Closed
Bug 411249
Opened 17 years ago
Closed 16 years ago
Top crash [@ jsds_ScriptHookProc][@jsds_ScriptHookProc(JSDContext*, JSDScript*, int, void*)] on shutdown with Firebug 1.1.0b10 installed
Categories
(Other Applications Graveyard :: Venkman JS Debugger, defect, P1)
Other Applications Graveyard
Venkman JS Debugger
Tracking
(Not tracked)
VERIFIED
FIXED
mozilla1.9beta3
People
(Reporter: samuel.sidler+old, Assigned: timeless)
References
()
Details
(5 keywords, Whiteboard: ["testcase" listed in comment 2])
Crash Data
Attachments
(1 file)
757 bytes,
patch
|
Gijs
:
review+
beltzner
:
approval1.9b3+
beltzner
:
approval1.9+
|
Details | Diff | Splinter Review |
There's a new topcrash that seems to have started around December 31. See bp-c650086b-bdb2-11dc-a707-001a4bd43e5c and others based on the query in the URL field. Crashing Thread Frame Signature Source 0 jsds_ScriptHookProc mozilla/js/jsd/jsd_xpc.cpp:707 1 jsd_DestroyScriptHookProc mozilla/js/jsd/jsd_scpt.c:630 2 js_CallDestroyScriptHook 3 js_DestroyScript 4 js_FinalizeFunction 5 js_GC 6 JS_GC 7 nsXPConnect::Collect() mozilla/js/src/xpconnect/src/nsXPConnect.cpp:516 8 nsCycleCollector::Collect(unsigned int) mozilla/xpcom/base/nsCycleCollector.cpp:2128 9 nsCycleCollector::Shutdown() mozilla/xpcom/base/nsCycleCollector.cpp:2283 10 nsCycleCollector_shutdown() mozilla/xpcom/base/nsCycleCollector.cpp:2701 11 NS_ShutdownXPCOM_P mozilla/xpcom/build/nsXPComInit.cpp:785 12 ScopedXPCOMStartup::~ScopedXPCOMStartup() mozilla/toolkit/xre/nsAppRunner.cpp:898 13 XRE_main mozilla/toolkit/xre/nsAppRunner.cpp:3249 14 NS_internal_main(int, char**) mozilla/browser/app/nsBrowserApp.cpp:158 15 wmain mozilla/toolkit/xre/nsWindowsWMain.cpp:55 16 __tmainCRTStartup crtexe.c:594 17 BaseProcessStart
Flags: blocking1.9?
Reporter | ||
Comment 1•17 years ago
|
||
This seems to be crashing @ jsds_ScriptHookProc(JSDContext*, JSDScript*, int, void*) on Linux and Mac. See bp-5380a87a-bdae-11dc-9a7e-001a4bd43ef6 http://crash-stats.mozilla.com/report/list?range_unit=weeks&version=Firefox%3A3.0b3pre&range_value=2&signature=jsds_ScriptHookProc%28JSDContext%2A%2C+JSDScript%2A%2C+int%2C+void%2A%29
OS: Windows XP → All
Hardware: PC → All
Summary: Top crash [@ jsds_ScriptHookProc] → Top crash [@ jsds_ScriptHookProc][@jsds_ScriptHookProc(JSDContext*, JSDScript*, int, void*)]
Comment 2•17 years ago
|
||
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b3pre) Gecko/2008010705 Minefield/3.0b3pre ID:2008010705 It happens for me on each shutdown of Minefield after I have installed Firebug 1.1.0b10. I'm sure that I was also seeing this with my OS X debug build. I could try to run a debug session today evening.
Comment 3•17 years ago
|
||
(gdb) frame 0 #0 0x2f132e03 in jsds_ScriptHookProc (jsdc=0x36873840, jsdscript=0x3aba7bb0, creating=0, callerdata=0x0) at /Users/henrik/Projects/mozilla/source/mozilla/js/jsd/jsd_xpc.cpp:707 707 gJsds->GetScriptHook (getter_AddRefs(hook)); (gdb) p gJsds $1 = (jsdService *) 0x0
Comment 5•17 years ago
|
||
i confirm too, i see this with firebug 1.1.0b10 installed in my profile. this has crashed multiple times for me with the same stack. Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.4; es-ES; rv:1.9b3pre) Gecko/2008010904 Minefield/3.0b3pre Stacktraces: http://crash-stats.mozilla.com/report/index/2ee93478-beec-11dc-a68f-001a4bd43ef6?date=2008-01-09-19 http://crash-stats.mozilla.com/report/index/ed9bbbb5-bee4-11dc-b5e9-001a4bd43ef6?date=2008-01-09-18
Comment 6•17 years ago
|
||
As I said on the duplicate: Firebug could call jsd.off() in its ShutdownObserver. I also wonder if that would help the FF2 crash on jsds_NotifyPendingDeadScripts,which also happens on exit.
Comment 7•17 years ago
|
||
So is this an extension issue only or a core one which is raised by Firebug? I don't know for what jsd.off() is used for. But anyway, an extension shouldn't crash Firefox.
Comment 8•17 years ago
|
||
(In reply to comment #7) > So is this an extension issue only or a core one which is raised by Firebug? I > don't know for what jsd.off() is used for. > > But anyway, an extension shouldn't crash Firefox. > Core, since as you say javascript should not crash Firefox. However, I *might* be able to make the only case that triggers it go away. In which case you might work on 391280 which blocks me from work on FF3. (If you can crash with firebug unpacked from .jar file, you can add jsd.off() just b4 jsd=null in the shutdown method of firebug-service.js).
Reporter | ||
Updated•17 years ago
|
Priority: -- → P1
Whiteboard: ["testcase" listed in comment 2]
Reporter | ||
Updated•17 years ago
|
Summary: Top crash [@ jsds_ScriptHookProc][@jsds_ScriptHookProc(JSDContext*, JSDScript*, int, void*)] → Top crash [@ jsds_ScriptHookProc][@jsds_ScriptHookProc(JSDContext*, JSDScript*, int, void*)] on shutdown with Firebug 1.1.0b10 installed
Comment 9•17 years ago
|
||
(In reply to comment #8) > unpacked from .jar file, you can add jsd.off() just b4 jsd=null in the shutdown > method of firebug-service.js). That's the solution. After adding jsd.off() no more crash happens on shutdown.
Updated•17 years ago
|
Flags: blocking1.9? → blocking1.9+
Priority: P1 → P2
Comment 10•17 years ago
|
||
Does it mean that each registered debugger has to unregister itself on shutdown at the moment?
Comment 11•17 years ago
|
||
(In reply to comment #10) > Does it mean that each registered debugger has to unregister itself on shutdown > at the moment? > I'm not sure if you are asking about firebug-service registerDebugger or jsd? if jsd, then yes that list is short, venkman, firebug, any other?
Comment 12•17 years ago
|
||
I just asked because without this unregister process we run into this crash. From a js-novice point of view it looks like that the js debugger service doesn't wait that running debuggers (in that case Firebug) are stopped while running its own dtor. So if Firebug wants to access the service it will crash.
Assignee | ||
Comment 13•17 years ago
|
||
3152 NS_IMETHODIMP 3153 jsdService::SetScriptHook (jsdIScriptHook *aHook) 3154 { 3163 if (aHook) 3164 JSD_SetScriptHook (mCx, jsds_ScriptHookProc, NULL); 3165 /* we can't unset it if !aHook, because we still need to see script 3166 * deletes in order to Release the jsdIScripts held in JSDScript 3167 * private data. */ 698 jsds_ScriptHookProc (JSDContext* jsdc, JSDScript* jsdscript, JSBool creating, 699 void* callerdata) 700 { 707 gJsds->GetScriptHook (getter_AddRefs(hook)); 3265 jsdService::~jsdService() 3266 { 3268 Off(); 3269 gJsds = nsnull; http://bonsai.mozilla.org/cvsblame.cgi?file=/mozilla/js/jsd/jsd_xpc.cpp&rev=1.16&mark=922,1165 Shows this comment stuff used to be valid. http://bonsai.mozilla.org/cvsblame.cgi?file=/mozilla/extensions/venkman/resources/content/venkman-debugger.js&rev=1.14&mark=414#393 venkman started using the hook in: 1.11 <rginda@netscape.com> 2001-05-04 15:32 http://bonsai.mozilla.org/cvsview2.cgi?diff_mode=context&whitespace_mode=show&root=/cvsroot&subdir=/mozilla/js/jsd&command=DIFF_FRAMESET&file=jsd_xpc.cpp&rev2=1.29&rev1=1.28 1.29 <rginda@netscape.com> 2002-01-11 16:56 bug 115695, rs=brendan, venkman only netive changes relating to pretty print support, includes... * remove jsdIPC interface, replaced with ulong offsets from PC 0. * add |pcmap| parameter to select between sourcetext/prettyprint linemaps (pcToLine, lineToPc, and isLineExecutable.) * add |functionSource| property to jsdIScript. * add |tag| to jsdIScript. * fixed potential jsdIScript leaks. Is what introduced this change on the jsd_xpc side. from my perspective, jsd_xpc is buggy. And so, I'm going to take this bug. If someone wants to figure out how the cycle collector or JS_Debug apis changed, that's fine by me, but I'm going to try my side using this bug :)
Assignee: general → rginda
Component: JavaScript Engine → JavaScript Debugger
Product: Core → Other Applications
QA Contact: general → venkman
Assignee | ||
Comment 14•17 years ago
|
||
Comment 15•17 years ago
|
||
Drivers: can we get this approved for beta 3? it's a top crash.
