The default bug view has changed. See this FAQ.

Crashes and brokenness in WebGL demo

RESOLVED FIXED

Status

()

Core
Canvas: WebGL
RESOLVED FIXED
5 years ago
5 years ago

People

(Reporter: cjones, Assigned: Daeken)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

Recently the gaia "crystalskull" demo stopped working.  Loading it on a b2g-flashed Nexus S results in

E/GeckoConsole(  208): [JavaScript Error: "not well-formed" {file: "http://crystalskull.gaiamobile.org/shaders/Glass.glsl" line: 1 column: 1 source: "// Based on Cg tutorial: http://http.developer.nvidia.com/CgTutorial/cg_tutorial_chapter07.html"}]
F/libc    (  208): Fatal signal 11 (SIGSEGV) at 0xffffffff (code=1)

(the segfault causes b2g to crash and restart.)

The source code for the shader is at

https://github.com/andreasgal/gaia/blob/master/apps/crystalskull/shaders/Glass.glsl

I thought the error might be related to the "//" comment syntax.  Globally changing them to "/* */" makes the crash go away but the demo is still broken.

Sorry, I don't have a regression range.
Is this the same crash as bug 746794 ?
Can you get a stack for this?

We are supposed to be stripping comments from shader sources before we pass them to any shader compiler. So if the shader compiler complains about a comment, that seems to mean we have a bug there. You could break in WebGLContext::CompileShader and examine the |const char *s| string, it should be free of any comments.

Regarding the origin of the regression, the only thing that I can think of is the latest ANGLE upgrade, bug 734657.
(In reply to Matthias Versen (Matti) from comment #1)
> Is this the same crash as bug 746794 ?

Possibly.

(In reply to Benoit Jacob [:bjacob] from comment #2)
> Regarding the origin of the regression, the only thing that I can think of
> is the latest ANGLE upgrade, bug 734657.

The timing seems about right.

Do we run any WebGL tests on android on tinderbox?
(In reply to Chris Jones [:cjones] [:warhammer] from comment #3)
> Do we run any WebGL tests on android on tinderbox?

No. Mark Finkle was looking into this last week.
Cody offered to take a vacation from omtc-gonk and look into this ;).
Assignee: nobody → cbrocious
Please retry with the patches from bug 743748 and bug 748654 applied. They landed on inbound yesterday but haven't reached central yet.
(Assignee)

Comment 7

5 years ago
Just tested with those patches applied and it's still crashing.  I'll get a stacktrace and dig in from there.
Looking back at comment 0. The only reason I can think of for such a JS Error would be if the page tried to run some shader as a JS script. Could happen if <script> mime type maps to javascript. That would then be a JS engine bug. A stack trace would tell.
I'm going to close this out, because it's fixed for Gonk.  The problem has been confirmed to be mismatched allocators.  Thanks Cody and Benoit!
Status: NEW → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → FIXED
That's interesting because other allocator-mismatch crashes are still crashing, see bug 746794. Good to hear that at least some of the crashes are fixed.
The mismatches were "fixed" by disabling jemalloc.  This is still a problem for --enable-jemalloc builds.
BTW, for the other bugs, if ANGLE is somehow ending up with a link-time dependency on libstdc++ ::operator new or ::operator delete, that would explain the crashes.  The fix would be for us to interpose mozalloc.
(Or even better, --wrap those too.  Though that would take some cleverness.)
You need to log in before you can comment on or make changes to this bug.