Closed Bug 141479 Opened 23 years ago Closed 23 years ago

nsThreadPool::~nsThreadPool crash [@ nsThreadPool::Shutdown]

Categories

(Core :: XPCOM, defect)

Product:
Core
Component:
XPCOM
Platform:
All
Linux
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
VERIFIED FIXED
Milestone:
mozilla1.0.1

People

(Reporter: laotzu, Assigned: dougt)

References

Details

(Keywords: crash, topcrash+, Whiteboard: [adt2 RTM],custrtm-)

Crash Data

Attachments

(2 files, 1 obsolete file)

Recent stack and comments from talkback data
5.23 KB, text/plain
Details
Addresses darin's comments
1.32 KB, patch
dp
: review+
darin.moz
: superreview+
jesup
: approval+
Details | Diff | Splinter Review
I've been developing a stand-alone application using XPCOM (based off RC1 source) and I've come across a crash in nsThreadPool::~nsThreadPool caused by uninitialized variables. Specifically, mLock, mThreadExit, mPendingRequestAdded, and mPendingRequestsAtZero are all NULL-checked before being cleaned up, but are never initialized. The following patch fixed my crash by initializing these values in nsThreadPool::nsThreadPool, in xpcom/threads/nsThread.cpp: diff -c -r1.40.22.1 nsThread.cpp *** xpcom/threads/nsThread.cpp 10 Apr 2002 03:38:22 -0000 1.40.22.1 --- xpcom/threads/nsThread.cpp 1 May 2002 14:28:36 -0000 *************** *** 480,485 **** --- 480,489 ---- mShuttingDown(PR_FALSE) { NS_INIT_REFCNT(); + mLock = nsnull; + mThreadExit = nsnull; + mPendingRequestAdded = nsnull; + mPendingRequestsAtZero = nsnull; } nsThreadPool::~nsThreadPool()
Severity: normal → critical
Keywords: crash, mozilla1.0
Didn't find dupes. Marking NEW. Might be related: bug 106585.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Keywords: patch
Attached patch Mathieu Fenniak patch (obsolete) — Splinter Review
The patch looks good, but I wonder why Init() on the threadpool was never called or why Init() is failing prior to we init those variables.
Comment on attachment 81894 [details] [diff] [review] Mathieu Fenniak patch I guess, if for any reason that anything failed, we could get into this state, r=dougt
Attachment #81894 - Flags: review+
Mathieu, Talkback data has 73 incidents under the nsThreadPool::Shutdown signature (nsThread.cpp line 741). Doug T thinks its this bug. Do the user comments sound like the problems you see without your patch?
The crash I was experiencing before this patch was on line 492 of nsThread.cpp. My application was busy doing something that had absolutely nothing to do with XPCOM at the time, yet still this crash was intermittant. I found a set of printf()s eventually that, when removed, caused my crash consistantly. The actions occuring in my program seemed to have no relation to the actual crash. Such happens occasionally with multi-threading.
what if Init() fails after mLock is allocated? then PR_DestroyLock would be called twice? once in the "cleanup:" section and again in ~nsThreadPool. we should NULL out mLock (and friends) in the "cleanup:" section of Init().
great point darin.
Attachment #81894 - Attachment is obsolete: true
The variable mLock had gdb's uninitialized variable value when I was debugging my crash. The value of these variables shouldn't be null-checked in the destructor if they could be never initialized to null.
Mathieu, the last patch should fix that. Can you verify?
Looks good to me.
Comment on attachment 83077 [details] [diff] [review] Addresses darin's comments nice, sr=darin
Attachment #83077 - Flags: superreview+
Comment on attachment 83077 [details] [diff] [review] Addresses darin's comments r=dp
Attachment #83077 - Flags: review+
checked into trunk. Checking in nsThread.cpp; /cvsroot/mozilla/xpcom/threads/nsThread.cpp,v <-- nsThread.cpp new revision: 1.41; previous revision: 1.40 done
Status: NEW → RESOLVED
Closed: 23 years ago
Keywords: adt1.0.0, edt1.0.0
Resolution: --- → FIXED
According to brad TBox, this commit have added a new warning on brad: /mnt/3/tinderbox/brad/Linux_2.4.18-pre3_Clobber/mozilla/xpcom/threads/nsThread. h:112: warning: member initializers for `struct PRCondVar * nsThreadPool::mPend ingRequestsAtZero' /mnt/3/tinderbox/brad/Linux_2.4.18-pre3_Clobber/mozilla/xpcom/threads/nsThread. h:119: warning: and `PRUint32 nsThreadPool::mMinThreads' /mnt/3/tinderbox/brad/Linux_2.4.18-pre3_Clobber/mozilla/xpcom/threads/nsThread. cpp:482: warning: will be re-ordered to match declaration order nsProcessCommon.cpp
any ideas about whether or not we should be worried about these warnings before landing this fix?
Blocks: 143047
Doug - We'd like to take this asap, but we'd like to have the question Scott asked in the last comment addressed first. thanks! paw - who can verify this fix on the trunk for us?
Keywords: nsbeta1+
Whiteboard: [adt2 RTM]
Are there steps to reproduce the crash?
putterman: those variables are now inited in the constructor; nothing to worry about now. Still a warning about re-ordered, but that doesn't matter here.
adding adt1.0.0+. Please get drivers approval before checking in.
Keywords: adt1.0.0adt1.0.0+
changing to adt1.0.1+ for checkin to the 1.0 branch for the Mozilla1.0.1 milestone. Please get drivers approval before checking in.
Keywords: adt1.0.0+adt1.0.1+
Comment on attachment 83077 [details] [diff] [review] Addresses darin's comments please check into the 1.0.1 branch ASAP. once landed remove the mozilla1.0.1+ keyword and add the fixed1.0.1 keyword
Attachment #83077 - Flags: approval+
Keywords: mozilla1.0mozilla1.0.1+
Target Milestone: --- → mozilla1.0.1
Whiteboard: [adt2 RTM] → [adt2 RTM],custrtm-
Checking in nsThread.cpp; /cvsroot/mozilla/xpcom/threads/nsThread.cpp,v <-- nsThread.cpp new revision: 1.40.22.2; previous revision: 1.40.22.1 done
Keywords: fixed1.0.1
Keywords: mozilla1.0.1+
v.fixed per talkback data. this crash i long gone.
Status: RESOLVED → VERIFIED
Keywords: topcrash+
Summary: nsThreadPool::~nsThreadPool crash → nsThreadPool::~nsThreadPool crash [@ nsThreadPool::Shutdown]
Crash Signature: [@ nsThreadPool::Shutdown]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: