Closed
Bug 1459555
Opened 6 years ago
Closed 6 years ago
Firefox crashes on BinAST encoded version of Facebook.com
Categories
(Core :: JavaScript Engine, defect, P3)
Tracking
()
RESOLVED
FIXED
mozilla64
People
(Reporter: vladan, Assigned: efaust)
References
Details
Attachments
(5 files)
5.09 KB,
text/plain
|
Details | |
12.74 KB,
text/plain
|
Details | |
9.10 KB,
patch
|
arai
:
review+
|
Details | Diff | Splinter Review |
4.80 KB,
patch
|
arai
:
review+
|
Details | Diff | Splinter Review |
851 bytes,
patch
|
arai
:
review+
|
Details | Diff | Splinter Review |
This is a 100% reproducible crash from loading the BinAST versions of the following Facebook.com snapshots: * https://vdjeric.github.io/fb_bench/newsfeed_bench.htm * https://vdjeric.github.io/fb_bench/comments_bench.htm Crash log attached, no Breakpad crash log cause it's a dev build. How to reproduce the crash: To reproduce: 1. Build mozilla-central with patches from bug 1454352 and bug 1444956 2. Toggle “dom.script_loader.binast_encoding.enabled” pref in about:config to true 3. Start webserver from binast/binast-server repo against the fb_bench/ directory in the same repo, as follows: ./serveBinAST.py ./fb_bench/ 4. Observe that the custom build crashes reliably on both of the following URLs if BinAST is enabled. It loads fine if BinAST is preffed off. https://localhost:8443/comments_bench.htm https://localhost:8443/newsfeed_bench.htm Notes: * The first URL is a simpler benchmark so might be a bit easier to debug * The "simple.html" BinAST test case in the same repo does work end to end * The files in that fb_bench directory are encoded with default encoder options, so that seems like an easy test
Do you have a stack at hand, by any chance?
Reporter | ||
Comment 2•6 years ago
|
||
I don't have one atm, but I'll get one tomorrow
Reporter | ||
Updated•6 years ago
|
Flags: needinfo?(vladan.bugzilla)
Flags: needinfo?(jcoppeard)
Reporter | ||
Comment 3•6 years ago
|
||
Flags: needinfo?(vladan.bugzilla)
Assignee | ||
Comment 4•6 years ago
|
||
Looks like we have two bugs: 1) We're not properly handling exceptions off-main-thread. 2) We've got an error in BinAST that's causing us to try to throw an exception :)
Comment 5•6 years ago
|
||
At first glance it looks like BinTokenReaderBase::raiseError needs to be more like GeneralParser::error and call ReportCompileError instead of JS_ReportErrorASCII.
Assignee | ||
Comment 6•6 years ago
|
||
Yup. Will patch.
Comment 7•6 years ago
|
||
As suggested I've landed bug 1444956 with off-thread decoding disabled in CanDoOffThread.
Flags: needinfo?(jcoppeard)
Updated•6 years ago
|
Priority: -- → P3
Assignee | ||
Comment 8•6 years ago
|
||
Assignee: nobody → efaustbmo
Attachment #9012841 -
Flags: review?(arai.unmht)
Assignee | ||
Updated•6 years ago
|
Status: NEW → ASSIGNED
Assignee | ||
Comment 9•6 years ago
|
||
Attachment #9012842 -
Flags: review?(arai.unmht)
Assignee | ||
Comment 10•6 years ago
|
||
Attachment #9012843 -
Flags: review?(arai.unmht)
Comment 11•6 years ago
|
||
Comment on attachment 9012841 [details] [diff] [review] [Part 1] Allow throwing BinAST errors off-main-thread Review of attachment 9012841 [details] [diff] [review]: ----------------------------------------------------------------- ::: js/src/js.msg @@ +677,5 @@ > MSG_DEF(JSMSG_BIGINT_INVALID_SYNTAX, 0, JSEXN_SYNTAXERR, "invalid BigInt syntax") > MSG_DEF(JSMSG_NOT_BIGINT, 0, JSEXN_TYPEERR, "not a BigInt") > MSG_DEF(JSMSG_BIGINT_NOT_SERIALIZABLE, 0, JSEXN_TYPEERR, "BigInt value can't be serialized in JSON") > + > +MSG_DEF(JSMSG_BINAST, 1, JSEXN_SYNTAXERR, "BinAST Parsing Error: {0}") can you add "// BinAST" above this line?
Attachment #9012841 -
Flags: review?(arai.unmht) → review+
Comment 12•6 years ago
|
||
Comment on attachment 9012842 [details] [diff] [review] [Part 2] Improve off-main-thread BinAST performance Review of attachment 9012842 [details] [diff] [review]: ----------------------------------------------------------------- ::: js/src/frontend/BinToken.cpp @@ +89,2 @@ > { > + MOZ_ASSERT(!cx->helperThread()); can you add a comment that explains this should be called in main thread before starting the helper thread, for off-main-thread case? so it's clear what this assertion means. (at a first glance, this looks like it's not initialized for helper thread case) @@ +109,2 @@ > { > + MOZ_ASSERT(!cx->helperThread()); same here.
Attachment #9012842 -
Flags: review?(arai.unmht) → review+
Comment 13•6 years ago
|
||
Comment on attachment 9012843 [details] [diff] [review] [Part 3] Re-enable off-main-thread BinAST parsing Review of attachment 9012843 [details] [diff] [review]: ----------------------------------------------------------------- \o/
Attachment #9012843 -
Flags: review?(arai.unmht) → review+
Comment 14•6 years ago
|
||
Pushed by efaustbmo@gmail.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/8f2f2bcd57d2 Part 1: Allow throwing BinAST errors off main thread. (r=arai) https://hg.mozilla.org/integration/mozilla-inbound/rev/ccdbc1449e13 Part 2: Don't take locks in BinSourceRuntimeSuppert::*. (r=arai) https://hg.mozilla.org/integration/mozilla-inbound/rev/90505ae78229 Part 3: Allow off-main-thread BinAST compilation. (r=arai)
Comment 15•6 years ago
|
||
Backed out for build bustages on JSScript.cpp Log link: https://treeherder.mozilla.org/logviewer.html#?job_id=202787142&repo=mozilla-inbound&lineNumber=12141
Comment 16•6 years ago
|
||
Pushed by efaustbmo@gmail.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/1487cec16a9c Part 1: Allow throwing BinAST errors off main thread. (r=arai) https://hg.mozilla.org/integration/mozilla-inbound/rev/ac5bef60b83b Part 2: Don't take locks in BinSourceRuntimeSuppert::*. (r=arai) https://hg.mozilla.org/integration/mozilla-inbound/rev/3a7453938961 Part 3: Allow off-main-thread BinAST compilation. (r=arai)
Comment 17•6 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/1487cec16a9c https://hg.mozilla.org/mozilla-central/rev/ac5bef60b83b https://hg.mozilla.org/mozilla-central/rev/3a7453938961
Status: ASSIGNED → RESOLVED
Closed: 6 years ago
status-firefox64:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla64
Updated•6 years ago
|
status-firefox62:
--- → wontfix
status-firefox63:
--- → wontfix
You need to log in
before you can comment on or make changes to this bug.
Description
•