Closed Bug 703656 Opened 13 years ago Closed 13 years ago

Attempt to use JS function on a different thread calling nsIWebProgressListener.onStateChange & nsIDOMEventListener.handleEvent results in crash

Categories

(Firefox for Android Graveyard :: General, defect, P2)

Product:
Firefox for Android Graveyard
Component:
General
Platform:
ARM
Android
Type:
defect

Tracking

(firefox11 fixed, fennec11+)

Status:
RESOLVED FIXED
Tracking Flags:
Tracking Status
firefox11 --- fixed
fennec 11+ ---

People

(Reporter: aaronmt, Assigned: sriram)

References

(
URL
)

Details

(Keywords: crash, reproducible, Whiteboard: [native-crash:P1])

Crash Data

Attachments

(1 file)

Patch
6.14 KB, patch
mfinkle
: review+
Details | Diff | Splinter Review 
E/GeckoConsole( 2909): Attempt to use JS function on a different thread calling nsIWebProgressListener.onStateChange. JS objects may not be shared across threads.
E/GeckoConsole( 2909): Attempt to use JS function on a different thread calling nsIDOMEventListener.handleEvent. JS objects may not be shared across threads.
W/InputConnectionWrapper.ICC(  188): Timed out waiting on IInputContextCallback
I/ActivityManager(  110): Process org.mozilla.fennec (pid 2909) has died.
D/Zygote  (   75): Process 2909 exited cleanly (1)
I/WindowManager(  110): WIN DEATH: Window{40b89098 SurfaceView paused=false}
I/WindowManager(  110): WIN DEATH: Window{40553400 org.mozilla.fennec/org.mozilla.fennec.App paused=false}
I/InputDispatcher(  110): Dropping event because there is no touched window or focused application.
I/WindowManager(  110): WIN DEATH: Window{408f9440 org.mozilla.fennec/org.mozilla.gecko.TabsTray paused=false}


STR: 

1. Open two tabs with different pages
2. Reload a single tab, and during reload switch to the other tab

--
Samsung Nexus S (Android 2.3.6)
20111118040220
http://hg.mozilla.org/projects/birch/rev/9999a423d8ab
Assignee: nobody → sriram
(In reply to Naoki Hirata :nhirata from comment #2)
> similar steps to bug 702619?

Nope, much simpler ala comment #0.
Priority: -- → P2
Setting to end user priority P1; STR available
Whiteboard: [native-crash] → [native-crash:P1]
Crash Signature: __futex_syscall3 → [@ __futex_syscall3 ]
Attached patch PatchSplinter Review 
The problem is not with "JS objects accessed in wrong thread" or "TabsTray". I narrowed down the problem to allocation of "ArrayListIterator" and "Rect" in TileLayer.java. The number of objects created for tab switching increases very fast, causing all background processes to be killed by android one by one. This can be seen in the logs. Once android runs out of heap (even after killing background processes), it eventually kills the Fennec application. The GL layer needs to be optimized to fix this issue.

Also, I've optimized TabsTray to use less memory when shown. The OnClickListeners are reused between each row in the list. To ensure the selected tab is in bold, the view needs to be read from XML every time a row is created. This is a bottleneck. Though this can cause memory issues, I didn't find any with it in AllocationTracker in DDMS tool -- mostly because the number of list entries is minimal and the lifespan of TabsTray is small (also GC is called once activity finishes).

Bug 704162, bug 704232 are all related to the same issue of "switching tabs".
Bug 704575 is tracking the dirty rectangle problem.
Attachment #576229 - Flags: review?(mark.finkle)
Comment on attachment 576229 [details] [diff] [review]
Patch

These changes look good and if they save some memory, we should do it. The changes are not insane.
Attachment #576229 - Flags: review?(mark.finkle) → review+
https://hg.mozilla.org/projects/birch/rev/fd9726529749
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
tracking-fennec: --- → 11+
Product: Firefox for Android → Firefox for Android Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: