nsIconChannel on Windows can flush layout at a bad time.
Categories
(Core :: Graphics: ImageLib, defect, P1)
Tracking
()
People
(Reporter: emilio, Assigned: tnikkel)
References
(Blocks 1 open bug)
Details
(Keywords: regression)
Crash Data
Attachments
(9 files, 2 obsolete files)
47 bytes,
text/x-phabricator-request
|
Details | Review | |
47 bytes,
text/x-phabricator-request
|
Details | Review | |
47 bytes,
text/x-phabricator-request
|
Details | Review | |
47 bytes,
text/x-phabricator-request
|
Details | Review | |
47 bytes,
text/x-phabricator-request
|
Details | Review | |
47 bytes,
text/x-phabricator-request
|
Details | Review | |
47 bytes,
text/x-phabricator-request
|
Details | Review | |
47 bytes,
text/x-phabricator-request
|
Details | Review | |
22.61 KB,
text/plain
|
lizzard
:
approval-mozilla-esr68+
|
Details |
This is the nsIconChannel issue in bug 1438939. I filed a different bug for the other issue I'm aware of, which is bug 1530188.
Updated•6 years ago
|
Updated•6 years ago
|
Updated•6 years ago
|
Updated•6 years ago
|
Updated•6 years ago
|
Updated•6 years ago
|
Comment 3•6 years ago
|
||
Changing the priority to p1 as the bug is tracked by a release manager for the current beta.
See How Do You Triage for more information
Reporter | ||
Comment 4•6 years ago
|
||
FWIW I can probably paper over the crash by downgrading the assertion to a diagnostic assert... Do we is accessible from content?
It doesn't seem to be... data:text/html,<img width=16 height=16 src="moz-icon://foo.txt?size=16">
If it's not, and if this is the only offender of the assertion, probably downgrading it at least for now makes sense... WDYT?
Assignee | ||
Comment 6•6 years ago
|
||
Yeah, but if the expectation is an upliftable patch to beta for this cycle I'm not sure that is a reasonable goal.
Assignee | ||
Comment 7•6 years ago
|
||
There are two reasons for this. One is performance, it can be slow. The second is that is can spin the event loop which can re-enter into things like layout.
This patch uses the image decoder thread pool for that. But this is unsuitable (reason in next patch), the next patch changes it to use the img io thread used for network to pass data to imglib off main thread.
Assignee | ||
Comment 8•6 years ago
|
||
This mutex only protects the iothread, not the rest of the decodepool. There is a different monitor for that in DecodePoolImpl.
Depends on D28419
Assignee | ||
Comment 9•6 years ago
|
||
The unifed tweak I make in the next patch exposes this.
Depends on D28420
Assignee | ||
Comment 10•6 years ago
|
||
We need to call CoInitialize, so we need to include the objbase.h header. That defines some generic boolean stuff, which conflicts with something that libjpeg defines. I tried working around it, but I gave up, this solution seems fine.
Depends on D28421
Assignee | ||
Comment 11•6 years ago
|
||
Windows doesn't like more than one thread (at the same time?) calling SHGetFileInfoW. So we use the same thread to avoid this.
We also need to call CoInitialize on the thread we do this.
Depends on D28422
Assignee | ||
Comment 12•6 years ago
|
||
The system call we need to use (SHGetFileInfo) can't be called from more than one thread at a time. So without adding a bunch of extra unnecessary complexity we can't support both Open and AsyncOpen. Further, SHGetFileInfo can spin the event loop (and we open icon channels in the middle of layout) so it's not even safe to call it synchronously.
nsIconChannel::Open isn't used on a full try run, I don't know enough about networking to know if we can entirely rule out that it is used or not.
Depends on D28423
Assignee | ||
Comment 13•6 years ago
|
||
With nsIconChannel::Open no longer implemented we never pass false for aNonBlocking. We can remove that code and assert that SHFileGetInfo is called off main thread. Note that I would like to assert that we always call it on the same thread, but there isn't a super simple way to assert that.
Depends on D28424
Assignee | ||
Comment 14•6 years ago
|
||
[Tracking Requested - why for this release]:
I don't think we need to track this for 67 anymore because bug 1545842 downgraded the release assert to diagnostic assert.
Updated•6 years ago
|
Comment 15•6 years ago
|
||
It's also late in the beta cycle to uplift significant work, so marking as wontfix for 67 since we have a short term solution in place with bug 1545842. Thanks
Assignee | ||
Comment 16•6 years ago
|
||
Would you be able to shed any light on who uses nsIChannel::Open and if any of those users would use it on an icon channel? re https://phabricator.services.mozilla.com/D28424
Assignee | ||
Comment 17•6 years ago
|
||
As stated in other patches in this bug, the system call has to happen off main thread, and it has to always be on the same thread. So we dispatch the task to that thread and synchronously wait on the main thread for it to finish.
Depends on D28423
Comment 18•5 years ago
|
||
Sorry I don't really know much more than you do, I was able to assess the code paths and see that we weren't using the legacy format in my change in Bug 1520868 however I don't see anything different to your assement here:
https://phabricator.services.mozilla.com/D28424#860308
Updated•5 years ago
|
Updated•5 years ago
|
Assignee | ||
Comment 19•5 years ago
|
||
Looks like this is left over from a partial attempt at making GetStockIcon async like GetHIconFromFile.
But I don't think it needs to be async, the only system call SHGetStockIconInfo doesn't have anything about background thread like SHGetFileInfo.
Depends on D29626
Assignee | ||
Comment 20•5 years ago
|
||
We frequently get more asserts in this test after we increased the async-ness of AsyncOpen.
Before the patches of this bug, in this test we would see 15 calls to nsIconChannel::AsyncOpen, and then a flurry of reflow asserts ("ASSERTION: bad inline size").
After the patches for this bug, sometimes we get all 15 AsyncOpen calls to complete (FinishAsyncOpen) before the asserts start. In that case we get an expected number of asserts. But frequently we get a case where some FinishAsyncOpen calls don't happen until after all of the asserts. In this case we get more asserts than we are expecting.
So it seems the lack of a complete icon image is causing extra reflow churn (it's the same asserts, just more).
Depends on D31013
Comment 21•5 years ago
|
||
Reporter | ||
Comment 22•5 years ago
|
||
\p/
Reporter | ||
Comment 23•5 years ago
|
||
That was supposed to be \o/ :-)
Thanks for fixing this Timothy
Comment 24•5 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/71bf2b9ca6ea
https://hg.mozilla.org/mozilla-central/rev/bb340bd557d4
https://hg.mozilla.org/mozilla-central/rev/875d43d35a71
https://hg.mozilla.org/mozilla-central/rev/8010faead0fd
https://hg.mozilla.org/mozilla-central/rev/2d9c02e85710
https://hg.mozilla.org/mozilla-central/rev/642316b68e6a
https://hg.mozilla.org/mozilla-central/rev/1d13cc5dbb8a
https://hg.mozilla.org/mozilla-central/rev/17018058233c
Comment 25•5 years ago
|
||
Taking care of the assert in bug 1545842 for 68.
Updated•5 years ago
|
Updated•5 years ago
|
Assignee | ||
Comment 27•5 years ago
|
||
Assignee | ||
Comment 28•5 years ago
|
||
Comment on attachment 9106756 [details]
rollup patch for esr68
ESR Uplift Approval Request
- If this is not a sec:{high,crit} bug, please state case for ESR consideration: 1) it can cause long hangs. as reported in bug 1593137
- it can cause crashes, since we run the event loop at a bad time
- it could be security maybe, since running the event loop at a bad time is not a good idea
- User impact if declined: mainly hangs and some crashes
- Fix Landed on Version: 69
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): this change felt a little risky when landed but it's been on release for a couple of months now with no problems reported. It seems like a lot of patches but a lot of them were split out for easier reviewing, or because the assignee of the bug changed midway through so the work needed to be split up so it could be reviewed. all the patches applied without any changes, nothing else has really touched this code, so unlikely any other changes could interfere.
- String or UUID changes made by this patch: none
Updated•5 years ago
|
Comment 29•5 years ago
|
||
Updated•5 years ago
|
Comment 30•5 years ago
|
||
bugherder uplift |
Description
•