Last Comment Bug 749545 - Crashes and brokenness in WebGL demo
: Crashes and brokenness in WebGL demo
Status: RESOLVED FIXED
:
Product: Core
Classification: Components
Component: Canvas: WebGL (show other bugs)
: unspecified
: ARM Gonk (Firefox OS)
: -- normal (vote)
: ---
Assigned To: Cody Brocious [:Daeken]
:
: Milan Sreckovic [:milan]
Mentors:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2012-04-27 01:46 PDT by Chris Jones [:cjones] inactive; ni?/f?/r? if you need me
Modified: 2012-05-03 18:28 PDT (History)
4 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments

Description Chris Jones [:cjones] inactive; ni?/f?/r? if you need me 2012-04-27 01:46:16 PDT
Recently the gaia "crystalskull" demo stopped working.  Loading it on a b2g-flashed Nexus S results in

E/GeckoConsole(  208): [JavaScript Error: "not well-formed" {file: "http://crystalskull.gaiamobile.org/shaders/Glass.glsl" line: 1 column: 1 source: "// Based on Cg tutorial: http://http.developer.nvidia.com/CgTutorial/cg_tutorial_chapter07.html"}]
F/libc    (  208): Fatal signal 11 (SIGSEGV) at 0xffffffff (code=1)

(the segfault causes b2g to crash and restart.)

The source code for the shader is at

https://github.com/andreasgal/gaia/blob/master/apps/crystalskull/shaders/Glass.glsl

I thought the error might be related to the "//" comment syntax.  Globally changing them to "/* */" makes the crash go away but the demo is still broken.

Sorry, I don't have a regression range.
Comment 1 Matthias Versen [:Matti] 2012-04-27 03:44:20 PDT
Is this the same crash as bug 746794 ?
Comment 2 Benoit Jacob [:bjacob] (mostly away) 2012-04-27 05:54:08 PDT
Can you get a stack for this?

We are supposed to be stripping comments from shader sources before we pass them to any shader compiler. So if the shader compiler complains about a comment, that seems to mean we have a bug there. You could break in WebGLContext::CompileShader and examine the |const char *s| string, it should be free of any comments.

Regarding the origin of the regression, the only thing that I can think of is the latest ANGLE upgrade, bug 734657.
Comment 3 Chris Jones [:cjones] inactive; ni?/f?/r? if you need me 2012-04-27 20:14:24 PDT
(In reply to Matthias Versen (Matti) from comment #1)
> Is this the same crash as bug 746794 ?

Possibly.

(In reply to Benoit Jacob [:bjacob] from comment #2)
> Regarding the origin of the regression, the only thing that I can think of
> is the latest ANGLE upgrade, bug 734657.

The timing seems about right.

Do we run any WebGL tests on android on tinderbox?
Comment 4 Benoit Jacob [:bjacob] (mostly away) 2012-04-28 06:25:13 PDT
(In reply to Chris Jones [:cjones] [:warhammer] from comment #3)
> Do we run any WebGL tests on android on tinderbox?

No. Mark Finkle was looking into this last week.
Comment 5 Chris Jones [:cjones] inactive; ni?/f?/r? if you need me 2012-05-01 02:28:10 PDT
Cody offered to take a vacation from omtc-gonk and look into this ;).
Comment 6 Benoit Jacob [:bjacob] (mostly away) 2012-05-01 05:00:24 PDT
Please retry with the patches from bug 743748 and bug 748654 applied. They landed on inbound yesterday but haven't reached central yet.
Comment 7 Cody Brocious [:Daeken] 2012-05-02 10:26:40 PDT
Just tested with those patches applied and it's still crashing.  I'll get a stacktrace and dig in from there.
Comment 8 Benoit Jacob [:bjacob] (mostly away) 2012-05-02 10:48:47 PDT
Looking back at comment 0. The only reason I can think of for such a JS Error would be if the page tried to run some shader as a JS script. Could happen if <script> mime type maps to javascript. That would then be a JS engine bug. A stack trace would tell.
Comment 9 Chris Jones [:cjones] inactive; ni?/f?/r? if you need me 2012-05-03 18:09:02 PDT
I'm going to close this out, because it's fixed for Gonk.  The problem has been confirmed to be mismatched allocators.  Thanks Cody and Benoit!
Comment 10 Benoit Jacob [:bjacob] (mostly away) 2012-05-03 18:16:54 PDT
That's interesting because other allocator-mismatch crashes are still crashing, see bug 746794. Good to hear that at least some of the crashes are fixed.
Comment 11 Chris Jones [:cjones] inactive; ni?/f?/r? if you need me 2012-05-03 18:26:21 PDT
The mismatches were "fixed" by disabling jemalloc.  This is still a problem for --enable-jemalloc builds.
Comment 12 Chris Jones [:cjones] inactive; ni?/f?/r? if you need me 2012-05-03 18:28:22 PDT
BTW, for the other bugs, if ANGLE is somehow ending up with a link-time dependency on libstdc++ ::operator new or ::operator delete, that would explain the crashes.  The fix would be for us to interpose mozalloc.
Comment 13 Chris Jones [:cjones] inactive; ni?/f?/r? if you need me 2012-05-03 18:28:54 PDT
(Or even better, --wrap those too.  Though that would take some cleverness.)

Note You need to log in before you can comment on or make changes to this bug.