Closed Bug 1167230 Opened 9 years ago Closed 9 years ago

Crash on retrieving Gecko profile

Categories

(Core :: Gecko Profiler, defect)

Product:
Core
Component:
Gecko Profiler
Version:
41 Branch
Platform:
ARM
Android
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla41
Tracking Flags:
Tracking Status
firefox40 --- verified
firefox41 --- fixed

People

(Reporter: esawin, Assigned: erahm)

References

Details

Attachments

(3 files)

stack.txt
6.36 KB, text/plain
Details
Use nsCString instead of std::string in FrameKey in the profiler.
3.64 KB, patch
mstange
: review+
Sylvestre
: approval-mozilla-aurora+
Details | Diff | Splinter Review
Don't pack ProfileEntry on ARM
1.23 KB, patch
shu
: review+
Details | Diff | Splinter Review
Attached file stack.txt 
STR:
1. Install Gecko Profiler add-on.
2. Connect to Android device via USB.
3. Press "Analyze" in the add-on to retrieve the profile.

Expected: Profile is retrieved and displayed.
Actual: Fennec crashes (see stack trace), no profile is being retrieved.

Workaround: Removing mUniqueStacks.reset() in ThreadProfile::StreamJSON prevents the crash.
Is this intermittent? And is it reproducible in an emulator?
I got this (or something with the same symptoms) in the browser toolbox today. Couldn't reproduce.
(In reply to PTO until 05/25 from comment #1)
> Is this intermittent? And is it reproducible in an emulator?

It is not intermittent and is reproducing on all Android devices I have tried. I haven't tested on an emulator.
(In reply to Eugen Sawin [:esawin] from comment #3)
> (In reply to PTO until 05/25 from comment #1)
> > Is this intermittent? And is it reproducible in an emulator?
> 
> It is not intermittent and is reproducing on all Android devices I have
> tried. I haven't tested on an emulator.

Could you please try and see? I don't have an actual device handy. Thanks!
Flags: qe-verify+
I guess std::string isn't memmove-safe on Android. Switch to nsCString instead;
I've confirmed locally that nsCString doesn't crash.
Attachment #8610944 - Flags: review?(mstange)
Attachment #8610944 - Flags: review?(mstange) → review+
Assignee: nobody → shu
I just built b2g with inbound and the problem seems to still exist. I'm relatively new to building my own B2G so there is a chance I have done something wrong. Is anyone able to clarify this has actually made profiling devices via WebIDE-devtools possible?
Status: NEW → ASSIGNED
Comment on attachment 8610944 [details] [diff] [review]
Use nsCString instead of std::string in FrameKey in the profiler.

Approval Request Comment
[Feature/regressing bug #]: 1167252, the new performance tool
[User impact if declined]: Won't ship the performance tool
[Describe test coverage new/current, TreeHerder]: There are try pushes in Bug 1167252 with all patches needing uplift
[Risks and why]: Requesting uplift for the accumulated changes in the performance tool since the 40 merge date, so these changes haven't had the full 6 weeks to bake.  Risks are generally contained within devtools, specifically within the performance panel.
[String/UUID change made/needed]: None
Attachment #8610944 - Flags: approval-mozilla-aurora?
@wilsonpage wcosta confirmed this fixed the issue on B2G -- I suspect you may have had trouble with this as the patch has not yet made it's way to b2g-inbound. Not sure how often those get updated, but definitely keeping an eye out for this issue
https://hg.mozilla.org/mozilla-central/rev/1118d0695452
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
status-firefox41: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla41
Note: I had verbal confirmation for these uplifts from Sylvestre even before he's flagged them as a+.  See https://bugzilla.mozilla.org/show_bug.cgi?id=1167252#c26
I just flashed m-c and the bug still exists.

VIDEO:

https://www.youtube.com/watch?v=-UWO-3_hrDQ

DEVICE VERSIONS:

Build ID               20150528010203
Gaia Revision          f84772d2640d825eaf3f9fcd906b4756e19e8a3f
Gaia Date              2015-05-26 12:47:07
Gecko Revision         https://hg.mozilla.org/mozilla-central/rev/baa9c64fea6f
Gecko Version          41.0a1
Device Name            flame
Firmware(Release)      4.4.2
Firmware(Incremental)  eng.cltbld.20150212.043653
Firmware Date          Thu Feb 12 04:37:04 EST 2015
Bootloader             L1TC000118D0
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Comment on attachment 8610944 [details] [diff] [review]
Use nsCString instead of std::string in FrameKey in the profiler.

Change approved to skip one train as part of the spring campaign.
Attachment #8610944 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
(In reply to Wilson Page [:wilsonpage] from comment #15)
> I just flashed m-c and the bug still exists.
> 
> VIDEO:
> 
> https://www.youtube.com/watch?v=-UWO-3_hrDQ
> 
> DEVICE VERSIONS:
> 
> Build ID               20150528010203
> Gaia Revision          f84772d2640d825eaf3f9fcd906b4756e19e8a3f
> Gaia Date              2015-05-26 12:47:07
> Gecko Revision        
> https://hg.mozilla.org/mozilla-central/rev/baa9c64fea6f
> Gecko Version          41.0a1
> Device Name            flame
> Firmware(Release)      4.4.2
> Firmware(Incremental)  eng.cltbld.20150212.043653
> Firmware Date          Thu Feb 12 04:37:04 EST 2015
> Bootloader             L1TC000118D0

Hi, can you confirm if you have this commit [1] in your repo?

[1] http://hg.mozilla.org/integration/b2g-inbound/rev/1118d0695452
(In reply to Wander Lairson Costa [:wcosta] from comment #17)
> (In reply to Wilson Page [:wilsonpage] from comment #15)
> > I just flashed m-c and the bug still exists.
> > 
> > VIDEO:
> > 
> > https://www.youtube.com/watch?v=-UWO-3_hrDQ
> > 
> > DEVICE VERSIONS:
> > 
> > Build ID               20150528010203
> > Gaia Revision          f84772d2640d825eaf3f9fcd906b4756e19e8a3f
> > Gaia Date              2015-05-26 12:47:07
> > Gecko Revision        
> > https://hg.mozilla.org/mozilla-central/rev/baa9c64fea6f
> > Gecko Version          41.0a1
> > Device Name            flame
> > Firmware(Release)      4.4.2
> > Firmware(Incremental)  eng.cltbld.20150212.043653
> > Firmware Date          Thu Feb 12 04:37:04 EST 2015
> > Bootloader             L1TC000118D0
> 
> Hi, can you confirm if you have this commit [1] in your repo?
> 
> [1] http://hg.mozilla.org/integration/b2g-inbound/rev/1118d0695452

My device reports itself at Gecko revision baa9c64fea6f. From the m-c log, it appears this revision falls after revision 1118d0695452 (when this patch landed on m-c). If that is the case, then yes, my device does contain this commit :)

As discussed yesterday on IRC (and in comment 9), I flashed my device with mozilla-inbound which also contained this commit. Testing todays m-c B2G build clarified yesterday's findings.
(In reply to Wilson Page [:wilsonpage] from comment #18)
> 
> My device reports itself at Gecko revision baa9c64fea6f. From the m-c log,
> it appears this revision falls after revision 1118d0695452 (when this patch
> landed on m-c). If that is the case, then yes, my device does contain this
> commit :)
> 
> As discussed yesterday on IRC (and in comment 9), I flashed my device with
> mozilla-inbound which also contained this commit. Testing todays m-c B2G
> build clarified yesterday's findings.

Do you have a stack for the crash?
(In reply to Shu-yu Guo [:shu] from comment #19)
> (In reply to Wilson Page [:wilsonpage] from comment #18)
> > 
> > My device reports itself at Gecko revision baa9c64fea6f. From the m-c log,
> > it appears this revision falls after revision 1118d0695452 (when this patch
> > landed on m-c). If that is the case, then yes, my device does contain this
> > commit :)
> > 
> > As discussed yesterday on IRC (and in comment 9), I flashed my device with
> > mozilla-inbound which also contained this commit. Testing todays m-c B2G
> > build clarified yesterday's findings.
> 
> Do you have a stack for the crash?

I'm not familiar with retrieving crash dumps and couldn't seem to find the .dmp file following these instructions [1]. Although :wcosta has been able to reproduce, so he should be able to provide them.

[1] https://developer.mozilla.org/en-US/docs/Debugging_a_minidump
I tried latest eng build in pvtbuild and indeed it crashes. I then cloned m-c, built and it doesn't crash, although I can't profile yet due to Bug 1168784. My only guess is that the build in pvtbuilds does not contain the fix yet.
(In reply to Wander Lairson Costa [:wcosta] from comment #21)
> I tried latest eng build in pvtbuild and indeed it crashes. I then cloned
> m-c, built and it doesn't crash, although I can't profile yet due to Bug
> 1168784. My only guess is that the build in pvtbuilds does not contain the
> fix yet.

You can use WebIDE and the devtools performance tool to record profiles on b2g without using the profile.sh script and gecko profiler, as well -- let me know if you need any help with recreating it via that
I've repro'd this w/ m-c and got a SIGBUS.

STR:
  1. Build against m-c (standard build)
  2. Launch clock
  3. Start profiling clock: |./profile.sh start -p 9030 -t Compositor,GeckoMain -f js,leaf,stackwalk -e 2000000 -i 1|
  4. Capture profile: |./profile.sh capture|
  5. Note clock crashes

In gdb:
> Program received signal SIGBUS, Bus error.
> operator[] (aIndex=1, this=0xb09b76e4) at /Users/ericrahm/dev/mozilla-central/tools/profiler/ProfileEntry.cpp:658
> 658             ProfileEntry readAheadEntry = mEntries[readAheadPos];

We believe this is due to unaligned access on ARM. As it turns out ProfileEntry is packed, so this does make some sense. Removing the |#pragma pack| clears up the sigbus for me.

        Attachment #8612563 -
        Flags: review?(shu)

    
  
Assignee: shu → erahm
Status: REOPENED → ASSIGNED

    
    

    
  
Comment on attachment 8612563 [details] [diff] [review]
Don't pack ProfileEntry on ARM

Review of attachment 8612563 [details] [diff] [review]:
-----------------------------------------------------------------

Thanks for the patch!

::: tools/profiler/ProfileEntry.h
@@ +24,5 @@
>  #include "mozilla/UniquePtr.h"
>  
>  class ThreadProfile;
>  
> +// NB: Packing this strucure has been shown to cause SIGBUS issues on ARM.

Nit: typo in structure

        Attachment #8612563 -
        Flags: review?(shu) → review+

    
    

    
  
How come this wasn't a problem before?

    
    

    
  
(In reply to Markus Stange [:mstange] from comment #27)
> How come this wasn't a problem before?

That's what I was wondering too, since it's been this way for 2 years? But indeed, without packing makes the SIGBUS go away.

    
    

    
  
I suppose it's possible that my rewrite of profile streaming perturbed something such that GCC started generating different code?

    
    

    
  
(In reply to Shu-yu Guo [:shu] from comment #29)
> I suppose it's possible that my rewrite of profile streaming perturbed
> something such that GCC started generating different code?

I guess... I can't come up with a better explanation.

    
    

    
  
Latest patch seems to fix crashes for me :)

    
    

    
  
https://hg.mozilla.org/mozilla-central/rev/b65d8a1df422
Status: ASSIGNED → RESOLVED
Closed: 9 years ago9 years ago
Resolution: --- → FIXED

    
    

    
  
I tried reproducing this issue using an Android 4.4.4 device via WebIDE, but each time I started recording from Desktop, a permanent hang would occur on the device. I'm pretty sure there's something wrong with my test environment.

Wilson, could you please confirm this fix on the latest Aurora [1] as well? I'd really appreciate it.


