Closed
Bug 198267
Opened 22 years ago
Closed 22 years ago
Crash after document load (when window gets focus) - Trunk [@ nsMemoryCacheDevice::OnDataSizeChange] [@ nsMemoryCacheDevice::DoomEntry]
Categories
(Core :: Networking: Cache, defect, P1)
Core
Networking: Cache
Tracking
()
VERIFIED
FIXED
mozilla1.4alpha
People
(Reporter: pawel.worach, Assigned: gordon)
References
()
Details
(4 keywords, Whiteboard: TB1821223X)
Crash Data
Attachments
(2 files, 1 obsolete file)
|
3.63 KB,
text/plain
|
Details | |
|
12.85 KB,
patch
|
bryner
:
review+
darin.moz
:
superreview+
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4a) Gecko/20030319
This is somewhat strange. If I load the url while the browser has focus
during the page load it crashes right after the page is rendered.
If I press enter in the location bar and switch to another window (alt-tab)
and let the page load without focus it loads fine but as soon as I switch
back to mozilla it crashes instantly.
There is some js on the page that has to do with events...
This page worked fine with a nightly two days ago (can't remember the buildid)
Reproducible: Always
Steps to Reproduce:
version 1:
1. load https://girolink.postgirot.se/ or https://girovision.postgirot.se/
version 2:
1. start loading https://girolink.postgirot.se/ or
https://girovision.postgirot.se/
2. quickly switch focus to another window like explorer or whatever
3. switch back to mozilla after the page has loaded
Actual Results:
Crash
Expected Results:
Display the page
TB id's: TB1821223X TB18251362H
|
||
Updated•22 years ago
|
|
||
Comment 2•22 years ago
|
||
TB18260793X on Win98 SP1 with current nightly.
Should be 2003031908 from win32-talkback.exe installed in new path/directory,
where I also found this talkback-number,
but Help/About: Mozilla is broken, and the title bar shows BuildId: 2003031708
That has been the version I was using before and still is available in another
path/folder and was unzipped into a fresh folder from win32-talkback.zip
Because of mail I´m using the same profile with both installations, but never at
same time.
|
Reporter | |
Comment 3•22 years ago
|
||
Here is some tb data/stacktrace i found on ftp.mozilla.org/pub/data/crash-data/
|
|
Reporter | |
Comment 4•22 years ago
|
||
And yes it works if i disable disk/mem cache :)
I think that the crash occurs when it's loading the "Byta Lösenord" image
|
||
Comment 5•22 years ago
|
||
To bryner. Here's what I see (takes a few tries to repro):
#0 0x409b6c71 in nsMemoryCacheDevice::OnDataSizeChange (this=0x83ac9a8,
entry=0x88ef6d0, deltaSize=18000000)
at
/home/bzbarsky/mozilla/profile/mozilla/netwerk/cache/src/nsMemoryCacheDevice.cpp:316
#1 0x409b5320 in nsCacheService::OnDataSizeChange (entry=0x88ef6d0,
deltaSize=18000000)
at
/home/bzbarsky/mozilla/profile/mozilla/netwerk/cache/src/nsCacheService.cpp:1274
#2 0x409b09cb in nsCacheEntryDescriptor::SetDataSize (this=0x88d9348,
dataSize=18000000)
at
/home/bzbarsky/mozilla/profile/mozilla/netwerk/cache/src/nsCacheEntryDescriptor.cpp:220
#3 0x41f6b01d in imgRequest::OnStopFrame (this=0x8921340, request=0x0,
frame=0x869f150)
at /home/bzbarsky/mozilla/profile/mozilla/modules/libpr0n/src/imgRequest.cpp:467
(gdb) frame 0
#0 0x409b6c71 in nsMemoryCacheDevice::OnDataSizeChange (this=0x83ac9a8,
entry=0x88ef6d0, deltaSize=18000000)
at
/home/bzbarsky/mozilla/profile/mozilla/netwerk/cache/src/nsMemoryCacheDevice.cpp:316
316 PR_APPEND_LINK(entry, &mEvictionList[EvictionList(entry,
deltaSize)]);
(gdb) p mEvictionList[EvictionList(entry, deltaSize)]
$9 = {next = 0x0, prev = 0x1009}
PR_APPEND_LINK will attempt to dereference _l->prev->next (where _l is the
second arg). So it will dereference bogus memory and crash.
(gdb) p mHardLimit
$13 = 4194304
(gdb) p entry->Size()
$14 = 0
(gdb) p deltaSize
$15 = 18000000
(gdb) p mQueueCount
$16 = 23
(gdb) p EvictionList(entry, deltaSize)
$17 = 23
So looks like nsMemoryCacheDevice::EvictionList needs to make sure it does not
return a value >= mQueueCount....
Assignee: asa → bryner
Status: UNCONFIRMED → NEW
Ever confirmed: true
Keywords: stackwanted → regression
It also appears we're leaking the eviction queues if the memory cache size is
changed. Since the UI for that has been removed, it's not a big issue, but I'll
clean it up anyway.
I can take this.
Assignee: bryner → gordon
Component: Browser-General → Networking: Cache
|
|
||
Comment 8•22 years ago
|
||
*** Bug 198417 has been marked as a duplicate of this bug. ***
|
||
Comment 9•22 years ago
|
||
Adding topcrash keyword and Trunk [@ nsMemoryCacheDevice::OnDataSizeChange] to
summary for tracking. This is a topcrasher on recent MozillaTrunk
builds...started with 3/17 builds.
Here is the latest from Talkback:
8 nsMemoryCacheDevice::OnDataSizeChange 24
Source File :
c:/builds/seamonkey/mozilla/netwerk/cache/src/nsMemoryCacheDevice.cpp line : 319
====================================================================================================
Count Offset Real Signature
[ 10 nsMemoryCacheDevice::OnDataSizeChange ad7956eb -
nsMemoryCacheDevice::OnDataSizeChange ]
Crash date range: 2003-03-19 to 2003-03-19
Min/Max Seconds since last crash: 12 - 31014
Min/Max Runtime: 498 - 34938
Count Platform List
10 Windows NT 5.0 build 2195
Count Build Id List
5 2003031808
3 2003031804
2 2003031905
No of Unique Users 3
Stack trace(Frame)
nsMemoryCacheDevice::OnDataSizeChange
[c:/builds/seamonkey/mozilla/netwerk/cache/src/nsMemoryCacheDevice.cpp line 319]
nsCacheService::OnDataSizeChange
[c:/builds/seamonkey/mozilla/netwerk/cache/src/nsCacheService.cpp line 1275]
nsCacheEntryDescriptor::SetDataSize
[c:/builds/seamonkey/mozilla/netwerk/cache/src/nsCacheEntryDescriptor.cpp line
222]
imgRequest::OnStopFrame
[c:/builds/seamonkey/mozilla/modules/libpr0n/src/imgRequest.cpp line 470]
nsGIFDecoder2::EndImageFrame
[c:/builds/seamonkey/mozilla/modules/libpr0n/decoders/gif/nsGIFDecoder2.cpp
line 353]
gif_write [c:/builds/seamonkey/mozilla/modules/libpr0n/decoders/gif/GIF2.cpp
line 994]
nsGIFDecoder2::ProcessData
[c:/builds/seamonkey/mozilla/modules/libpr0n/decoders/gif/nsGIFDecoder2.cpp
line 196]
ReadDataOut
[c:/builds/seamonkey/mozilla/modules/libpr0n/decoders/gif/nsGIFDecoder2.cpp
line 138]
nsInputStreamTee::WriteSegmentFun
[c:/builds/seamonkey/mozilla/xpcom/io/nsInputStreamTee.cpp line 106]
(18272777) URL: http://www.rpgworldcomic.com/
(18272754) URL: http://www.rpgworldcomic.com/
(18272709) URL: http://www.rpgworldcomic.com/
(18272643) URL: http://www.rpgworldcomic.com/
(18271629) URL: http://www.rpgworldcomic.com/
====================================================================================================
Count Offset Real Signature
[ 3 nsMemoryCacheDevice::OnDataSizeChange cc2e08b9 -
nsMemoryCacheDevice::OnDataSizeChange ]
[ 1 nsMemoryCacheDevice::OnDataSizeChange 5a6cb225 -
nsMemoryCacheDevice::OnDataSizeChange ]
Crash date range: 2003-03-19 to 2003-03-19
Min/Max Seconds since last crash: 19 - 1429
Min/Max Runtime: 31 - 1429
Count Platform List
3 Windows 98 4.10 build 67766446
1 Windows NT 5.1 build 2600
Count Build Id List
4 2003031808
No of Unique Users 2
Stack trace(Frame)
nsMemoryCacheDevice::OnDataSizeChange
[c:/builds/seamonkey/mozilla/netwerk/cache/src/nsMemoryCacheDevice.cpp line 319]
nsCacheService::OnDataSizeChange
[c:/builds/seamonkey/mozilla/netwerk/cache/src/nsCacheService.cpp line 1275]
nsCacheEntryDescriptor::SetDataSize
[c:/builds/seamonkey/mozilla/netwerk/cache/src/nsCacheEntryDescriptor.cpp line
222]
imgRequest::OnStopFrame
[c:/builds/seamonkey/mozilla/modules/libpr0n/src/imgRequest.cpp line 470]
term_source
[c:/builds/seamonkey/mozilla/modules/libpr0n/decoders/jpeg/nsJPEGDecoder.cpp
line 826]
jpeg_finish_decompress [c:/builds/seamonkey/mozilla/jpeg/jdapimin.c line 421]
nsJPEGDecoder::WriteFrom
[c:/builds/seamonkey/mozilla/modules/libpr0n/decoders/jpeg/nsJPEGDecoder.cpp
line 470]
imgRequest::OnDataAvailable
[c:/builds/seamonkey/mozilla/modules/libpr0n/src/imgRequest.cpp line 794]
ProxyListener::OnDataAvailable
[c:/builds/seamonkey/mozilla/modules/libpr0n/src/imgLoader.cpp line 872]
nsStreamListenerTee::OnDataAvailable
[c:/builds/seamonkey/mozilla/netwerk/base/src/nsStreamListenerTee.cpp line 98]
nsHttpChannel::OnDataAvailable
[c:/builds/seamonkey/mozilla/netwerk/protocol/http/src/nsHttpChannel.cpp line
3015]
nsInputStreamPump::OnStateTransfer
[c:/builds/seamonkey/mozilla/netwerk/base/src/nsInputStreamPump.cpp line 409]
nsInputStreamPump::OnInputStreamReady
[c:/builds/seamonkey/mozilla/netwerk/base/src/nsInputStreamPump.cpp line 322]
nsInputStreamReadyEvent::EventHandler
[c:/builds/seamonkey/mozilla/xpcom/io/nsStreamUtils.cpp line 112]
PL_HandleEvent [c:/builds/seamonkey/mozilla/xpcom/threads/plevent.c line 664]
PL_ProcessPendingEvents [c:/builds/seamonkey/mozilla/xpcom/threads/plevent.c
line 597]
_md_EventReceiverProc [c:/builds/seamonkey/mozilla/xpcom/threads/plevent.c
line 1385]
KERNEL32.DLL + 0x24407 (0xbff94407)
0x00658b66
(18236412) URL: www.sluggy.com
(18236412) Comments: Clicked on link in bookmarks site began appearing
crash.
(18236277) URL: sluggy.net
(18236277) Comments: Clicked on link in bookmarks page appeared crash.
