630243 - Crash Reports for [@ js::MaybeGC(JSContext*)]

Status: RESOLVED FIXED

(Core :: JavaScript Engine, defect)

Description

[Carsten Book [:Tomcat]]

Crash Reports for Crash Reports for js::MaybeGC(JSContext*) - https://crash-stats.mozilla.com/report/list?signature=js::MaybeGC%28JSContext*%29

also affects beta 9 builds. no steps to reproduce so far - windows only so far


Crashing Thread
Frame 	Module 	Signature [Expand] 	Source
0 	mozjs.dll 	js::MaybeGC 	js/src/jsgc.cpp:1842
1 	mozjs.dll 	JS_MaybeGC 	js/src/jsapi.cpp:2559
2 	xul.dll 	nsJSContext::ScriptEvaluated 	dom/base/nsJSEnvironment.cpp:3542
3 	xul.dll 	nsJSContext::ScriptExecuted 	dom/base/nsJSEnvironment.cpp:3608
4 	xul.dll 	nsXPCWrappedJSClass::CallMethod 	js/src/xpconnect/src/xpcwrappedjsclass.cpp:1939
5 	xul.dll 	nsXPCWrappedJS::CallMethod 	js/src/xpconnect/src/xpcwrappedjs.cpp:588
6 	xul.dll 	PrepareAndDispatch 	xpcom/reflect/xptcall/src/md/win32/xptcstubs.cpp:114
7 	xul.dll 	SharedStub 	xpcom/reflect/xptcall/src/md/win32/xptcstubs.cpp:141
8 	xul.dll 	NS_SecurityCompareURIs 	obj-firefox/dist/include/nsNetUtil.h:1691
9 	mozcrt19.dll 	arena_dalloc 	obj-firefox/memory/jemalloc/crtsrc/jemalloc.c:4281
10 	xul.dll 	nsScriptSecurityManager::CheckSameOriginURI 	caps/src/nsScriptSecurityManager.cpp:671
11 	xul.dll 	ChangeTable 	obj-firefox/xpcom/build/pldhash.c:599
12 	xul.dll 	PL_DHashTableOperate 	obj-firefox/xpcom/build/pldhash.c:661
13 	xul.dll 	nsXULPDGlobalObject::cycleCollection::Traverse 	content/xul/document/src/nsXULPrototypeDocument.cpp:652
14 	xul.dll 	xpc_CreateGlobalObject 	js/src/xpconnect/src/nsXPConnect.cpp:1008
15 	xul.dll 	xul.dll@0xc9caf7 	
16 	xul.dll 	nsJSContext::CreateNativeGlobalForInner 	dom/base/nsJSEnvironment.cpp:2538
17 	xul.dll 	nsGlobalWindow::SetNewDocument 	dom/base/nsGlobalWindow.cpp:1980
18 	xul.dll 	DocumentViewerImpl::InitInternal 	layout/base/nsDocumentViewer.cpp:956
19 	xul.dll 	DocumentViewerImpl::Init 	layout/base/nsDocumentViewer.cpp:693
20 	xul.dll 	nsDocShell::SetupNewViewer 	docshell/base/nsDocShell.cpp:7629
21 	xul.dll 	nsDocShell::Embed 	docshell/base/nsDocShell.cpp:5723
22 	xul.dll 	nsDocShell::CreateAboutBlankContentViewer 	docshell/base/nsDocShell.cpp:6496
23 	xul.dll 	nsDocShell::EnsureContentViewer 	docshell/base/nsDocShell.cpp:6404
24 	xul.dll 	nsDocShell::GetInterface 	docshell/base/nsDocShell.cpp:896
25 	xul.dll 	xul.dll@0xb2ebb3 	
26 	xul.dll 	nsGenericHTMLFrameElement::GetContentDocument 	content/html/content/src/nsGenericHTMLElement.cpp:3078
27 	xul.dll 	nsHTMLIFrameElement::GetContentDocument 	content/html/content/src/nsHTMLIFrameElement.cpp:146
28 	xul.dll 	NS_InvokeByIndex_P 	xpcom/reflect/xptcall/src/md/win32/xptcinvoke.cpp:102
29 	xul.dll 	XPC_WN_GetterSetter 	js/src/xpconnect/src/xpcwrappednativejsops.cpp:1643
30 	mozjs.dll 	js::Invoke 	js/src/jsinterp.cpp:700
31 	mozjs.dll 	js::ExternalInvoke 	js/src/jsinterp.cpp:858
32 	mozjs.dll 	js::JSProxyHandler::call 	js/src/jsproxy.cpp:248
33 	mozjs.dll 	JSCrossCompartmentWrapper::call 	js/src/jswrapper.cpp:616
34 	mozjs.dll 	js::JSProxy::call 	js/src/jsproxy.cpp:810
35 	mozjs.dll 	js::proxy_Call 	js/src/jsproxy.cpp:1062
36 	mozjs.dll 	js::Invoke 	js/src/jsinterp.cpp:693
37 	mozjs.dll 	js::ExternalInvoke 	js/src/jsinterp.cpp:858
38 	mozjs.dll 	js::ExternalGetOrSet 	js/src/jsinterp.cpp:898
39 	mozjs.dll 	js::JSProxyHandler::get 	js/src/jsproxy.cpp:131
40 	xul.dll 	xpc::XrayWrapper<JSCrossCompartmentWrapper,xpc::CrossCompartmentXray>::get 	js/src/xpconnect/wrappers/XrayWrapper.cpp:752
41 	mozjs.dll 	js::JSProxy::get 	js/src/jsproxy.cpp:778
42 	mozjs.dll 	js::proxy_GetProperty 	js/src/jsproxy.cpp:895
43 	mozjs.dll 	JSObject::getProperty 	js/src/jsobj.h:1189
44 	mozjs.dll 	js::Interpret 	js/src/jsinterp.cpp:4220
45 	mozjs.dll 	js::RunScript 	js/src/jsinterp.cpp:657
46 	mozjs.dll 	js::Invoke 	js/src/jsinterp.cpp:737
47 	mozjs.dll 	CallOrConstructBoundFunction 	js/src/jsfun.cpp:2289
48 	mozjs.dll 	js::Interpret 	js/src/jsinterp.cpp:4801
49 	mozjs.dll 	js::RunScript 	js/src/jsinterp.cpp:657
50 	mozjs.dll 	js::Invoke 	js/src/jsinterp.cpp:737
51 	mozjs.dll 	js::ExternalInvoke 	js/src/jsinterp.cpp:858
52 	mozjs.dll 	JS_CallFunctionValue 	js/src/jsapi.cpp:5009
53 	xul.dll 	nsXPCWrappedJSClass::CallMethod 	js/src/xpconnect/src/xpcwrappedjsclass.cpp:1700
54 	xul.dll 	nsXPCWrappedJS::CallMethod 	js/src/xpconnect/src/xpcwrappedjs.cpp:588
55 	xul.dll 	PrepareAndDispatch 	xpcom/reflect/xptcall/src/md/win32/xptcstubs.cpp:114
56 	xul.dll 	SharedStub 	xpcom/reflect/xptcall/src/md/win32/xptcstubs.cpp:141
57 	xul.dll 	nsTimerImpl::Fire 	xpcom/threads/nsTimerImpl.cpp:428

Comment 1

[Mike Shaver (:shaver -- probably not reading bugmail closely)]

all the crashes have the same offset-from-null, cx->compartment is NULL.  xpc_CreateGlobalObject makes me think that we're creating something and haven't entered a compartment yet.

Comment 2

[Andreas Gal :gal]

Attachment: patch

sfink was running into a very similar issue, this should provide a less brittle fix

Comment 3

[Andreas Gal :gal]

Pushed to try.

Comment 4

[Steve Fink [:sfink] [:s:]]

Comment on attachment 508656 [details] [diff] [review]
patch

I like this approach much better. And I noticed you moved the compartment entry to cover some more code that needs it, which might fix bug 629775 (which I still haven't looked at.)

Comment 5

[Andreas Gal :gal]

Seems to pass try. Waiting for blake's review.

Comment 6

[Andreas Gal :gal]

Probably good to get this into the beta so we can see whether it helps.

Comment 7

[Andreas Gal :gal]

review ping

Comment 8

[Andreas Gal :gal]

ping

Comment 9

[Andreas Gal :gal]

http://hg.mozilla.org/tracemonkey/rev/f05154f8738c

Comment 10

[Andreas Gal :gal]

http://hg.mozilla.org/mozilla-central/rev/96570116d62a