Closed Bug 822831 Opened 8 years ago Closed 8 years ago
Crash in JS::Enter
Assert No GCScope when profiling JS in debug build
Running a current Trunk build, with build options: ac_add_options --enable-debug ac_add_options --disable-optimize ac_add_options --enable-chrome-format=symlink ac_add_options --enable-tests ac_add_options --enable-profiling export MOZ_DEBUG_SYMBOLS=1 CC=clang CXX=clang++ Notably, both debug and profiling enabled. Installed BenWa's profiler extension and enabled JS profiling. FF crashes shortly after starting. Running under a debugger, I get a backtrace on SamplerThread: Thread 22 SamplerThread, Queue : (null) #0 0x0000000104665b50 in JS::EnterAssertNoGCScope() at /Users/ireid/tbird/mozilla-central/js/src/jsapi.cpp:689 #1 0x00000001046a8261 in js::Unrooted<JSScript*>::Unrooted(JSScript* const&) at /Users/ireid/tbird/mozilla-central/js/src/gc/Root.h:458 #2 0x00000001046a81dd in js::Unrooted<JSScript*>::Unrooted(JSScript* const&) at /Users/ireid/tbird/mozilla-central/js/src/gc/Root.h:459 #3 0x0000000104727636 in js::ProfilingGetPC(JSRuntime*, JSScript*, void*) at /Users/ireid/tbird/mozilla-central/js/src/jsfriendapi.cpp:951 #4 0x00000001031165b1 in addProfileEntry at /Users/ireid/tbird/mozilla-central/tools/profiler/TableTicker.cpp:750 #5 0x000000010311635d in TableTicker::doBacktrace(ThreadProfile&, TickSample*) at /Users/ireid/tbird/mozilla-central/tools/profiler/TableTicker.cpp:873 #6 0x000000010311681b in TableTicker::Tick(TickSample*) at /Users/ireid/tbird/mozilla-central/tools/profiler/TableTicker.cpp:948 #7 0x00000001031143cb in SamplerThread::SampleContext(Sampler*) at /Users/ireid/tbird/mozilla-central/tools/profiler/platform-macos.cc:273 #8 0x0000000103114261 in SamplerThread::Run() at /Users/ireid/tbird/mozilla-central/tools/profiler/platform-macos.cc:227 #9 0x00000001031139af in ThreadEntry at /Users/ireid/tbird/mozilla-central/tools/profiler/platform-macos.cc:135 #10 0x00007fff883ab8bf in _pthread_start () #11 0x00007fff883aeb75 in thread_start ()
This is easy to reproduce. Any chance you could take a look? Perhaps it's related to our hard to reproduce crashes on optimized builds.
Assignee: nobody → general
Terrence or Steve, can you guys take a look? It seems like we haven't initialized the TLS on the profiler thread.
Bill has the right of it: we absolutely must not use any of our Rooted / Unrooted / AssertCanGC / AutoAssertNoGC primitives from the background profiling thread. The problem is that it is very hard for people not terribly familiar with the profiler, such as myself, to tell what SM code might get called from this thread. The solution here is to just remove the above primitives from this code path.
I think those points should be only ProfilingGetPC and JS_PCToLineNumber. Note that not only are these called from the profiler thread but they are called from a signal. This means they have to be signal safe and re-entrant (no malloc).
Attachment #693695 - Flags: review?(wmccloskey) → review+
Backed out for bustage. https://hg.mozilla.org/integration/mozilla-inbound/rev/86a66542eaaf https://tbpl.mozilla.org/php/getParsedLog.php?id=18076481&tree=Mozilla-Inbound jscompartment.cpp In file included from ../../../js/src/jsscript.h:13:0, from ../../../js/src/vm/SPSProfiler.h:17, from ../../../js/src/jscntxt.h:35, from ../../../js/src/jsalloc.cpp:9: ../../../js/src/jsdbgapi.h:146:34: error: 'RawScript' has not been declared etc...
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla20
You need to log in before you can comment on or make changes to this bug.