Closed
Bug 1371020
Opened 7 years ago
Closed 7 years ago
Crash in mozilla::dom::Timeout::When
Categories
(Core :: DOM: Core & HTML, defect, P2)
Tracking
()
RESOLVED
FIXED
mozilla55
Tracking | Status | |
---|---|---|
firefox-esr52 | --- | unaffected |
firefox54 | --- | unaffected |
firefox55 | --- | fixed |
People
(Reporter: marcia, Assigned: bkelly)
References
Details
(Keywords: crash, regression)
Crash Data
Attachments
(3 files, 1 obsolete file)
2.50 KB,
patch
|
ehsan.akhgari
:
review+
|
Details | Diff | Splinter Review |
2.38 KB,
patch
|
ehsan.akhgari
:
review+
|
Details | Diff | Splinter Review |
3.32 KB,
patch
|
ehsan.akhgari
:
review+
|
Details | Diff | Splinter Review |
This bug was filed from the Socorro interface and is report bp-b6635e6b-1a7c-407f-b0a4-7ebbc0170604. ============================================================= Seen while looking at nightly crash stats - crashes started using 20170602030204: http://bit.ly/2rCsULL Possible regression range based on build ID: https://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=bdb2387396b4a74dfefb7c983733eed3625e906a&tochange=aeb3d0ca558f034cbef1c5a68bd07dd738611494 Not sure if Bug 1363829 is involved, ni on bkelly
Flags: needinfo?(bkelly)
Assignee | ||
Comment 2•7 years ago
|
||
First guess is that we are trying to schedule the TimeoutExecutor on a frozen window and the Timeout->When() is asserting since its an illegal call in that case.
Assignee: nobody → bkelly
Blocks: 1363829
Status: NEW → ASSIGNED
status-firefox54:
--- → unaffected
Flags: needinfo?(bkelly)
Assignee | ||
Comment 3•7 years ago
|
||
Assignee | ||
Comment 4•7 years ago
|
||
Assignee | ||
Comment 5•7 years ago
|
||
https://treeherder.mozilla.org/#/jobs?repo=try&revision=0edd8d225072294484f37b9139b70045c1822f22
Assignee | ||
Comment 6•7 years ago
|
||
WIP test that doesn't work yet.
Assignee | ||
Comment 7•7 years ago
|
||
Comment on attachment 8875736 [details] [diff] [review] P4 Add a mochitest that executes clearTimeout() on a frozen window. r=ehsan I think its going to be too racy to try to make a test that triggers this. Also, I think we should close loop holes that allow us to run js code while in the bfcache. I'll file a separate bug about getting IDB callbacks on a frozen window.
Attachment #8875736 -
Attachment is obsolete: true
Updated•7 years ago
|
Priority: -- → P2
Assignee | ||
Comment 8•7 years ago
|
||
Comment on attachment 8875716 [details] [diff] [review] P1 Avoid rescheduling the TimeoutExecutor in ClearTimeout() in some cases. r=ehsan Ehsan, this directly addresses the crash from comment 0. It ensures that we don't try to reschedule the TimeoutExecutor when the window is frozen. I use a check for IsSuspended() because a frozen window is always suspended and we also should not reschedule in that case. I also added a check for the deferred deletion case since we are already handling a rescheduling of the timeout executor in RunTimeout() in that case. That is not strictly necessary to fix this crash, but I think its most correct for this method.
Attachment #8875716 -
Flags: review?(ehsan)
Assignee | ||
Comment 9•7 years ago
|
||
Comment on attachment 8875717 [details] [diff] [review] P2 Avoid scheduling TimeoutExecutor if the window becomes suspended in RunTimeout. r=ehsan I also reviewed other places we call TimeoutExecutor::MaybeSchedule(). Most of them are already covered by checks for mWindow.IsSuspended(). I think the one exception is in RunTimeout() when we exhaust the time budget. This patch fixes that in RunTimeout.
Attachment #8875717 -
Flags: review?(ehsan)
Assignee | ||
Comment 10•7 years ago
|
||
Comment on attachment 8875719 [details] [diff] [review] P3 Cleanup some IsFrozen()/IsSuspended() checking in TimeoutManager. r=ehsan While reviewing the code for TimeoutExecutor::MaybeSchedule() while suspended/frozen I discovered a few places where we could cleanup our existing checking. In general we don't need to explicitly check for IsFrozen() if we are going to short-circuit on IsSuspended(). We have an invariant that if the window is frozen then its also suspended. Similarly, if we are only operating on a non-suspended window then we don't have to worry about maybe sorting on TimeRemaining in the iterator. Finally, Timeout::When() has a TimeStamp::IsNull() assertion already. We don't need an extra one in TimeoutManager. This patch does not change existing behavior.
Attachment #8875719 -
Flags: review?(ehsan)
Updated•7 years ago
|
Attachment #8875716 -
Flags: review?(ehsan) → review+
Comment 11•7 years ago
|
||
Comment on attachment 8875717 [details] [diff] [review] P2 Avoid scheduling TimeoutExecutor if the window becomes suspended in RunTimeout. r=ehsan Review of attachment 8875717 [details] [diff] [review]: ----------------------------------------------------------------- ::: dom/base/TimeoutManager.cpp @@ +670,5 @@ > // in order for timeouts to fire properly. > if (!nextDeadline.IsNull()) { > + // Note, we verified the window is not suspended at the top of > + // method and the window should not have been suspended while > + // executing the loop above since it doesn't call out to js. Maybe officiate this with a MOZ_ASSERT too?
Attachment #8875717 -
Flags: review?(ehsan) → review+
Updated•7 years ago
|
Attachment #8875719 -
Flags: review?(ehsan) → review+
Comment 12•7 years ago
|
||
Pushed by bkelly@mozilla.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/d832f5aee62a P1 Avoid rescheduling the TimeoutExecutor in ClearTimeout() in some cases. r=ehsan https://hg.mozilla.org/integration/mozilla-inbound/rev/536ad9812d0c P2 Avoid scheduling TimeoutExecutor if the window becomes suspended in RunTimeout. r=ehsan https://hg.mozilla.org/integration/mozilla-inbound/rev/28064e6e5ba4 P3 Cleanup some IsFrozen()/IsSuspended() checking in TimeoutManager. r=ehsan
Comment 13•7 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/d832f5aee62a https://hg.mozilla.org/mozilla-central/rev/536ad9812d0c https://hg.mozilla.org/mozilla-central/rev/28064e6e5ba4
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla55
Assignee | ||
Comment 14•7 years ago
|
||
Looking at crash stats, the last crash was build id 20170609030207. Since this landed on June 9 it would have first been in the June 10 build. So I think this shows the patches fixed the crash.
Updated•7 years ago
|
status-firefox-esr52:
--- → unaffected
Updated•5 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•