Closed Bug 800944 Opened 12 years ago Closed 12 years ago

crash with "ABORT: If we don't draw a tile we shouldn't have a placeholder there"

Categories

(Core :: Graphics, defect)

Product:
Core
Component:
Graphics
Platform:
ARM
Android
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla19

People

(Reporter: kats, Assigned: BenWa)

References

(
URL
)

Details

Attachments

(1 file)

patch - Fuzzy equal resolution change
2.32 KB, patch
cwiiis
: review+
BenWa
: checkin+
Details | Diff | Splinter Review 
STR:

1. Load build from https://people.mozilla.com/~kgupta/tmp/ioncrash.apk (this is a local debug build of Fennec using m-c code from Oct 11 plus a few unrelated local changes)
2. Start "Fennec kats"
3. Load http://stevelosh.com/blog/2012/10/why-i-two-space/
4. Fling the page to scroll downwards

It crashes either on step 3 or step 4

GDB backtrace:

(gdb) bt
#0  0x5c13e134 in mozalloc_abort (msg=<optimized out>) at /Users/kats/zspace/mozilla-git/memory/mozalloc/mozalloc_abort.cpp:23
#1  0x6482d4ce in Abort (
    aMsg=0x61afef3c "###!!! ABORT: If we don't draw a tile we shouldn't have a placeholder there.: '!newValidRegion.Intersects(tileRect) || !IsPlaceholder(newRetainedTiles. SafeElementAt(index, AsDerived().GetPlaceholderT"...) at /Users/kats/zspace/mozilla-git/xpcom/base/nsDebugImpl.cpp:423
#2  NS_DebugBreak_P (aSeverity=<optimized out>, aStr=0x652444b7 "If we don't draw a tile we shouldn't have a placeholder there.", 
    aExpr=0x652444f6 "!newValidRegion.Intersects(tileRect) || !IsPlaceholder(newRetainedTiles. SafeElementAt(index, AsDerived().GetPlaceholderTile()))", 
    aFile=0x65244429 "/Users/kats/zspace/mozilla-git/gfx/layers/TiledLayerBuffer.h", aLine=359) at /Users/kats/zspace/mozilla-git/xpcom/base/nsDebugImpl.cpp:410
#3  0x648c09a4 in mozilla::layers::TiledLayerBuffer<mozilla::layers::TiledLayerBufferOGL, mozilla::layers::TiledTexture>::Update (this=0x66604b20, aNewValidRegion=..., aPaintRegion=...)
    at /Users/kats/zspace/mozilla-git/gfx/layers/TiledLayerBuffer.h:356
#4  0x648c0c18 in mozilla::layers::TiledLayerBufferOGL::Upload (this=0x66604b20, aMainMemoryTiledBuffer=<optimized out>, aNewValidRegion=..., aInvalidateRegion=..., aResolution=...)
    at /Users/kats/zspace/mozilla-git/gfx/layers/opengl/TiledThebesLayerOGL.cpp:52
#5  0x648c0d12 in mozilla::layers::TiledThebesLayerOGL::ProcessUploadQueue (this=0x66604800) at /Users/kats/zspace/mozilla-git/gfx/layers/opengl/TiledThebesLayerOGL.cpp:185
#6  0x648c0db6 in mozilla::layers::TiledThebesLayerOGL::RenderLayer (this=<optimized out>, aPreviousFrameBuffer=<optimized out>, aOffset=...)
    at /Users/kats/zspace/mozilla-git/gfx/layers/opengl/TiledThebesLayerOGL.cpp:238
#7  0x648b75c0 in mozilla::layers::ContainerRender<mozilla::layers::ShadowContainerLayerOGL> (aContainer=0x66604400, aPreviousFrameBuffer=0, aOffset=..., aManager=0x65bdd200)
    at /Users/kats/zspace/mozilla-git/gfx/layers/opengl/ContainerLayerOGL.cpp:260
#8  0x648b75c0 in mozilla::layers::ContainerRender<mozilla::layers::ShadowContainerLayerOGL> (aContainer=0x66603c00, aPreviousFrameBuffer=0, aOffset=..., aManager=0x65bdd200)
    at /Users/kats/zspace/mozilla-git/gfx/layers/opengl/ContainerLayerOGL.cpp:260
#9  0x648b75c0 in mozilla::layers::ContainerRender<mozilla::layers::ShadowContainerLayerOGL> (aContainer=0x65becc00, aPreviousFrameBuffer=0, aOffset=..., aManager=0x65bdd200)
    at /Users/kats/zspace/mozilla-git/gfx/layers/opengl/ContainerLayerOGL.cpp:260
#10 0x648bc43a in mozilla::layers::LayerManagerOGL::Render (this=0x65bdd200) at /Users/kats/zspace/mozilla-git/gfx/layers/opengl/LayerManagerOGL.cpp:949
#11 0x648bc966 in mozilla::layers::LayerManagerOGL::EndTransaction (this=0x65bdd200, aCallback=0, aCallbackData=0x0, aFlags=<optimized out>)
    at /Users/kats/zspace/mozilla-git/gfx/layers/opengl/LayerManagerOGL.cpp:661
#12 0x648ba468 in mozilla::layers::LayerManagerOGL::EndEmptyTransaction (this=<optimized out>, aFlags=<optimized out>) at /Users/kats/zspace/mozilla-git/gfx/layers/opengl/LayerManagerOGL.cpp:625
#13 0x648cbc34 in Composite (this=0x658e4c00) at /Users/kats/zspace/mozilla-git/gfx/layers/ipc/CompositorParent.cpp:533
#14 mozilla::layers::CompositorParent::Composite (this=0x658e4c00) at /Users/kats/zspace/mozilla-git/gfx/layers/ipc/CompositorParent.cpp:504
#15 0x645f11e6 in DispatchToMethod<ScreenshotRunnable, tag_nsresult (ScreenshotRunnable::*)()> (method=&virtual table offset 204, obj=<optimized out>, arg=...)
    at /Users/kats/zspace/mozilla-git/ipc/chromium/src/base/tuple.h:383
#16 RunnableMethod<ScreenshotRunnable, tag_nsresult (ScreenshotRunnable::*)(), Tuple0>::Run (this=<optimized out>) at /Users/kats/zspace/mozilla-git/ipc/chromium/src/base/task.h:307
#17 0x648549ce in MessageLoop::RunTask (this=0x61affddc, task=0x61e203c0) at /Users/kats/zspace/mozilla-git/ipc/chromium/src/base/message_loop.cc:333
#18 0x64855574 in MessageLoop::DeferOrRunPendingTask (this=<optimized out>, pending_task=...) at /Users/kats/zspace/mozilla-git/ipc/chromium/src/base/message_loop.cc:341
#19 0x6485687a in DoWork (this=<optimized out>) at /Users/kats/zspace/mozilla-git/ipc/chromium/src/base/message_loop.cc:441
#20 MessageLoop::DoWork (this=0x61affddc) at /Users/kats/zspace/mozilla-git/ipc/chromium/src/base/message_loop.cc:420
#21 0x64856ae8 in base::MessagePumpDefault::Run (this=0x61940d20, delegate=0x61affddc) at /Users/kats/zspace/mozilla-git/ipc/chromium/src/base/message_pump_default.cc:23
#22 0x64854b4a in MessageLoop::RunInternal (this=0x61affddc) at /Users/kats/zspace/mozilla-git/ipc/chromium/src/base/message_loop.cc:215
#23 0x64854ba8 in RunHandler (this=0x61affddc) at /Users/kats/zspace/mozilla-git/ipc/chromium/src/base/message_loop.cc:208
#24 MessageLoop::Run (this=0x61affddc) at /Users/kats/zspace/mozilla-git/ipc/chromium/src/base/message_loop.cc:182
#25 0x6485ec64 in base::Thread::ThreadMain (this=0x61937cd0) at /Users/kats/zspace/mozilla-git/ipc/chromium/src/base/thread.cc:156
#26 0x6486b6aa in ThreadFunc (closure=<optimized out>) at /Users/kats/zspace/mozilla-git/ipc/chromium/src/base/platform_thread_posix.cc:39
#27 0x4005dbb4 in pthread_mutex_lock_timeout_np () from /Users/kats/android/jdb/moz-gdb/lib/01466E640801401C/system/lib/libc.so
#28 0x00000000 in ?? ()
Blocks: 771219
Blocks: 795259
I keep hitting this crash and it's quite annoying. If you have a patch that adds additional debug/logging feel free to send it my way and I can run with it.
This assertion is getting bit because the tile store extracts a tile that TiledThebesLayerOGL expects to reuse for valid content. Disabling the tile store makes this assertion go away.

I'm testing with Chris's latest changes in bug 796117.
No, it doesn't fix it. I'm looking into if/why tiles get recycled when they are still needed.
Problem is this line:
http://mxr.mozilla.org/mozilla-central/source/gfx/layers/opengl/ReusableTileStoreOGL.cpp#180

We hit this while panning and not changing resolution which isn't expected causing us to recycle tiles that will be referenced.

        Attachment #676628 -
        Flags: review?(chrislord.net)

    
    

    
  
Comment on attachment 676628 [details] [diff] [review]
patch - Fuzzy equal resolution change

Review of attachment 676628 [details] [diff] [review]:
-----------------------------------------------------------------

Looks good to me, thanks :)

        Attachment #676628 -
        Flags: review?(chrislord.net) → review+

    
    

    
  
inbound is closed, wait to land.
Keywords: checkin-needed

    
  
Keywords: checkin-needed

    
    

    
  
https://hg.mozilla.org/mozilla-central/rev/aee89ed25585
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla19

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: