Closed
Bug 1399557
Opened 7 years ago
Closed 7 years ago
Crash in mozilla::a11y::DocAccessible::DoInitialUpdate
Categories
(Core :: Disability Access APIs, defect, P1)
Tracking
()
RESOLVED
FIXED
mozilla58
| Tracking | Status | |
|---|---|---|
| firefox-esr52 | --- | unaffected |
| firefox56 | --- | unaffected |
| firefox57 | + | fixed |
| firefox58 | --- | fixed |
People
(Reporter: davidb, Assigned: bugzilla)
References
Details
(Keywords: crash, Whiteboard: aes+)
Crash Data
Attachments
(3 files)
|
12.76 KB,
patch
|
jimm
:
review+
|
Details | Diff | Splinter Review |
|
22.57 KB,
patch
|
jimm
:
review+
Sylvestre
:
approval-mozilla-beta+
|
Details | Diff | Splinter Review |
|
19.43 KB,
patch
|
bugzilla
:
review+
|
Details | Diff | Splinter Review |
Spun off bug 1383501
This bug was filed from the Socorro interface and is
report bp-d66274d1-87e3-4728-9de3-a57aa0170913.
=============================================================
We need a way for caller(s) to react smartly when DoInitialUpdate fails. Likely need to be able to return an error code.
Alex this is pretty urgent. Please find AKlotz for high bandwidth details.
|
||
Comment 1•7 years ago
|
||
I know nothing about this code, and not sure what is a scope of this bug. Aaron probably has more data on it per hg history. Unassigning myself until we have something actionable here.
Assignee: surkov.alexander → nobody
Flags: needinfo?(dbolter)
Flags: needinfo?(aklotz)
|
Reporter | |
Comment 2•7 years ago
|
||
Please talk to Aaron for context (we're in meeting now).
Flags: needinfo?(dbolter) → needinfo?(surkov.alexander)
|
|
Reporter | |
Updated•7 years ago
|
status-firefox57:
--- → affected
Priority: -- → P1
|
|
||
Comment 3•7 years ago
|
||
I'm still not sure if there's anything we could/should do. We definitely could make DoInitialUpdate to return an error code or throw an exception of whatever, but not sure how it can be used.
Aaron, if you've got ideas on it, please put them here. Otherwise should we wontfix this bug?
Flags: needinfo?(surkov.alexander)
|
Assignee | |
Comment 4•7 years ago
|
||
I think at the very least we need to leave it open while I investigate the failure that triggers the assertion.
Flags: needinfo?(aklotz)
|
|
||
Comment 5•7 years ago
|
||
(In reply to Aaron Klotz [:aklotz] (a11y work receiving priority right now, please send interceptor reviews to dmajor or handyman) from comment #4)
> I think at the very least we need to leave it open while I investigate the
> failure that triggers the assertion.
right, I thought the bug was about DoInitialUpdate change only.
|
|
Assignee | |
Updated•7 years ago
|
Assignee: nobody → aklotz
|
|
Assignee | |
Updated•7 years ago
|
Keywords: leave-open
|
|
Assignee | |
Comment 6•7 years ago
|
||
Attachment #8909970 -
Flags: review?(jmathies)
|
||
Updated•7 years ago
|
Attachment #8909970 -
Flags: review?(jmathies) → review+
|
|
Assignee | |
Comment 7•7 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/282b2976adfdb47f3756af5c4ce11c6d9d0ae798
Bug 1399557: Add diagnostic asserts to interceptor creation code; r=jimm
|
|
Assignee | |
Comment 8•7 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/789e21a08030b00acd832a58268680dede2e7a1b
Bug 1399557: Follow-up: Add check for expected error code; r=bustage
|
||
Comment 9•7 years ago
|
||
| bugherder | ||
|
||
Comment 10•7 years ago
|
||
There are 25 crashes from 3 installations in nightly 57-58 starting with buildid 20170921100141 with signature 'mozilla::mscom::Interceptor::GetInitialInterceptorForIID'.
The moz crash reason is always MOZ_RELEASE_ASSERT((((HRESULT)(hr)) >= 0)).
The crashy line is 'ENSURE_HR_SUCCEEDED(hr);'.
