Closed Bug 705695 Opened 8 years ago Closed 8 years ago

array_indexOf hangs found by hang detector

Categories

(Core :: DOM: Core & HTML, defect, critical)

defect
Not set
critical

Tracking

()

RESOLVED INCOMPLETE

People

(Reporter: mccr8, Unassigned)

References

Details

(Keywords: hang, Whiteboard: [Snappy:P1])

Crash Data

This shows up as js::EqualStrings in the hang detector, but in every stack trace I looked at (and I looked at 10 or so), it was being called by array_indexOf, which is a more likely culprit.  I'm not sure if anything can really be done about this.

Some of them had deep stacks, but mostly they looked like this:

0	xul.dll	js::EqualStrings	js/src/jsstr.cpp:3339
1	xul.dll	array_indexOfHelper	js/src/jsarray.cpp:3044
2	xul.dll	array_indexOf	js/src/jsarray.cpp:3065
3	xul.dll	js::InvokeKernel	js/src/jsinterp.cpp:625
4	xul.dll	js_GetMethod	js/src/jsobj.cpp:5867
5	xul.dll	js::Interpret	js/src/jsinterp.cpp:3751

One I saw was during a GC.
Keywords: hang
Crash Signature: [@ chromehang | js::EqualStrings(JSContext*, JSString*, JSString*, int*) ] → [@ chromehang | js::EqualStrings(JSContext*, JSString*, JSString*, int*) ] [@ chromehang | array_indexOfHelper ]
js::StrictlyEqual is another much less common signature that has similar stacks that end in array_indexOf.  Not necessarily string-related.
Crash Signature: [@ chromehang | js::EqualStrings(JSContext*, JSString*, JSString*, int*) ] [@ chromehang | array_indexOfHelper ] → [@ chromehang | js::EqualStrings(JSContext*, JSString*, JSString*, int*) ] [@ chromehang | array_indexOfHelper ] [@ chromehang | js::StrictlyEqual(JSContext*, JS::Value const&, JS::Value const&, int*) ]
array_indexOfHelper contains a JS_CHECK_OPERATION_LIMIT in the central loop.  I strongly suspect this is more of DOMOperationCallback failing to stop the script (bug 699974 and 670183).
Depends on: 670183, 699974
Ah, that makes sense.

It looks like this is a top-ten overall source of "crashes" right now.
GetElement is a fairly uncommon hang, but all instances I found were being called in array_indexOf.
Crash Signature: [@ chromehang | js::EqualStrings(JSContext*, JSString*, JSString*, int*) ] [@ chromehang | array_indexOfHelper ] [@ chromehang | js::StrictlyEqual(JSContext*, JS::Value const&, JS::Value const&, int*) ] → [@ chromehang | js::EqualStrings(JSContext*, JSString*, JSString*, int*) ] [@ chromehang | array_indexOfHelper ] [@ chromehang | js::StrictlyEqual(JSContext*, JS::Value const&, JS::Value const&, int*) ] [@ chromehang | GetElement<unsigned int> ]
Severity: normal → critical
Whiteboard: [Snappy]
Marking P1 because this is a very common source of hangs.  It looks like it could be one of the top 2 or 3 hangs that doesn't involve the file system.
Summary: possible hangs during array_indexOf on strings → array_indexOf hangs found by hang detector
Whiteboard: [Snappy] → [Snappy:P1]
No longer depends on: 670183
Moving to DOM because that's where the work actually happened. Bug 699974 may have fixed this but we are not sure without data.
Assignee: general → nobody
Component: JavaScript Engine → DOM
QA Contact: general → general
This style of hang detector seems to be obsolete, so I think it makes sense to close these hangs, and file new reports for things the new hang detector finds.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → INCOMPLETE
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.