Closed Bug 209804 Opened 21 years ago Closed 20 years ago

Assertion in xpcom/threads/nsAutoLock.cpp

Categories

(Core :: XPCOM, defect)

Product:
Core
Component:
XPCOM
Platform:
x86
All
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla1.7final

People

(Reporter: tenthumbs, Assigned: darin.moz)

References

Details

(Keywords: assertion, fixed-aviary1.0, fixed1.7.5)

Attachments

(3 files, 1 obsolete file)

stack traces
46.41 KB, text/plain
Details
v1 patch
1.15 KB, patch
dougt
: review+
Details | Diff | Splinter Review
v2 patch
5.82 KB, patch
dbaron
: review+
dbaron
: superreview+
asa
: approval1.7-
roc
: approval1.7.5+
Details | Diff | Splinter Review 
I started seeing this in my Linux builds at shutdown.

###!!! ASSERTION: potential deadlock between Monitor@80c25a0 and Lock@87c7390:
'Error', file nsAutoLock.cpp, line 265
Break: at file nsAutoLock.cpp, line 265

I have no idea how serious this is.
I don't have any idea either.  I do not see this -- timeless, brendan?
It's disappeared, returned, and disappeared again. Right now it's gone.
offhand this is probably the psm lock bug. darin filed it
important to show stacks for such assertions.  I will factor stack (callsite
tree) tracing out of nsTraceMalloc, make it a primitive configurable that any
build can add and use.  That should help fix bug 200972.

Someone mark this dup or worksforme, ok?

/be
tenthumbs: if you can get a stack trace, then please compare it to that in bug
210037.
Depends on: 210037
Blocks: 160540
I'm seeing this and here is the stack:

 Function                                                                   |
Part                        
----------------------------------------------------------------------------+-----------------------------
 _ZN11nsDebugImpl5AbortEPKci                                                |
NSDEBUGIMPL.CPP             
 _ZN11nsDebugImpl5BreakEPKci                                                |
NSDEBUGIMPL.CPP             
 _ZN11nsDebugImpl9AssertionEPKcS1_S1_i                                      |
NSDEBUGIMPL.CPP             
 _ZN7nsDebug9AssertionEPKcS1_S1_i                                           |
NSDEBUG.CPP                 
 _ZN14nsAutoLockBaseC2EPvNS_14nsAutoLockTypeE                               |
NSAUTOLOCK.CPP              
 _ZN10nsAutoLockC1EP6PRLock                                                 |
NSCACHEENTRYDESCRIPTOR.CPP  
 _ZN22nsCacheEntryDescriptor5CloseEv                                        |
NSCACHEENTRYDESCRIPTOR.CPP  
 _ZN22nsCacheEntryDescriptorD0Ev                                            |
NSCACHEENTRYDESCRIPTOR.CPP  
 _ZN22nsCacheEntryDescriptor7ReleaseEv                                      |
NSCACHEENTRYDESCRIPTOR.CPP  
 _ZN8nsCOMPtrI23nsICacheEntryDescriptorE22assign_assuming_AddRefEPS0_       |
IMGREQUEST.CPP              
 _ZN8nsCOMPtrI23nsICacheEntryDescriptorE18assign_with_AddRefEP11nsISupports |
IMGREQUEST.CPP              
 _ZN8nsCOMPtrI23nsICacheEntryDescriptorEaSEPS0_                             |
IMGREQUEST.CPP              
 _ZN10imgRequest11RemoveProxyEP15imgRequestProxyji                          |
IMGREQUEST.CPP              
 _ZN15imgRequestProxy6CancelEj                                              |
IMGREQUESTPROXY.CPP         
 _ZN12nsImageFrame8IconLoad8ShutdownEv                                      |
NSLAYOUTMODULE.O            
 _ZN12nsImageFrame14ReleaseGlobalsEv                                        |
NSLAYOUTMODULE.O            
 _Z8ShutdownP9nsIModule                                                     |
NSLAYOUTMODULE.O            
 _ZN15nsGenericModule8ShutdownEv                                            |
NSGENERICFACTORY.CPP        
 _ZN15nsGenericModuleD1Ev                                                   |
NSGENERICFACTORY.CPP        
 _ZN15nsGenericModule7ReleaseEv                                             |
NSGENERICFACTORY.CPP        
 _ZN5nsDll8ShutdownEv                                                       |
XCDLL.CPP                   
 _Z13nsFreeLibraryP5nsDllP17nsIServiceManageri                              |
NSNATIVECOMPONENTLOADER.CPP 
 _Z17nsFreeLibraryEnumP9nsHashKeyPvS1_                                      |
NSNATIVECOMPONENTLOADER.CPP 
 _Z13hashEnumerateP12PLDHashTableP15PLDHashEntryHdrjPv                      |
NSHASHTABLE.CPP             
 PL_DHashTableEnumerate                                                     |
PLDHASH.C                   
 _ZN11nsHashtable9EnumerateEPFiP9nsHashKeyPvS2_ES2_                         |
NSHASHTABLE.CPP             
 _ZN23nsNativeComponentLoader9UnloadAllEi                                   |
NSNATIVECOMPONENTLOADER.CPP 
 _ZN22nsComponentManagerImpl15UnloadLibrariesEP17nsIServiceManageri         |
NSCOMPONENTMANAGER.CPP      
 _ZN22nsComponentManagerImpl8ShutdownEv                                     |
NSCOMPONENTMANAGER.CPP      
 NS_ShutdownXPCOM                                                           |
NSXPCOMINIT.O               
 NS_ShutdownXPCOM                                                           |
NSXPCOMGLUE.CPP             
 GRE_Shutdown                                                               |
NSXPCOMGLUE.CPP             
 main                                                                       |
NSAPPRUNNER.O               
 __text                                                                     |
CRT0.OBJ                    
 0x182915A6                                                                 |
libc04.dll:1                

See bug 210037 comment 3, conclusion 2.

Whether we should avoid holding a cache service lock when calling into the XPCOM
component manager (conclusion 1 from that bug, applied to the cache code instead
of to NSS) is something dougt should comment upon.

It's never a good idea to call out of module while holding a lock.  But if
enough code does that with XPCOM as the callee, maybe we just need to declare
XPCOM "most nested" in such locking scenarios, and all * -> XPCOM arcs in the
deadlock detection graph, but not XPCOM -> *.

/be
> XPCOM "most nested" in such locking scenarios, and all * -> XPCOM arcs in the

er, "allow * -> XPCOM arcs ...", not "all ...."

This XPCOM bug would stand for fixing the component manager to set aside the
list during shutdown, and exit its monitor; and also documenting and
evangelizing the nesting rule.

/be
(In reply to comment #7)
> See bug 210037 comment 3, conclusion 2.
> 
> Whether we should avoid holding a cache service lock when calling into the XPCOM
> component manager (conclusion 1 from that bug, applied to the cache code instead
> of to NSS) is something dougt should comment upon.
> 
> It's never a good idea to call out of module while holding a lock.  But if
> enough code does that with XPCOM as the callee, maybe we just need to declare
> XPCOM "most nested" in such locking scenarios, and all * -> XPCOM arcs in the
> deadlock detection graph, but not XPCOM -> *.
> 
> /be


i'm all for possibly changing the cache to not hold its lock while calling into
XPCOM.  it's almost always a good idea in my experience to not do that.  that
said, i'm not sure how easy it would be to change the cache.
Darin: I was proposing relieving you and many others from having to do that in
the particular case of calling the XPCOM component or service manager.  That way
the burden would be on XPCOM to use thread-local temporaries and the like to
avoid nesting the other day.

/be
(In reply to comment #10)
> Darin: I was proposing relieving you and many others from having to do that in
> the particular case of calling the XPCOM component or service manager.  That way
> the burden would be on XPCOM to use thread-local temporaries and the like to
> avoid nesting the other day.

yeah, i agree that that is a good plan.  the component manager shouldn't need to
hold its monitor while shutting down.  it should race to set the mShuttingDown
flag, and then all losers of that race should just return early with some error.
what darin said.  we can remove the monitor in UnloadLibary and "protect"
mLoaderData behind a check against mShuttingDown.  I am not sure why we would
have to create anything on the stack.
In an SMP complex with weak store order, you can't be sure everyone has seen the
store to mShuttingDown.  So you can't be sure other threads aren't racing
through the hash table.

You need a memory barrier, which locks and monitors provide.  So enter the
monitor, set mShuttingDown, set the hash table aside as cheaply as possible
(that is why I suggested copying the PLDHashTable to a stack temporary and
zapping the original's memory with memset(0)), leave the monitor, etc.

/be
Attached file stack traces 
I'm now seeing 10 of these at every shutdown. Here's all the stack traces. I'm
including all of them because they're similar but not that similar.
I just noticed this in WinXP in a debug trunk build. It might have been there
for a while since I don't normally start the debug build from the command line.

To reproduce:

Start Mozilla, select profile, close browser.

Environment is a custom debug build, vc6, ms sdk, winxp, xeon, with all
extensions enabled except xmlterm or negotiateauth and svg gdi+.

-> OS All

Stack follows:

NTDLL! 77f75a58()
nsDebugImpl::Assertion(nsDebugImpl * const 0x002e6d10, const char * 0x0012fa18,
const char * 0x100fecc4, const char * 0x100fec80, int 299) line 272
nsDebug::Assertion(const char * 0x0012fa18, const char * 0x100fecc4, const char
* 0x100fec80, int 299) line 109
nsAutoLockBase::nsAutoLockBase(void * 0x026e0f78, nsAutoLockBase::nsAutoLockType
eAutoLock) line 299 + 27 bytes
nsAutoLock::nsAutoLock(PRLock * 0x026e0f78) line 178 + 21 bytes
nsCacheEntryDescriptor::Close(nsCacheEntryDescriptor * const 0x02c0ff78) line 411
nsCacheEntryDescriptor::~nsCacheEntryDescriptor() line 51
nsCacheEntryDescriptor::`scalar deleting destructor'(unsigned int 1) + 15 bytes
nsCacheEntryDescriptor::Release(nsCacheEntryDescriptor * const 0x02c0ff78) line
36 + 144 bytes
nsCOMPtr<nsICacheEntryDescriptor>::assign_assuming_AddRef(nsICacheEntryDescriptor
* 0x00000000) line 495
nsCOMPtr<nsICacheEntryDescriptor>::assign_with_AddRef(nsISupports * 0x00000000)
line 1023
nsCOMPtr<nsICacheEntryDescriptor>::operator=(nsICacheEntryDescriptor *
0x00000000) line 608
imgRequest::RemoveProxy(imgRequestProxy * 0x02f115f0, unsigned int 2147500037,
int 0) line 168
imgRequestProxy::Cancel(imgRequestProxy * const 0x02f115f0, unsigned int
2147500037) line 209
nsImageFrame::IconLoad::Shutdown() line 287
nsImageFrame::ReleaseGlobals() line 142
Shutdown(nsIModule * 0x00a44358) line 405
nsGenericModule::Shutdown() line 344 + 10 bytes
nsGenericModule::~nsGenericModule() line 247
nsGenericModule::`scalar deleting destructor'(unsigned int 1) + 15 bytes
nsGenericModule::Release(nsGenericModule * const 0x00a44358) line 249 + 142 bytes
nsDll::Shutdown() line 380 + 18 bytes
nsFreeLibrary(nsDll * 0x00a1b058, nsIServiceManager * 0x00000000, int 3) line 275
nsFreeLibraryEnum(nsHashKey * 0x00a1b0e8, void * 0x00a1b058, void * 0x0012fe84)
line 344 + 64 bytes
hashEnumerate(PLDHashTable * 0x002ef768, PLDHashEntryHdr * 0x0099642c, unsigned
int 24, void * 0x0012fe68) line 115 + 26 bytes
PL_DHashTableEnumerate(PLDHashTable * 0x002ef768, int (PLDHashTable *,
PLDHashEntryHdr *, unsigned int, void *)* 0x10013d00 hashEnumerate(PLDHashTable
*, PLDHashEntryHdr *, unsigned int, void *), void * 0x0012fe68) line 619 + 34 bytes
nsHashtable::Enumerate(int (nsHashKey *, void *, void *)* 0x10063c30
nsFreeLibraryEnum(nsHashKey *, void *, void *), void * 0x0012fe84) line 303 + 21
bytes
nsNativeComponentLoader::UnloadAll(nsNativeComponentLoader * const 0x002ef720,
int 3) line 961
nsComponentManagerImpl::UnloadLibraries(nsIServiceManager * 0x00000000, int 3)
line 3139 + 22 bytes
nsComponentManagerImpl::Shutdown() line 878
NS_ShutdownXPCOM(nsIServiceManager * 0x00000000) line 776 + 11 bytes
NS_ShutdownXPCOM(nsIServiceManager * 0x00000000) line 184 + 10 bytes
GRE_Shutdown() line 468 + 7 bytes
main(int 1, char * * 0x002e2638) line 1724 + 5 bytes
mainCRTStartup() line 338 + 17 bytes
KERNEL32! 77e814c
OS: Linux → All
I want this looked at for 1.7.
Severity: normal → major
Flags: blocking1.7+
taking
Assignee: dougt → darin
Target Milestone: --- → mozilla1.7final
Two solutions for this bug come to mind:

 (1) Make nsComponentManagerImpl not hold mMon while calling UnloadAll on the 
     component loaders.

 (2) Make nsImageFrame::ReleaseGlobals be called at xpcom-shutdown time instead
     of from the layout module destructor.

CC'ing bz and dbaron to get their thoughts on option #2.  (They seem to have CVS
blame for the IconLoad class.)

dougt, can you comment on option #1?  I don't understand why that monitor needs
to be held while calling UnloadAll.  We don't seem to hold the monitor while
calling other methods on the component loaders, so why is it important in
UnloadLibraries?  Does it have something to do with
nsIComponentManagerObsolete::FreeLibraries (which calls UnloadLibraries also)?
I do not remember is there is any issue in removing this monitor.  Seams like
since we are calling out and not protecting anything this monitor can be safely
removed.

Looking at very old versions of this file, it seams that we:
A) use to protect a hash during unload
B) then we added a callback to the thing that was being unloaded
C) then we seperated the hash removal and the callback notification
D) during this seperatation we left the monitor in both places.
dougt: thanks for gathering that history on the file.  it does seem like the
monitor is only (mainly?) protecting the hash table today.  i don't mind
removing the monitor on the trunk to see if we hit anything, but will we have
enough bake time on the trunk to know that it solves the problem well enough to
be able to take the patch on the 1.7 branch?  maybe we'll just have to see ...
yes, if you remove this we would want a few weeks worth of bake time.  I don't
think this monitor causes any user reported problems.
Attached patch v1 patchSplinter Review 
ok, here's the xpcom patch.
Attachment #146309 - Flags: superreview?(brendan)
Attachment #146309 - Flags: review?(dougt)
Comment on attachment 146309 [details] [diff] [review]
v1 patch

Doesn't Shutdown need to use the monitor, or some kind of thread barrier
(join), to avoid racing with other threads using XPCOM?

/be
Attachment #146309 - Flags: review?(dougt) → review+
brendan: yes, and all of those other threads join with the main thread from the
xpcom-shutdown event handler.  or, in the case of the DNS threads, they detach
and reference no more xpcom code or objects after xpcom-shutdown.  this patch
shouldn't be a problem for mozilla since xpcom shutdown happens on the main
thread, and all of our threads go away cleanly essentially at the time when the
xpcom-shutdown notification gets sent out.  the only real concern here is what
some module destructor might do. (the module destructor for nsImageFrame
apparently calls code libpr0n, which calls code in necko.)
Module destructors should never call into any other modules, period.  (Consider
what would happen if we start unloading libraries, as we probably should have
from the start.)  Anything that needs to call into other modules should be done
using an "xpcom-shutdown" nsIObserver.
(In reply to comment #25)
> Module destructors should never call into any other modules, period.  (Consider
> what would happen if we start unloading libraries, as we probably should have
> from the start.)  Anything that needs to call into other modules should be done
> using an "xpcom-shutdown" nsIObserver.

