Closed
Bug 706281
Opened 13 years ago
Closed 13 years ago
Cycle collector unlinks nsDOMStringMap twice with weak map, dataset
Categories
(Core :: XPCOM, defect)
Tracking
()
RESOLVED
WONTFIX
People
(Reporter: jruderman, Assigned: mccr8)
References
Details
(Keywords: testcase)
Crash Data
Attachments
(2 files)
1. Load the testcase
2. Quit Firefox
or
1. Load the testcase
2. Close the testcase
3. Force cycle collection once or twice
Result: Crash [@ nsGenericHTMLElement::ClearDataset]
This might be a regression from bug 668855.
|
Reporter | |
Comment 1•13 years ago
|
||
|
Assignee | |
Updated•13 years ago
|
Assignee: nobody → continuation
|
|
Assignee | |
Comment 2•13 years ago
|
||
Doesn't reproduce for me with 80675:5fd08d019d7d which is from a day before bug 668855 landed. I'll update and try again.
|
|
Assignee | |
Comment 3•13 years ago
|
||
This actually looks like a dupe of bug 669903, though they didn't have a testcase for it.
|
|
Assignee | |
Comment 4•13 years ago
|
||
And they have a patch, but it looks like they didn't really understand why a null check was needed. I'll look into this.
|
|
Assignee | |
Updated•13 years ago
|
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → DUPLICATE
|
|
Assignee | |
Comment 6•13 years ago
|
||
Hmm. Maybe I should undup this. There's two problems in your test. The first is that the double unlink crashes, the second is that there's a double unlink at all. We can leave the other bug as a fix for the former. I'll look into the latter.
Status: RESOLVED → REOPENED
Resolution: DUPLICATE → ---
|
|
Reporter | |
Updated•13 years ago
|
Summary: Cycle collector crash with weak map, dataset property → Cycle collector unlinks nsDOMStringMap twice with weak map, dataset
|
|
Assignee | |
Comment 7•13 years ago
|
||
So, like I said in the other patch, double unlinks will happen any time an object is wrapped, and there are two cycle collections in a row without a GC in between.
I think my WeakMap patch is just causing wrapped natives to not be released properly, so this can be hit even if the CC doesn't run twice in a row. I'm not really sure why that is, but bug 680937 seems to fix this, in that it makes wrapped natives actually be released in a timely fashion.
More broadly, I'm wondering how we can test for double unlinks that don't survive being done twice in a row. I filed bug 708480 for that.
Depends on: 680937
|
|
Assignee | |
Comment 8•13 years ago
|
||
I think this is probably okay. Wrapped natives just get unlinked twice. Weak maps may just make it easier to trigger these.
Status: REOPENED → RESOLVED
Closed: 13 years ago → 13 years ago
Resolution: --- → FIXED
|
|
Assignee | |
Updated•13 years ago
|
Resolution: FIXED → WORKSFORME
|
|
Reporter | |
Updated•13 years ago
|
Resolution: WORKSFORME → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•