Closed Bug 258954 Opened 20 years ago Closed 19 years ago

sonystyle.com.cn - Mozilla/Firefox/Galeon/Epiphany... crash

Categories

(Tech Evangelism Graveyard :: Chinese-Simplified, defect)

Product:
Tech Evangelism Graveyard
Component:
Chinese-Simplified
Platform:
x86
All
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: qiuyingbo, Unassigned)

References

(
URL
)

Details

(4 keywords) 

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040614 Firefox/0.9
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040614 Firefox/0.9

I test it on linux and Windows platform, I use firefox/galeon/epiphany in linux and
firefox/mozilla/netscape in windows. 

maybe a gecko's bug

Reproducible: Always
Steps to Reproduce:
1.
2.
3.

Actual Results:  
the program freeze. and the OS begin swap memory -- HD's LED begin twinkling.
windows will report VM too low.
the page loads a script http://www.sonystyle.com.cn/iemenu.js, which is 182Kb on
one line.  Mozilla gets bogged down just loading the script.  A html page with
some javascript from the URL to set up the menus and including the iemenu.js
fluctuated between 110 and 330MB of memory usage (I have 512MB total), but did
eventually load.  Loading the full page was similar.

Over to JSEng in case there is anything that can be done to improve handling of
such an enormous script.  If not, this is probably INVALID.
Assignee: general → general
Component: Browser-General → JavaScript Engine
Keywords: crash, hang, perf
QA Contact: general → pschwartau
We had a bug for long one-line scripts already... Didn't brendan check in a fix
for that?  If so, is this a problem in builds with said fix?
bug 218511

You filed a followup bug that it was still slow though.
The bug 236272 that bz filed as a followup to bug 218511 is about the HTML
parser, though, and that code won't be run when dealing with an out-of-line script.

Reporter says this was in Firefox 0.9, and the patch for bug 218511 was in 0.9,
so I'll take a look at this using the js shell.

/be
Assignee: general → brendan
Status: UNCONFIRMED → NEW
Ever confirmed: true
Not a JS engine bug, AFAICT:

[~/src/phoenix/mozilla/js/src2]$ Linux_All_OPT.OBJ/js < ~/iemenu.js
1: ReferenceError: Image is not defined
[~/src/phoenix/mozilla/js/src2]$ time !!
time Linux_All_OPT.OBJ/js < ~/iemenu.js
1: ReferenceError: Image is not defined
                                                                                
real    0m0.084s
user    0m0.080s
sys     0m0.000s
[~/src/phoenix/mozilla/js/src2]$ time Linux_All_OPT.OBJ/js < ~/iemenu.js
1: ReferenceError: Image is not defined
                                                                                
real    0m0.092s
user    0m0.080s
sys     0m0.010s
[~/src/phoenix/mozilla/js/src2]$ time Linux_All_OPT.OBJ/js < ~/iemenu.js
1: ReferenceError: Image is not defined
                                                                                
real    0m0.084s
user    0m0.080s
sys     0m0.000s
[~/src/phoenix/mozilla/js/src2]$

So the js shell loads this quickly, using stdio.  If there's some big lag, it
must be somewhere above the JavaScript Engine layer, either in the script loader
or in Necko.  Bouncing to the HTML content code.  bz, do you have time to do a
profile?

/be
Assignee: brendan → general
Component: JavaScript Engine → DOM: HTML
Profiling doesn't help so much.  I can't load the page altogether because it
runs out of memory and dies (I have 768 MB or RAM and 256 MB of swap).  The flat
profile looks like:

Total hit count: 75448
Count %Total  Function Name
36779   48.7     str_indexOf
26697   35.4     memcpy
2487   3.3     __libc_calloc
887   1.2     mmap
799   1.1     munmap
456   0.6     posix_memalign

So we're just moving massive amounts of memory around and working with some huge
string.

At a guess, the script assumes something IE-specific and does something totally
wrong in Mozilla...  someone would need to reduce the script to the part that
actually blows up in memory.
Keywords: qawanted
> At a guess, the script assumes something IE-specific and does something totally
> wrong in Mozilla...

you couldn't be more right.  the problem is my old nemisis "xrep".  see bug
164173.  at sonystyle, the string of interest is 128K (instead of 27K in bug
164173).  attachment 96795 [details] is the reformatted javascript from that bug (also
named iemenus.js)
Ah, yes.  And see also bug 161633 (which has similar analysis that I did at some
point on yet another xrep-using site).

bc, could we contact the providers of this iemenu.js code?  Any idea who they are?
Assignee: general → chinese-simplified
Component: DOM: HTML → Chinese-Simplified
Product: Browser → Tech Evangelism
QA Contact: pschwartau → chinese-simplified
Version: Trunk → unspecified
Who wrote that garbage?  Yeesh.

/be
I believe they are using a really early version of
<http://software.xfx.net/utilities/dmbuilder/index.htm>. For example, at
<http://software.xfx.net/utilities/dmbuilder/webslist.htm?s=20&order=0&condensed=0>
look at adminpower.com which is using a 2.8 version.

Newer versions support us better I think.


Thanks for your discussion. I believe that the code is garbage, but the garbage
code should not crash my browser.... :(

I am a unix C programmer with 6 years experience. Maybe I can do something for the
bug. please give me some advice.
reporter: if this is only hanging then there's not much I could suggest. there
is some tuning that can be done for slow scripts (we're probably going to donate
some improved error reporting for them).

at some point gecko may be rewritten so that each docshell gets its own thread
and the ui threads would be able to survive and ignore stupid web pages. this
isn't going to happen anytime soon, if you want to help with such an effort you
could start by learning layout (just learning it will take at least a month). if
you're really interested in helping, someone cc'd to this bug would be glad to
give you much smaller and more reasonable tasks which you could work on.
I review the mozilla source code and find mozilla has implemented `join'
function in js/src/jsarray.c now.

In the period of loading sonystyle's homepage, mozilla call str_split 
and array_join function 5097 times. is that a garbage collection issue?
Mozilla has always had join() implemented.

The core issue is that the site just does something that allocates a huge chunk
of memory (unless your browser is IE, in which case it does something
different).... We _may_ be able to GC more aggressively here, but even that may
not help enough because the site is creating a whole bunch of (large) temporary
objects all at once.
no, the joins and splits are things that the code is asking for. i'm not going
to spend time pointing our where.
If anything, the GC already tends to be over-aggressive in these cases.  The
rooted object graph is fairly large and so there's a significant static cost to
running a GC.  Lots of bloaty string manipulation can kick off a GC, causing a
full sweep to be done every few allocations.  It's generally better to let the
working set grow a little (depending on your physical memory) to amortize the GC
costs.
Conforming summary to TFM item 10 at 
http://www.mozilla.org/projects/tech-evangelism/site/procedures.html#file-new

Reporter, when you file a TE bug, please follow the reporting guidelines.
Summary: Mozilla/Firefox/Galeon/Epiphany... crash on http://www.sonystyle.com.cn → sonystyle.com.cn - Mozilla/Firefox/Galeon/Epiphany... crash
*** Bug 272756 has been marked as a duplicate of this bug. ***
Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8a6) Gecko/20041202
Firefox/1.0+

I came here from Bug 272756.

The page eventually loaded but was very slow - tens of minutes.

No crash
*** Bug 273976 has been marked as a duplicate of this bug. ***
I think sonystyle.com.cn have rewrite their homepage
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → WONTFIX
Product: Tech Evangelism → Tech Evangelism Graveyard
You need to log in before you can comment on or make changes to this bug.