Closed Bug 1080742 Opened 10 years ago Closed 10 years ago

Cannot DumpJSStack from worker: Hit MOZ_CRASH(nsXPConnect not thread-safe)

Categories

(Core :: XPConnect, defect)

x86_64
Linux
defect
Not set
normal

Tracking

()

RESOLVED FIXED
mozilla36

People

(Reporter: sfink, Assigned: bzbarsky)

References

Details

Attachments

(1 file)

When calling DumpJSStack(), I often get the above assert.

Hit MOZ_CRASH(nsXPConnect not thread-safe) at /home/sfink/src/MI-GC/js/xpconnect/src/nsXPConnect.cpp:50

Here's an example stack trace (this is the trace of where I was when I called DumpJSStack(), not the stack of the above assert. tl;dr - it's in a worker)

#0  js::gc::ArenaLists::allocateFromArena (this=this@entry=0x7fffdafac830, 
    zone=zone@entry=0x7fffdafac800, 
    thingKind=thingKind@entry=js::gc::FINALIZE_OBJECT0_BACKGROUND)
    at /home/sfink/src/MI-GC/js/src/jsgc.cpp:2022
#1  0x00007ffff642eb12 in allocateFromTenured (this=0x7fffdb07a3d8, 
    thingKind=<optimized out>, zone=0x7fffdafac800)
    at /home/sfink/src/MI-GC/js/src/gc/Nursery.cpp:416
#2  js::Nursery::moveToTenured (this=0x7fffdb07a3d8, trc=0x7fffdadfe3a0, 
    src=0x7fffd8709390) at /home/sfink/src/MI-GC/js/src/gc/Nursery.cpp:572
#3  0x00007ffff642f0a1 in js::Nursery::MinorGCCallback (jstrc=<optimized out>, 
    thingp=0x7fffd865fa58, kind=<optimized out>)
    at /home/sfink/src/MI-GC/js/src/gc/Nursery.cpp:721
#4  0x00007ffff63f383c in MarkInternal<JSObject> (trc=trc@entry=0x7fffdadfe3a0, 
    thingp=0x7fffd865fa58) at /home/sfink/src/MI-GC/js/src/gc/Marking.cpp:317
#5  0x00007ffff63f3ebd in MarkRoot<JSObject> (trc=trc@entry=0x7fffdadfe3a0, 
    thingp=<optimized out>, name=name@entry=0x7ffff697e787 "store buffer edge")
    at /home/sfink/src/MI-GC/js/src/gc/Marking.cpp:404
#6  0x00007ffff64025aa in js::gc::MarkObjectRoot (trc=trc@entry=0x7fffdadfe3a0, 
    thingp=<optimized out>, name=name@entry=0x7ffff697e787 "store buffer edge")
    at /home/sfink/src/MI-GC/js/src/gc/Marking.cpp:663
#7  0x00007ffff644c0a6 in js::gc::StoreBuffer::CellPtrEdge::mark (
    this=<optimized out>, trc=trc@entry=0x7fffdadfe3a0)
    at /home/sfink/src/MI-GC/js/src/gc/StoreBuffer.cpp:76
#8  0x00007ffff6488074 in js::gc::StoreBuffer::MonoTypeBuffer<js::gc::StoreBuffer::CellPtrEdge>::mark (this=this@entry=0x7fffdb07a480, 
    owner=owner@entry=0x7fffdb07a468, trc=trc@entry=0x7fffdadfe3a0)
    at /home/sfink/src/MI-GC/js/src/gc/StoreBuffer.cpp:168
#9  0x00007ffff642f7fa in markCells (trc=0x7fffdadfe3a0, this=0x7fffdb07a468)
    at /home/sfink/src/MI-GC/js/src/gc/StoreBuffer.h:480
#10 js::Nursery::collect (this=this@entry=0x7fffdb07a3d8, rt=0x7fffdb07a000, 
    reason=JS::gcreason::DOM_WORKER, pretenureTypes=pretenureTypes@entry=0x0)
    at /home/sfink/src/MI-GC/js/src/gc/Nursery.cpp:771
#11 0x00007ffff6732d45 in js::gc::GCRuntime::minorGC (this=0x7fffdb07a380, 
    reason=<optimized out>) at /home/sfink/src/MI-GC/js/src/jsgc.cpp:5989
#12 0x00007ffff677cffd in js::gc::GCRuntime::gcCycle (
    this=this@entry=0x7fffdb07a380, incremental=incremental@entry=false, 
    budget=budget@entry=0, gckind=gckind@entry=js::GC_SHRINK, 
    reason=reason@entry=JS::gcreason::DOM_WORKER)
    at /home/sfink/src/MI-GC/js/src/jsgc.cpp:5651
#13 0x00007ffff677d473 in js::gc::GCRuntime::collect (
    this=this@entry=0x7fffdb07a380, incremental=incremental@entry=false, 
    budget=budget@entry=0, gckind=gckind@entry=js::GC_SHRINK, 
    reason=reason@entry=JS::gcreason::DOM_WORKER)
    at /home/sfink/src/MI-GC/js/src/jsgc.cpp:5836
#14 0x00007ffff677d793 in js::gc::GCRuntime::gc (this=this@entry=0x7fffdb07a380, 
    gckind=gckind@entry=js::GC_SHRINK, 
    reason=reason@entry=JS::gcreason::DOM_WORKER)
    at /home/sfink/src/MI-GC/js/src/jsgc.cpp:5881
#15 0x00007ffff66da7c8 in JS::ShrinkingGC (rt=rt@entry=0x7fffdb07a000, 
    reason=reason@entry=JS::gcreason::DOM_WORKER)
    at /home/sfink/src/MI-GC/js/src/jsfriendapi.cpp:208
#16 0x00007ffff3aaf90b in mozilla::dom::workers::WorkerPrivate::GarbageCollectInternal (this=0x7fffdbaf4800, aCx=0x7fffe42690d0, aShrinking=true, 
    aCollectChildren=<optimized out>)
    at /home/sfink/src/MI-GC/dom/workers/WorkerPrivate.cpp:5550
#17 0x00007ffff3aaf983 in (anonymous namespace)::GarbageCollectRunnable::WorkerRun (this=<optimized out>, aCx=<optimized out>, aWorkerPrivate=<optimized out>)
    at /home/sfink/src/MI-GC/dom/workers/WorkerPrivate.cpp:1566
#18 0x00007ffff3aaf265 in mozilla::dom::workers::WorkerRunnable::Run (
    this=0x7fffdb095c80)
    at /home/sfink/src/MI-GC/dom/workers/WorkerRunnable.cpp:326
#19 0x00007ffff3ab35d3 in mozilla::dom::workers::WorkerPrivate::ProcessAllControlRunnablesLocked (this=this@entry=0x7fffdbaf4800)
    at /home/sfink/src/MI-GC/dom/workers/WorkerPrivate.cpp:4425
#20 0x00007ffff3ab8f5c in mozilla::dom::workers::WorkerPrivate::DoRunLoop (
    this=0x7fffdbaf4800, aCx=aCx@entry=0x7fffe42690d0)
    at /home/sfink/src/MI-GC/dom/workers/WorkerPrivate.cpp:3914
#21 0x00007ffff3a98a7c in (anonymous namespace)::WorkerThreadPrimaryRunnable::Run
    (this=0x7fffdb0a3a60)
    at /home/sfink/src/MI-GC/dom/workers/RuntimeService.cpp:2891
#22 0x00007ffff29879ab in nsThread::ProcessNextEvent (this=0x7fffdbff98a0, 
    aMayWait=<optimized out>, aResult=0x7fffdadfed3f)
    at /home/sfink/src/MI-GC/xpcom/threads/nsThread.cpp:830
#23 0x00007ffff29aaa7c in NS_ProcessNextEvent (aThread=<optimized out>, 
    aMayWait=<optimized out>)
    at /home/sfink/src/MI-GC/xpcom/glue/nsThreadUtils.cpp:265
#24 0x00007ffff2c2dfa4 in mozilla::ipc::MessagePumpForNonMainThreads::Run (
    this=0x7fffe57b3080, aDelegate=0x7fffdbf60f00)
    at /home/sfink/src/MI-GC/ipc/glue/MessagePump.cpp:339
#25 0x00007ffff2c113e9 in MessageLoop::RunInternal (
    this=this@entry=0x7fffdbf60f00)
    at /home/sfink/src/MI-GC/ipc/chromium/src/base/message_loop.cc:230
#26 0x00007ffff2c1141a in RunHandler (this=0x7fffdbf60f00)
    at /home/sfink/src/MI-GC/ipc/chromium/src/base/message_loop.cc:223
#27 MessageLoop::Run (this=this@entry=0x7fffdbf60f00)
    at /home/sfink/src/MI-GC/ipc/chromium/src/base/message_loop.cc:197
#28 0x00007ffff2987e47 in nsThread::ThreadFunc (aArg=0x7fffdbff98a0)
    at /home/sfink/src/MI-GC/xpcom/threads/nsThread.cpp:350
#29 0x00007ffff7ae6fcf in _pt_root (arg=0x7fffdc1c7500)
    at /home/sfink/src/MI-GC/nsprpub/pr/src/pthreads/ptthread.c:212
#30 0x0000003b34e07ee5 in start_thread () from /lib64/libpthread.so.0
#31 0x0000003b342f4b8d in clone () from /lib64/libc.so.6
(gdb)
I usually find a nearby cx on the stack and use js_DumpBacktrace. It's not as full-featured, but it tends to be less asserty.
Component: JavaScript Engine → XPConnect
Steve, thank you for filing this.  Prompted me to finally get off my behind and deal with it... ;)
Attachment #8502728 - Flags: review?(bobbyholley)
Assignee: nobody → bzbarsky
Status: NEW → ASSIGNED
At some point it would be nice if we moved the non-main-thread-only stuff that lives in XPConnect somewhere else.  It would be nice to know that something in js/xpconnect was mto.
We could just move this function and its callee to nsContentUtils, right?  It's not really xpconnect-specific...
Comment on attachment 8502728 [details] [diff] [review]
Make DumpJSStack() work on workers

Review of attachment 8502728 [details] [diff] [review]:
-----------------------------------------------------------------

Please move this into nsContentUtils. r=me with that.

::: js/xpconnect/src/XPCDebug.cpp
@@ +41,5 @@
> +    if (NS_IsMainThread()) {
> +        cx = XPCJSRuntime::Get()->GetJSContextStack()->Peek();
> +    } else {
> +        cx = nsContentUtils::GetDefaultJSContextForThread();
> +    }

Just use nsContentUtils::GetCurrentJSContextForThread?
Attachment #8502728 - Flags: review?(bobbyholley) → review+
https://hg.mozilla.org/integration/mozilla-inbound/rev/1e7321e168fd with GetCurrentJSContextForThread.
Flags: in-testsuite-
Target Milestone: --- → mozilla36
https://hg.mozilla.org/mozilla-central/rev/1e7321e168fd
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.