(18236103) URL: foldingathome.stanford.edu
(18236103) Comments: Typed above URL in address bar web page appeared crash
====================================================================================================
Count Offset Real Signature
[ 2 nsMemoryCacheDevice::OnDataSizeChange() 7a2a545f -
nsMemoryCacheDevice::OnDataSizeChange() ]
Crash date range: 2003-03-18 to 2003-03-18
Min/Max Seconds since last crash: 35 - 53
Min/Max Runtime: 28531 - 28584
Count Platform List
2 Linux 2.4.19-4GB
Count Build Id List
2 2003031722
No of Unique Users 1
Stack trace(Frame)
nsMemoryCacheDevice::OnDataSizeChange()
[/builds/client/linux22/seamonkey/mozilla/netwerk/cache/src/nsMemoryCacheDevice.cpp
line 308]
nsCacheService::OnDataSizeChange()
[/builds/client/linux22/seamonkey/mozilla/netwerk/cache/src/nsCacheService.cpp
line 1274]
nsCacheEntryDescriptor::SetDataSize()
[/builds/client/linux22/seamonkey/mozilla/netwerk/cache/src/nsCacheEntryDescriptor.cpp
line 220]
imgRequest::OnStopFrame()
[/builds/client/linux22/seamonkey/mozilla/modules/libpr0n/src/imgRequest.cpp
line 467]
term_source()
[/builds/client/linux22/seamonkey/mozilla/modules/libpr0n/decoders/jpeg/nsJPEGDecoder.cpp
line 826]
jpeg_finish_decompress()
[/builds/client/linux22/seamonkey/mozilla/jpeg/jdapimin.c line 421]
nsJPEGDecoder::WriteFrom()
[/builds/client/linux22/seamonkey/mozilla/modules/libpr0n/decoders/jpeg/nsJPEGDecoder.cpp
line 469]
imgRequest::OnDataAvailable()
[/builds/client/linux22/seamonkey/mozilla/modules/libpr0n/src/imgRequest.cpp
line 794]
ProxyListener::OnDataAvailable()
[/builds/client/linux22/seamonkey/mozilla/modules/libpr0n/src/imgLoader.cpp
line 871]
nsStreamListenerTee::OnDataAvailable()
[/builds/client/linux22/seamonkey/mozilla/netwerk/base/src/nsStreamListenerTee.cpp
line 97]
nsHttpChannel::OnDataAvailable()
[/builds/client/linux22/seamonkey/mozilla/netwerk/protocol/http/src/nsHttpChannel.cpp
line 3015]
nsInputStreamPump::OnStateTransfer()
[/builds/client/linux22/seamonkey/mozilla/netwerk/base/src/nsInputStreamPump.cpp
line 406]
nsInputStreamPump::OnInputStreamReady()
[/builds/client/linux22/seamonkey/mozilla/netwerk/base/src/nsInputStreamPump.cpp
line 322]
nsInputStreamReadyEvent::EventHandler()
PL_HandleEvent()
[/builds/client/linux22/seamonkey/mozilla/xpcom/threads/plevent.c line 663]
PL_ProcessPendingEvents()
[/builds/client/linux22/seamonkey/mozilla/xpcom/threads/plevent.c line 595]
nsEventQueueImpl::ProcessPendingEvents()
[/builds/client/linux22/seamonkey/mozilla/xpcom/threads/nsEventQueue.cpp line 391]
event_processor_callback()
[/builds/client/linux22/seamonkey/mozilla/widget/src/gtk/nsAppShell.cpp line 194]
our_gdk_io_invoke()
[/builds/client/linux22/seamonkey/mozilla/widget/src/gtk/nsAppShell.cpp line 75]
libglib-1.2.so.0 + 0x11196 (0x4029b196)
libglib-1.2.so.0 + 0x12abe (0x4029cabe)
libglib-1.2.so.0 + 0x12f99 (0x4029cf99)
libglib-1.2.so.0 + 0x13234 (0x4029d234)
libgtk-1.2.so.0 + 0xa892f (0x4019c92f)
nsAppShell::Run()
[/builds/client/linux22/seamonkey/mozilla/widget/src/gtk/nsAppShell.cpp line 336]
nsAppShellService::Run()
[/builds/client/linux22/seamonkey/mozilla/xpfe/appshell/src/nsAppShellService.cpp
line 479]
main1()
[/builds/client/linux22/seamonkey/mozilla/xpfe/bootstrap/nsAppRunner.cpp line
1654]
main()
[/builds/client/linux22/seamonkey/mozilla/xpfe/bootstrap/nsAppRunner.cpp line
1639]
libc.so.6 + 0x184a2 (0x403fb4a2)
(18219966) URL: www.rr.com/v5/home/0 19793 6 00.html
(18219966) Comments: Attempting to execute the 'RR Speed Test' on the Road
Runner page.
|
|
||
Comment 10•22 years ago
|
||
*** Bug 198141 has been marked as a duplicate of this bug. ***
|
|
||
Comment 11•22 years ago
|
||
Making this zt4newcrash because it looks like bryner's changes to
nsMemoryCacheDevice.cpp on 3/17 most likely introduced this regression.
Keywords: zt4newcrash
|
|
||
Comment 12•22 years ago
|
||
Adding [@ nsMemoryCacheDevice::DoomEntry] to summary since it appears to be a
related crash. Here is the Talkback info we have for those crashes:
nsMemoryCacheDevice::DoomEntry 7
BBID range: 18211444 - 18272689
Min/Max Seconds since last crash: 81 - 24772
Min/Max Runtime: 579 - 24772
Crash data range: 2003-03-18 to 2003-03-19
Build ID range: 2003031804 to 2003031905
Stack Trace:
nsMemoryCacheDevice::DoomEntry
[c:/builds/seamonkey/mozilla/netwerk/cache/src/nsMemoryCacheDevice.cpp line 222]
nsCacheService::DoomEntry_Internal
[c:/builds/seamonkey/mozilla/netwerk/cache/src/nsCacheService.cpp line 1011]
nsCacheEntryDescriptor::Doom
[c:/builds/seamonkey/mozilla/netwerk/cache/src/nsCacheEntryDescriptor.cpp line 383]
imgRequest::RemoveFromCache
[c:/builds/seamonkey/mozilla/modules/libpr0n/src/imgRequest.cpp line 289]
imgRequest::Cancel
[c:/builds/seamonkey/mozilla/modules/libpr0n/src/imgRequest.cpp line 263]
imgRequest::RemoveProxy
[c:/builds/seamonkey/mozilla/modules/libpr0n/src/imgRequest.cpp line 163]
imgRequestProxy::Cancel
[c:/builds/seamonkey/mozilla/modules/libpr0n/src/imgRequestProxy.cpp line 192]
nsLoadGroup::Cancel
[c:/builds/seamonkey/mozilla/netwerk/base/src/nsLoadGroup.cpp line 379]
nsDocLoaderImpl::Stop
[c:/builds/seamonkey/mozilla/uriloader/base/nsDocLoader.cpp line 338]
nsURILoader::Stop [c:/builds/seamonkey/mozilla/uriloader/base/nsURILoader.cpp
line 622]
nsDocShell::Stop [c:/builds/seamonkey/mozilla/docshell/base/nsDocShell.cpp
line 2741]
nsDocShell::InternalLoad
[c:/builds/seamonkey/mozilla/docshell/base/nsDocShell.cpp line 5172]
nsDocShell::LoadHistoryEntry
[c:/builds/seamonkey/mozilla/docshell/base/nsDocShell.cpp line 6199]
nsDocShell::LoadURI [c:/builds/seamonkey/mozilla/docshell/base/nsDocShell.cpp
line 681]
nsSHistory::InitiateLoad
[c:/builds/seamonkey/mozilla/xpfe/components/shistory/src/nsSHistory.cpp line 822]
nsSHistory::LoadEntry
[c:/builds/seamonkey/mozilla/xpfe/components/shistory/src/nsSHistory.cpp line 659]
nsSHistory::Reload
[c:/builds/seamonkey/mozilla/xpfe/components/shistory/src/nsSHistory.cpp line 561]
XPTC_InvokeByIndex
[c:/builds/seamonkey/mozilla/xpcom/reflect/xptcall/src/md/win32/xptcinvoke.cpp
line 102]
XPCWrappedNative::CallMethod
[c:/builds/seamonkey/mozilla/js/src/xpconnect/src/xpcwrappednative.cpp line 2025]
XPC_WN_CallMethod
[c:/builds/seamonkey/mozilla/js/src/xpconnect/src/xpcwrappednativejsops.cpp
line 1293]
js_Invoke [c:/builds/seamonkey/mozilla/js/src/jsinterp.c line 845]
js_Interpret [c:/builds/seamonkey/mozilla/js/src/jsinterp.c line 2832]
js_Invoke [c:/builds/seamonkey/mozilla/js/src/jsinterp.c line 861]
js_InternalInvoke [c:/builds/seamonkey/mozilla/js/src/jsinterp.c line 936]
JS_CallFunctionValue [c:/builds/seamonkey/mozilla/js/src/jsapi.c line 3529]
nsJSContext::CallEventHandler
[c:/builds/seamonkey/mozilla/dom/src/base/nsJSEnvironment.cpp line 1066]
nsJSEventListener::HandleEvent
[c:/builds/seamonkey/mozilla/dom/src/events/nsJSEventListener.cpp line 183]
nsXBLPrototypeHandler::ExecuteHandler
[c:/builds/seamonkey/mozilla/content/xbl/src/nsXBLPrototypeHandler.cpp line 449]
nsXBLWindowHandler::WalkHandlersInternal
[c:/builds/seamonkey/mozilla/content/xbl/src/nsXBLWindowHandler.cpp line 317]
nsXBLWindowKeyHandler::WalkHandlers
[c:/builds/seamonkey/mozilla/content/xbl/src/nsXBLWindowKeyHandler.cpp line 182]
nsXBLWindowKeyHandler::KeyPress
[c:/builds/seamonkey/mozilla/content/xbl/src/nsXBLWindowKeyHandler.cpp line 198]
nsEventListenerManager::HandleEvent
[c:/builds/seamonkey/mozilla/content/events/src/nsEventListenerManager.cpp line
1663]
nsXULDocument::HandleDOMEvent
[c:/builds/seamonkey/mozilla/content/xul/document/src/nsXULDocument.cpp line 2579]
nsXULElement::HandleDOMEvent
[c:/builds/seamonkey/mozilla/content/xul/content/src/nsXULElement.cpp line 3343]
nsXULElement::HandleDOMEvent
[c:/builds/seamonkey/mozilla/content/xul/content/src/nsXULElement.cpp line 3335]
nsXULElement::HandleDOMEvent
[c:/builds/seamonkey/mozilla/content/xul/content/src/nsXULElement.cpp line 3335]
nsXULElement::HandleDOMEvent
[c:/builds/seamonkey/mozilla/content/xul/content/src/nsXULElement.cpp line 3335]
nsXULElement::HandleDOMEvent
[c:/builds/seamonkey/mozilla/content/xul/content/src/nsXULElement.cpp line 3335]
nsXULElement::HandleDOMEvent
[c:/builds/seamonkey/mozilla/content/xul/content/src/nsXULElement.cpp line 3335]
nsXULElement::HandleDOMEvent
[c:/builds/seamonkey/mozilla/content/xul/content/src/nsXULElement.cpp line 3335]
nsXULElement::HandleDOMEvent
[c:/builds/seamonkey/mozilla/content/xul/content/src/nsXULElement.cpp line 3335]
nsXULElement::HandleChromeEvent
[c:/builds/seamonkey/mozilla/content/xul/content/src/nsXULElement.cpp line 4461]
GlobalWindowImpl::HandleDOMEvent
[c:/builds/seamonkey/mozilla/dom/src/base/nsGlobalWindow.cpp line 828]
nsDocument::HandleDOMEvent
[c:/builds/seamonkey/mozilla/content/base/src/nsDocument.cpp line 3473]
nsGenericElement::HandleDOMEvent
[c:/builds/seamonkey/mozilla/content/base/src/nsGenericElement.cpp line 1959]
PresShell::HandleEventInternal
[c:/builds/seamonkey/mozilla/layout/html/base/src/nsPresShell.cpp line 6263]
PresShell::HandleEvent
[c:/builds/seamonkey/mozilla/layout/html/base/src/nsPresShell.cpp line 6214]
nsViewManager::HandleEvent
[c:/builds/seamonkey/mozilla/view/src/nsViewManager.cpp line 2162]
nsView::HandleEvent [c:/builds/seamonkey/mozilla/view/src/nsView.cpp line 309]
nsViewManager::DispatchEvent
[c:/builds/seamonkey/mozilla/view/src/nsViewManager.cpp line 1944]
HandleEvent [c:/builds/seamonkey/mozilla/view/src/nsView.cpp line 83]
nsWindow::DispatchEvent
[c:/builds/seamonkey/mozilla/widget/src/windows/nsWindow.cpp line 1154]
nsWindow::DispatchWindowEvent
[c:/builds/seamonkey/mozilla/widget/src/windows/nsWindow.cpp line 1171]
nsWindow::DispatchKeyEvent
[c:/builds/seamonkey/mozilla/widget/src/windows/nsWindow.cpp line 3074]
nsWindow::OnKeyDown
[c:/builds/seamonkey/mozilla/widget/src/windows/nsWindow.cpp line 3163]
nsWindow::ProcessMessage
[c:/builds/seamonkey/mozilla/widget/src/windows/nsWindow.cpp line 4069]
0x18a16457
Source File :
c:/builds/seamonkey/mozilla/netwerk/cache/src/nsMemoryCacheDevice.cpp line : 222
(18272689) URL: http://www.rpgworldcomic.com/
Summary: Crash after document load (when window gets focus) - Trunk [@ nsMemoryCacheDevice::OnDataSizeChange] → Crash after document load (when window gets focus) - Trunk [@ nsMemoryCacheDevice::OnDataSizeChange] [@ nsMemoryCacheDevice::DoomEntry]
|
||
Comment 13•22 years ago
|
||
*** Bug 198344 has been marked as a duplicate of this bug. ***
|
||
Comment 14•22 years ago
|
||
*** Bug 198436 has been marked as a duplicate of this bug. ***
|
|
||
Comment 15•22 years ago
|
||
*** Bug 198525 has been marked as a duplicate of this bug. ***
|
|
||
Comment 16•22 years ago
|
||
*** Bug 198611 has been marked as a duplicate of this bug. ***
|
|
||
Comment 17•22 years ago
|
||
*** Bug 198771 has been marked as a duplicate of this bug. ***
|
||
Comment 18•22 years ago
|
||
I am crashing when I try to access site http://www.kosu.org/. Please see
Incident ID TB18366248Q. Could someone please tell me if this crash is part of
this bug, or if it is a different problem? I am using build 2003031722 on
Linux. Thanks.
|
||
Comment 19•22 years ago
|
||
Dom, your crash seems to be the same as this bug (crashes in
nsMemoryCacheDevice::OnDataSizeChange())
|
||
Comment 20•22 years ago
|
||
-> All/All
I'm seeing this crash on OS X w/ 2003032003
page:
http://agonist.org/annex/sitmap
Talkback IDs:
TB212058H
TB212060Y
Shout if you want me to attach a crash log
Hardware: PC → All
|
||
Comment 21•22 years ago
|
||
This should fix it. I didn't realize that we could need to find an eviction
list for an item larger than mHardLimit. I also wasn't accounting very well
for the case where the memory cache size was set to 0. This patch ensures that
we always have at least 1 queue available, and that a valid queue number is
returned from EvictionQueue(). I'm going to do a bit more testing with this.
|
|
||
Comment 22•22 years ago
|
||
Comment on attachment 118267 [details] [diff] [review]
patch
yep. this fixing it. requesting review, i'd like very much to fix this for
1.4a.
Attachment #118267 -
Flags: superreview?(darin)
Attachment #118267 -
Flags: review?(gordon)
|
||
Comment 23•22 years ago
|
||
Comment on attachment 118267 [details] [diff] [review]
patch
yup, makes sense. sr=darin
Attachment #118267 -
Flags: superreview?(darin) → superreview+
|
Assignee | |
Comment 24•22 years ago
|
||
The dynamic allocation of the eviction queues doesn't really seem to be
necessary. Each queue head is only 8 bytes, and for practical purposes we
will get the same performance benefits as long as we have a "sufficient" number
of queues. I'm proposing 24 with this patch, with means that entries larger
than 8 meg will be start grouped together in the "most evictable" queue. As
their fetch count increases, they will make their way down to more preferred
queues.
This patch also contains size and entry accounting fixes for bug 191161.
Attachment #118376 -
Flags: superreview?(darin)
Attachment #118376 -
Flags: review?(bryner)
Attachment #118267 -
Attachment is obsolete: true
|
|
||
Comment 25•22 years ago
|
||
Comment on attachment 118376 [details] [diff] [review]
updated patch that removes dynamic allocation of eviction queues
>+#ifdef DEBUG
>+class hashcounter : public nsCacheEntryHashTable::Visitor {
nsCacheHashCounter... namespace matters even for locally defined classes ;-)
more comments later...
|
|
||
Comment 26•22 years ago
|
||
Comment on attachment 118376 [details] [diff] [review]
updated patch that removes dynamic allocation of eviction queues
looks good otherwise; sr=darin with that class name changed.
Attachment #118376 -
Flags: superreview?(darin) → superreview+
|
|
||
Comment 27•22 years ago
|
||
Comment on attachment 118376 [details] [diff] [review]
updated patch that removes dynamic allocation of eviction queues
>Index: nsMemoryCacheDevice.cpp
>===================================================================
>RCS file: /cvsroot/mozilla/netwerk/cache/src/nsMemoryCacheDevice.cpp,v
>retrieving revision 1.44
>diff -u -r1.44 nsMemoryCacheDevice.cpp
>--- nsMemoryCacheDevice.cpp 18 Mar 2003 06:02:10 -0000 1.44
>+++ nsMemoryCacheDevice.cpp 25 Mar 2003 02:22:21 -0000
>-// We keep ceil(log2(mHardLimit+1)) LRU queues. The queues hold exponentially
>-// increasing ranges of floor(log2((size/nref))) values for entries.
>+// The memory cache implements a variate of the "LRU-SP" caching algorithm
Do you mean 'variant'? 'variate' means "random variable", which I don't think
is correct.
>
>-
> nsMemoryCacheDevice::nsMemoryCacheDevice()
> : mInitialized(PR_FALSE),
>- mEvictionList(nsnull),
>- mEvictionThreshold(40 * 1024),
>- mHardLimit(4 * 1024 * 1024), // set default memory limit, in case prefs aren't available
>+ mEvictionThreshold(0),
How about just removing mEvictionThreshold? It doesn't seem to be used for
anything.
r=bryner with those changes.
Attachment #118376 -
Flags: review?(bryner) → review+
|
|
||
Comment 28•22 years ago
|
||
i don't know if this is related to this checkin or not, but i saw this assertion
today at shutdown (from the xpcom-shutdown event, i think):
###!!! ASSERTION: ### mem cache leaking entries?
: 'mInactiveSize == 0', file
/home/darinf/netscape/mozilla-trunk/mozilla/netwerk/cache/src/nsMemoryCacheDevice.cpp,
line 111
|
|
Assignee | |
Comment 29•22 years ago
|
||
There's no leak. Accounting for mInactiveSize needs to be fixed. Here's the patch.
Index: nsMemoryCacheDevice.cpp
===================================================================
RCS file: /cvsroot/mozilla/netwerk/cache/src/nsMemoryCacheDevice.cpp,v
retrieving revision 1.45
diff -u -r1.45 nsMemoryCacheDevice.cpp
--- nsMemoryCacheDevice.cpp 25 Mar 2003 07:05:33 -0000 1.45
+++ nsMemoryCacheDevice.cpp 25 Mar 2003 22:22:12 -0000
@@ -330,7 +330,8 @@
// update statistics
PRInt32 memoryRecovered = (PRInt32)entry->Size();
mTotalSize -= memoryRecovered;
- mInactiveSize -= memoryRecovered;
+ if (!entry->IsDoomed())
+ mInactiveSize -= memoryRecovered;
--mEntryCount;
if (deleteEntry) delete entry;
Status: NEW → ASSIGNED
Priority: -- → P1
Target Milestone: --- → mozilla1.4alpha
|
|
||
Comment 30•22 years ago
|
||
ok, r+sr=me if you want to just slip that in today ;-)
|
||
Comment 31•22 years ago
|
||
Yesterday this was the No.3 topcrash with No.1 and 2 already fixed now, so I ask
to block 1.4a for it. (Yeah, it will probably get in in time anyway, but just to
make sure)
Flags: blocking1.4a?
|
|
Assignee | |
Comment 32•22 years ago
|
||
The main fix was checked in Monday night, with a slight update to fix a bogus
assertion Tuesday evening.
Marking FIXED.
Status: ASSIGNED → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
|
|
||
Updated•22 years ago
|
Flags: blocking1.4a?
|
|
||
Updated•22 years ago
|
Attachment #118267 -
Flags: review?(gordon)
|
|
||
Comment 33•22 years ago
|
||
No crashes since the checkin on 3/24. Marking verified based on Talkback data.
Status: RESOLVED → VERIFIED
|
||
Updated•14 years ago
|
Crash Signature: [@ nsMemoryCacheDevice::OnDataSizeChange]
[@ nsMemoryCacheDevice::DoomEntry]
You need to log in
before you can comment on or make changes to this bug.
Description
•