Canvas: WebGL
7 years ago
6 years ago


(Reporter: nhirata, Unassigned)




This bug was filed from the Socorro interface and is 
report bp-ac9a2f5a-da3b-4c38-9691-f77d32110916 .
Frame 	Module 	Signature [Expand] 	Source
0 	arena_dalloc 	memory/jemalloc/jemalloc.c:4306
1 	__wrap_free 	memory/jemalloc/jemalloc.c:6260
2 	moz_free 	memory/mozalloc/mozalloc.cpp:98
3 	std::__node_alloc::deallocate 	mozalloc.h:253
4 	std::priv::_String_base<char, std::allocator<char> >::_M_deallocate_block 	_string_base.h:102
5 	std::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_append 	_string_base.h:160
6 	TOutputGLSLBase::writeConstantUnion 	_string_base.h:156
7 	TOutputGLSLBase::visitConstantUnion 	gfx/angle/src/compiler/OutputGLSLBase.cpp:208
8 	TIntermConstantUnion::traverse 	gfx/angle/src/compiler/IntermTraverse.cpp:34
9 	TIntermBinary::traverse 	gfx/angle/src/compiler/IntermTraverse.cpp:82
10 	TIntermAggregate::traverse 	gfx/angle/src/compiler/IntermTraverse.cpp:163
11 	TIntermBinary::traverse 	gfx/angle/src/compiler/intermediate.h:537
12 	TOutputGLSLBase::visitAggregate 	gfx/angle/src/compiler/OutputGLSLBase.cpp:454
13 	TIntermAggregate::traverse 	gfx/angle/src/compiler/IntermTraverse.cpp:135
14 	TOutputGLSLBase::visitCodeBlock 	gfx/angle/src/compiler/OutputGLSLBase.cpp:707
15 	TOutputGLSLBase::visitAggregate 	gfx/angle/src/compiler/intermediate.h:537
16 	TIntermAggregate::traverse 	gfx/angle/src/compiler/IntermTraverse.cpp:135
17 	TOutputGLSLBase::visitAggregate 	gfx/angle/src/compiler/OutputGLSLBase.cpp:454
18 	TIntermAggregate::traverse 	gfx/angle/src/compiler/IntermTraverse.cpp:135
19 	TranslatorESSL::translate 	gfx/angle/src/compiler/OutputGLSLBase.h:17
20 	TCompiler::compile 	gfx/angle/src/compiler/Compiler.cpp:181
21 	ShCompile 	gfx/angle/src/compiler/ShaderLang.cpp:169
22 	mozilla::WebGLContext::CompileShader 	content/canvas/src/WebGLContextGL.cpp:4015
23 	nsIDOMWebGLRenderingContext_CompileShader 	obj-firefox/js/src/xpconnect/src/dom_quickstubs.cpp:29817
24 	js::Interpret 	js/src/jscntxtinlines.h:305
25 	UncachedInlineCall 	js/src/vm/Stack.h:1259
26 	js::mjit::stubs::UncachedCallHelper 	js/src/methodjit/InvokeHelpers.cpp:480
27 	js::mjit::ic::Call 	js/src/methodjit/MethodJIT.h:347
29 	js::mjit::ic::Call 	js/src/methodjit/MonoIC.cpp:1141
30 	js::mjit::JaegerShot 	js/src/vm/Stack.h:1410
31 	js::RunScript 	js/src/jsinterp.cpp:611
32 	js::Invoke 	js/src/vm/Stack.h:1002
33 	JS_CallFunctionValue 	js/src/jscntxt.h:1302
34 	nsJSContext::CallEventHandler 	dom/base/nsJSEnvironment.cpp:1928
35 	nsGlobalWindow::RunTimeout 	nsCOMPtr.h:863
36 	nsGlobalWindow::TimerCallback 	nsAutoPtr.h:907
37 	nsTimerImpl::Fire 	xpcom/threads/nsTimerImpl.cpp:425
38 	nsTimerEvent::Run 	nsAutoPtr.h:907
39 	nsThread::ProcessNextEvent 	xpcom/threads/nsThread.cpp:631
40 	NS_ProcessNextEvent_P 	obj-firefox/xpcom/build/nsThreadUtils.cpp:245
41 	mozilla::ipc::MessagePump::Run 	ipc/glue/MessagePump.cpp:111
42 	mozilla::ipc::MessagePumpForChildProcess::Run 	ipc/glue/MessagePump.cpp:230
43 	MessageLoop::RunInternal 	ipc/chromium/src/base/
44 	MessageLoop::Run 	ipc/chromium/src/base/
45 	nsBaseAppShell::Run 	widget/src/xpwidgets/nsBaseAppShell.cpp:191
46 	XRE_RunAppShell 	toolkit/xre/nsEmbedFunctions.cpp:677
47 	mozilla::ipc::MessagePumpForChildProcess::Run 	ipc/glue/MessagePump.cpp:222
48 	MessageLoop::RunInternal 	ipc/chromium/src/base/
49 	MessageLoop::Run 	ipc/chromium/src/base/
50 	XRE_InitChildProcess 	nsAutoPtr.h:155
51 	ChildProcessInit 	other-licenses/android/APKOpen.cpp:778
52 	plugin-container 	main 	ipc/app/MozillaRuntimeMainAndroid.cpp:69

More reports :
1. Visit

Expected: no content crash
Actual: Error in console : Browser.selectedTab.browser.__SS_data is undefined
Source File: chrome://browser/content/browser.js Line: 2602
and content crash.

Most likely a dup of bug 689022?  Same crashing but different crash signature?
See also .

I've only seen crashes like this on the Galaxy S II (Exynos 4210 chipset w/ Mali-400 MP GPU), but on there I can reproduce this crash 100%.  It also appears on .  This crash also shows up on many other WebGL demos.
I had the opportunity to poke at this for a few minutes a couple of weeks ago.  I noticed two things

 - this crash *doesn't* happen with the dirt-simple shaders in the B2G home screen (webgl version)

 - the crash is 100% reproducible on, which has much more interesting shaders.

 - the crash appears to be a mismatched allocator problem when (reallocing?) data.  I forget the details.  At the time, it made me think that the bug was dependent on the string length of the shader.

 - this is STL code inside ANGLE, using stlport

This all makes me suspect it might be a problem with our build/link/something that happens to appear on the sgs2.  Maybe not an ANGLE bug (except possibly in our usage).

Valgrind would nail this down quickly, I suspect.
I was sorta hoping this would be fixed by bug 709947 ... do these crashes still happen?
wfm in the native-fennec nightly.  Will file another bug if I repro.
