Closed Bug 749545 Opened 9 years ago Closed 9 years ago

Crashes and brokenness in WebGL demo

Categories

(Core :: Canvas: WebGL, defect)

ARM
Gonk (Firefox OS)
defect
Not set
normal

Tracking

()

RESOLVED FIXED

People

(Reporter: cjones, Assigned: Daeken)

Details

Recently the gaia "crystalskull" demo stopped working.  Loading it on a b2g-flashed Nexus S results in

E/GeckoConsole(  208): [JavaScript Error: "not well-formed" {file: "http://crystalskull.gaiamobile.org/shaders/Glass.glsl" line: 1 column: 1 source: "// Based on Cg tutorial: http://http.developer.nvidia.com/CgTutorial/cg_tutorial_chapter07.html"}]
F/libc    (  208): Fatal signal 11 (SIGSEGV) at 0xffffffff (code=1)

(the segfault causes b2g to crash and restart.)

The source code for the shader is at

https://github.com/andreasgal/gaia/blob/master/apps/crystalskull/shaders/Glass.glsl

I thought the error might be related to the "//" comment syntax.  Globally changing them to "/* */" makes the crash go away but the demo is still broken.

Sorry, I don't have a regression range.
Is this the same crash as bug 746794 ?
Can you get a stack for this?

We are supposed to be stripping comments from shader sources before we pass them to any shader compiler. So if the shader compiler complains about a comment, that seems to mean we have a bug there. You could break in WebGLContext::CompileShader and examine the |const char *s| string, it should be free of any comments.

Regarding the origin of the regression, the only thing that I can think of is the latest ANGLE upgrade, bug 734657.
(In reply to Matthias Versen (Matti) from comment #1)
> Is this the same crash as bug 746794 ?

Possibly.

(In reply to Benoit Jacob [:bjacob] from comment #2)
> Regarding the origin of the regression, the only thing that I can think of
> is the latest ANGLE upgrade, bug 734657.

The timing seems about right.

Do we run any WebGL tests on android on tinderbox?
(In reply to Chris Jones [:cjones] [:warhammer] from comment #3)
> Do we run any WebGL tests on android on tinderbox?

No. Mark Finkle was looking into this last week.
Cody offered to take a vacation from omtc-gonk and look into this ;).
Assignee: nobody → cbrocious
Please retry with the patches from bug 743748 and bug 748654 applied. They landed on inbound yesterday but haven't reached central yet.
Just tested with those patches applied and it's still crashing.  I'll get a stacktrace and dig in from there.
Looking back at comment 0. The only reason I can think of for such a JS Error would be if the page tried to run some shader as a JS script. Could happen if <script> mime type maps to javascript. That would then be a JS engine bug. A stack trace would tell.
I'm going to close this out, because it's fixed for Gonk.  The problem has been confirmed to be mismatched allocators.  Thanks Cody and Benoit!
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
That's interesting because other allocator-mismatch crashes are still crashing, see bug 746794. Good to hear that at least some of the crashes are fixed.
The mismatches were "fixed" by disabling jemalloc.  This is still a problem for --enable-jemalloc builds.
BTW, for the other bugs, if ANGLE is somehow ending up with a link-time dependency on libstdc++ ::operator new or ::operator delete, that would explain the crashes.  The fix would be for us to interpose mozalloc.
(Or even better, --wrap those too.  Though that would take some cleverness.)
You need to log in before you can comment on or make changes to this bug.