[1] https://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/latest-mozilla-aurora/
Flags: qe-verify+ → needinfo?(wilsonpage)

    
    

    
  
Devtools performance tool works for me in latest Aurora.
Flags: needinfo?(wilsonpage)

    
    

    
  
(In reply to Wilson Page [:wilsonpage] from comment #34)
> Devtools performance tool works for me in latest Aurora.

Thanks a lot for helping out here! Setting status and flags accordingly.
Status: RESOLVED → VERIFIED

          status-firefox40:
          fixedverified

    
    

    
  
I removed this by accident, bug 1176263 tracked restoring it.

    
    

    
  
Reopening as symptoms have reappeared. I can no longer profile using devtools or ./profile.sh the latter crashes with:

~/B2G (master) $ ./profile.sh capture
Signaling Profiled Processes: 1612 16021
Stabilizing 1612 b2g ...
Pulling /data/local/tmp/profile_0_1612.txt into profile_1612_b2g.txt
Adding symbols to profile_1612_b2g.txt and creating profile_1612_b2g.sym ...
Traceback (most recent call last):
  File "./scripts/profile-symbolicate.py", line 495, in <module>
    main()
  File "./scripts/profile-symbolicate.py", line 460, in main
    profile = json.load(open(args.filename, "rb"))
  File "/usr/lib/python2.7/json/__init__.py", line 278, in load
    **kw)
  File "/usr/lib/python2.7/json/__init__.py", line 326, in loads
    return _default_decoder.decode(s)
  File "/usr/lib/python2.7/json/decoder.py", line 366, in decode
    obj, end = self.raw_decode(s, idx=_w(s, 0).end())
  File "/usr/lib/python2.7/json/decoder.py", line 382, in raw_decode
    obj, end = self.scan_once(s, idx)
ValueError: Unterminated string starting at: line 1 column 184310 (char 184310)
Stabilizing 16021 Contacts protot ...
Pulling /data/local/tmp/profile_2_16021.txt into profile_16021_Contactsprotot.txt
Adding symbols to profile_16021_Contactsprotot.txt and creating profile_16021_Contactsprotot.sym ...
Traceback (most recent call last):
  File "./scripts/profile-symbolicate.py", line 495, in <module>
    main()
  File "./scripts/profile-symbolicate.py", line 460, in main
    profile = json.load(open(args.filename, "rb"))
  File "/usr/lib/python2.7/json/__init__.py", line 278, in load
    **kw)
  File "/usr/lib/python2.7/json/__init__.py", line 326, in loads
    return _default_decoder.decode(s)
  File "/usr/lib/python2.7/json/decoder.py", line 366, in decode
    obj, end = self.raw_decode(s, idx=_w(s, 0).end())
  File "/usr/lib/python2.7/json/decoder.py", line 382, in raw_decode
    obj, end = self.scan_once(s, idx)
ValueError: Unterminated string starting at: line 1 column 262141 (char 262141)
Merging profile:  profile_1612_b2g.sym profile_16021_Contactsprotot.sym
./gecko/tools/profiler/merge-profiles.py profile_1612_b2g.sym profile_16021_Contactsprotot.sym
Traceback (most recent call last):
  File "./gecko/tools/profiler/merge-profiles.py", line 107, in <module>
    MergeProfiles(sys.argv[1:])
  File "./gecko/tools/profiler/merge-profiles.py", line 32, in MergeProfiles
    fp = open(fname, "r")
IOError: [Errno 2] No such file or directory: 'profile_1612_b2g.sym'

Results: profile_captured.sym
Removing old profile files (from device) ... done
Status: VERIFIED → REOPENED
Resolution: FIXED → ---

    
    

    
  
(In reply to Wilson Page [:wilsonpage] from comment #39)
> Reopening as symptoms have reappeared. I can no longer profile using
> devtools or ./profile.sh the latter crashes with:
> 
> ~/B2G (master) $ ./profile.sh capture
> Signaling Profiled Processes: 1612 16021
> Stabilizing 1612 b2g ...
> Pulling /data/local/tmp/profile_0_1612.txt into profile_1612_b2g.txt
> Adding symbols to profile_1612_b2g.txt and creating profile_1612_b2g.sym ...
> Traceback (most recent call last):
>   File "./scripts/profile-symbolicate.py", line 495, in <module>
>     main()
>   File "./scripts/profile-symbolicate.py", line 460, in main
>     profile = json.load(open(args.filename, "rb"))
>   File "/usr/lib/python2.7/json/__init__.py", line 278, in load
>     **kw)
>   File "/usr/lib/python2.7/json/__init__.py", line 326, in loads
>     return _default_decoder.decode(s)
>   File "/usr/lib/python2.7/json/decoder.py", line 366, in decode
>     obj, end = self.raw_decode(s, idx=_w(s, 0).end())
>   File "/usr/lib/python2.7/json/decoder.py", line 382, in raw_decode
>     obj, end = self.scan_once(s, idx)
> ValueError: Unterminated string starting at: line 1 column 184310 (char
> 184310)
> Stabilizing 16021 Contacts protot ...
> Pulling /data/local/tmp/profile_2_16021.txt into
> profile_16021_Contactsprotot.txt
> Adding symbols to profile_16021_Contactsprotot.txt and creating
> profile_16021_Contactsprotot.sym ...
> Traceback (most recent call last):
>   File "./scripts/profile-symbolicate.py", line 495, in <module>
>     main()
>   File "./scripts/profile-symbolicate.py", line 460, in main
>     profile = json.load(open(args.filename, "rb"))
>   File "/usr/lib/python2.7/json/__init__.py", line 278, in load
>     **kw)
>   File "/usr/lib/python2.7/json/__init__.py", line 326, in loads
>     return _default_decoder.decode(s)
>   File "/usr/lib/python2.7/json/decoder.py", line 366, in decode
>     obj, end = self.raw_decode(s, idx=_w(s, 0).end())
>   File "/usr/lib/python2.7/json/decoder.py", line 382, in raw_decode
>     obj, end = self.scan_once(s, idx)
> ValueError: Unterminated string starting at: line 1 column 262141 (char
> 262141)
> Merging profile:  profile_1612_b2g.sym profile_16021_Contactsprotot.sym
> ./gecko/tools/profiler/merge-profiles.py profile_1612_b2g.sym
> profile_16021_Contactsprotot.sym
> Traceback (most recent call last):
>   File "./gecko/tools/profiler/merge-profiles.py", line 107, in <module>
>     MergeProfiles(sys.argv[1:])
>   File "./gecko/tools/profiler/merge-profiles.py", line 32, in MergeProfiles
>     fp = open(fname, "r")
> IOError: [Errno 2] No such file or directory: 'profile_1612_b2g.sym'
> 
> Results: profile_captured.sym
> Removing old profile files (from device) ... done

Wilson, can you provide further details? What type of build are you testing, what date is it from, can you grab a snippet of |adb logcat| from when you call |profile.sh|?

    
    

    
  
Build: Yesterday's B2G build
Logcat: https://pastebin.mozilla.org/8838132

    
    

    
  
Comment 37 suggests this will be fixed when bug 1176263 lands.
Depends on: 1176263

    
    

    
  
(In reply to Wilson Page [:wilsonpage] from comment #41)
> Build: Yesterday's B2G build

So a pvt flame-kk m-c eng build?

(In reply to Wilson Page [:wilsonpage] from comment #42)
> Comment 37 suggests this will be fixed when bug 1176263 lands.

AFAICT that's been on m-c since 2015-06-24 [1].

[1] http://hg.mozilla.org/mozilla-central/rev/ae84f9adafc7 (look at the push date)

    
    

    
  
We lost Shu's original patch to switch to nsCString. I cloned this to bug 1178961 to fix that.
Status: REOPENED → RESOLVED
Closed: 9 years ago9 years ago
Resolution: --- → FIXED

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: