Closed Bug 496774 Opened 15 years ago Closed 15 years ago

XPCJSRuntime::XPCJSRuntime shouldn't touch mJSRuntime without null checking something


(Core :: XPConnect, defect)

Not set



Tracking Status
status1.9.2 --- beta1-fixed
status1.9.1 --- .8-fixed


(Reporter: timeless, Assigned: timeless)





(1 file)

hi gal. please be more careful about using locks which are otherwise null checked.

I'm not sure what this code is doing, but you're the last person to add code which doesn't make sense. And we have reports of crashes (bug 496628, mostly incomprehensible) involving a PR_Lock call from this call site, i.e. you.

It's true that there was code ifdef DEBUG to use mJSRuntime, but it also null checked mJSRuntime before using it.
Attachment #382002 - Flags: superreview?(jst)
Attachment #382002 - Flags: review?(gal)
Timeless, thanks -- looks like an honest mistake. Should try to fix soon, maybe for 1.9.1. The bug you cite, bug 496628, was marked INVALID, blamed on a distro. But if this bug was the cause, then we should probably change that bug's status retroactively. We may not be able to prove what caused that bug, though.

Flags: wanted1.9.1?
Flags: blocking1.9.2?
Flags: wanted1.9.1?
Flags: wanted1.9.1+
Flags: blocking1.9.2?
Flags: blocking1.9.2+
Comment on attachment 382002 [details] [diff] [review]
only create mWatchdogThread if mWatchdogWakeup is around to release it

Ben, can you review?
Attachment #382002 - Flags: review?(gal) → review?(bent.mozilla)
Attachment #382002 - Flags: review?(bent.mozilla) → review+
Comment on attachment 382002 [details] [diff] [review]
only create mWatchdogThread if mWatchdogWakeup is around to release it

This looks fine.
Attachment #382002 - Flags: superreview?(jst) → superreview+
Closed: 15 years ago
Resolution: --- → FIXED
Mass change: adding fixed1.9.2 keyword

(This bug was identified as a mozilla1.9.2 blocker which was fixed before the mozilla-1.9.2 repository was branched (August 13th, 2009) as per this query: - if this bug is not actually fixed on mozilla1.9.2, please remove the keyword. Apologies for the bugspam)
Keywords: fixed1.9.2
This didn't make it back to 1.9.1, did it? I was poking around some crash reports and saw a 3.5.4 crash here:
Attachment #382002 - Flags: approval1.9.1.7?
Comment on attachment 382002 [details] [diff] [review]
only create mWatchdogThread if mWatchdogWakeup is around to release it

Approved for, a=dveditz for release-drivers
Attachment #382002 - Flags: approval1.9.1.8? → approval1.9.1.8+
Timeless, is there any reliable way for QA to test this fix? Having a stack we can query on to determine no more crashes happen?
Target Milestone: --- → mozilla1.9.2b1
there's going to be a different signature for each platform...

*IF* pthread_mutex_lock, RtlpWaitForCriticalSection and RtlEnterCriticalSection are added to some ignore list, then instead of [@ RtlpWaitForCriticalSection | RtlEnterCriticalSection ] we could look for [@ PR_Lock | XPCJSRuntime::XPCJSRuntime] with crash address 0x10

this is based on ted's crash report which clearly is fixed by this bug:
UUID	f5cd0d58-932b-4448-8072-1ff432091203
Crash Address	0x10
0 	ntdll.dll 	RtlpWaitForCriticalSection 	
1 	ntdll.dll 	RtlEnterCriticalSection 	
2 	nspr4.dll 	PR_Lock
3 	xul.dll 	XPCJSRuntime::XPCJSRuntime

I'm still not quite sure about the Linux crash, the interesting pointer was NO_SCOPE_SHARING_TODO (lock=0xfeedbeef), which doesn't make much sense. Brendan would have to explain other conditions under which we'd get that value. It's possible that an optimizer confused the debugger and lock really is 0x0.
We have a lot of those PRLOCK signatures on crashstat. See the link below. But while checking some of the crashes none has the same stack as given by Ted. So we should probably wait until 3.5.8 has been released and monitor the crash stats a couple of days after the release. Without a testcase I do not want to mark it as verified on 1.9.1. Thanks timeless!
You need to log in before you can comment on or make changes to this bug.