stylo: startup crash in sync::atomic::atomic_compare_exchange<usize>

RESOLVED FIXED in Firefox 55

Status

()

Core
CSS Parsing and Computation
P1
normal
RESOLVED FIXED
a year ago
a year ago

People

(Reporter: froydnj, Assigned: froydnj)

Tracking

Trunk
mozilla55
Points:
---

Firefox Tracking Flags

(firefox55 fixed)

Details

MozReview Requests

()

Submitter Diff Changes Open Issues Last Updated
Loading...
Error loading review requests:

Attachments

(1 attachment)

(Assignee)

Description

a year ago
I'm seeing a startup crash in an --enable-stylo build:

(gdb) where
#0  0x00007fffebc61df0 in core::sync::atomic::atomic_compare_exchange<usize> (dst=<optimized out>, old=0, new=9223372036854775808, success=Acquire, failure=Relaxed) at /buildslave/rust-buildbot/slave/stable-dist-rustc-linux/build/src/libcore/sync/atomic.rs:1425
#1  0x00007fffebc61b9c in core::sync::atomic::{{impl}}::compare_exchange (self=<optimized out>, current=0, new=9223372036854775808, success=Acquire, failure=Relaxed) at /buildslave/rust-buildbot/slave/stable-dist-rustc-linux/build/src/libcore/sync/atomic.rs:1122
#2  0x00007fffebc5c39c in atomic_refcell::{{impl}}::new (borrow=0x7fffed968690 <vtable for mozilla::dom::HTMLSharedElement+1688>) at /home/froydnj/src/gecko-dev.git/third_party/rust/atomic_refcell/src/lib.rs:194
#3  0x00007fffebc5e224 in atomic_refcell::{{impl}}::borrow_mut<style::data::ElementData> (self=0x7fffed968690 <vtable for mozilla::dom::HTMLSharedElement+1688>) at /home/froydnj/src/gecko-dev.git/third_party/rust/atomic_refcell/src/lib.rs:97
#4  0x00007fffebc697de in style::dom::TElement::mutate_data::{{closure}}<style::gecko::wrapper::GeckoElement> (x=0x7fffed968690 <vtable for mozilla::dom::HTMLSharedElement+1688>) at /home/froydnj/src/gecko-dev.git/servo/components/style/dom.rs:444
#5  0x00007fffebc5d37a in core::option::{{impl}}::map<&atomic_refcell::AtomicRefCell<style::data::ElementData>,atomic_refcell::AtomicRefMut<style::data::ElementData>,closure> (self=..., f=...) at /buildslave/rust-buildbot/slave/stable-dist-rustc-linux/build/src/libcore/option.rs:383
#6  0x00007fffebc697bc in style::dom::TElement::mutate_data<style::gecko::wrapper::GeckoElement> (self=<optimized out>) at /home/froydnj/src/gecko-dev.git/servo/components/style/dom.rs:444
#7  0x00007fffebc269d1 in geckoservo::glue::Servo_ResolveStyleLazily (element=<optimized out>, element@entry=0x7fffaef50110, pseudo_tag=<optimized out>, pseudo_tag@entry=0x0, raw_data=<optimized out>) at /home/froydnj/src/gecko-dev.git/servo/ports/geckolib/glue.rs:1883
#8  0x00007fffea73488a in mozilla::ServoStyleSet::ResolveStyleLazily (this=this@entry=0x7fffaf1048f0, aElement=aElement@entry=0x7fffaef50110, aPseudoTag=aPseudoTag@entry=0x0) at /home/froydnj/src/gecko-dev.git/layout/style/ServoStyleSet.cpp:909
#9  0x00007fffea734a6d in mozilla::ServoStyleSet::GetContext (this=0x7fffaf1048f0, aContent=0x7fffaef50110, aParentContext=0x0, aPseudoTag=aPseudoTag@entry=0x0, aPseudoType=aPseudoType@entry=mozilla::CSSPseudoElementType::NotPseudo, aMayCompute=mozilla::LazyComputeBehavior::Allow) at /home/froydnj/src/gecko-dev.git/layout/style/ServoStyleSet.cpp:192
#10 0x00007fffea734b18 in mozilla::ServoStyleSet::ResolveStyleFor (this=<optimized out>, aElement=<optimized out>, aParentContext=<optimized out>, aMayCompute=<optimized out>) at /home/froydnj/src/gecko-dev.git/layout/style/ServoStyleSet.cpp:176
#11 0x00007fffea7f74ac in mozilla::StyleSetHandle::Ptr::ResolveStyleFor (this=this@entry=0x7fffffff7a50, aElement=aElement@entry=0x7fffaef50110, aParentContext=aParentContext@entry=0x0, aMayCompute=aMayCompute@entry=mozilla::LazyComputeBehavior::Allow) at /opt/build/froydnj/build-icecc-mc/dist/include/mozilla/StyleSetHandleInlines.h:85
#12 0x00007fffea82c905 in GetPropagatedScrollbarStylesForViewport (aPresContext=aPresContext@entry=0x7fffaf2bf800, aStyles=aStyles@entry=0x7fffaf2bf9d0) at /home/froydnj/src/gecko-dev.git/layout/base/nsPresContext.cpp:1452
#13 0x00007fffea82cb6f in nsPresContext::UpdateViewportScrollbarStylesOverride (this=0x7fffaf2bf800) at /home/froydnj/src/gecko-dev.git/layout/base/nsPresContext.cpp:1502
#14 0x00007fffea822446 in nsCSSFrameConstructor::ConstructDocElementFrame (this=this@entry=0x7fffaf13c400, aDocElement=aDocElement@entry=0x7fffaef50110, aFrameState=aFrameState@entry=0x0) at /home/froydnj/src/gecko-dev.git/layout/base/nsCSSFrameConstructor.cpp:2425
#15 0x00007fffea822e9e in nsCSSFrameConstructor::ContentRangeInserted (this=0x7fffaf13c400, aContainer=aContainer@entry=0x0, aStartChild=aStartChild@entry=0x7fffaef50110, aEndChild=0x0, aFrameState=aFrameState@entry=0x0, aAllowLazyConstruction=aAllowLazyConstruction@entry=false, aForReconstruction=false, aProvidedTreeMatchContext=0x0) at /home/froydnj/src/gecko-dev.git/layout/base/nsCSSFrameConstructor.cpp:7958
#16 0x00007fffea823b7a in nsCSSFrameConstructor::ContentRangeInserted (aProvidedTreeMatchContext=0x0, aAllowLazyConstruction=aAllowLazyConstruction@entry=false, aFrameState=aFrameState@entry=0x0, aEndChild=<optimized out>, aStartChild=aStartChild@entry=0x7fffaef50110, aContainer=aContainer@entry=0x0, this=<optimized out>) at /home/froydnj/src/gecko-dev.git/layout/base/nsCSSFrameConstructor.h:276
#17 nsCSSFrameConstructor::ContentInserted (this=<optimized out>, aContainer=aContainer@entry=0x0, aChild=aChild@entry=0x7fffaef50110, aFrameState=aFrameState@entry=0x0, aAllowLazyConstruction=aAllowLazyConstruction@entry=false) at /home/froydnj/src/gecko-dev.git/layout/base/nsCSSFrameConstructor.cpp:7843
#18 0x00007fffea7eada2 in mozilla::PresShell::Initialize (this=0x7fffaf170c00, aWidth=<optimized out>, aHeight=<optimized out>) at /home/froydnj/src/gecko-dev.git/layout/base/PresShell.cpp:1794
#19 0x00007fffe9b3a393 in nsContentSink::StartLayout (this=0x7fffc5128000, aIgnorePendingSheets=<optimized out>) at /home/froydnj/src/gecko-dev.git/dom/base/nsContentSink.cpp:1239
#20 0x00007fffe9b5544e in nsDocument::FlushPendingNotifications (this=0x7fffaf20f000, aType=<optimized out>) at /home/froydnj/src/gecko-dev.git/dom/base/nsDocument.cpp:8062
#21 0x00007fffe9b710a5 in nsFocusManager::CheckIfFocusable (this=this@entry=0x7fffdfc7dfd0, aContent=aContent@entry=0x7fffbcb23b50, aFlags=aFlags@entry=0) at /home/froydnj/src/gecko-dev.git/dom/base/nsFocusManager.cpp:1552
#22 0x00007fffe9b88780 in nsFocusManager::SetFocusInner (this=this@entry=0x7fffdfc7dfd0, aNewContent=0x7fffbcb23b50, aFlags=aFlags@entry=0, aFocusChanged=aFocusChanged@entry=true, aAdjustWidget=aAdjustWidget@entry=true) at /home/froydnj/src/gecko-dev.git/dom/base/nsFocusManager.cpp:1182
#23 0x00007fffe9b893b1 in nsFocusManager::SetFocus (this=0x7fffdfc7dfd0, aElement=<optimized out>, aFlags=0) at /home/froydnj/src/gecko-dev.git/dom/base/nsFocusManager.cpp:486
#24 0x00007fffe9af4c5a in mozilla::dom::Element::Focus (this=<optimized out>, aError=...) at /home/froydnj/src/gecko-dev.git/dom/base/Element.cpp:311
#25 0x00007fffea1e654a in nsAutoFocusEvent::Run (this=0x7fffaf1d8f10) at /home/froydnj/src/gecko-dev.git/dom/html/nsGenericHTMLElement.cpp:155
#26 0x00007fffe91ced87 in nsThread::ProcessNextEvent (this=0x7ffff6bb2480, aMayWait=<optimized out>, aResult=0x7fffffff87c7) at /home/froydnj/src/gecko-dev.git/xpcom/threads/nsThread.cpp:1270
