Closed Bug 832812 Opened 12 years ago Closed 12 years ago

Profiler crashes in Box2D demo

Categories

(Core :: JavaScript Engine, defect, P2)

Product:
Core
Component:
JavaScript Engine
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla21

People

(Reporter: azakai, Assigned: billm)

References

(
URL
)

Details

(Keywords: crash)

Crash Data

Attachments

(1 file)

workaround
1.63 KB, patch
dvander
: review+
Details | Diff | Splinter Review
Assignee: nobody → anton
Priority: -- → P2
On Windows: bp-82fed63c-7318-4864-8ede-66d262130121.
URL: http://syntensity.com/static/box2d.html
Severity: normal → critical
Crash Signature: [@ JSContext::malloc_(unsigned int)] [@ js::Vector<wchar_t, int, js::ContextAllocPolicy>::convertToHeapStorage(unsigned int)]
Keywords: crash, reproducible
OS: Linux → All
Hardware: x86 → All
I checked it with Gecko Profiler addon and couldn't reproduce the crash. So it seems to be specific either to some specific flags we use or, less likely, our profiler UI. Will be posting updates as I go.
Which Firefox versions does this affect?
I saw the crash on nightly. I think the profiler is present only there?
Yes, current Nightly. Also, a couple of meetings ago we decided to pref the Profiler off for the upcoming release. Curiously enough, I was playing with this bug yesterday and after some time it stopped being reproducible. Not sure what caused it.
Keywords: reproducible
I just hit this crash, didn't have the devtools profiler running, but I do have the profiler add-on installed and it now does periodic updates to the server as I understand it.
As far as the JS engine is concerned the profiler add-on or the devtools profiler are identical. They both use a single toggle option.
Component: Developer Tools: Profiler → JavaScript Engine
Product: Firefox → Core
My crash report lead me to this bug. Yesterday Firefox would crash whenever I went to the mozilla.dev.platform Google group. On today's Nightly (just updated) it hasn't happened yet so far though. Example report: https://crash-stats.mozilla.com/report/index/8e3f697c-077a-4093-b9ec-384c12130205
Nevermind that bit about today's Nightly, I just got it again: https://crash-stats.mozilla.com/report/index/bp-b6721802-1df9-4c52-91ca-ce5fb2130206 I've turned the profiler addon off for now. So far so good.
1. Start fresh profile. 2. Install SPS profiler. Enable it. 3. Go to google groups. 4. Switch between "standard view" and "compact list view" 2-3 times. 5. Crash.
Assignee: anton → general
also occuring on the new Google's "enter web lab" demo. Enable the profiler on the initial load page. Nightly crashes. https://crash-stats.mozilla.com/report/index/bp-56eba11f-6145-4ea0-a517-a72762130213
thanks for the additional failures. Stacks appear to be crashing in convertToHeapStorage around line 643. http://mxr.mozilla.org/mozilla-central/source/js/public/Vector.h#643
Attached patch workaroundSplinter Review
This made me crash every time in google groups. The problem is that we're using a hashtable in the profiler data structure (strings) from within off-thread compilation. There hashtable is shared with the main thread, and there's no lock protecting it. This patch disables off-thread compilation when profiling is enabled. The right way to do this would be to refactor the code to use a separate string table from the compilation thread. However, I don't know this code well and I'd rather just fix it immediately. (There's also a problem here if someone enables the profiler while we're doing off-thread compilation. Let's just pretend that doesn't happen.)
Assignee: general → wmccloskey
Status: NEW → ASSIGNED
Attachment #714184 - Flags: review?(dvander)
Attachment #714184 - Flags: review?(dvander) → review+
(In reply to Bill McCloskey (:billm) from comment #13) > This patch disables off-thread compilation when profiling is enabled. What's the performance impact of that? There's already some overhead so keeping the profiling cost as low as possible lets us use the profiler as an 'always-on look for bad stuff' tools.
(In reply to Benoit Girard (:BenWa) from comment #15) > (In reply to Bill McCloskey (:billm) from comment #13) > > This patch disables off-thread compilation when profiling is enabled. > > What's the performance impact of that? There's already some overhead so > keeping the profiling cost as low as possible lets us use the profiler as an > 'always-on look for bad stuff' tools. I think there's a modest performance cost. Maybe a few percent on SunSpider, and bigger losses for games that have tons of JS code. I filed bug 841646 to fix it the right way.
(In reply to Bill McCloskey (:billm) from comment #16) > (In reply to Benoit Girard (:BenWa) from comment #15) > > (In reply to Bill McCloskey (:billm) from comment #13) > > > This patch disables off-thread compilation when profiling is enabled. > > > > What's the performance impact of that? There's already some overhead so > > keeping the profiling cost as low as possible lets us use the profiler as an > > 'always-on look for bad stuff' tools. > > I think there's a modest performance cost. Maybe a few percent on SunSpider, > and bigger losses for games that have tons of JS code. > A large potential issue is that the maximum script size for compilation is higher with off-thread compilation. Can we perhaps disable off-thread compilation when profiling but keep using the higher script size limit ? Compilation pauses during profiling are not terrible, and this way we would be profiling something closer to how the code normally runs.
https://hg.mozilla.org/mozilla-central/rev/ce7ef6d06439
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla21
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: