Open Bug 471769 Opened 14 years ago Updated 3 years ago

nsGlobalWindow can't call getService from its destructor

Categories

(Core :: DOM: Core & HTML, defect, P5)

x86
Windows XP
defect

Tracking

()

People

(Reporter: timeless, Unassigned)

References

(Blocks 1 open bug)

Details

Attachments

(1 obsolete file)

While this is probably at least partly a bug in xpconnect, however I think there are too many other cases where things like this could happen.

xpcom_core!NS_DebugBreak_P(unsigned int aSeverity = 1, char * aStr = 0x0012f20c "Potential deadlock between XPCJSRuntime::mMapLockMonitor@da9290 and nsComponentManagerImplMonitor@ced098", char * aExpr = 0x0035057c "Error", char * aFile = 0x00350518 "c:/home/mozilla.org/comm-central/dbg-thunderbird-i686-pc-mingw32/mozilla/xpcom/build/nsAutoLock.cpp", int aLine = 318)+0x2a4
xpcom_core!nsAutoLockBase::nsAutoLockBase(void * addr = 0x00ced098, nsAutoLockBase::nsAutoLockType type = eAutoMonitor (1))+0x138
xpcom_core!nsAutoMonitor::nsAutoMonitor(struct PRMonitor * mon = 0x00ced098)+0x15
xpcom_core!nsComponentManagerImpl::GetServiceByContractID
xpcom_core!CallGetService(char * aContractID = 0x02e0adf4 "@mozilla.org/observer-service;1", struct nsID * aIID = 0x02c7c5e0, void ** aResult = 0x0012f370)+0x4d
xpcom_core!nsGetServiceByContractID::operator()
gklayout!nsCOMPtr<nsIObserverService>::assign_from_gs_contractid
gklayout!nsCOMPtr<nsIObserverService>::nsCOMPtr<nsIObserverService>
gklayout!nsGlobalWindow::~nsGlobalWindow
gklayout!nsGlobalChromeWindow::~nsGlobalChromeWindow
gklayout!nsGlobalChromeWindow::`scalar deleting destructor'
gklayout!nsGlobalWindow::Release
gklayout!nsGlobalChromeWindow::Release
xpc3250!nsCOMPtr<nsIScriptObjectPrincipal>::~nsCOMPtr<nsIScriptObjectPrincipal>
xpc3250!XPCWrappedNativeScope::~XPCWrappedNativeScope
xpc3250!XPCWrappedNativeScope::`scalar deleting destructor'
xpc3250!XPCWrappedNativeScope::KillDyingScopes
    // FIXME The lock may not be necessary since we are inside
    // JSGC_FINALIZE_END callback and at this point GC still serializes access
    // to JS runtime. See bug 380139.
    XPCAutoLock lock(rt->GetMapLock());
    KillDyingScopes();

xpc3250!XPCWrappedNativeScope::FinishedFinalizationPhaseOfGC
xpc3250!XPCJSRuntime::GCCallback
gklayout!DOMGCCallback(struct JSContext * cx = 0x01e4cb70, JSGCStatus status = JSGC_FINALIZE_END (3))+0x1d
js3250!js_GC
js3250!js_DestroyContext
js3250!JS_DestroyContext(struct JSContext * cx = 0x01e4cb70)+0xe
xpc3250!nsXPConnect::ReleaseJSContext
gklayout!nsJSContext::Unlink
gklayout!nsJSContext::~nsJSContext
gklayout!nsJSContext::`scalar deleting destructor'
gklayout!nsJSContext::Release
xpcom_core!nsCOMPtr<nsITimerCallback>::assign_assuming_AddRef
xpcom_core!nsCOMPtr<nsITimerCallback>::assign_with_AddRef
xpcom_core!nsCOMPtr<nsITimerCallback>::operator=
xpcom_core!nsTimerImpl::Fire
xpcom_core!nsTimerEvent::Run
xpcom_core!nsThread::ProcessNextEvent
xpcom_core!NS_ProcessNextEvent_P
gkwidget!nsBaseAppShell::Run
tkitcmps!nsAppStartup::Run
xul!XRE_main
Attachment #355021 - Flags: review?(jst)
Blocks: 471796
Comment on attachment 355021 [details] [diff] [review]
don't use getservice from the destructor

Peter, we wouldn't need to do anything with the cycle collector here to avoid leaking would we?
Attachment #355021 - Flags: superreview?(peterv)
Attachment #355021 - Flags: review?(jst)
Attachment #355021 - Flags: review+
Comment on attachment 355021 [details] [diff] [review]
don't use getservice from the destructor

Observer service doesn't participate in cycle collection, so this should be ok.
Attachment #355021 - Flags: superreview?(peterv) → superreview+
Comment on attachment 355021 [details] [diff] [review]
don't use getservice from the destructor

This causes shutdown assertions:

###!!! ASSERTION: Using observer service after XPCOM shutdown!: 'Error', file /Users/bent/src/mozilla/domthreads/xpcom/ds/nsObserverService.cpp, line 145

#0  NS_DebugBreak_P (aSeverity=1, aStr=0x572428 "Using observer service after XPCOM shutdown!", aExpr=0x56fc6c "Error", aFile=0x572310 "/Users/bent/src/mozilla/domthreads/xpcom/ds/nsObserverService.cpp", aLine=145) at /Users/bent/src/mozilla/domthreads/xpcom/base/nsDebugImpl.cpp:265
#1  0x004c5f11 in nsObserverService::RemoveObserver (this=0x822250, anObserver=0x16970430, aTopic=0x12185094 "network:offline-status-changed") at /Users/bent/src/mozilla/domthreads/xpcom/ds/nsObserverService.cpp:145
#2  0x11dd4425 in nsGlobalWindow::~nsGlobalWindow (this=0x16970270) at /Users/bent/src/mozilla/domthreads/dom/src/base/nsGlobalWindow.cpp:731
#3  0x11df25cb in nsGlobalChromeWindow::~nsGlobalChromeWindow (this=0x16970270) at nsGlobalWindow.h:753
#4  0x11dc5e2e in nsGlobalWindow::Release (this=0x16970270) at /Users/bent/src/mozilla/domthreads/dom/src/base/nsGlobalWindow.cpp:999
#5  0x11dc7d62 in nsGlobalChromeWindow::Release (this=0x16970270) at /Users/bent/src/mozilla/domthreads/dom/src/base/nsGlobalWindow.cpp:8469
#6  0x004ae97a in nsXPCOMCycleCollectionParticipant::Unroot (this=0x12252bd8, p=0x169702a0) at nsCycleCollectionParticipant.cpp:74
#7  0x0053d0fd in nsCycleCollector::CollectWhite (this=0xa30000) at /Users/bent/src/mozilla/domthreads/xpcom/base/nsCycleCollector.cpp:1682
#8  0x0053d15f in nsCycleCollector::FinishCollection (this=0xa30000) at /Users/bent/src/mozilla/domthreads/xpcom/base/nsCycleCollector.cpp:2440
#9  0x0053d1dd in nsCycleCollector_finishCollection () at /Users/bent/src/mozilla/domthreads/xpcom/base/nsCycleCollector.cpp:2922
#10 0x00b1cd72 in XPCCycleCollectGCCallback (cx=0x1045200, status=JSGC_END) at /Users/bent/src/mozilla/domthreads/js/src/xpconnect/src/nsXPConnect.cpp:404
#11 0x002ad097 in js_GC (cx=0x1045200, gckind=GC_NORMAL) at /Users/bent/src/mozilla/domthreads/js/src/jsgc.cpp:3848
#12 0x0025e053 in JS_GC (cx=0x1045200) at /Users/bent/src/mozilla/domthreads/js/src/jsapi.cpp:2493
#13 0x00b18d8f in nsXPConnect::Collect (this=0x82f380) at /Users/bent/src/mozilla/domthreads/js/src/xpconnect/src/nsXPConnect.cpp:478
#14 0x0053d705 in nsCycleCollector::Collect (this=0xa30000, aTryCollections=5) at /Users/bent/src/mozilla/domthreads/xpcom/base/nsCycleCollector.cpp:2256
#15 0x0053d823 in nsCycleCollector::Shutdown (this=0xa30000) at /Users/bent/src/mozilla/domthreads/xpcom/base/nsCycleCollector.cpp:2477
#16 0x0053d859 in nsCycleCollector_shutdown () at /Users/bent/src/mozilla/domthreads/xpcom/base/nsCycleCollector.cpp:2938
#17 0x004b7cf8 in NS_ShutdownXPCOM_P (servMgr=0x0) at /Users/bent/src/mozilla/domthreads/xpcom/build/nsXPComInit.cpp:815
#18 0x000da201 in ScopedXPCOMStartup::~ScopedXPCOMStartup (this=0xbffff3ec) at /Users/bent/src/mozilla/domthreads/toolkit/xre/nsAppRunner.cpp:888
#19 0x000e1c1d in XRE_main (argc=3, argv=0xbffff6ec, aAppData=0x80e210) at /Users/bent/src/mozilla/domthreads/toolkit/xre/nsAppRunner.cpp:3257
#20 0x000027cb in main (argc=3, argv=0xbffff6ec) at /Users/bent/src/mozilla/domthreads/browser/app/nsBrowserApp.cpp:156
FWIW I think we can fix this by registering windows as weak-ref observers and then observe an additional topic ('xpcom-shutdown' most likely) to flag that we should *not* try to get the observer service in NotifyDOMWindowDestroyed.
https://bugzilla.mozilla.org/show_bug.cgi?id=1472046

Move all DOM bugs that haven't been updated in more than 3 years and has no one currently assigned to P5.

If you have questions, please contact :mdaly.
Priority: -- → P5
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.