1022509 - ASAN failure and memory trashing from GC changes (especially dom/src/offline/crashtests/408431-1.html)

Status: RESOLVED WORKSFORME

(Core :: JavaScript: GC, defect)

Description

[Randell Jesup [:jesup] (needinfo me)]

+++ This bug was initially created as a clone of Bug #1017150 +++

Bug 1017150 or bug 1016738 appears to be the cause of the across-the-tree failures with memory trashing we're seeing, and especially ASAN and other failures in bug 1019934, bug 1018372, bug 1019533, bug 1022235 and others.

https://tbpl.mozilla.org/?tree=Mozilla-Inbound&jobname=Ubuntu%20ASAN%20VM%2012.04%20x64%20mozilla-inbound%20opt%20test%20crashtest&fromchange=e808372ebbd4&tochange=313dee1cd228

and from the original landing:
https://tbpl.mozilla.org/?rev=93c5b9181c84&tree=Mozilla-Inbound
vs previous push:
https://tbpl.mozilla.org/?rev=8105691cc616&tree=Mozilla-Inbound

Comment 1

[Ed Morley [:emorley]]

Bill, I've just tried to back those two bugs out, but it doesn't apply cleanly - please can you do the backout? I'd prefer us to back this out and investigate after please :-)

Comment 2

[Adam Roach [:abr]]

While I don't fully understand the GC changes above, I suspect that the PeerConnection objects are being hit with this more than other places in the tree because of the rare combination of being JS-rooted and being kept alive by non-JS references (e.g., network resources) for a potentially significant period of time (think multiple seconds) after the page that created the PeerConnection is gone.

Comment 3

[Andrew McCreight [:mccr8]]

Fixed by backout of bug 1016738.

Comment 4

[Andrew McCreight [:mccr8]]

This is back again.  See the two bugs depending on this one I just reopened.