Closed Bug 397103 Opened 18 years ago Closed 18 years ago

Rlk/Lk regression in crash reporter setup code

Categories

(Toolkit :: Crash Reporting, defect, P2)

x86
Linux
defect

Tracking

()

RESOLVED FIXED

People

(Reporter: preed, Assigned: ted)

References

Details

(Keywords: memory-leak)

Attachments

(3 files)

A little bit of fallout from bug 396805: looks like RLk and Lk numbers regressed a bit from deploying the new reference platform on the leaktest/debug machine: Before: http://tinderbox.mozilla.org/showlog.cgi?log=Firefox/1190404380.1190404829.7561.gz&fulltext=1 After: http://tinderbox.mozilla.org/showlog.cgi?log=Firefox/1190405760.1190406702.15924.gz&fulltext=1 The compiler did change: Before: Compiler is -- gcc (gcc (GCC) 4.1.2 20061011 (Red Hat 4.1.1-29) After: Compiler is -- gcc (gcc (GCC) 4.1.1 20070105 (Red Hat 4.1.1-52) bsmedberg said something about the new compiler we using doing... something differently, that might affect this, but... I unfortunately can't remember all the details.
I could understand the changes (RLk from 0 to 8 bytes, Lk from 1.5meg to 4.5meg) being due to a change in system library versions: the former because we turned on support for something that has a string leak due to autodetection of build options in configure; the latter because a system library is really leaky. It looks from the log like the first run showing up on tinderbox wasn't actually the first run. Any idea where I could see the log for the actual first successful run?
What was the OS before? If it was CentOS4.3 and now we're using 5, I'd suspect new features that weren't compiled in with 4.3, namely gnomevfs and desktop integration support.
(In reply to comment #2) > What was the OS before? If it was CentOS4.3 and now we're using 5, I'd suspect > new features that weren't compiled in with 4.3, namely gnomevfs and desktop > integration support. It was CentOS 4.4 and now we're using 5, yeah, with the new "custom" compiler. :-) (In reply to comment #1) > It looks from the log like the first run showing up on tinderbox wasn't > actually the first run. Any idea where I could see the log for the actual > first successful run? Yah, sorry about that; it was reporting into MozillaExperimental for a day or so beforehand: http://tinderbox.mozilla.org/showbuilds.cgi?tree=MozillaExperimental&maxdate=1190367891&hours=24&legend=0&norules=1 I can clobber this build if it would help with some debugging or some such.
Never mind -- the first build actually isn't helpful. It wouldn't surprise me if we just picked up a leakier version of pango, actually.
Version: 1.5.0.x Branch → Trunk
Summary: Rlk/Lk regression with new reference platform → Rlk/Lk regression due to deploying new reference platform
Blocks: 390916
We could figure out what's being leaked by seeing what's in the leaked nsStringBuffer or by finding where it was allocated. I've attached a set of untested gdb commands which give the contents of the string being leaked, which should be enough to figure out what's in the string being leaked. (It's almost copy-and-paste, but you need to read some printed output at one point.) Also, the file created by the following command (might need to pull tools/rb): cat /tmp/stringbuffer-leaks.txt | tools/rb/fix-linux-stack.pl > fixed-leaks.txt will give enough info to determine where the leaked string was allocated. Could someone with shell access to fxdbug-linux-tbox run gdb on the firefox-bin and run the commands in the file, then the shell command, from mozilla/, and report on the results? You'll probably have to briefly stop the continuous building to do so.
Keywords: mlk
Moving to Build so that they can help figure out the leak.
Component: General → Build & Release
Product: Firefox → mozilla.org
QA Contact: general → build
Version: Trunk → other
Assignee: nobody → ccooper
Priority: -- → P2
Status: NEW → ASSIGNED
Comment on attachment 282205 [details] gdb instructions for figuring out what leaked Jeff: I tried your gdb script today without success. The breakpoint you provided was never hit, the program ran to completion and exited normally. When I initially set it up, I saw: (gdb) b nsTraceRefcntImpl.c:526 No source file named nsTraceRefcntImpl.c. Make breakpoint pending on future shared library load? (y or [n]) y Breakpoint 1 (nsTraceRefcntImpl.c:526) pending. Expected? Since it ran to completion, I now have an enormous (660 MB) log file of questionable value. Let me know if you want it.
You could run mozilla/tools/rb/find-leakers.pl log and then mozilla/tools/rb/make-tree.pl --object 0xADDRESS-THAT-FIND-LEAKERS-PRINTS < log | mozilla/tools/rb/fix-linux-stack.pl > tree and then attach tree to this bug.
(And you need to run that in the directory that the build was run in, since there will be relative paths in log that fix-linux-stack needs to fix.)
(In reply to comment #7) > Expected? Oh, blah. That should have been nsTraceRefcntImpl.cpp (note the "pp"). But yeah, the find-leakers.pl script should still work fine. I also tried reproducing this locally in a VM, on the guess that it was something in the crashreporter code as dbaron said he builds with it disabled, but I got nothing. I'm trying again with what I hope is a config closer to what I see in logs, but I doubt I'll be able to reproduce it either.
I changed the filename, but was still unable to hit the breakpoint. I checked mxr and nsTraceRefcntImpl.cpp:526 is a blank line. I *was* able to hit the breakpoint when I switched it to line 527, the first line of the "done:" block: http://mxr.mozilla.org/seamonkey/source/xpcom/base/nsTraceRefcntImpl.cpp#527 ...however, i still couldn't grab the address using any of the commands listed: Breakpoint 2, nsTraceRefcntImpl::DumpStatistics ( type=nsTraceRefcntImpl::ALL_STATS, out=0x10a84c0) at /builds/tinderbox/Fx-Trunk-Memtest/Linux_2.6.18-8.el5_Depend/mozilla/xpcom/base/nsTraceRefcntImpl.cpp:528 528 gLogging = wasLogging; (gdb) p (char*)(((nsStringBuffer*)ADDRESS) + 1) No symbol "ADDRESS" in current context. (gdb) p (wchar_t*)(((nsStringBuffer*)ADDRESS) + 1) No symbol "ADDRESS" in current context. (gdb) x/NUMBERch (((nsStringBuffer*)ADDRESS) + 1) No symbol "NUMBERch" in current context. I do have the log file, so I'll spend some time this morning running the various commands listed in the comments above and will post the results.
Attachment #286014 - Attachment mime type: application/octet-stream → text/plain
Attachment #286014 - Attachment mime type: text/plain → application/x-bzip2
Looks like it's: static nsCString* crashReporterAPIData = nsnull; in nsExceptionHandler.cpp.
I suspect this is also showing up on the new Windows leak test tinderbox.
Assignee: ccooper → nobody
Status: ASSIGNED → NEW
Component: Build & Release → Breakpad Integration
OS: Linux → All
Product: mozilla.org → Toolkit
QA Contact: build → breakpad.integration
Hardware: PC → All
Version: other → Trunk
Guess this is mine then. Looks like we don't delete that in cleanup.
OS: All → Linux
Hardware: All → PC
Assignee: nobody → ted.mielczarek
Attachment #286018 - Flags: review?(benjamin)
Comment on attachment 286018 [details] [diff] [review] cleanup crashReporterAPIData bsmedberg is probably travelling, let's expedite this.
Attachment #286018 - Flags: review?(benjamin) → review?(dbaron)
Comment on attachment 286018 [details] [diff] [review] cleanup crashReporterAPIData r=dbaron
Attachment #286018 - Flags: review?(dbaron) → review+
Comment on attachment 286018 [details] [diff] [review] cleanup crashReporterAPIData Trivial leak fix, would love to get this landed.
Attachment #286018 - Flags: approvalM9?
Comment on attachment 286018 [details] [diff] [review] cleanup crashReporterAPIData a=endgame drivers for M9 landing
Attachment #286018 - Flags: approvalM9? → approvalM9+
(In reply to comment #11) > ...however, i still couldn't grab the address using any of the commands listed: Not that it matters now, but your problem was you didn't replace ADDRESS with the hex address that should have been printed out when the breakpoint was hit. The first command spews out enough data to show that the string contains the application settings, which would have been enough to figure out where the leak was. (I actually thought it might be the eventual variable discovered here, just by code inspection, but I assumed my builds were actually running the relevant code when they weren't and didn't mention it. :-\ ) So what the problem came down to with respect to why I wasn't hitting this was that there's no "Enabled=1" line in Firefox's application.ini, or MOZ_CRASHREPORTER isn't set in the environment; with either of those I get the leak. I'm *still* not sure from looking at the logs how the tinderboxen are actually getting the crash reporter code to run, because I don't see another .ini file or the variable in the envvars listing. Is there anything we can do to make this code run in homegrown builds without actually have it submit any data, or something like that so that we get greater visibility into these problems in the future?
I'm wondering if we didn't have MOZ_CRASHREPORTER_DISABLE set on the old tinderbox, and that was why this looked like a regression due to the tinderbox change. Also, I wonder if that isn't set on the OS X tinderbox. The proper env var to use, IMO, is MOZ_CRASHREPORTER_NO_REPORT, which still sets the exception handler and everything, but doesn't run the crash reporter client. This way all the setup code is still executed. Anyway, checked in.
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED
Summary: Rlk/Lk regression due to deploying new reference platform → Rlk/Lk regression in crash reporter setup code
Didn't see Waldo's comment there, but Waldo: that Enabled=1 gets stuck in application.ini when MOZILLA_OFFICIAL is defined. Alternatively, you can set MOZ_CRASHREPORTER=1 in your environment to force it on at runtime. Thanks for all the debugging!
For the record, I think this bug really ended up being about the RLk regression; I suspect the Lk regression isn't worth chasing down because it's probably just leaks in system libraries (or failure to shut down).
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: