Closed Bug 795150 Opened 7 years ago Closed 7 years ago
Monkey: Crash in Test Should DOMCall
While opening the Gecko Profiler page, I got a crash on a NULL pointer access in TestShouldDOMCall. My crash report: https://crash-stats.mozilla.com/report/index/57292627-7595-4ebc-8df3-933c72120927 Offending line: http://hg.mozilla.org/mozilla-central/annotate/b038e9e2023f/js/src/ion/IonBuilder.cpp#l5550
Based on a comment, I found an URL that crashes Firefox. More reports at: https://crash-stats.mozilla.com/report/list?signature=TestShouldDOMCall
Eric, does anything obvious stick out here? Since it's a NPE, might be easy to tell from the crashing line and source code.
Uh, looks like It's executing in a runtime without any DOM stuff executing? Those callbacks are set in nsJSRuntime::Init().
I hear this crash happens in the profiler? Does the profiler run things under strangely initialized JSRuntimes?
So, after a little more digging, I discovered the root of the problem. We were compiling on a worker thread, which didn't have the callbacks. Normally, for various reasons, the callbacks that run on the main thread are not installed for workers, but in this case, it should be safe to do so. Rather than have the optimization only work on the main thread, we have added the appropriate callback to worker thread JSRuntimes. The pdf of the paper in that link now loads nicely.
Assignee: general → efaustbmo
Status: NEW → ASSIGNED
Attachment #667512 - Flags: review?(bzbarsky)
Comment on attachment 667512 [details] [diff] [review] Fix r=me
Attachment #667512 - Flags: review?(bzbarsky) → review+
https://hg.mozilla.org/mozilla-central/rev/e9633e93b7e2 Should this have a crashtest?
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla18
You need to log in before you can comment on or make changes to this bug.