Priority: P2 → P1
Target Milestone: --- → mozilla1.9beta3
Comment 16•17 years ago
|
||
If anyone will work on 391280 I'll ask xucia to build Firebug with the workaround.
Comment 17•17 years ago
|
||
Comment on attachment 298547 [details] [diff] [review] handle two unclearable callback cases rs=me Timeless, could you ask for approval to get this in?
Attachment #298547 -
Flags: review? → review+
Assignee | ||
Comment 18•17 years ago
|
||
Comment on attachment 298547 [details] [diff] [review] handle two unclearable callback cases not quite sure how to do that :)
Attachment #298547 -
Flags: approval1.9b3?
Attachment #298547 -
Flags: approval1.9?
Comment 19•17 years ago
|
||
Comment on attachment 298547 [details] [diff] [review] handle two unclearable callback cases a=beltzner for 1.9 and beta 3 (timeless: that's how!)
Attachment #298547 -
Flags: approval1.9b3?
Attachment #298547 -
Flags: approval1.9b3+
Attachment #298547 -
Flags: approval1.9?
Attachment #298547 -
Flags: approval1.9+
Assignee | ||
Comment 20•17 years ago
|
||
Comment on attachment 298547 [details] [diff] [review] handle two unclearable callback cases mozilla/js/jsd/jsd_xpc.cpp 1.85
Status: ASSIGNED → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED
Comment 21•17 years ago
|
||
No crash on shutdown with Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.4; en-US; rv:1.9b3pre) Gecko/2008020104 Minefield/3.0b3pre ID:2008020104 anymore => Verified. Thanks timeless.
Status: RESOLVED → VERIFIED
Comment 22•16 years ago
|
||
Got this crash again some minutes ago with Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.4; en-US; rv:1.9b4pre) Gecko/2008030111 Minefield/3.0b4pre ID:2008030111 Breakpad id: bp-5468657a-e7ed-11dc-b9eb-001a4bd43ed6 The strack trace looks a bit different now: 0 jsds_ScriptHookProc(JSDContext*, JSDScript*, int, void*) mozilla/js/jsd/jsd_xpc.cpp:716 1 jsd_DestroyScriptHookProc mozilla/js/jsd/jsd_scpt.c:630 2 js_DestroyScript mozilla/js/src/jsscript.c:1504 3 js_FinalizeObject mozilla/js/src/jsobj.c:2817 4 js_GC mozilla/js/src/jsgc.c:3224 5 JS_GC mozilla/js/src/jsapi.c:2393 6 nsXPConnect::Collect() mozilla/js/src/xpconnect/src/nsXPConnect.cpp:526 7 nsCycleCollector::Collect(unsigned int) mozilla/xpcom/base/nsCycleCollector.cpp:2191
Status: VERIFIED → REOPENED
Resolution: FIXED → ---
Target Milestone: mozilla1.9beta3 → ---
Comment 23•16 years ago
|
||
Just to verify Henrik, you are running as-released firebug-1.1b10? The firebug-1.1b12 from http://getfirebug.com/releases has the jsd.off() call and I'm hope we don't get this crash.
Assignee | ||
Comment 24•16 years ago
|
||
that's a different crash, it should be fixed by attachment 305891 [details] [diff] [review], it's in the wrong bug, but....
Status: REOPENED → RESOLVED
Closed: 17 years ago → 16 years ago
Resolution: --- → FIXED
Comment 25•16 years ago
|
||
Indeed. After upgrading to Firefox 3 for my daily profile yesterday I didn't noticed that Firebug 1.05 was installed. So it's really a different issue. Resetting target milestone.
Status: RESOLVED → VERIFIED
Target Milestone: --- → mozilla1.9beta3
Updated•13 years ago
|
Crash Signature: [@ jsds_ScriptHookProc]
[@jsds_ScriptHookProc(JSDContext*, JSDScript*, int, void*)]
Updated•6 years ago
|
Product: Other Applications → Other Applications Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•