Closed Bug 702651 Opened 14 years ago Closed 13 years ago

crash in TCompiler::~TCompiler | TranslatorESSL::~TranslatorESSL | DeleteCompiler

Categories

(Core :: Graphics: CanvasWebGL, defect)

Product:
Core
Component:
Graphics: CanvasWebGL
Platform:
ARM
Android
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED DUPLICATE of bug 746794
Tracking Flags:
Tracking Status
firefox9 --- affected

People

(Reporter: nhirata, Unassigned)

Details

(Keywords: crash, reproducible, Whiteboard: [mobile-crash][native-crash])

Crash Data

This bug was filed from the Socorro interface and is report bp-8e59376f-c140-4102-8432-b24ef2111111 . ============================================================= Crashing Thread Frame Module Signature [Expand] Source 0 libmozutils.so arena_dalloc memory/jemalloc/jemalloc.c:4306 1 libmozutils.so __wrap_free memory/jemalloc/jemalloc.c:6260 2 libmozalloc.so moz_free memory/mozalloc/mozalloc.cpp:97 3 libxul.so std::__node_alloc::deallocate mozalloc.h:253 4 libxul.so std::priv::_String_base<char, std::allocator<char> >::_M_deallocate_block _alloc.h:323 5 libxul.so TCompiler::~TCompiler _string_base.h:156 6 libxul.so TranslatorESSL::~TranslatorESSL gfx/angle/src/compiler/TranslatorESSL.h:12 7 libxul.so TranslatorESSL::~TranslatorESSL gfx/angle/src/compiler/TranslatorESSL.h:12 8 libxul.so DeleteCompiler gfx/angle/src/compiler/CodeGenGLSL.cpp:33 9 libxul.so ShDestruct gfx/angle/src/compiler/ShaderLang.cpp:142 10 libxul.so mozilla::WebGLContext::CompileShader content/canvas/src/WebGLContextGL.cpp:4101 11 libxul.so nsIDOMWebGLRenderingContext_CompileShader obj-firefox/js/src/xpconnect/src/dom_quickstubs.cpp:29865 12 libxul.so js::Interpret js/src/jscntxtinlines.h:296 13 libxul.so js::RunScript js/src/jsinterp.cpp:614 14 libxul.so js::InvokeKernel js/src/jsinterp.cpp:678 15 libxul.so js_fun_apply js/src/jsinterp.h:167 16 libxul.so js::Interpret js/src/jscntxtinlines.h:296 17 libxul.so js::RunScript js/src/jsinterp.cpp:614 18 libxul.so js::InvokeKernel js/src/jsinterp.cpp:678 19 libxul.so js_fun_apply js/src/jsinterp.h:167 20 libxul.so js::Interpret js/src/jscntxtinlines.h:296 21 libxul.so js::RunScript js/src/jsinterp.cpp:614 22 libxul.so js::InvokeKernel js/src/jsinterp.cpp:678 23 libxul.so js_fun_call js/src/jsinterp.h:167 24 libxul.so js::Interpret js/src/jscntxtinlines.h:296 25 libxul.so js::RunScript js/src/jsinterp.cpp:614 26 libxul.so js::InvokeKernel js/src/jsinterp.cpp:678 27 libxul.so js_fun_call js/src/jsinterp.h:167 28 libxul.so js::Interpret js/src/jscntxtinlines.h:296 29 libxul.so js::RunScript js/src/jsinterp.cpp:614 30 libxul.so js::InvokeKernel js/src/jsinterp.cpp:678 31 libxul.so js_fun_call js/src/jsinterp.h:167 32 libxul.so js::Interpret js/src/jscntxtinlines.h:296 33 libxul.so js::RunScript js/src/jsinterp.cpp:614 34 libxul.so js::InvokeKernel js/src/jsinterp.cpp:678 35 libxul.so js_fun_call js/src/jsinterp.h:167 36 libxul.so js::Interpret js/src/jscntxtinlines.h:296 37 libxul.so js::RunScript js/src/jsinterp.cpp:614 38 libxul.so js::Invoke js/src/jsinterp.cpp:678 39 libxul.so JS_CallFunctionValue js/src/jsapi.cpp:5039 40 libxul.so nsXPCWrappedJSClass::CallMethod js/src/xpconnect/src/xpcwrappedjsclass.cpp:1660 41 libxul.so nsXPCWrappedJS::CallMethod js/src/xpconnect/src/xpcwrappedjs.cpp:585 42 libxul.so PrepareAndDispatch xpcom/reflect/xptcall/src/md/unix/xptcstubs_arm.cpp:131 43 libxul.so libxul.so@0x94e5cb 44 libxul.so nsEventListenerManager::HandleEventSubType content/events/src/nsEventListenerManager.cpp:722 45 @0x4361512e 46 libxul.so nsEventListenerManager::HandleEventInternal content/events/src/nsEventListenerManager.cpp:776 47 libxul.so nsEventTargetChainItem::HandleEvent content/events/src/nsEventListenerManager.h:160 48 libxul.so nsEventTargetChainItem::HandleEventTargetChain content/events/src/nsEventDispatcher.cpp:344 49 libxul.so nsEventDispatcher::Dispatch content/events/src/nsEventDispatcher.cpp:672 50 libxul.so nsEventDispatcher::DispatchDOMEvent content/events/src/nsEventDispatcher.cpp:735 51 libxul.so nsINode::DispatchEvent content/base/src/nsGenericElement.cpp:1136 52 libxul.so nsContentUtils::DispatchTrustedEvent content/base/src/nsContentUtils.cpp:3052 53 libxul.so nsDocument::DispatchContentLoadedEvents content/base/src/nsDocument.cpp:4116 54 libxul.so nsRunnableMethodImpl<void , true>::Run nsThreadUtils.h:345 55 libxul.so nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:631 56 libxul.so NS_ProcessNextEvent_P obj-firefox/xpcom/build/nsThreadUtils.cpp:245 57 libxul.so mozilla::ipc::MessagePump::Run ipc/glue/MessagePump.cpp:110 58 libxul.so mozilla::ipc::MessagePumpForChildProcess::Run ipc/glue/MessagePump.cpp:229 59 libxul.so MessageLoop::RunInternal ipc/chromium/src/base/message_loop.cc:208 60 libxul.so MessageLoop::Run ipc/chromium/src/base/message_loop.cc:201 61 libxul.so nsBaseAppShell::Run widget/src/xpwidgets/nsBaseAppShell.cpp:189 62 libxul.so XRE_RunAppShell toolkit/xre/nsEmbedFunctions.cpp:677 63 libxul.so mozilla::ipc::MessagePumpForChildProcess::Run ipc/glue/MessagePump.cpp:215 64 libxul.so MessageLoop::RunInternal ipc/chromium/src/base/message_loop.cc:208 65 libxul.so MessageLoop::Run ipc/chromium/src/base/message_loop.cc:201 66 libxul.so XRE_InitChildProcess toolkit/xre/nsEmbedFunctions.cpp:516 67 libmozutils.so ChildProcessInit other-licenses/android/APKOpen.cpp:782 68 plugin-container main ipc/app/MozillaRuntimeMainAndroid.cpp:68 69 libc.so __libc_init 70 @0xffffffc6 Show/hide other threads
Need URLs for this angle crash.
Component: Graphics → Canvas: WebGL
Keywords: needURLs
QA Contact: thebes → canvas.webgl
URL states : about:empty I am unsure of the previous URL before that.
Whiteboard: [native-crash] → [native-crash], str-wanted
Here are all URLs for reports with this signature from 2011-11-05 until 2011-11-20: 28 \N 10 http://www.google.com/nexus/ 6 http://www.spacegoo.com/beach/ 5 http://monkolecloud.appspot.com/files/umniverse.html 5 http://highrise.nfb.ca/onemillionthtower/ 5 about:empty 4 http://xkcd.com/979/ 4 http://lights.elliegoulding.com/ 3 http://www.interpals.net/account.php 3 http://www.google.com/m?q=nexus&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:fr:official 3 http://www.google.com/m?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=virtualmagazine 3 http://www.google.com/m?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=html+5+demos 3 http://highrise.nfb.ca/ 3 http://en.m.wikipedia.org/wiki/Galaxy_nexus 3 http://194.100.28.2:2080/sw7/Account/Login.aspx?ReturnUrl=%2fsw7%2f 2 http://www.marketwatch.com/story/intel-honored-with-sfbig-marketing-icon-award-2011-11-16 2 http://www.khronos.org/webgl/wiki/Demo_Repository 2 http://www.google.com/nexus/#/tech-specs 2 http://www.google.com/m?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=webgl+water 2 http://www.google.com/m?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=webgl+demos 2 http://www.google.com/m?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=tween+js 2 http://www.google.com/m?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=nomes+para+rep%C3%BAblica 2 http://www.glge.org/ 2 http://www.cgl.ucsf.edu/ 2 http://redshootinghood.info/ 2 http://mrdoob.com/projects/glsl_sandbox/ 2 http://madebyevan.com/webgl-water/ 2 http://code.google.com/p/webglsamples/ 1 http://www.wired.com/underwire/2011/11/one-millionth-tower/?source=moz_email 1 http://www.livegeometry.com/ 1 http://www.google.com/m?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=three+js 1 http://www.google.com/m?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=html5test 1 http://www.google.com/m 1 http://www.engadget.com/2011/11/12/one-millionth-tower-documentary-elevates-the-art-of-html5/ 1 http://www.chromeexperiments.com/ 1 http://www.cgl.ucsf.edu/home/conrad/adco2011/WebGL3fx2.html 1 http://www.altetedqualia.com/ 1 http://text.derstandard.at/Web 1 https://www.eff.org/deeplinks/2011/11/eff-asks-supreme-court-end-fcc%E2%80%99s-indecency-regulations 1 https://donate.mozilla.org/page/signup/world-premiere-rsvp?source=20111026_ms_rsvp_misc 1 https://developer.mozilla.org/en-US/demos/ 1 http://playwebgl.com/ 1 http://oci.oulu.fi/dscc/index.php/dscc 1 http://m.yahoo.com/?.tsrc=attcf&.intl=US 1 http://media.tojicode.com/btg/part4/ 1 http://kpreid.github.com/cubes/cubes.html 1 http://html5test.com/ 1 http://evanw.github.com/webgl-filter/ 1 http://en.m.wikipedia.org/wiki/CyanogenMod 1 http://3d.ronnowmads.com/ 1 http://194.100.38.4/sw7/Account/Login.aspx?ReturnUrl=%2fsw7%2f 1 about:config
Setting to P3, semi low volume; need str.
Keywords: needURLs
Whiteboard: [native-crash], str-wanted → [native-crash:P3], str-wanted
Is it a dupe of bug 709947 as it implies ESSL?
(In reply to Naoki Hirata :nhirata from comment #6) > Occurs in XUL only Aurora and Nightly (Native) testers are only 500-1000 (75k-120k for desktop). We can't be sure it's not in Native.
That is true. Thank you for bringing up that valid point. I recall that there has been changes done to how the webgl is handled in aurora and nightly that I should have brought up. From IRC: [1:24pm] bjacob: all i'm changing is: revert to always use GLSL backend for translation bjacob: ^ (i mean, on ES, we pass the original source. not on deskotp GL) [1:25pm] nhirata: is that only for the mobile ? or does that apply to desktop as well? [1:25pm] bjacob: also, we have code to strip comments, i'll pass the result of thta bjacob: nhirata: it applies to Windows as well, as there we use ANGLE's GLES2 library bjacob: nhirata: for some reason, the ESSL backend bugs only show on Android [1:26pm] nhirata: ok so desktop should also be aware of this in the event that some wierd regression starts appearing vlad: the bugs looked like they were allocator crashes? bjacob: i guess, yes. we can also decide to not change current behavior on desktop, but i'd rather avoid adding unnecessary platform checks [1:27pm] bjacob: it's hard to tell bjacob: but yes, there were malloc-related stuff in some call stacks [1:27pm] bjacob: and the sheer weirdness suggested malloc/OOM related crashes
That WebGL change is now propagated all the way to the stable channel (Firefox 9).
Thanks for that info, I guess it's just a matter to see if native can go through a similar code path then once we get more ADUs.
There have been no crashes with this stack in Fennec 10.0 (manual check). I close it as WFM.
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → WORKSFORME
Reopening... just got it in Native Fennec on the nightly 04/18/2012 using a HTC Desire HD. 1. Go to webglsamples.googlecode.com/hg/aquarium/aquarium.html expected : no crash Actual : crash
Status: RESOLVED → REOPENED
Keywords: reproducible
Resolution: WORKSFORME → ---
Whiteboard: [mobile-crash], str-wanted → [mobile-crash],[native-crash]
also occurs on Nexus S with latest nightly @ helloracer.com/webgl/
Comment 12 and comment 13 are related to bug 746794. This one is closed
Status: REOPENED → RESOLVED
Closed: 14 years ago13 years ago
Resolution: --- → WORKSFORME
Whiteboard: [mobile-crash],[native-crash] → [mobile-crash]
It's back from 15.0a1/20120503030512. See bp-7020727c-fc15-44d9-80f0-d871a2120503 or bp-aa54c713-08f3-4d36-876c-b1f552120509.
Status: RESOLVED → REOPENED
Crash Signature: [@ arena_dalloc | __wrap_free | moz_free | std::__node_alloc::deallocate] → [@ arena_dalloc | __wrap_free | moz_free | std::__node_alloc::deallocate] [@ libmozglue.so@0x889a] [@ libmozglue.so@0x887a] [@ libmozglue.so@0x89c4]
Resolution: WORKSFORME → ---
Summary: crash [@ arena_dalloc | __wrap_free | moz_free | std::__node_alloc::deallocate | std::priv::_String_base<char, std::allocator<char> >::_M_deallocate_block | TCompiler::~TCompiler | TranslatorESSL::~TranslatorESSL | DeleteCompiler] → crash in TCompiler::~TCompiler | TranslatorESSL::~TranslatorESSL | DeleteCompiler
Whiteboard: [mobile-crash] → [mobile-crash][native-crash]
Version: 10 Branch → Trunk
All the crashes in TCompiler / Translator??SL / DeleteCompiler with a stack trace ending somewhere in jemalloc, are very likely duplicates of bug 746794.
Status: REOPENED → RESOLVED
Closed: 13 years ago13 years ago
Resolution: --- → DUPLICATE
I mean, *Android* crashes.
You need to log in before you can comment on or make changes to this bug.