Closed
Bug 1476252
Opened 6 years ago
Closed 6 years ago
debug assert in glue.rs on Solaris sparc
Categories
(Core :: CSS Parsing and Computation, defect, P5)
Core
CSS Parsing and Computation
Tracking
()
RESOLVED
INVALID
People
(Reporter: petr.sumbera, Unassigned)
Details
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0
Build ID: 20180704003137
Steps to reproduce:
(after resolving 1462623 I ran into this)
# /opt/firefox/bin/firefox
[1748, Main Thread] WARNING: NS_ENSURE_SUCCESS(rv, rv) failed with result 0x80520012: file /scratch/firefox/extensions/cookie/nsPermissionManager.cpp, line 2910
++DOCSHELL dde32800 == 1 [pid = 1748] [id = {ee2ed6d7-91f5-4b49-a3f4-258f188bebb6}]
++DOMWINDOW == 1 (db4fba00) [pid = 1748] [serial = 1] [outer = 0]
++DOMWINDOW == 2 (db4d9400) [pid = 1748] [serial = 2] [outer = db4fba00]
++DOCSHELL dde6f000 == 2 [pid = 1748] [id = {86be4f1e-d1c5-4b7e-8d1d-d32f7d1aab92}]
++DOMWINDOW == 3 (dab64a00) [pid = 1748] [serial = 3] [outer = 0]
++DOMWINDOW == 4 (d631a000) [pid = 1748] [serial = 4] [outer = dab64a00]
[1748, Main Thread] WARNING: NS_ENSURE_SUCCESS(rv, rv) failed with result 0x80040111: file /scratch/firefox/netwerk/protocol/res/SubstitutingProtocolHandler.cpp, line 342
++DOMWINDOW == 5 (d6322c00) [pid = 1748] [serial = 5] [outer = db4fba00]
++DOCSHELL d4988800 == 3 [pid = 1748] [id = {10a35e79-5fb3-4234-b37e-bfd9d470edc4}]
++DOMWINDOW == 6 (d43a5200) [pid = 1748] [serial = 6] [outer = 0]
++DOCSHELL d4989000 == 4 [pid = 1748] [id = {80f13a2c-9bbf-43c8-ad5c-847218232a7a}]
++DOMWINDOW == 7 (d43a5400) [pid = 1748] [serial = 7] [outer = 0]
++DOCSHELL d4999000 == 5 [pid = 1748] [id = {16c4d960-7447-4bb6-a3be-23d9393bb90b}]
++DOMWINDOW == 8 (d3b8a400) [pid = 1748] [serial = 8] [outer = 0]
++DOMWINDOW == 9 (e775c400) [pid = 1748] [serial = 9] [outer = d3b8a400]
++DOMWINDOW == 10 (e77d6800) [pid = 1748] [serial = 10] [outer = d3b8a400]
thread '<unnamed>' panicked at 'assertion failed: !per_doc_data.stylist.stylesheets_have_changed()', servo/ports/geckolib/glue.rs:333:5
note: Run with `RUST_BACKTRACE=1` for a backtrace.
Redirecting call to abort() to mozalloc_abort
Hit MOZ_CRASH() at /scratch/firefox/memory/mozalloc/mozalloc_abort.cpp:34
Segmentation Fault (core dumped)
===
00000000ffbfb2f1 libc.so.1`__lwp_sigqueue+8(b, ffbfbc50, 0, a, 0, fe72eb80)
00000000ffbfb3a1 libxul.so`nsProfileLock::FatalSignalHandler+0x124(b, ffbfc330, ffbfc020, ff00000000, 9, ffbfbc50)
00000000ffbfb461 libxul.so`js::UnixExceptionHandler+0xac(b, ffbfc330, ffbfc020, 0, 0, 0)
00000000ffbfb511 libc.so.1`__sighndlr+0xc(b, ffbfc330, ffbfc020, f67990f4, 0, fe726000)
00000000ffbfb5c1 libc.so.1`call_user_handler+0x354(0, ffbfc330, 0, fe7d2a40, b, 0)
00000000ffbfb6b1 libc.so.1`sigacthandler+0x54(b, ffbfc330, ffbfc020, 2e, fe726000, fe726000)
00000000ffbfbc31 mozalloc_abort+0x58(10de68, f79ba438, fe5decf8, f732ea14, fe72eb80, fe72d710)
00000000ffbfbce1 abort+0x18(f732ea00, f12538f8, f72fd6c4, f732ea00, ff175058, ff144578)
00000000ffbfbd91 libxul.so`panic_abort::__rust_start_panic::abort::he1ddadba3af6a7f2+4(f6e0000, f79ba438, 0, f72fd6c4, 1, ff1cc000)
00000000ffbfbe41 libxul.so`__rust_start_panic+4(d56de8f0, f7df42a0, fe7d2a40, 1, 0, 1)
00000000ffbfbef1 libxul.so`rust_panic.llvm.9706114300445499899+0x18(d56de8f0, f7df42a0, f796cc70, fe7d2a40, 0, 1)
00000000ffbfbff1 libxul.so`std::panicking::rust_panic_with_hook::h257c8c17b1e0e6e6+0x230(d56de8f0, f7df42a0, f7c13638, 1, f7c13678, 0)
00000000ffbfc101 libxul.so`std::panicking::begin_panic::h4c35cf9e611808a7+0x7c(abe0, 42, f7df2990, f796cc70, 1, 2)
00000000ffbfc1e1 libxul.so`Servo_TraverseSubtree+0x904(9da8, d5ff8008, d5ffe358, 0, 0, e7782ac0)
00000000ffbfc391 libxul.so`mozilla::ServoStyleSet::StyleNewSubtree+0xe8(d61fc690, d5a12ce0, 96, 0, d5ffe358, 80)
00000000ffbfc471 libxul.so`nsCSSFrameConstructor::ConstructDocElementFrame+0x558(d5ff0b00, d5a12ce0, f4bada50, d5ff4000, d5a12ce0, d5ff0bf0)
00000000ffbfc721 libxul.so`nsCSSFrameConstructor::ContentRangeInserted+0x4bc(d5ff0b00, d5a12ce0, 0, 0, 0, 0)
00000000ffbfc9e1 libxul.so`nsCSSFrameConstructor::ContentInserted+0x14(d5ff0b00, d5a12ce0, 0, 0, 702, f7e75410)
00000000ffbfca91 libxul.so`mozilla::PresShell::Initialize+0x220(d5ff4000, dde6f1a0, d5a12ce0, d5ff4010, d3918020, d5ff4008)
00000000ffbfcb71 libxul.so`mozilla::dom::XULDocument::StartLayout+0x260(d6114000, ddeac910, 96, 1, 1b4, dde6f1a0)
00000000ffbfcc41 libxul.so`mozilla::dom::XULDocument::DoneWalking+0x314(d6114000, d434cf20, b9, d6114000, 72b, 0)
00000000ffbfcd61 libxul.so`mozilla::dom::XULDocument::StyleSheetLoaded+0x48(d6114000, d5c02c00, 0, 0, 6b5, d434cf20)
00000000ffbfce11 libxul.so`mozilla::css::Loader::SheetComplete+0x18c(d5fba3e0, 1, 0, ffbfd6c0, 1, d5c02d40)
00000000ffbfcf31 libxul.so`mozilla::css::Loader::DoParseSheetServoconst+0x13c(d3b6a718, 1, 232, a7474c, 26f29365f9f800, ffbfd890)
00000000ffbfcfe1 libxul.so`mozilla::MozPromise<bool, bool, true>::ThenValue<mozilla::css::Loader::DoParseSheetServo+0x8c(d3b6a6e0, d418d750, 1e8, d3b83f80, 4d6f7a50, d3b6a718)
00000000ffbfd0a1 libxul.so`mozilla::MozPromise<bool, bool, true>::ThenValueBase::ResolveOrRejectRunnable::Run+0xc0(d3b83f80, 4d6f7a50726f6d69, 328, ffbfdaf0, d418d700, d3b6a6e0)
00000000ffbfd151 libxul.so`nsThread::ProcessNextEvent+0xf70(ee6dc050, 2, ffbfe05f, 3d, e777a000, 0)
00000000ffbfd7a1 libxul.so`NS_ProcessNextEvent+0x24(ee6dc050, 0, 328, 0, 1b4, 0)
00000000ffbfd861 libxul.so`mozilla::ipc::MessagePump::Run+0x330(ee69f7c0, fe0d69f0, 147, ee69f7e0, ee6dc050, 1)
00000000ffbfd921 libxul.so`MessageLoop::RunInternal+0x60(fe0d69f0, fe0d69f0, ff000000, 1, 0, ee6dc050)
00000000ffbfd9f1 libxul.so`MessageLoop::Run+0x14(fe0d69f0, fe05423c, fe72eb80, fe7d2a40, fe7d2a40, ffbfe2a8)
00000000ffbfdac1 libxul.so`nsBaseAppShell::Run+0x30(ee68b9e0, 78, 328, fe726000, 114, ee6dc050)
00000000ffbfdb71 libxul.so`nsAppStartup::Run+0xc0(ee6a7a60, 0, 328, 0, d617c2e0, 0)
00000000ffbfdc21 libxul.so`XREMain::XRE_mainRun+0x1d20(ffbfe950, fe05c320, f, ffbfe5b0, f5c112f4, ffbfe980)
00000000ffbfdf71 libxul.so`XREMain::XRE_main+0x8e4(ffbfe950, f1d484f4, fe05c270, 0, ffbfe9c8, 0)
00000000ffbfe0a1 libxul.so`XRE_main+0x98(1, ffbff1e8, ffbff040, ffbfeb88, 0, 3f)
00000000ffbfe2e1 libxul.so`mozilla::BootstrapImpl::XRE_main+0xc(fe0486c0, 1, ffbff1e8, ffbff040, fe014080, 0)
00000000ffbfe391 do_main+0x1ec(1, ffbff1e8, ffbff1f8, 0, ff144e38, 0)
00000000ffbfe851 main+0xa0(1, ffbff1e8, ffbff1f8, 26f288cb81cdd9, ff, 24db98)
00000000ffbfe901 _start+0x64(0, 0, 0, 0, 0, 0)
|
Reporter | |
Comment 1•6 years ago
|
||
Emilio, I see that you have also introduced into glue.rs following assertion I'm hitting: debug_assert!(!per_doc_data.stylist.stylesheets_have_changed()); Any idea how to proceed with debug? Thanks!
Component: Untriaged → CSS Parsing and Computation
Flags: needinfo?(emilio)
Product: Firefox → Core
|
||
Comment 2•6 years ago
|
||
Thanks for the stack! So what that means is that ServoStylist::UpdateStylist() wasn't called at the right time. There's a few callers in layout/style/SerovStyleSet.cpp. From the stack I would expect this call to initialize it: https://searchfox.org/mozilla-central/rev/6f86cc3479f80ace97f62634e2c82a483d1ede40/layout/base/nsCSSFrameConstructor.cpp#2434 But for some reason it doesn't on your tree, which is weird. That 'dirty' state is kept on a set of bitflags (see StylistState). Though I'd think that should work fine in Sparc... So no idea why that code is either not reached or not updating the stylist properly.
Flags: needinfo?(emilio)
|
|
Reporter | |
Comment 3•6 years ago
|
||
I see that ServoStyleSet::UpdateStylist() is called for several times before Firefox aborts. Always it ends with calling: mStylistState = StylistState::NotDirty; It's called when mStylistState is 3 and for the last time mStylistState is 1.
|
|
Reporter | |
Comment 4•6 years ago
|
||
(In reply to Emilio Cobos Álvarez (:emilio) from comment #2) > So what that means is that ServoStylist::UpdateStylist() wasn't called at > the right time. What you mean by this? > There's a few callers in layout/style/SerovStyleSet.cpp. From the stack I > would expect this call to initialize it: > https://searchfox.org/mozilla-central/rev/ > 6f86cc3479f80ace97f62634e2c82a483d1ede40/layout/base/nsCSSFrameConstructor. > cpp#2434 It calls ServoStyleSet::ResolveInheritingAnonymousBoxStyle() where UpdateStylistIfNeeded() doesn't do anything since mStylistState is StylistState::NotDirty. And it continues and aborts... > But for some reason it doesn't on your tree, which is weird. That 'dirty' > state is kept on a set of bitflags (see StylistState). Though I'd think that > should work fine in Sparc... I'm still confused. What is relation between: mStylistState ( https://searchfox.org/mozilla-central/source/layout/style/ServoStyleSet.h#572 ) and dirty flag ( https://searchfox.org/mozilla-central/source/servo/components/style/stylesheet_set.rs#259 ) ? Though I don't fully follow (I'm not rust guy): https://searchfox.org/mozilla-central/source/servo/components/style/stylesheet_set.rs#500
Flags: needinfo?(emilio)
|
|
||
Comment 5•6 years ago
|
||
Those flags are in sync. Servo_StyleSet_FlushStyleSheets would set the rust-side flag to false. That is only called from UpdateStylist. They effectively represent the same thing. If mStylistState is NotDirty, it means that someone did call UpdateStylist(), since mStylistState is set to dirty from Init(): https://searchfox.org/mozilla-central/rev/6f86cc3479f80ace97f62634e2c82a483d1ede40/layout/style/ServoStyleSet.cpp#158 Anything that would turn the rust flag to true (AppendStyleSheet, etc.) goes through ServoStyleSet which should set the StylistDirty bit.
Flags: needinfo?(emilio)
|
|
Reporter | |
Comment 6•6 years ago
|
||
I have added some debug prints and I'm trying compare output between sparc and intel. Following is what I see in the same press context (GetPresContext()): .. .. ServoStyleSet::UpdateStylist() is called. .. ServoStyleSet::MediumFeaturesChanged() where on intel it calls SetStylistStyleSheetsDirty() here: https://searchfox.org/mozilla-central/source/layout/style/ServoStyleSet.cpp#287 (on sparc the condition is not met, actually this condition was newer met during whole run - on intel it's met several times) .. ServoStyleSet::ResolveInheritingAnonymousBoxStyle() is called: on intel mStylistState is 1 and thus ServoStyleSet::UpdateStylist() is called. .. nsCSSFrameConstructor::ConstructDocElementFrame() is called and it calls somehow: -> ServoStyleSet::ResolveInheritingAnonymousBoxStyle() -> ServoStyleSet::ResolveInheritingAnonymousBoxStyle() (one more time) .. On sparc the assertion is met (not on intel): https://searchfox.org/mozilla-central/source/servo/ports/geckolib/glue.rs#331
|
|
||
Comment 7•6 years ago
|
||
Maybe a rustc bug related to: https://searchfox.org/mozilla-central/rev/8384a6519437f5eefbe522196f9ddf5c8b1d3fb4/servo/ports/geckolib/glue.rs#1435 It would make sense if affects_document_rules was true, yet it somehow ended up in c++ being false, to find that assertion.
|
|
Reporter | |
Comment 8•6 years ago
|
||
You seem to be right. I have one debug message here which is hit (affects_document_rules is true): https://searchfox.org/mozilla-central/source/servo/ports/geckolib/glue.rs#1411 And right after in C++ code it's false: https://searchfox.org/mozilla-central/source/layout/style/ServoStyleSet.cpp#286 Though don't follow (yet) how struct MediumFeaturesChangedResult is filled with rust: https://searchfox.org/mozilla-central/source/layout/style/ServoBindings.h#136 https://searchfox.org/mozilla-central/source/servo/ports/geckolib/glue.rs#1435
|
|
||
Comment 9•6 years ago
|
||
MediumFeaturesChangedResult is returned from that function, see the link I posted above. Maybe sparc has a different calling convention for struct return values or something?
|
||
Updated•6 years ago
|
Priority: -- → P5
|
|
Reporter | |
Comment 10•6 years ago
|
||
It really seems to be Rust sparc ABI issue. I have filed: https://github.com/rust-lang/rust/issues/52638
|
|
Reporter | |
Comment 11•6 years ago
|
||
This was finally resolved as problem in Rust. Thank you for your help!
Status: UNCONFIRMED → RESOLVED
Closed: 6 years ago
Resolution: --- → INVALID
You need to log in
before you can comment on or make changes to this bug.
Description
•