#27 0x00007fffe91cf6a8 in NS_ProcessNextEvent (aThread=<optimized out>, aThread@entry=0x7ffff6bb2480, aMayWait=aMayWait@entry=true) at /home/froydnj/src/gecko-dev.git/xpcom/threads/nsThreadUtils.cpp:390
#28 0x00007fffeafe3bc5 in nsXULWindow::ShowModal (this=0x7fffc0e94460) at /home/froydnj/src/gecko-dev.git/xpfe/appshell/nsXULWindow.cpp:386
#29 0x00007fffeb1da45c in nsWindowWatcher::OpenWindowInternal (this=this@entry=0x7fffdfe1d820, aParent=aParent@entry=0x7fffcf15b820, aUrl=aUrl@entry=0x7fffbfddca30 "chrome://global/content/commonDialog.xul", aName=aName@entry=0x7fffc5ce5ba0 "_blank", aFeatures=<optimized out>, aCalledFromJS=aCalledFromJS@entry=false, aDialog=true, aNavigate=true, aArgv=0x7fffcf840f60, aIsPopupSpam=false, aForceNoOpener=false, 
    aLoadInfo=0x0, aResult=0x7fffffff8de8) at /home/froydnj/src/gecko-dev.git/toolkit/components/windowwatcher/nsWindowWatcher.cpp:1316
#30 0x00007fffeb1daa7c in nsWindowWatcher::OpenWindow (this=0x7fffdfe1d820, aParent=0x7fffcf15b820, aUrl=0x7fffbfddca30 "chrome://global/content/commonDialog.xul", aName=0x7fffc5ce5ba0 "_blank", aFeatures=0x7fffbfddca60 "centerscreen,chrome,modal,titlebar", aArguments=<optimized out>, aResult=0x7fffffff8de8) at /home/froydnj/src/gecko-dev.git/toolkit/components/windowwatcher/nsWindowWatcher.cpp:361
#31 0x00007fffe91d414e in NS_InvokeByIndex () at /home/froydnj/src/gecko-dev.git/xpcom/reflect/xptcall/md/unix/xptcinvoke_asm_x86_64_unix.S:106
#32 0x00007fffe97946bd in CallMethodHelper::Invoke (this=0x7fffffff8d28) at /home/froydnj/src/gecko-dev.git/js/xpconnect/src/XPCWrappedNative.cpp:2010
#33 CallMethodHelper::Call (this=0x7fffffff8d28) at /home/froydnj/src/gecko-dev.git/js/xpconnect/src/XPCWrappedNative.cpp:1329
#34 XPCWrappedNative::CallMethod (ccx=..., mode=mode@entry=XPCWrappedNative::CALL_METHOD) at /home/froydnj/src/gecko-dev.git/js/xpconnect/src/XPCWrappedNative.cpp:1296
#35 0x00007fffe979a1c4 in XPC_WN_CallMethod (cx=0x7ffff6ba4800, argc=5, vp=0x7fffdfc824e8) at /home/froydnj/src/gecko-dev.git/js/xpconnect/src/XPCWrappedNativeJSOps.cpp:983
#36 0x00007fffeb339e1d in js::CallJSNative (args=..., native=0x7fffe9799fa9 <XPC_WN_CallMethod(JSContext*, unsigned int, JS::Value*)>, cx=0x7ffff6ba4800) at /home/froydnj/src/gecko-dev.git/js/src/jscntxtinlines.h:291
#37 js::InternalCallOrConstruct (cx=0x7ffff6ba4800, args=..., construct=<optimized out>) at /home/froydnj/src/gecko-dev.git/js/src/vm/Interpreter.cpp:470
#38 0x00007fffeb32b7ff in js::CallFromStack (args=..., cx=<optimized out>) at /home/froydnj/src/gecko-dev.git/js/src/vm/Interpreter.cpp:521
#39 Interpret (cx=0x7ffff6ba4800, state=...) at /home/froydnj/src/gecko-dev.git/js/src/vm/Interpreter.cpp:3025
#40 0x00007fffeb339925 in js::RunScript (cx=0x7ffff6ba4800, state=...) at /home/froydnj/src/gecko-dev.git/js/src/vm/Interpreter.cpp:410
#41 0x00007fffeb339f70 in js::InternalCallOrConstruct (cx=0x7ffff6ba4800, args=..., construct=<optimized out>) at /home/froydnj/src/gecko-dev.git/js/src/vm/Interpreter.cpp:488
#42 0x00007fffeb32b7ff in js::CallFromStack (args=..., cx=<optimized out>) at /home/froydnj/src/gecko-dev.git/js/src/vm/Interpreter.cpp:521
#43 Interpret (cx=0x7ffff6ba4800, state=...) at /home/froydnj/src/gecko-dev.git/js/src/vm/Interpreter.cpp:3025
#44 0x00007fffeb339925 in js::RunScript (cx=0x7ffff6ba4800, state=...) at /home/froydnj/src/gecko-dev.git/js/src/vm/Interpreter.cpp:410
#45 0x00007fffeb339f70 in js::InternalCallOrConstruct (cx=0x7ffff6ba4800, args=..., construct=<optimized out>) at /home/froydnj/src/gecko-dev.git/js/src/vm/Interpreter.cpp:488
#46 0x00007fffeb32b7ff in js::CallFromStack (args=..., cx=<optimized out>) at /home/froydnj/src/gecko-dev.git/js/src/vm/Interpreter.cpp:521
#47 Interpret (cx=0x7ffff6ba4800, state=...) at /home/froydnj/src/gecko-dev.git/js/src/vm/Interpreter.cpp:3025
#48 0x00007fffeb339925 in js::RunScript (cx=0x7ffff6ba4800, state=...) at /home/froydnj/src/gecko-dev.git/js/src/vm/Interpreter.cpp:410
#49 0x00007fffeb339f70 in js::InternalCallOrConstruct (cx=cx@entry=0x7ffff6ba4800, args=..., construct=construct@entry=js::NO_CONSTRUCT) at /home/froydnj/src/gecko-dev.git/js/src/vm/Interpreter.cpp:488
#50 0x00007fffeb33ac1b in InternalCall (args=..., cx=0x7ffff6ba4800) at /home/froydnj/src/gecko-dev.git/js/src/vm/Interpreter.cpp:515
#51 js::Call (cx=cx@entry=0x7ffff6ba4800, fval=..., fval@entry=..., thisv=..., thisv@entry=..., args=..., rval=..., rval@entry=...) at /home/froydnj/src/gecko-dev.git/js/src/vm/Interpreter.cpp:534
#52 0x00007fffeb633971 in JS_CallFunctionValue (cx=0x7ffff6ba4800, obj=obj@entry=..., fval=..., fval@entry=..., args=..., rval=..., rval@entry=...) at /home/froydnj/src/gecko-dev.git/js/src/jsapi.cpp:2826
#53 0x00007fffe979886c in nsXPCWrappedJSClass::CallMethod (this=0x7fffbfdca1c0, wrapper=<optimized out>, methodIndex=<optimized out>, info_=0x7fffe5bec968, nativeParams=0x7fffffffac78) at /home/froydnj/src/gecko-dev.git/js/xpconnect/src/XPCWrappedJSClass.cpp:1214
#54 0x00007fffe91d4d55 in PrepareAndDispatch (self=0x7fffcf840920, methodIndex=<optimized out>, args=<optimized out>, gpregs=0x7fffffffad40, fpregs=<optimized out>) at /home/froydnj/src/gecko-dev.git/xpcom/reflect/xptcall/md/unix/xptcstubs_x86_64_linux.cpp:120
#55 0x00007fffe91d4297 in SharedStub () from /opt/build/froydnj/build-icecc-mc/dist/bin/libxul.so
#56 0x00007fffe91d414e in NS_InvokeByIndex () at /home/froydnj/src/gecko-dev.git/xpcom/reflect/xptcall/md/unix/xptcinvoke_asm_x86_64_unix.S:106
#57 0x00007fffe97946bd in CallMethodHelper::Invoke (this=0x7fffffffaef8) at /home/froydnj/src/gecko-dev.git/js/xpconnect/src/XPCWrappedNative.cpp:2010
#58 CallMethodHelper::Call (this=0x7fffffffaef8) at /home/froydnj/src/gecko-dev.git/js/xpconnect/src/XPCWrappedNative.cpp:1329
#59 XPCWrappedNative::CallMethod (ccx=..., mode=mode@entry=XPCWrappedNative::CALL_METHOD) at /home/froydnj/src/gecko-dev.git/js/xpconnect/src/XPCWrappedNative.cpp:1296
#60 0x00007fffe979a1c4 in XPC_WN_CallMethod (cx=0x7ffff6ba4800, argc=9, vp=0x7fffdfc821b0) at /home/froydnj/src/gecko-dev.git/js/xpconnect/src/XPCWrappedNativeJSOps.cpp:983
#61 0x00007fffeb339e1d in js::CallJSNative (args=..., native=0x7fffe9799fa9 <XPC_WN_CallMethod(JSContext*, unsigned int, JS::Value*)>, cx=0x7ffff6ba4800) at /home/froydnj/src/gecko-dev.git/js/src/jscntxtinlines.h:291
#62 js::InternalCallOrConstruct (cx=0x7ffff6ba4800, args=..., construct=<optimized out>) at /home/froydnj/src/gecko-dev.git/js/src/vm/Interpreter.cpp:470
#63 0x00007fffeb32b7ff in js::CallFromStack (args=..., cx=<optimized out>) at /home/froydnj/src/gecko-dev.git/js/src/vm/Interpreter.cpp:521
#64 Interpret (cx=0x7ffff6ba4800, state=...) at /home/froydnj/src/gecko-dev.git/js/src/vm/Interpreter.cpp:3025
#65 0x00007fffeb339925 in js::RunScript (cx=0x7ffff6ba4800, state=...) at /home/froydnj/src/gecko-dev.git/js/src/vm/Interpreter.cpp:410
#66 0x00007fffeb339f70 in js::InternalCallOrConstruct (cx=0x7ffff6ba4800, args=..., construct=<optimized out>) at /home/froydnj/src/gecko-dev.git/js/src/vm/Interpreter.cpp:488
#67 0x00007fffeb32b7ff in js::CallFromStack (args=..., cx=<optimized out>) at /home/froydnj/src/gecko-dev.git/js/src/vm/Interpreter.cpp:521
#68 Interpret (cx=0x7ffff6ba4800, state=...) at /home/froydnj/src/gecko-dev.git/js/src/vm/Interpreter.cpp:3025
#69 0x00007fffeb339925 in js::RunScript (cx=0x7ffff6ba4800, state=...) at /home/froydnj/src/gecko-dev.git/js/src/vm/Interpreter.cpp:410
#70 0x00007fffeb339f70 in js::InternalCallOrConstruct (cx=cx@entry=0x7ffff6ba4800, args=..., construct=construct@entry=js::NO_CONSTRUCT) at /home/froydnj/src/gecko-dev.git/js/src/vm/Interpreter.cpp:488
#71 0x00007fffeb33ac1b in InternalCall (args=..., cx=0x7ffff6ba4800) at /home/froydnj/src/gecko-dev.git/js/src/vm/Interpreter.cpp:515
#72 js::Call (cx=cx@entry=0x7ffff6ba4800, fval=..., fval@entry=..., thisv=..., thisv@entry=..., args=..., rval=..., rval@entry=...) at /home/froydnj/src/gecko-dev.git/js/src/vm/Interpreter.cpp:534
#73 0x00007fffeb633971 in JS_CallFunctionValue (cx=0x7ffff6ba4800, obj=obj@entry=..., fval=..., fval@entry=..., args=..., rval=..., rval@entry=...) at /home/froydnj/src/gecko-dev.git/js/src/jsapi.cpp:2826
#74 0x00007fffe979886c in nsXPCWrappedJSClass::CallMethod (this=0x7fffc082e300, wrapper=<optimized out>, methodIndex=<optimized out>, info_=0x7fffe5bfb548, nativeParams=0x7fffffffc6e8) at /home/froydnj/src/gecko-dev.git/js/xpconnect/src/XPCWrappedJSClass.cpp:1214
#75 0x00007fffe91d4d55 in PrepareAndDispatch (self=0x7fffc082d900, methodIndex=<optimized out>, args=<optimized out>, gpregs=0x7fffffffc7b0, fpregs=<optimized out>) at /home/froydnj/src/gecko-dev.git/xpcom/reflect/xptcall/md/unix/xptcstubs_x86_64_linux.cpp:120
#76 0x00007fffe91d4297 in SharedStub () from /opt/build/froydnj/build-icecc-mc/dist/bin/libxul.so
#77 0x00007fffe91ced87 in nsThread::ProcessNextEvent (this=0x7ffff6bb2480, aMayWait=<optimized out>, aResult=0x7fffffffc927) at /home/froydnj/src/gecko-dev.git/xpcom/threads/nsThread.cpp:1270
#78 0x00007fffe91cf6a8 in NS_ProcessNextEvent (aThread=<optimized out>, aThread@entry=0x7ffff6bb2480, aMayWait=aMayWait@entry=false) at /home/froydnj/src/gecko-dev.git/xpcom/threads/nsThreadUtils.cpp:390
#79 0x00007fffe94db2c1 in mozilla::ipc::MessagePump::Run (this=0x7fffe6b591c0, aDelegate=0x7ffff6b6f840) at /home/froydnj/src/gecko-dev.git/ipc/glue/MessagePump.cpp:96
#80 0x00007fffe94be746 in MessageLoop::RunHandler (this=<optimized out>) at /home/froydnj/src/gecko-dev.git/ipc/chromium/src/base/message_loop.cc:231
#81 MessageLoop::Run (this=<optimized out>) at /home/froydnj/src/gecko-dev.git/ipc/chromium/src/base/message_loop.cc:211
#82 0x00007fffea64acdf in nsBaseAppShell::Run (this=0x7fffdfd7f200) at /home/froydnj/src/gecko-dev.git/widget/nsBaseAppShell.cpp:156
#83 0x00007fffeb190c0a in nsAppStartup::Run (this=0x7fffdfcd6150) at /home/froydnj/src/gecko-dev.git/toolkit/components/startup/nsAppStartup.cpp:283
#84 0x00007fffeb1f5af8 in XREMain::XRE_mainRun (this=this@entry=0x7fffffffcc58) at /home/froydnj/src/gecko-dev.git/toolkit/xre/nsAppRunner.cpp:4535
#85 0x00007fffeb1f610f in XREMain::XRE_main (this=this@entry=0x7fffffffcc58, argc=argc@entry=4, argv=argv@entry=0x7fffffffdf98, aConfig=...) at /home/froydnj/src/gecko-dev.git/toolkit/xre/nsAppRunner.cpp:4715
#86 0x00007fffeb1f63aa in XRE_main (argc=4, argv=0x7fffffffdf98, aConfig=...) at /home/froydnj/src/gecko-dev.git/toolkit/xre/nsAppRunner.cpp:4808
#87 0x0000000000406045 in do_main (argc=argc@entry=4, argv=argv@entry=0x7fffffffdf98, envp=envp@entry=0x7fffffffdfc0) at /home/froydnj/src/gecko-dev.git/browser/app/nsBrowserApp.cpp:236
#88 0x0000000000405737 in main (argc=4, argv=0x7fffffffdf98, envp=0x7fffffffdfc0) at /home/froydnj/src/gecko-dev.git/browser/app/nsBrowserApp.cpp:307

It looks like I'm getting some sort of popup window about my default browser, but no text is being drawn, so it's hard to say.

This is with a very recent mozilla-central.
Hm, is it really happening in the CAS call at [1], or is it the next line [2]? Do you see "already {im,}mutably borrowed" in the log spew?

If so, that means that we're double-borrowing the element data somehow. This seems plausible given that we're spinning the event loop, though nothing on the stack jumps out at me. If the crash is actually happening in the CAS, then I have no idea.

[1] http://searchfox.org/mozilla-central/rev/214345204f1e7d97abb571b7992b6deedb5ff98f/third_party/rust/atomic_refcell/src/lib.rs#194
[2] http://searchfox.org/mozilla-central/rev/214345204f1e7d97abb571b7992b6deedb5ff98f/third_party/rust/atomic_refcell/src/lib.rs#198
(Assignee)

Comment 2

a year ago
(In reply to Bobby Holley (:bholley) (busy with Stylo) from comment #1)
> Hm, is it really happening in the CAS call at [1], or is it the next line
> [2]? Do you see "already {im,}mutably borrowed" in the log spew?
> 
> [1]
> http://searchfox.org/mozilla-central/rev/
> 214345204f1e7d97abb571b7992b6deedb5ff98f/third_party/rust/atomic_refcell/src/
> lib.rs#194

This call (and the things that it calls in the stdlib) is the one that's crashing.

Where would I look to find messages in the log spew?  Do I have to set some environment variables to do that?
Flags: needinfo?(bobbyholley)
(In reply to Nathan Froyd [:froydnj] from comment #2)
> (In reply to Bobby Holley (:bholley) (busy with Stylo) from comment #1)
> > Hm, is it really happening in the CAS call at [1], or is it the next line
> > [2]? Do you see "already {im,}mutably borrowed" in the log spew?
> > 
> > [1]
> > http://searchfox.org/mozilla-central/rev/
> > 214345204f1e7d97abb571b7992b6deedb5ff98f/third_party/rust/atomic_refcell/src/
> > lib.rs#194
> 
> This call (and the things that it calls in the stdlib) is the one that's
> crashing.

Hm. So I suppose that the other hypothesis might be that the mServoData pointer that we're pulling off the Element points to garbage memory, and the atomic op is the first thing we try to do on that garbage memory, and we segfault. Maybe inspect the contents of the AtomicRefCell<ElementData> and see if it looks garbage-y?
> 
> Where would I look to find messages in the log spew?  Do I have to set some
> environment variables to do that?

I don't know - I usually see panic messages directly in the log. You can also set RUST_BACKTRACE=1, though I don't know if that'll give you more than you're getting.
Flags: needinfo?(bobbyholley)
Also, just to be 100% sure - you're not disabling build-time bindgen are you? And MOZ_STYLO is defined? If both of those are not true, then Servo will be looking for mServoData on Gecko DOM Elements and reinterpreting other memory as such.
By email, jryans mentioned that this happened when he passed --enable-rust-debug. My guess is that rust-bindgen is somehow using a debug memory layout for Gecko but lubxul is being built for opt.
In servo/components/style/gecko_bindings/mod.rs:

        if #[cfg(debug_assertions)] {
            include!(concat!(env!("OUT_DIR"), "/gecko/structs_debug.rs"));
        } else {
            include!(concat!(env!("OUT_DIR"), "/gecko/structs_release.rs"));
        }

cfg(debug_assertions) indicates whether the current crate (style) is built in debug or release mode. It sounds like we want to know whether C++ code is compiled in debug or release mode. Maybe Gecko’s build system could pass an environment variable to say which it is, and servo/components/style/build_gecko.rs would generate one of these two include!() lines in a third file in OUT_DIR. That third file would be included from mod.rs.
Part of the differences between structs_debug.rs and structs_release.rs is the presence of _mOwningThread members/fields in some classes/structs, which in C++ source depends on:

    #if (defined(DEBUG) || (defined(NIGHTLY_BUILD) && !defined(MOZ_PROFILING))) && !defined(XPCOM_GLUE_AVOID_NSPR)
      #define MOZ_THREAD_SAFETY_OWNERSHIP_CHECKS_SUPPORTED  1
    #endif
Yep, that sounds exactly right. Over to Nathan to figure out the plumbing.
Assignee: nobody → nfroyd
Priority: -- → P1
(Assignee)

Comment 9

a year ago
Part one of the servo-side changes: https://github.com/servo/servo/pull/16545

We need to use features, rather than environment variables, because various things that depend on which bindings we're using are also keyed off cfg(debug_assertions).  So it's easier, and more friendly for rebuilds, if we just use features instead of the solution outlined in comment 6.
Comment hidden (mozreview-request)

Comment 11

a year ago
mozreview-review
Comment on attachment 8860120 [details]
Bug 1357556 - define a gecko_debug feature for gkrust*;

https://reviewboard.mozilla.org/r/132148/#review135028
Attachment #8860120 - Flags: review?(emilio+bugs) → review+
Comment hidden (mozreview-request)
(Assignee)

Comment 13

a year ago
We decided to go with gecko_debug for the feature name, for consistency with other parts of Servo; commit updated accordingly.

Comment 14

a year ago
Pushed by nfroyd@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/1ac0a2d75a61
define a gecko_debug feature for gkrust*; r=emilio
(Assignee)

Comment 15

a year ago
Second half of the Servo bits: https://github.com/servo/servo/pull/16550
Backed out for busting OSX debug build:

https://hg.mozilla.org/integration/autoland/rev/37a7653a0c5feccc2417b489d6847051be8e7b42

Push with failures: https://treeherder.mozilla.org/#/jobs?repo=autoland&revision=1ac0a2d75a615ae66647966511d08d12529a20ce&filter-resultStatus=testfailed&filter-resultStatus=busted&filter-resultStatus=exception&filter-resultStatus=retry&filter-resultStatus=usercancel&filter-resultStatus=runnable
Failure log: https://treeherder.mozilla.org/logviewer.html#?job_id=93117446&repo=autoland

14:17:37     INFO -  error: linking with `cc` failed: exit code: 1
14:17:37     INFO -    |
14:17:37     INFO -    = note: "cc" "-m64" "-L" "/builds/slave/autoland-m64-d-000000000000000/build/src/rustc/lib/rustlib/x86_64-apple-darwin/lib" "/builds/slave/autoland-m64-d-000000000000000/build/src/obj-firefox/toolkit/library/debug/build/heapsize-6a8e11c8cf3246ad/build_script_build-6a8e11c8cf3246ad.0.o" "/builds/slave/autoland-m64-d-000000000000000/build/src/obj-firefox/toolkit/library/debug/build/heapsize-6a8e11c8cf3246ad/build_script_build-6a8e11c8cf3246ad.1.o" "/builds/slave/autoland-m64-d-000000000000000/build/src/obj-firefox/toolkit/library/debug/build/heapsize-6a8e11c8cf3246ad/build_script_build-6a8e11c8cf3246ad.2.o" "/builds/slave/autoland-m64-d-000000000000000/build/src/obj-firefox/toolkit/library/debug/build/heapsize-6a8e11c8cf3246ad/build_script_build-6a8e11c8cf3246ad.3.o" "-o" "/builds/slave/autoland-m64-d-000000000000000/build/src/obj-firefox/toolkit/library/debug/build/heapsize-6a8e11c8cf3246ad/build_script_build-6a8e11c8cf3246ad" "-Wl,-dead_strip" "-nodefaultlibs" "-L" "/builds/slave/autoland-m64-d-000000000000000/build/src/obj-firefox/toolkit/library/debug/deps" "-L" "/builds/slave/autoland-m64-d-000000000000000/build/src/rustc/lib/rustlib/x86_64-apple-darwin/lib" "/builds/slave/autoland-m64-d-000000000000000/build/src/rustc/lib/rustlib/x86_64-apple-darwin/lib/libstd-3906a08942cb8792.rlib" "/builds/slave/autoland-m64-d-000000000000000/build/src/rustc/lib/rustlib/x86_64-apple-darwin/lib/librand-263cd176420d5add.rlib" "/builds/slave/autoland-m64-d-000000000000000/build/src/rustc/lib/rustlib/x86_64-apple-darwin/lib/libcollections-fa66e5549a3d8462.rlib" "/builds/slave/autoland-m64-d-000000000000000/build/src/rustc/lib/rustlib/x86_64-apple-darwin/lib/libstd_unicode-9cfd570c63c956e8.rlib" "/builds/slave/autoland-m64-d-000000000000000/build/src/rustc/lib/rustlib/x86_64-apple-darwin/lib/libpanic_unwind-404c7ab69be5f6ed.rlib" "/builds/slave/autoland-m64-d-000000000000000/build/src/rustc/lib/rustlib/x86_64-apple-darwin/lib/libunwind-042715677450a2f9.rlib" "/builds/slave/autoland-m64-d-000000000000000/build/src/rustc/lib/rustlib/x86_64-apple-darwin/lib/liballoc-7424dd9202034bde.rlib" "/builds/slave/autoland-m64-d-000000000000000/build/src/rustc/lib/rustlib/x86_64-apple-darwin/lib/liballoc_jemalloc-9222f97d122fdefd.rlib" "/builds/slave/autoland-m64-d-000000000000000/build/src/rustc/lib/rustlib/x86_64-apple-darwin/lib/liblibc-b908adaa05a419da.rlib" "/builds/slave/autoland-m64-d-000000000000000/build/src/rustc/lib/rustlib/x86_64-apple-darwin/lib/libcore-b57a1f3d811fb7ff.rlib" "/builds/slave/autoland-m64-d-000000000000000/build/src/rustc/lib/rustlib/x86_64-apple-darwin/lib/libcompiler_builtins-e29ccb19ceae9ed8.rlib" "-l" "System" "-l" "pthread" "-l" "c" "-l" "m"
14:17:37     INFO -    = note: Assertion failed: (_mode == modeFinalAddress), function finalAddress, file /SourceCache/ld64/ld64-123.2.1/src/ld/ld.hpp, line 573.
14:17:37     INFO -            0  0x10d62e71c  __assert_rtn + 76
14:17:37     INFO -            1  0x10d6a701c  ld::tool::OutputFile::addressOf(ld::Internal const&, ld::Fixup const*, ld::Atom const**) + 172
14:17:37     INFO -            2  0x10d6a9a25  ld::tool::OutputFile::applyFixUps(ld::Internal&, unsigned long long, ld::Atom const*, unsigned char*) + 3909
14:17:37     INFO -            3  0x10d6a5f70  ld::tool::OutputFile::writeOutputFile(ld::Internal&) + 816
14:17:37     INFO -            4  0x10d69eab9  ld::tool::OutputFile::write(ld::Internal&) + 153
14:17:37     INFO -            5  0x10d62ecaa  main + 1178
14:17:37     INFO -            6  0x10d61d2b4  start + 52
14:17:37     INFO -            collect2: ld returned 1 exit status
Flags: needinfo?(nfroyd)
(Assignee)

Comment 17

a year ago
Lovely, it looks like bug 1165528/bug 1289847 has returned.

The fix was to use a newer linker...but I think we only use a newer linker for linking libxul, whereas this problem is happening when linking the staticlib rustc produces.  (We don't have enough information in either of the older bugs to say for sure that it only happened when linking libxul, but that's what I remember...)

I think we actually have to solve bug 1342503 properly here, because Cargo/rustc makes it difficult to pass in extra flags to the linking process. :(
Flags: needinfo?(nfroyd)
Comment hidden (mozreview-request)

Comment 19

a year ago
Pushed by nfroyd@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/913f76890205
define a gecko_debug feature for gkrust*; r=emilio
https://hg.mozilla.org/mozilla-central/rev/913f76890205
Status: NEW → RESOLVED
Last Resolved: a year ago
status-firefox55: affected → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla55
You need to log in before you can comment on or make changes to this bug.