Crash Signature: [@ mozilla::a11y::DocAccessible::DoInitialUpdate] → [@ mozilla::a11y::DocAccessible::DoInitialUpdate]
[@ mozilla::mscom::Interceptor::GetInitialInterceptorForIID]
|
|
||
Comment 11•7 years ago
|
||
[Tracking Requested - why for this release]:
There are 1622 crashes for 57 installations in 57.0b0 (dev edition) with signature 'mozilla::a11y::DocAccessible::DoInitialUpdate'
tracking-firefox57:
--- → ?
|
|
||
Comment 12•7 years ago
|
||
Showing up as #8 on 58. The installations numbers are really low though.
https://crash-stats.mozilla.com/signature/?date=%3C2017-09-24T19%3A59%3A43%2B00%3A00&date=%3E%3D2017-09-17T19%3A59%3A43%2B00%3A00&product=Firefox&version=58.0a1&signature=mozilla%3A%3Amscom%3A%3AInterceptor%3A%3AGetInitialInterceptorForIID
status-firefox58:
--- → affected
|
|
||
Comment 13•7 years ago
|
||
There's a mixture of a11y clients in here, about 50%/50% oop/in-proc.
Tracked for 57 based on comment 11
|
|
Assignee | |
Comment 15•7 years ago
|
||
This patch adds Environment to ProxyStream. When ProxyStream sees an Environment object, immediately before (un)marshaling, it pushes the environment, and then pops it after (un)marshaling. This allows us to do any setup and teardown that is required, *on the thread where the (un)marshaling is to be performed*.
In the case of IAccessible, we use it to push and pop the required activation context.
Attachment #8914107 -
Flags: review?(jmathies)
|
|
Assignee | |
Updated•7 years ago
|
Status: NEW → ASSIGNED
|
|
||
Comment 16•7 years ago
|
||
Comment on attachment 8914107 [details] [diff] [review]
Add the concept of an "Environment" to ProxyStreams
Review of attachment 8914107 [details] [diff] [review]:
-----------------------------------------------------------------
Looks great, lets hope for good results!
Attachment #8914107 -
Flags: review?(jmathies) → review+
|
|
||
Comment 17•7 years ago
|
||
btw what's the overhead of the activation calls here? I didn't get a sense for what that might be.
|
|
Assignee | |
Comment 18•7 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/f76f2dcae8f17bb43ff125b82b36c70a6cc2334d
Bug 1399557: Add Environment to mscom::ProxyStream and define it for IAccessible; r=jimm
|
|
Assignee | |
Comment 19•7 years ago
|
||
(In reply to Jim Mathies [:jimm] from comment #17)
> btw what's the overhead of the activation calls here? I didn't get a sense
> for what that might be.
Should be pretty light -- activation context pushes and pops are buried all over the place throughout internal Win32 code (eg WndProcs are wrapped by them), so I'd think that they'd be pretty low overhead.
|
|
||
Comment 20•7 years ago
|
||
| bugherder | ||
|
|
Assignee | |
Comment 21•7 years ago
|
||
Comment on attachment 8914107 [details] [diff] [review]
Add the concept of an "Environment" to ProxyStreams
Approval Request Comment
[Feature/Bug causing the regression]: a11y+e10s
[User impact if declined]: Potential for continued crashing for a11y users (note that this crash shows up as bug 1383501 on beta)
[Is this code covered by automated tests?]: Yes
[Has the fix been verified in Nightly?]: Yes
[Needs manual test from QE? If yes, steps to reproduce]: No
[List of other uplifts needed for the feature/fix]: None
[Is the change risky?]: No
[Why is the change risky/not risky?]: Not a complicated change
[String changes made/needed]: None
Attachment #8914107 -
Flags: approval-mozilla-beta?
|
|
Assignee | |
Comment 22•7 years ago
|
||
Gonna resolve as fixed for now.
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
Keywords: leave-open
Resolution: --- → FIXED
Target Milestone: --- → mozilla58
|
|
Assignee | |
Updated•7 years ago
|
|
|
Assignee | |
Comment 23•7 years ago
|
||
|
|
Assignee | |
Comment 24•7 years ago
|
||
Attachment #8914910 -
Flags: review+
|
||
Updated•7 years ago
|
status-firefox56:
--- → unaffected
status-firefox-esr52:
--- → unaffected
|
||
Comment 25•7 years ago
|
||
Comment on attachment 8914107 [details] [diff] [review]
Add the concept of an "Environment" to ProxyStreams
Review of attachment 8914107 [details] [diff] [review]:
-----------------------------------------------------------------
Fix a *few* crashes, taking it.
Attachment #8914107 -
Flags: approval-mozilla-beta? → approval-mozilla-beta+
|
|
||
Comment 26•7 years ago
|
||
| bugherder uplift | ||
|
||
Comment 27•7 years ago
|
||
(In reply to Aaron Klotz [:aklotz] (a11y work receiving priority right now, please send interceptor reviews to dmajor or handyman) from comment #21)
> [Is this code covered by automated tests?]: Yes
> [Has the fix been verified in Nightly?]: Yes
> [Needs manual test from QE? If yes, steps to reproduce]: No
Setting qe-verify- based on Aaron's assessment on manual testing needs and the fact that this fix has automated coverage.
Flags: qe-verify-
|
||
Comment 28•7 years ago
|
||
Crashes with these signatures are still showing up. For example it is
#8 topcrash in the Windows nightly 20171005220204, and similarly in
20171005100211.
|
||
Comment 29•7 years ago
|
||
Still getting `mozilla::mscom::Interceptor::GetInitialInterceptorForIID` crashes in latest Nightly. Is this expected?
Flags: needinfo?(aklotz)
|
|
||
Comment 30•7 years ago
|
||
This is topcrash #6 in the Windows nightly 20171012105833.
Flags: needinfo?(dbolter)
|
|
Reporter | |
Comment 31•7 years ago
|
||
(In reply to (pto > 10/23) Jim Chen [:jchen] [:darchons] from comment #29)
> Still getting `mozilla::mscom::Interceptor::GetInitialInterceptorForIID`
> crashes in latest Nightly. Is this expected?
Yes I think we still expect some causes to remain... Aaron can give details.
Flags: needinfo?(dbolter)
|
|
Assignee | |
Comment 32•7 years ago
|
||
(In reply to Jim Chen [:jchen] [:darchons] from comment #29)
> Still getting `mozilla::mscom::Interceptor::GetInitialInterceptorForIID`
> crashes in latest Nightly. Is this expected?
Yes. We intentionally left diagnostic asserts in place on Nightly so that we could continue to investigate the root cause of these problems. On Beta these asserts go away and we are able to recover from the error to the extent that we won't crash (though a11y APIs might not work right).
Flags: needinfo?(aklotz)
|
||
Comment 33•7 years ago
|
||
the user comment at bp-5733d27f-7212-4b42-8bf6-4c0950171208 would for example say "搜狗输入法+狐火=崩溃" (machine translation: "Sogou input method + fox = collapse")
and a good share of those crashes is coming from chinese locales.
|
|
||
Comment 34•7 years ago
|
||
(In reply to Aaron Klotz [:aklotz] from comment #32)
> Yes. We intentionally left diagnostic asserts in place on Nightly so that we
> could continue to investigate the root cause of these problems. [..]
Just to note, this is #12 topcrash in the Windows nightly 20171207100053, and
judging from the graph above, seems to have been crashing fairly frequently for
at least the last month.
Flags: needinfo?(aklotz)
|
|
||
Updated•7 years ago
|
Crash Signature: [@ mozilla::a11y::DocAccessible::DoInitialUpdate]
[@ mozilla::mscom::Interceptor::GetInitialInterceptorForIID] → [@ mozilla::a11y::DocAccessible::DoInitialUpdate]
[@ mozilla::mscom::Interceptor::GetInitialInterceptorForIID]
[@ mozilla::a11y::CreateHolderFromAccessible]
|
|
||
Comment 35•7 years ago
|
||
There are 5 crashes with signature "mozilla::a11y::CreateHolderFromAccessible" in nightly 60 starting with buildid 20180214111549 (see [1]). The moz_crash_reason is always MOZ_RELEASE_ASSERT((((HRESULT)(hr)) >= 0)).
:aklotz, Should I reopen a new bug ?
[1] http://bit.ly/2oaqcKx
|
|
Assignee | |
Comment 36•7 years ago
|
||
No, we've since landed some patches to get rid of those crashes on Nightly.
Flags: needinfo?(aklotz)
You need to log in
before you can comment on or make changes to this bug.
Description
•