Closed
Bug 822831
Opened 12 years ago
Closed 12 years ago
Crash in JS::EnterAssertNoGCScope when profiling JS in debug build
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
FIXED
mozilla20
People
(Reporter: Irving, Assigned: sfink)
References
Details
Attachments
(1 file)
|
5.35 KB,
patch
|
billm
:
review+
sfink
:
checkin+
|
Details | Diff | Splinter Review |
Running a current Trunk build, with build options: ac_add_options --enable-debug ac_add_options --disable-optimize ac_add_options --enable-chrome-format=symlink ac_add_options --enable-tests ac_add_options --enable-profiling export MOZ_DEBUG_SYMBOLS=1 CC=clang CXX=clang++ Notably, both debug and profiling enabled. Installed BenWa's profiler extension and enabled JS profiling. FF crashes shortly after starting. Running under a debugger, I get a backtrace on SamplerThread: Thread 22 SamplerThread, Queue : (null) #0 0x0000000104665b50 in JS::EnterAssertNoGCScope() at /Users/ireid/tbird/mozilla-central/js/src/jsapi.cpp:689 #1 0x00000001046a8261 in js::Unrooted<JSScript*>::Unrooted(JSScript* const&) at /Users/ireid/tbird/mozilla-central/js/src/gc/Root.h:458 #2 0x00000001046a81dd in js::Unrooted<JSScript*>::Unrooted(JSScript* const&) at /Users/ireid/tbird/mozilla-central/js/src/gc/Root.h:459 #3 0x0000000104727636 in js::ProfilingGetPC(JSRuntime*, JSScript*, void*) at /Users/ireid/tbird/mozilla-central/js/src/jsfriendapi.cpp:951 #4 0x00000001031165b1 in addProfileEntry at /Users/ireid/tbird/mozilla-central/tools/profiler/TableTicker.cpp:750 #5 0x000000010311635d in TableTicker::doBacktrace(ThreadProfile&, TickSample*) at /Users/ireid/tbird/mozilla-central/tools/profiler/TableTicker.cpp:873 #6 0x000000010311681b in TableTicker::Tick(TickSample*) at /Users/ireid/tbird/mozilla-central/tools/profiler/TableTicker.cpp:948 #7 0x00000001031143cb in SamplerThread::SampleContext(Sampler*) at /Users/ireid/tbird/mozilla-central/tools/profiler/platform-macos.cc:273 #8 0x0000000103114261 in SamplerThread::Run() at /Users/ireid/tbird/mozilla-central/tools/profiler/platform-macos.cc:227 #9 0x00000001031139af in ThreadEntry at /Users/ireid/tbird/mozilla-central/tools/profiler/platform-macos.cc:135 #10 0x00007fff883ab8bf in _pthread_start () #11 0x00007fff883aeb75 in thread_start ()
|
||
Comment 1•12 years ago
|
||
This is easy to reproduce. Any chance you could take a look? Perhaps it's related to our hard to reproduce crashes on optimized builds.
|
|
||
Updated•12 years ago
|
Assignee: nobody → general
Component: Gecko Profiler → JavaScript Engine
Terrence or Steve, can you guys take a look? It seems like we haven't initialized the TLS on the profiler thread.
|
||
Comment 3•12 years ago
|
||
Bill has the right of it: we absolutely must not use any of our Rooted / Unrooted / AssertCanGC / AutoAssertNoGC primitives from the background profiling thread. The problem is that it is very hard for people not terribly familiar with the profiler, such as myself, to tell what SM code might get called from this thread. The solution here is to just remove the above primitives from this code path.
|
|
||
Comment 4•12 years ago
|
||
I think those points should be only ProfilingGetPC and JS_PCToLineNumber. Note that not only are these called from the profiler thread but they are called from a signal. This means they have to be signal safe and re-entrant (no malloc).
|
Assignee | |
Comment 5•12 years ago
|
||
Attachment #693695 -
Flags: review?(wmccloskey)
|
|
Assignee | |
Updated•12 years ago
|
Assignee: general → sphink
Attachment #693695 -
Flags: review?(wmccloskey) → review+
|
|
Assignee | |
Updated•12 years ago
|
Attachment #693695 -
Flags: checkin+
|
|
Assignee | |
Comment 6•12 years ago
|
||
http://hg.mozilla.org/integration/mozilla-inbound/rev/f7fee43555d8
|
||
Comment 7•12 years ago
|
||
Backed out for bustage. https://hg.mozilla.org/integration/mozilla-inbound/rev/86a66542eaaf https://tbpl.mozilla.org/php/getParsedLog.php?id=18076481&tree=Mozilla-Inbound jscompartment.cpp In file included from ../../../js/src/jsscript.h:13:0, from ../../../js/src/vm/SPSProfiler.h:17, from ../../../js/src/jscntxt.h:35, from ../../../js/src/jsalloc.cpp:9: ../../../js/src/jsdbgapi.h:146:34: error: 'RawScript' has not been declared etc...
|
|
Assignee | |
Comment 8•12 years ago
|
||
Attempt 2: http://hg.mozilla.org/integration/mozilla-inbound/rev/5718a26eb442
|
|
||
Comment 9•12 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/5718a26eb442
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla20
You need to log in
before you can comment on or make changes to this bug.
Description
•