Closed
Bug 71237
Opened 23 years ago
Closed 23 years ago
Prefs engine needs to keep ref to JSRuntimeService.
Categories
(SeaMonkey :: Preferences, defect, P2)
Tracking
(Not tracked)
VERIFIED
FIXED
mozilla0.9
People
(Reporter: jesup, Assigned: shaver)
Details
(Keywords: crash)
Attachments
(4 files)
9.79 KB,
text/plain
|
Details | |
719 bytes,
patch
|
Details | Diff | Splinter Review | |
6.06 KB,
patch
|
Details | Diff | Splinter Review | |
6.05 KB,
patch
|
Details | Diff | Splinter Review |
FreeBSD 4.1 20010306xx pull/build Closed the mozilla window. Crashed apparently due to a JS lock having been already freed. See attachment.
Reporter | ||
Comment 1•23 years ago
|
||
Comment 2•23 years ago
|
||
I'm guessing from the stack trace that this should go to the Preferences component. Reassignig. cc'ing Brendan and jband in case I'm wrong about this. This stack trace is one I've never seen before. Randell, does this happen every time you close the Mozilla window? Or are there any specific steps leading up to this that are necessary to reproduce the crash?
Assignee: rogerl → matt
Component: Javascript Engine → Preferences
Keywords: crash
QA Contact: pschwartau → sairuh
Comment 3•23 years ago
|
||
cc'ing self -
Comment 4•23 years ago
|
||
Yes, this is a prefs bug. It is destroying a JSContext after the JSRuntime has been destroyed. The prefs service should be holding a reference to the JSRuntime service to keep it from shutting down before the prefs service is done with the JSRuntime.
Assignee | ||
Comment 5•23 years ago
|
||
I'll take this.
Assignee: matt → shaver
Severity: normal → major
OS: FreeBSD → All
Priority: -- → P2
Target Milestone: --- → mozilla0.9
Assignee | ||
Comment 6•23 years ago
|
||
Sadly, it doesn't look like people have to keep the prefs service alive the whole time either. Could get ugly in here.
Status: NEW → ASSIGNED
Summary: Crash on exit due to rt->rtLock having been deallocated → Prefs engine needs to keep ref to JSRuntimeService.
Comment 7•23 years ago
|
||
Better to leak a JSContext at shutdown then crash. Prefs needs to at least *ask* for the JS runtime service before whacking the JSContext. It can let the JSContext leak if the service manager refused to give up the runtime service (i.e. it has *already* leaked).
Assignee | ||
Comment 8•23 years ago
|
||
But that doesn't help us in the case where we bounce off of zero refs and restart the service, does it? I guess I could check that the new runtime == cx->runtime, and just hope that we didn't get a new reallocation in the same spot. Someone's going to rewrite all of prefs, right?
Assignee | ||
Comment 9•23 years ago
|
||
Comment 10•23 years ago
|
||
We never bounce off of zero refs and restart the service. The serive makes an extra reference to itself that is destoryed in its module shutdown. The service manager is also holding a ref. Module shutdown happens only in service manager shutdown - during and after which time the service manager will refuse requests. So, the service will neither prematurely die nor be brought back to life (with a new JSRuntime!). Any violation of these rules is a bug to be fixed without delay.
Assignee | ||
Comment 11•23 years ago
|
||
So should I take that rt == check out, or will you give me review love for what's posted?
Assignee | ||
Comment 12•23 years ago
|
||
Assignee | ||
Comment 13•23 years ago
|
||
This patch makes prefs compile warning-free, removes a particularily egregious piece of classic-era code (FE_Confirm? _JSDecoder_?), sprinkles requests around and actually compiles. Also makes a mean cup of coffee.
Assignee | ||
Comment 14•23 years ago
|
||
Assignee | ||
Comment 15•23 years ago
|
||
And _this_ patch doesn't crash at startup because of a braino. I see the runtime-mismatch warning at shutdown, so I think we're really averting a crash here. If the code paths into PREF_CleanupPrefs (including the one from PREF_PrefCleanup!) weren't so incredibly many and twisted, I'd fix this routine up to take a JSRuntime * and only destroy the context if we have one, but since bnesse is rewriting this stuff _anyway_, I think this bandaid will get us through. Do we want to take this for 0.8.1?
Assignee | ||
Comment 16•23 years ago
|
||
Moving this back to 0.8.1, now that it's on the drivers' radar.
Target Milestone: mozilla0.9 → mozilla0.8.1
Comment 17•23 years ago
|
||
Looks good to me, r/sr=brendan@mozilla.org. I'm filing a spin-off bug 72552 about excessive CHECK_REQUEST macro calls in jsapi.c (the one in JS_SetErrorReporter will bite this bug's patch). /be
Comment 18•23 years ago
|
||
I guess this looks ok, but I don't understand the JS_Begin/EndRequest stuff... why do we need it?
Comment 19•23 years ago
|
||
The JS engine, when compiled with JS_THREADSAFE defined and used in a multi-threaded embedding, requires users to bracket maximal non-blocking batches of API calls and intermingled native code with Requests. These serve two needs in the current engine: (1) Requests prevent the JS GC from racing badly with engine code in the API entry points and in the JS compiler where unrooted atoms and objects are held by weak (C) refs. The embedding is responsible for calling the GC often enough, but it need not worry about races if it brackets API calls with requests. (2) Requests help avoid *any* locking overhead for objects (scopes, actually) that are used by at most one request-thread at a time. This lock-free scope synchronization feature is a huge win in terms of thread-safe JS performance: in common cases, JS runs as fast MT as ST. See bug 54743. /be
Comment 20•23 years ago
|
||
ok, if you say so.. I still maintain that prefs should not be used in a multi-threaded way, but if there's no performance loss, then s/r=alecf. adding bnesse so that when he updates his tree he doesn't wonder what the heck this is for
Comment 21•23 years ago
|
||
alecf: you can maintain what should be, but there are no runtime checks or even assertions (right?) to the contrary, and the plugin API in particular seems likely to lead to control flow on several threads reaching the prefs code. If prefs is getting a rewrite, will it be thread-safe? If not, it had better insist that it's running only on the main thread. /be
Comment 22•23 years ago
|
||
true enough. but the prefs API itself is not being exposed to plugins, at least I hope not - the prefs API should only be exposed to the capabilities library, which should ensure that it's accessing prefs from the right thread... the only people accessing the prefs API should be mozilla itself and embedding, and so embedding is the only consumer which should know about the thread-unsafeness.
Comment 23•23 years ago
|
||
oops, that meant 'r=alecf'
Assignee | ||
Comment 24•23 years ago
|
||
Thanks, all. It's in on the branch, so I'm moving the milestone and waiting to hit the trunk (if and when we see some green).
Target Milestone: mozilla0.8.1 → mozilla0.9
Assignee | ||
Comment 25•23 years ago
|
||
This patch, provided by dbaron after mad minutes trying to figure out why I busted prefs on the branch, fixes evil. Turns out that PREF_Init is being called multiple times, and the previous patch had us failing (falsely) on every call after the first. My bad. Thanks, David. Index: prefapi.c =================================================================== RCS file: /cvsroot/mozilla/modules/libpref/src/prefapi.c,v retrieving revision 3.86.8.1 diff -u -d -u -1 -r3.86.8.1 prefapi.c --- prefapi.c 2001/03/20 01:14:12 3.86.8.1 +++ prefapi.c 2001/03/20 04:07:05 @@ -274,3 +274,3 @@ { - PRBool ok = PR_FALSE, request = PR_FALSE; + PRBool ok = PR_TRUE, request = PR_FALSE; extern JSRuntime* PREF_GetJSRuntime(void); @@ -289,2 +289,3 @@ { + ok = PR_FALSE; gMochaContext = JS_NewContext(gMochaTaskState, 8192);
Assignee | ||
Comment 26•23 years ago
|
||
In the tip.
Status: ASSIGNED → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
Updated•20 years ago
|
Product: Browser → Seamonkey
You need to log in
before you can comment on or make changes to this bug.
Description
•