Closed Bug 366241 Opened 19 years ago Closed 18 years ago

trace-malloc bloat test crashes on nye tbox during shutdown

Categories

(Core :: XPCOM, defect)

Product:
Core
Component:
XPCOM
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: ajschult784, Assigned: graydon)

References

(
URL
)

Details

(Keywords: crash, regression)

Attachments

(3 files)

stacktrace
1.39 KB, text/plain
Details
stack from valgrind
1.28 KB, text/plain
Details
valgrind log
9.23 KB, text/plain
Details
Attached file stacktrace
With the landing of the cycle collector, nye crashes during shutdown of the trace-malloc bloat test. I don't see the crash on my desktop's builds, but if I run the test on nye interactively, I still hit it. In fact, I hit the crash if I set the DISPLAY to something invalid so that it immediately exits.
Blocks: cycle-collector
Flags: blocking1.9?
Assignee: nobody → graydon
Flags: blocking1.9? → blocking1.9+
Attached file stack from valgrind
I trimmed nsAppRunner's main method down to argc = NS_TraceMallocStartupArgs(argc, argv); gtk_init(&argc, &argv); return 0; and it still crashes. I'm attaching a valgrind stack I hit when running with arguments "-P clean --trace-malloc /tmp/malloc.log --shutdown-leaks /tmp/sdleak.log" (-P clean has no real effect, but it makes valgrind see an invalid read instead of a uninitialized conditional jump)
I mentioned in comment 0 that I don't crash running with trace-malloc on my desktop. But running under valgrind, it sees the same errors that valgrind sees on nye.
nsGetTypeName is pretty fishy; it could probably be improved. I don't think this is graydon's fault; he just made us leak something a little more interesting.
I'm not seeing this crash in the tinderboxes anymore. Is it still happening?
Attached file valgrind log
I don't see a crash running locally or on the tinderbox, but valgrind still sees the same thing as in attachment 254618 [details]. The line numbers in nsTraceMalloc.c have changed, but it's referencing the same block of code as before.
Two questions: First, is this still really blocking 1.9? It seems minor if it's not actually crashing anything: trace-malloc is not even turned on most of the time. Second, dbaron, can you imagine what's going on in this? It looks to me like trace-malloc hasn't been told that a particular chunk of memory got recycled, and it's enumerating it as the wrong type of pointer during shutdown. Could the cycle collector be interfering with trace-malloc hooking or something?
Could the cycle collector somehow be interfering with trace-malloc hooking only partly? If it interfered completely, trace-malloc pretty much wouldn't do anything. trace-malloc knows what's going on by overriding malloc, free, etc.
As far as I know you have to have DEBUG_CC defined during build and define XPCOM_CC_HOOK_MALLOC at runtime to get malloc hooking.
This looks like it's ok now on http://tinderbox.mozilla.org/SeaMonkey/ . Marking worksforme; not sure when it was fixed.
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: