878
    esi = 0x0a6f8088   edi = 0x09011b20
    Found by: call frame info
 4  libxul.so!Worker::Finalize [Worker.cpp : 247 + 0x9]
    eip = 0x019770a6   esp = 0xbf8abd10   ebp = 0xbf8abd38   ebx = 0x02b71878
    esi = 0x09011b20   edi = 0xa06bc700
    Found by: call frame info
 5  libxul.so!js::gc::Arena::finalize<JSObject> [jsobjinlines.h : 279 + 0xb]
    eip = 0x023a5d2c   esp = 0xbf8abd40   ebp = 0xbf8abdc8   ebx = 0x02b71878
    esi = 0xa06bc700   edi = 0xa06bc6c0
    Found by: call frame info

...as well as a call from Notify, which happens within the worker finalizer. The goal here is to avoid AutoEnterCompartment during finalization and add an assert to JSAutoEnterCompartment::enter that we're not in a GC.
Attached patch Patch, v1 (obsolete) — Splinter Review 
This should make it so we don't enter a compartment from the finalizer.

Bill, can you try this patch and test your assertion again?
Attachment #584490 - Flags: review?(mrbkap)
Attachment #584490 - Flags: review?(jonas)
Comment on attachment 584490 [details] [diff] [review]
Patch, v1

>   bool
>   PreDispatch(JSContext* aCx, WorkerPrivate* aWorkerPrivate)
>   {
>     // Modify here, but not in PostRun! This busy count addition will be matched
>-    // by the CloseEventRunnable.
>-    return aWorkerPrivate->ModifyBusyCount(aCx, true);
>+    // by the CloseEventRunnable. Only do this if we're not running from the
>+    // finalizer.
>+    return mFromJSObjectFinalizer ?
>+           true :
>+           aWorkerPrivate->ModifyBusyCount(aCx, true);

The second hunk of this comment isn't terribly useful since it simply parrots the code. Can you instead explain why it isn't necessary to balance the CloseEventRunnable?

My understanding is that because the worker is being finalized, we know that we don't have any more work to do, so there won't be a CloseEventRunnable. Is that right?
Attachment #584490 - Flags: review?(mrbkap) → review+
Attached patch Patch, v1.1Splinter Review 
Fixed the comment, and fixed one additional thing (forgot to use a null cx).
Attachment #584490 - Attachment is obsolete: true
Attachment #584490 - Flags: review?(jonas)
Attachment #584601 - Flags: review+
The modified patch fixes the assertion I was getting.
Is this ready to land?
https://hg.mozilla.org/mozilla-central/rev/a895e9432ea4
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla12
Version: unspecified → Trunk
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: