Closed Bug 411249 Opened 18 years ago Closed 17 years ago

Top crash [@ jsds_ScriptHookProc][@jsds_ScriptHookProc(JSDContext*, JSDScript*, int, void*)] on shutdown with Firebug 1.1.0b10 installed

Categories

(Other Applications Graveyard :: Venkman JS Debugger, defect, P1)

Product:
Other Applications Graveyard
Component:
Venkman JS Debugger
Type:
defect

Tracking

(Not tracked)

Status:
VERIFIED FIXED
Milestone:
mozilla1.9beta3

People

(Reporter: samuel.sidler+old, Assigned: timeless)

References

(
URL
)

Details

(5 keywords, Whiteboard: ["testcase" listed in comment 2])

Crash Data

Attachments

(1 file)

handle two unclearable callback cases
757 bytes, patch
Gijs
: review+
beltzner
: approval1.9b3+
beltzner
: approval1.9+
Details | Diff | Splinter Review
There's a new topcrash that seems to have started around December 31. See bp-c650086b-bdb2-11dc-a707-001a4bd43e5c and others based on the query in the URL field. Crashing Thread Frame Signature Source 0 jsds_ScriptHookProc mozilla/js/jsd/jsd_xpc.cpp:707 1 jsd_DestroyScriptHookProc mozilla/js/jsd/jsd_scpt.c:630 2 js_CallDestroyScriptHook 3 js_DestroyScript 4 js_FinalizeFunction 5 js_GC 6 JS_GC 7 nsXPConnect::Collect() mozilla/js/src/xpconnect/src/nsXPConnect.cpp:516 8 nsCycleCollector::Collect(unsigned int) mozilla/xpcom/base/nsCycleCollector.cpp:2128 9 nsCycleCollector::Shutdown() mozilla/xpcom/base/nsCycleCollector.cpp:2283 10 nsCycleCollector_shutdown() mozilla/xpcom/base/nsCycleCollector.cpp:2701 11 NS_ShutdownXPCOM_P mozilla/xpcom/build/nsXPComInit.cpp:785 12 ScopedXPCOMStartup::~ScopedXPCOMStartup() mozilla/toolkit/xre/nsAppRunner.cpp:898 13 XRE_main mozilla/toolkit/xre/nsAppRunner.cpp:3249 14 NS_internal_main(int, char**) mozilla/browser/app/nsBrowserApp.cpp:158 15 wmain mozilla/toolkit/xre/nsWindowsWMain.cpp:55 16 __tmainCRTStartup crtexe.c:594 17 BaseProcessStart
Flags: blocking1.9?
This seems to be crashing @ jsds_ScriptHookProc(JSDContext*, JSDScript*, int, void*) on Linux and Mac. See bp-5380a87a-bdae-11dc-9a7e-001a4bd43ef6 http://crash-stats.mozilla.com/report/list?range_unit=weeks&version=Firefox%3A3.0b3pre&range_value=2&signature=jsds_ScriptHookProc%28JSDContext%2A%2C+JSDScript%2A%2C+int%2C+void%2A%29
OS: Windows XP → All
Hardware: PC → All
Summary: Top crash [@ jsds_ScriptHookProc] → Top crash [@ jsds_ScriptHookProc][@jsds_ScriptHookProc(JSDContext*, JSDScript*, int, void*)]
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b3pre) Gecko/2008010705 Minefield/3.0b3pre ID:2008010705 It happens for me on each shutdown of Minefield after I have installed Firebug 1.1.0b10. I'm sure that I was also seeing this with my OS X debug build. I could try to run a debug session today evening.
(gdb) frame 0 #0 0x2f132e03 in jsds_ScriptHookProc (jsdc=0x36873840, jsdscript=0x3aba7bb0, creating=0, callerdata=0x0) at /Users/henrik/Projects/mozilla/source/mozilla/js/jsd/jsd_xpc.cpp:707 707 gJsds->GetScriptHook (getter_AddRefs(hook)); (gdb) p gJsds $1 = (jsdService *) 0x0
i confirm too, i see this with firebug 1.1.0b10 installed in my profile. this has crashed multiple times for me with the same stack. Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.4; es-ES; rv:1.9b3pre) Gecko/2008010904 Minefield/3.0b3pre Stacktraces: http://crash-stats.mozilla.com/report/index/2ee93478-beec-11dc-a68f-001a4bd43ef6?date=2008-01-09-19 http://crash-stats.mozilla.com/report/index/ed9bbbb5-bee4-11dc-b5e9-001a4bd43ef6?date=2008-01-09-18
As I said on the duplicate: Firebug could call jsd.off() in its ShutdownObserver. I also wonder if that would help the FF2 crash on jsds_NotifyPendingDeadScripts,which also happens on exit.
So is this an extension issue only or a core one which is raised by Firebug? I don't know for what jsd.off() is used for. But anyway, an extension shouldn't crash Firefox.
(In reply to comment #7) > So is this an extension issue only or a core one which is raised by Firebug? I > don't know for what jsd.off() is used for. > > But anyway, an extension shouldn't crash Firefox. > Core, since as you say javascript should not crash Firefox. However, I *might* be able to make the only case that triggers it go away. In which case you might work on 391280 which blocks me from work on FF3. (If you can crash with firebug unpacked from .jar file, you can add jsd.off() just b4 jsd=null in the shutdown method of firebug-service.js).
Keywords: regression, testcase, topcrash+
Priority: -- → P1
Whiteboard: ["testcase" listed in comment 2]
Summary: Top crash [@ jsds_ScriptHookProc][@jsds_ScriptHookProc(JSDContext*, JSDScript*, int, void*)] → Top crash [@ jsds_ScriptHookProc][@jsds_ScriptHookProc(JSDContext*, JSDScript*, int, void*)] on shutdown with Firebug 1.1.0b10 installed
(In reply to comment #8) > unpacked from .jar file, you can add jsd.off() just b4 jsd=null in the shutdown > method of firebug-service.js). That's the solution. After adding jsd.off() no more crash happens on shutdown.
Flags: blocking1.9? → blocking1.9+
Priority: P1 → P2
Does it mean that each registered debugger has to unregister itself on shutdown at the moment?
(In reply to comment #10) > Does it mean that each registered debugger has to unregister itself on shutdown > at the moment? > I'm not sure if you are asking about firebug-service registerDebugger or jsd? if jsd, then yes that list is short, venkman, firebug, any other?
I just asked because without this unregister process we run into this crash. From a js-novice point of view it looks like that the js debugger service doesn't wait that running debuggers (in that case Firebug) are stopped while running its own dtor. So if Firebug wants to access the service it will crash.
3152 NS_IMETHODIMP 3153 jsdService::SetScriptHook (jsdIScriptHook *aHook) 3154 { 3163 if (aHook) 3164 JSD_SetScriptHook (mCx, jsds_ScriptHookProc, NULL); 3165 /* we can't unset it if !aHook, because we still need to see script 3166 * deletes in order to Release the jsdIScripts held in JSDScript 3167 * private data. */ 698 jsds_ScriptHookProc (JSDContext* jsdc, JSDScript* jsdscript, JSBool creating, 699 void* callerdata) 700 { 707 gJsds->GetScriptHook (getter_AddRefs(hook)); 3265 jsdService::~jsdService() 3266 { 3268 Off(); 3269 gJsds = nsnull; http://bonsai.mozilla.org/cvsblame.cgi?file=/mozilla/js/jsd/jsd_xpc.cpp&rev=1.16&mark=922,1165 Shows this comment stuff used to be valid. http://bonsai.mozilla.org/cvsblame.cgi?file=/mozilla/extensions/venkman/resources/content/venkman-debugger.js&rev=1.14&mark=414#393 venkman started using the hook in: 1.11 <rginda@netscape.com> 2001-05-04 15:32 http://bonsai.mozilla.org/cvsview2.cgi?diff_mode=context&whitespace_mode=show&root=/cvsroot&subdir=/mozilla/js/jsd&command=DIFF_FRAMESET&file=jsd_xpc.cpp&rev2=1.29&rev1=1.28 1.29 <rginda@netscape.com> 2002-01-11 16:56 bug 115695, rs=brendan, venkman only netive changes relating to pretty print support, includes... * remove jsdIPC interface, replaced with ulong offsets from PC 0. * add |pcmap| parameter to select between sourcetext/prettyprint linemaps (pcToLine, lineToPc, and isLineExecutable.) * add |functionSource| property to jsdIScript. * add |tag| to jsdIScript. * fixed potential jsdIScript leaks. Is what introduced this change on the jsd_xpc side. from my perspective, jsd_xpc is buggy. And so, I'm going to take this bug. If someone wants to figure out how the cycle collector or JS_Debug apis changed, that's fine by me, but I'm going to try my side using this bug :)
Assignee: general → rginda
Component: JavaScript Engine → JavaScript Debugger
Product: Core → Other Applications
QA Contact: general → venkman
Assignee: rginda → timeless
Status: NEW → ASSIGNED
Attachment #298547 - Flags: review?
Drivers: can we get this approved for beta 3? it's a top crash.
Priority: P2 → P1
Target Milestone: --- → mozilla1.9beta3
If anyone will work on 391280 I'll ask xucia to build Firebug with the workaround.
Comment on attachment 298547 [details] [diff] [review] handle two unclearable callback cases rs=me Timeless, could you ask for approval to get this in?
Attachment #298547 - Flags: review? → review+
Comment on attachment 298547 [details] [diff] [review] handle two unclearable callback cases not quite sure how to do that :)
Attachment #298547 - Flags: approval1.9b3?
Attachment #298547 - Flags: approval1.9?
Comment on attachment 298547 [details] [diff] [review] handle two unclearable callback cases a=beltzner for 1.9 and beta 3 (timeless: that's how!)
Attachment #298547 - Flags: approval1.9b3?
Attachment #298547 - Flags: approval1.9b3+
Attachment #298547 - Flags: approval1.9?
Attachment #298547 - Flags: approval1.9+
Comment on attachment 298547 [details] [diff] [review] handle two unclearable callback cases mozilla/js/jsd/jsd_xpc.cpp 1.85
Status: ASSIGNED → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED
No crash on shutdown with Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.4; en-US; rv:1.9b3pre) Gecko/2008020104 Minefield/3.0b3pre ID:2008020104 anymore => Verified. Thanks timeless.
Status: RESOLVED → VERIFIED
Got this crash again some minutes ago with Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.4; en-US; rv:1.9b4pre) Gecko/2008030111 Minefield/3.0b4pre ID:2008030111 Breakpad id: bp-5468657a-e7ed-11dc-b9eb-001a4bd43ed6 The strack trace looks a bit different now: 0 jsds_ScriptHookProc(JSDContext*, JSDScript*, int, void*) mozilla/js/jsd/jsd_xpc.cpp:716 1 jsd_DestroyScriptHookProc mozilla/js/jsd/jsd_scpt.c:630 2 js_DestroyScript mozilla/js/src/jsscript.c:1504 3 js_FinalizeObject mozilla/js/src/jsobj.c:2817 4 js_GC mozilla/js/src/jsgc.c:3224 5 JS_GC mozilla/js/src/jsapi.c:2393 6 nsXPConnect::Collect() mozilla/js/src/xpconnect/src/nsXPConnect.cpp:526 7 nsCycleCollector::Collect(unsigned int) mozilla/xpcom/base/nsCycleCollector.cpp:2191
Status: VERIFIED → REOPENED
Resolution: FIXED → ---
Target Milestone: mozilla1.9beta3 → ---
Just to verify Henrik, you are running as-released firebug-1.1b10? The firebug-1.1b12 from http://getfirebug.com/releases has the jsd.off() call and I'm hope we don't get this crash.
that's a different crash, it should be fixed by attachment 305891 [details] [diff] [review], it's in the wrong bug, but....
Status: REOPENED → RESOLVED
Closed: 18 years ago17 years ago
Resolution: --- → FIXED
Indeed. After upgrading to Firefox 3 for my daily profile yesterday I didn't noticed that Firebug 1.05 was installed. So it's really a different issue. Resetting target milestone.
Status: RESOLVED → VERIFIED
Target Milestone: --- → mozilla1.9beta3
Crash Signature: [@ jsds_ScriptHookProc] [@jsds_ScriptHookProc(JSDContext*, JSDScript*, int, void*)]
Product: Other Applications → Other Applications Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: