Closed Bug 1574952 Opened 5 years ago Closed 5 years ago

Crash in [@ mozilla::recordreplay::PassThroughThreadEventsAllowCallbacks]

Categories

(Core Graveyard :: Web Replay, defect)

Product:
Core Graveyard
Component:
Web Replay
Platform:
Unspecified
macOS
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

(firefox-esr60 unaffected, firefox-esr68 unaffected, firefox68 unaffected, firefox69 unaffected, firefox70 fixed)

Status:
RESOLVED FIXED
Milestone:
mozilla70
Tracking Flags:
Tracking Status
firefox-esr60 --- unaffected
firefox-esr68 --- unaffected
firefox68 --- unaffected
firefox69 --- unaffected
firefox70 --- fixed

People

(Reporter: marcia, Assigned: bhackett1024)

Details

(Keywords: crash, regression)

Crash Data

Attachments

(1 file)

Bug 1574952 - Support calls to CGPathApply after diverging from the recording, r=loganfsmyth.
47 bytes, text/x-phabricator-request
Details | Review

This bug is for crash report bp-033e21de-4a07-4880-91ef-6b4100190819.

Seen while looking at nightly crash stats, so far 10 crashes but from a single install. Crashes started in 20190818215144. It appears some code was touched in Bug 1574570, which landed on 8-17. ni on :bhackett

Top 10 frames of crashing thread:

0 XUL mozilla::recordreplay::PassThroughThreadEventsAllowCallbacks toolkit/recordreplay/Callback.cpp:118
1 XUL mozilla::recordreplay::Preamble_CGPathApply toolkit/recordreplay/ProcessRedirectDarwin.cpp:1730
2 XUL mozilla::recordreplay::CallPreambleHook toolkit/recordreplay/ProcessRedirect.cpp:35
3 XUL RecordReplayInterceptCall toolkit/recordreplay/ProcessRedirect.cpp:62
4 XUL RecordReplayRedirectCall_Loop 
5 XUL SkScalerContext::internalGetPath gfx/skia/skia/src/core/SkScalerContext.cpp:589
6 XUL SkGlyph::addPath gfx/skia/skia/src/core/SkGlyph.cpp:113
7 XUL SkTextInterceptsIter::next gfx/skia/skia/src/core/SkTextBlob.cpp:958
8 XUL SkTextBlob::getIntercepts const gfx/skia/skia/src/core/SkTextBlob.cpp:634
9 XUL nsCSSRendering::PaintDecorationLine layout/painting/nsCSSRendering.cpp:4138
Flags: needinfo?(bhackett1024)

These crashes are happening when we try to perform CGPathApply calls after diverging from the recording, which is the lingering issue predicted in bug 1574570 comment 0. We don't have a way currently to perform calls in the middleman which involve Gecko callbacks. The best way to fix this is to avoid using the callback infrastructure for CGPathApply, which is overkill as the function has no side effects. We can just accumulate all the path information in the middleman and pass it back to the replaying process, which can then invoke the apply function callback on that data. This allows a similar strategy with shared code to be used in both the recorded call and middleman call cases. I'll attach a patch to fix this shortly. This patch also fixes the repaint stress mode so that it works again (it stopped working after the search based control logic was added a few months agao); this bug is pretty easy to reproduce in this mode.

Flags: needinfo?(bhackett1024)
Pushed by bhackett@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/5909193688b5
Support calls to CGPathApply after diverging from the recording, r=loganfsmyth.

https://hg.mozilla.org/mozilla-central/rev/5909193688b5

Status: NEW → RESOLVED
Closed: 5 years ago
status-firefox70: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla70
Assignee: nobody → bhackett1024
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: