Closed
Bug 1381386
Opened 7 years ago
Closed 7 years ago
stylo: Crash in mozalloc_abort | abort | style::properties::{{impl}}::to_css<T>
Categories
(Core :: CSS Parsing and Computation, defect, P2)
Core
CSS Parsing and Computation
Tracking
()
RESOLVED
FIXED
mozilla56
Tracking | Status | |
---|---|---|
firefox-esr52 | --- | unaffected |
firefox54 | --- | unaffected |
firefox55 | --- | unaffected |
firefox56 | --- | fixed |
People
(Reporter: cpeterson, Assigned: boris)
References
(Blocks 1 open bug)
Details
(Keywords: crash)
Crash Data
Attachments
(2 files)
This bug was filed from the Socorro interface and is
report bp-1f17713b-905a-4695-bc6e-12c9f0170715.
=============================================================
Comment 1•7 years ago
|
||
This isn't quite actionable... It is unknown which to_css aborts from the information in the report... It would be much helpful if it is from a post-20170715 build, so that we can at least have some panic message.
Comment 2•7 years ago
|
||
This is definitely a report I sent!
The crash happened when I try to check bug 1381196. With opening devtools' animation inspector and moving mouse over photos.
I guess this will easily fixed.
Comment 3•7 years ago
|
||
So there is another report bp-7105f07a-9a6d-482b-b529-57a010170717 with the panic message showing "internal error: entered unreachable code", so we are probably hitting an unreachable!() here. It is possible that animation can generate something that isn't supposed to be serializable in CSS. It would be helpful if we know at least what {{impl}} it is...
Comment 4•7 years ago
|
||
(In reply to Xidorn Quan [:xidorn] UTC+10 from comment #3)
> So there is another report bp-7105f07a-9a6d-482b-b529-57a010170717 with the
> panic message showing "internal error: entered unreachable code", so we are
> probably hitting an unreachable!() here.
That one is also mine. :)
Comment 5•7 years ago
|
||
Jeremy, if you are looking for find bugs related to crashes or real site issues, I think this bug is a good one for you.
STR
1) Open https://www.yelp.com/biz/golden-gate-bridge-san-francisco
2) Open animation inspector in devtools
3) Move mouse over images in the page
Flags: needinfo?(jeremychen)
Comment 6•7 years ago
|
||
Hi Hiro, I'd be happy to investigate this one. However, I just built stylo with the latest autoland, but I can't reproduce this on my Mac. Is this a Linux specific issue? Are you able to reproduce this still?
Flags: needinfo?(jeremychen) → needinfo?(hikezoe)
Comment 7•7 years ago
|
||
OK, I can reproduce this on linux, so I will look into this next week.
Assignee: nobody → hikezoe
Status: NEW → ASSIGNED
Flags: needinfo?(hikezoe)
Comment 8•7 years ago
|
||
Checked this on gdb. We are trying to serialize InterpolateMatrix. Boris, would you mind taking this?
Flags: needinfo?(boris.chiou)
Assignee | ||
Comment 9•7 years ago
|
||
(In reply to Hiroyuki Ikezoe (:hiro) from comment #8)
> Checked this on gdb. We are trying to serialize InterpolateMatrix. Boris,
> would you mind taking this?
Sure. I can take this.
Flags: needinfo?(boris.chiou)
Assignee | ||
Comment 10•7 years ago
|
||
(In reply to Boris Chiou [:boris] from comment #9)
> (In reply to Hiroyuki Ikezoe (:hiro) from comment #8)
> > Checked this on gdb. We are trying to serialize InterpolateMatrix. Boris,
> > would you mind taking this?
>
> Sure. I can take this.
Oh. It seems this only happens on Linux. I will try to reproduce this on my desktop (linux).
Assignee | ||
Updated•7 years ago
|
Assignee: hikezoe → boris.chiou
Assignee | ||
Comment 11•7 years ago
|
||
My call stack on MacOS:
thread '<unnamed>' panicked at 'internal error: entered unreachable code', /Users/boris/projects/firefox/gecko/objdirs/obj-browser-stylo-debug/toolkit/library/x86_64-apple-darwin/debug/build/style-4d1510e2bb79ef6a/out/properties.rs:14291
stack backtrace:
0: std::sys::imp::backtrace::tracing::imp::unwind_backtrace
1: std::panicking::default_hook::{{closure}}
2: std::panicking::default_hook
3: std::panicking::rust_panic_with_hook
4: std::panicking::begin_panic
5: <style::properties::longhands::transform::SpecifiedOperation as style_traits::values::ToCss>::to_css
6: <style::properties::longhands::transform::SpecifiedValue as style_traits::values::ToCss>::to_css
7: <style::properties::PropertyDeclaration as style_traits::values::ToCss>::to_css
8: style::properties::declaration_block::PropertyDeclarationBlock::single_value_to_css
9: Servo_AnimationValue_Serialize
10: _ZN7mozilla3domL19CreatePropertyValueE15nsCSSPropertyIDfRKNS_5MaybeINS_22ComputedTimingFunctionEEERKNS_14AnimationValueENS0_18CompositeOperationERNS0_29AnimationPropertyValueDetailsE
11: _ZNK7mozilla3dom22KeyframeEffectReadOnly13GetPropertiesER8nsTArrayINS0_24AnimationPropertyDetailsEERNS_11ErrorResultE
12: _ZN7mozilla3dom29KeyframeEffectReadOnlyBindingL13getPropertiesEP9JSContextN2JS6HandleIP8JSObjectEEPNS0_22KeyframeEffectReadOnlyERK19JSJitMethodCallArgs
13: _ZN7mozilla3dom20GenericBindingMethodEP9JSContextjPN2JS5ValueE
Assignee | ||
Comment 12•7 years ago
|
||
At least this happens on Linux and MacOS
OS: Linux → All
Hardware: Unspecified → All
Assignee | ||
Comment 13•7 years ago
|
||
Looks like we have to implement the serialization of interpolatmatrix and accumulatematrix. I checked how Gecko did, and it seems Gecko serialize interpolatematrix as something like:
"interpolatematrix(scale(0.88) translateZ(0px), translateZ(1px), 94.7901%)"
So I will following the same idea from Gecko because KeyframeEffectReadOnly::GetProperties() is a ChromeOnly API.
Comment hidden (mozreview-request) |
Comment 15•7 years ago
|
||
mozreview-review |
Comment on attachment 8891177 [details]
Bug 1381386 - Implement ToCss for SpecifiedOperation::{InterpolateMatrix|AccumulateMatrix}.
https://reviewboard.mozilla.org/r/162372/#review167654
Attachment #8891177 -
Flags: review?(bbirtles) → review+
Assignee | ||
Comment 16•7 years ago
|
||
Assignee | ||
Comment 17•7 years ago
|
||
landed in m-c:
https://hg.mozilla.org/mozilla-central/rev/57339111e7b9
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Updated•7 years ago
|
status-firefox54:
--- → unaffected
status-firefox55:
--- → unaffected
status-firefox56:
--- → fixed
status-firefox-esr52:
--- → unaffected
Target Milestone: --- → mozilla56
You need to log in
before you can comment on or make changes to this bug.
Description
•