so, then you are advocating solution #2 from comment #18?
Attached patch comment 18 - 2 (obsolete) — Splinter Review 

    
  

        Attachment #146441 -
        Flags: superreview?(dbaron)

        Attachment #146441 -
        Flags: review?(dbaron)

    
    

    
  
Comment on attachment 146441 [details] [diff] [review]
comment 18 - 2

>Index: nsImageFrame.h

>   static void ReleaseGlobals() {
>+    NS_IF_RELEASE(gIconLoad);
>     NS_IF_RELEASE(sIOService);
>   }

you didn't mean to keep the release of sIOService here right?  since
it isn't valid to call into another module from a module destructor,
it cannot be valid to call sIOService->Release() from here.  therefore,
this code should be removed.  perhaps it makes sense to assert that
sIOService is null instead.

        Attachment #146441 -
        Flags: review?(dbaron) → review-

    
    

    
  
I agree with comment 28.  Also, rather than adding your own observer, I'd prefer
if you used ContentShutdownObserver in nsLayoutModule.cpp.  Given that, this
could be a +1/-1 patch (just change where nsImageFrame::ReleaseGlobals is called).

    
  

        Attachment #146441 -
        Flags: superreview?(dbaron)

    
    

    
  
So, fixing nsImageFrame::ReleaseGlobals() to be called earlier (from
ContentShutdownObserver) is not enough.  We have to move other things too, like
for instance nsLayoutStylesheetCache::Shutdown().  I'm going to try moving all
of layout shutdown into the xpcom-shutdown observer.

    
    

    
  

      
      
      
      

        Attached patch
          
          
        v2 patchSplinter Review
      

    


  
ok, this patch forces all layout shutdown to occur from the xpcom-shutdown
observer.  it seems to work :-)

        Attachment #146441 -
        Attachment is obsolete: true

    
  

        Attachment #146309 -
        Flags: superreview?(brendan)

    
  

        Attachment #147352 -
        Flags: superreview?(dbaron)

        Attachment #147352 -
        Flags: review?(dbaron)

    
    

    
  
Comment on attachment 147352 [details] [diff] [review]
v2 patch

r+sr=dbaron.  We probably don't need to move everything, but it shouldn't hurt
anything, I don't think...

        Attachment #147352 -
        Flags: superreview?(dbaron)

        Attachment #147352 -
        Flags: superreview+

        Attachment #147352 -
        Flags: review?(dbaron)

        Attachment #147352 -
        Flags: review+

    
    

    
  
fixed-on-trunk
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED

    
    

    
  
Comment on attachment 147352 [details] [diff] [review]
v2 patch

Requesting approval to land this on the branch, but I'd like to give this some
reasonable bake time on the trunk first.

We also might want to just skip fixing this on the branch since I don't believe
that there is any real potential for a deadlock here.

At most it would be a good patch to accept on the branch for the purpose of
eliminating up the "scary looking" assertions.

        Attachment #147352 -
        Flags: approval1.7?

    
    

    
  
Without a report of deadlock actually occurring, I don't see the point of fixing
this on the branch.

    
    

    
  
I still got one in my trunk build from this morning.

    
    

    
  
(In reply to comment #36)
> I still got one in my trunk build from this morning.

tenthumbs: can you get a stack trace if possible?  it is likely that this
assertion could happen elsewhere, and for that reason we should probably still
land the xpcom component manager change.

    
  

        Attachment #147352 -
        Flags: approval1.7? → approval1.7-

    
  
Flags: blocking1.7+ → blocking1.7-

    
    

    
  
Ben wants this on aviary, I'll do the honours today.

    
  
No longer blocks: 160540

    
  

        Attachment #147352 -
        Flags: approval1.7.x?

    
    

    
  
Comment on attachment 147352 [details] [diff] [review]
v2 patch

Mike, please put this on 1.7,

        Attachment #147352 -
        Flags: approval1.7.x? → approval1.7.x+

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: