Closed Bug 481454 Opened 15 years ago Closed 15 years ago

Dehydra error in nsPresShell.cpp

Categories

(Developer Infrastructure :: Source Code Analysis, defect)

Product:
Developer Infrastructure
Component:
Source Code Analysis
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: benjamin, Assigned: taras.mozilla)

Details

Attachments

(3 files)

Debugging patch, rev. 1
710 bytes, patch
Details | Diff | Splinter Review
beautified log
27.99 KB, text/plain
Details
possible fix
783 bytes, patch
Details | Diff | Splinter Review 
The static analysis tinderbox is red compiling nsPresShell.cpp. It seems that one of the analyses is getting an unexpected (buggy) dehydra object.

The script is frame-verify.js: it's checking for and collecting instantiations of do_QueryFrame::operator (cast). decl.type.type is usually a pointer to the class being returned. But in this case, it's a nscoord type, which makes no sense.

Patch for debugging will be attached, as well as a beautified log.

This probably started with http://hg.mozilla.org/mozilla-central/rev/b095eaf3e8b4 which touched nsPresShell.cpp, but I don't see any particularly unusual or suspicious code in that checkin.
Attached file beautified log 

    
    

    
  
Can't reproduce this. I did hg up -r b095eaf3e8b4 and made sure than nsPresShell.o builds fine.

I did notice that spidermonkey is causing weird dehydra crashes all over the place, so perhaps you need to try a diff version?

I built mine from the trunk today.

    
    

    
  
This happens to fix it locally:
diff --git a/layout/generic/nsFrame.h b/layout/generic/nsFrame.h
--- a/layout/generic/nsFrame.h
+++ b/layout/generic/nsFrame.h
@@ -440,6 +440,10 @@ public:
     ListTag(out, (nsIFrame*)this);
   }
 
+  static void IndentBy(FILE* out, PRInt32 aIndent) {
+    while (--aIndent >= 0) fputs("  ", out);
+  }
+  
   static void ListTag(FILE* out, nsIFrame* aFrame) {
     nsAutoString tmp;
     nsIFrameDebug*  frameDebug = do_QueryFrame(aFrame);
@@ -450,10 +454,6 @@ public:
     fprintf(out, "@%p", static_cast<void*>(aFrame));
   }
 
-  static void IndentBy(FILE* out, PRInt32 aIndent) {
-    while (--aIndent >= 0) fputs("  ", out);
-  }
-  
   static void XMLQuote(nsString& aString);
 
   /**

This makes me suspect timing issues, perhaps GC? (Either GCC frame GC, or JSGC).

    
    

    
  
This popped again (in nsFrameManager.cpp, but with nscoord again). I really think this is related to GCC tree GC: What happens if GCC collects trees but dehydra doesn't know about it and the dehydra type map has pointers to trees which have been collected? If a new tree has the same address as an old tree, dehydra won't know about it.

I switch to treehydra to work around the problem: http://hg.mozilla.org/mozilla-central/rev/cc49a7b96493 but I think that GCC tree collection should be looked-into.

    
    

    
  

      
      
      
      

        Attached patch
          
          
        possible fixSplinter Review
      

    


  

    
    

    
  
http://hg.mozilla.org/rewriting-and-analysis/dehydra/rev/7cdeb7be1671
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED

    
  
Assignee: nobody → tglek

    
  
Product: Core → Firefox Build System

    
  
Product: Firefox Build System → Developer Infrastructure

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: