1747719 - Youtube is broken in Firefox ASAN

Status: RESOLVED FIXED

(Core :: JavaScript Engine, defect)

Description

[Mikhail]

Attachment: Screenshot from 2021-12-17 16-46-23.png

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:97.0) Gecko/20100101 Firefox/97.0

Steps to reproduce:

Download latest Firefox ASAN build and try open youtube.com

Actual results:

The site opened, but didn't works.
Even video previews not displayed.
In console I see error message "Uncaught InternalError: too much recursion"

Expected results:

Youtube show recommended videos previews on main page.

Comment 1

[BugBot [:suhaib / :marco/ :calixte]]

The Bugbug bot thinks this bug should belong to the 'Core::Widget: Gtk' component, and is moving the bug to that component. Please revert this change in case you think the bot is wrong.

Comment 2

[Emilio Cobos Álvarez (:emilio)]

Maybe we should increase the JS stack depth on ASAN?

Comment 3

[Matthew Gaudet (he/him) [:mgaudet]]

Any thoughts regarding the above suggestion Jan, or is there more investigation required first?

Comment 4

[Nicolas B. Pierron [:nbp]]

This is most likely related to this:
https://searchfox.org/mozilla-central/rev/996a2cafe472e9934b8cb91db63050f96d8a59cb/js/xpconnect/src/XPCJSContext.cpp#1176

Comment 5

[BugBot [:suhaib / :marco/ :calixte]]

The component has been changed since the backlog priority was decided, so we're resetting it.
For more information, please visit auto_nag documentation.

Comment 6

[Jan de Mooij [:jandem]]

Bisecting gives this range:

https://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=33d6ea7b0aadaa1fcdb03690d82cf9459764a9d7&tochange=6c01444e17210e96f5fb322c7b55a2e9f87ec0b0

Bug 1736057 is a bit suspicious. It could be the helper thread stack limit, maybe we should increase that for ASan builds similar to what we do for the main thread. I'll try something.

Comment 7

[Nicolas B. Pierron [:nbp]]

If this is Bug 1736057, This "too much recursion" error is caused by the parser then this is likely to happen when the page is being loaded.
This matches what is on the screenshot.

I am about to finish some work to eagerly delazify off-thread (Bug 1662110). If this is indeed this issue, this work would help by splitting the effort across multiple delazifications.

Another approach is that we could use a larger stack size for the HelperThread context. The reason we have conservative stack limits for SpiderMonkey is to ensure that we have enough space to make calls when we are in the chrome-world. Thus, preventing the JS code from causing stack overflow in the chrome code.

When parsing on HelperThreads we do not have this interleaving behaviour, and as such we might not need to have limits which are as conservative as on the main thread.

Comment 8

[Jan de Mooij [:jandem]]

Attachment: Bug 1747719 - Use a larger stack size for TaskController threads for ASan builds. r?jonco!,bas!

ASan builds use more stack space so need a larger stack size. Note that this matches
what we already do for the JS overrecursion limit for the main thread.

This fixes overrecursion errors from the parser when parsing JS files off-thread
on YouTube.

Comment 9

[Pulsebot]

Pushed by jdemooij@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/b60ae9f60f98
Use a larger stack size for TaskController threads for ASan builds. r=jonco,bas

Comment 10

[Noemi Erli[:noemi_erli]]

https://hg.mozilla.org/mozilla-central/rev/b60ae9f60f98

Comment 11

[Monica Chiorean]

I could not reproduce the issue on Win10/Ubuntu20.4, using ASAN build 97.0a1 (20211217212339).
Is the issue still reproducing on your side on latest 98/99 builds?