Closed Bug 951712 Opened 11 years ago Closed 10 years ago

Remove ipc error abort code from CompositorChild::ActorDestroy()

Categories

(Core :: Graphics: Layers, defect)

Product:
Core
Component:
Graphics: Layers
Platform:
ARM
Gonk (Firefox OS)
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WONTFIX

People

(Reporter: sotaro, Unassigned)

Details

Attachments

(1 file)

patch - enable ipc log
1.37 KB, patch
Details | Diff | Splinter Review 
+++ This bug was initially created as a clone of Bug #945992 +++

CompositorChild::ActorDestroy() causes abort when it is called by ipc error. It is added by Bug 860892. At that time, it was necessary to prevent random error in gfx layer code on b2g. Since then, gfx layer code is robust more by gfx layer refactoring and Bug 944703. It might be better to think about to removing the abort code.

But before removing it,  we need to make clear what happens when CompositorChild is removed by IPC error.
It seems safer to keep the abort for the time being. We still have some problems around IPC object handling. When the crash happens, it sometimes becomes difficult to differentiate the problem if it is caused by incorrect ipc object handling or if it is caused by IPC error.
Hi Sotaro and Thomas,

   Do you meet this backtrace in Tarako video playback?

Operating system: Android
                  0.0.0 Linux 3.0.8+ #1 PREEMPT Tue Feb 11 14:30:19 CST 2014 armv7l Spreadtrum/sp6821a_gonk/sp6821a_gonk:4.0.4.0.4.0.4/OPENMASTER/107:userdebug/test-keys
CPU: arm
     0 CPUs

Crash reason:  SIGSEGV
Crash address: 0x0

Thread 0 (crashed)
 0  libxul.so!mozalloc_abort(char const*) [mozalloc_abort.cpp : 30 + 0x4]
     r4 = 0xbea48e0c    r5 = 0x00000000    r6 = 0xffffffff    r7 = 0xbea48a20
     r8 = 0x4073accd    r9 = 0x00000001   r10 = 0xbea48a20    fp = 0x4183d1cd
     sp = 0xbea48a08    lr = 0x4172c48f    pc = 0x4172c492
    Found by: given as instruction pointer in context
 1  libxul.so!NS_DebugBreak [nsDebugImpl.cpp : 425 + 0x5]
     r4 = 0xbea48e0c    r5 = 0x00000000    r6 = 0xffffffff    r7 = 0xbea48a20
     r8 = 0x4073accd    r9 = 0x00000001   r10 = 0xbea48a20    fp = 0x4183d1cd
     sp = 0xbea48a10    pc = 0x4073aab7
    Found by: call frame info
 2  libxul.so!mozilla::layers::CompositorChild::ActorDestroy(mozilla::ipc::IProtocolManager<mozilla::ipc::IProtocol>::ActorDestroyReason) [CompositorChild.cpp : 120 + 0x13]
     r4 = 0x42d17d20    r5 = 0x42d17d20    r6 = 0x00000000    r7 = 0x41ddd4c8
     r8 = 0x00000004    r9 = 0x00000004   r10 = 0x00000000    fp = 0x00000000
     sp = 0xbea48e40    pc = 0x409e1217
    Found by: call frame info
 3  libxul.so!mozilla::layers::PCompositorChild::DestroySubtree(mozilla::ipc::IProtocolManager<mozilla::ipc::IProtocol>::ActorDestroyReason) [PCompositorChild.cpp : 914 + 0x9]
     r4 = 0x00000000    r5 = 0x42d17d20    r6 = 0x00000000    r7 = 0x41ddd4c8
     r8 = 0x00000004    r9 = 0x00000004   r10 = 0x00000000    fp = 0x00000000
     sp = 0xbea48e70    pc = 0x408b88e1
    Found by: call frame info
 4  libxul.so!mozilla::layers::PCompositorChild::OnChannelError() [PCompositorChild.cpp : 818 + 0x3]
     r4 = 0x42d17d20    r5 = 0x42d17d50    r6 = 0x00000000    r7 = 0xbea49888
     r8 = 0xbea48ef0    r9 = 0x403168ac   r10 = 0x00000000    fp = 0x00000000
     sp = 0xbea48e98    pc = 0x408b88f3
    Found by: call frame info
 5  libxul.so!mozilla::ipc::MessageChannel::NotifyMaybeChannelError() [MessageChannel.cpp : 1523 + 0x5]
     r4 = 0x42d17d50    r5 = 0x42d17d50    r6 = 0x00000000    r7 = 0xbea49888
     r8 = 0xbea48ef0    r9 = 0x403168ac   r10 = 0x00000000    fp = 0x00000000
     sp = 0xbea48ea0    pc = 0x40888803
    Found by: call frame info
 6  libxul.so!mozilla::ipc::MessageChannel::OnNotifyMaybeChannelError() [MessageChannel.cpp : 1552 + 0x5]
     r4 = 0x42d992b0    r5 = 0x42d17d50    r6 = 0x00000000    r7 = 0xbea49888
     r8 = 0xbea48ef0    r9 = 0x403168ac   r10 = 0x00000000    fp = 0x00000000
     sp = 0xbea48ea8    pc = 0x4088907f
    Found by: call frame info
 7  libxul.so!RunnableMethod<WebCore::ReverbConvolver, void (WebCore::ReverbConvolver::*)(), Tuple0>::Run() [tuple.h : 383 + 0x5]
     r4 = 0xbea4987c    r5 = 0x40301ea0    r6 = 0xbea48ef8    r7 = 0xbea49888
     r8 = 0xbea48ef0    r9 = 0x403168ac   r10 = 0x00000000    fp = 0x00000000
     sp = 0xbea48ec8    pc = 0x4088866f
    Found by: call frame info
 8  libxul.so!MessageLoop::RunTask(Task*) [message_loop.cc : 340 + 0x5]
     r4 = 0xbea4987c    r5 = 0x40301ea0    r6 = 0xbea48ef8    r7 = 0xbea49888
     r8 = 0xbea48ef0    r9 = 0x403168ac   r10 = 0x00000000    fp = 0x00000000
     sp = 0xbea48ed0    pc = 0x40881b9d
    Found by: call frame info
 9  libxul.so!MessageLoop::DeferOrRunPendingTask(MessageLoop::PendingTask const&) [message_loop.cc : 348 + 0x5]
     r4 = 0x00000001    r5 = 0xbea48ee8    r6 = 0xbea48ef8    r7 = 0xbea49888
     r8 = 0xbea48ef0    r9 = 0x403168ac   r10 = 0x00000000    fp = 0x00000000
     sp = 0xbea48ee0    pc = 0x40882907
    Found by: call frame info
10  libxul.so!MessageLoop::DoWork() [message_loop.cc : 448 + 0x7]
     r4 = 0xbea4987c    r5 = 0xbea48ee8    r6 = 0xbea48ef8    r7 = 0xbea49888
     r8 = 0xbea48ef0    r9 = 0x403168ac   r10 = 0x00000000    fp = 0x00000000
     sp = 0xbea48ee8    pc = 0x408834c5
    Found by: call frame info
11  libxul.so!mozilla::ipc::DoWorkRunnable::Run() [MessagePump.cpp : 45 + 0x7]
     r4 = 0xbea4987c    r5 = 0x00000001    r6 = 0x00000000    r7 = 0x00000001
     r8 = 0xbea48f6f    r9 = 0x403168ac   r10 = 0x00000000    fp = 0x00000000
     sp = 0xbea48f18    pc = 0x4088ba71
    Found by: call frame info
12  libxul.so!nsThread::ProcessNextEvent(bool, bool*) [nsThread.cpp : 612 + 0x5]
     r4 = 0x40316880    r5 = 0x00000000    r6 = 0x00000000    r7 = 0x00000001
     r8 = 0xbea48f6f    r9 = 0x403168ac   r10 = 0x00000000    fp = 0x00000000
     sp = 0xbea48f28    pc = 0x40760505
    Found by: call frame info
13  libxul.so!NS_ProcessNextEvent(nsIThread*, bool) [nsThreadUtils.cpp : 263 + 0xb]
     r4 = 0x00000000    r5 = 0xbea4987c    r6 = 0x40302ad0    r7 = 0x00000001
     r8 = 0xbea49a18    r9 = 0x00000000   r10 = 0x00000000    fp = 0x00000000
     sp = 0xbea48f68    pc = 0x40732d11
    Found by: call frame info
14  libxul.so!mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) [MessagePump.cpp : 85 + 0x7]
     r4 = 0x40302ac0    r5 = 0xbea4987c    r6 = 0x40302ad0    r7 = 0x00000001
     r8 = 0xbea49a18    r9 = 0x00000000   r10 = 0x00000000    fp = 0x00000000
     sp = 0xbea48f78    pc = 0x4088bbb9
    Found by: call frame info
15  libxul.so!mozilla::ipc::MessagePumpForChildProcess::Run(base::MessagePump::Delegate*) [MessagePump.cpp : 250 + 0x7]
     r4 = 0xbea4987c    r5 = 0x40302ac0    r6 = 0xbea4987c    r7 = 0x00000001
     r8 = 0xbea49a18    r9 = 0x00000000   r10 = 0x00000000    fp = 0x00000000
     sp = 0xbea48fa0    pc = 0x4088bc87
    Found by: call frame info
16  libxul.so!MessageLoop::RunInternal() [message_loop.cc : 222 + 0x5]
     r4 = 0xbea4987c    r5 = 0x42d9f2e0    r6 = 0x40316880    r7 = 0x00000003
     r8 = 0xbea49a18    r9 = 0x00000000   r10 = 0x00000000    fp = 0x00000000
     sp = 0xbea48fb8    pc = 0x40881b61
    Found by: call frame info
17  libxul.so!MessageLoop::Run() [message_loop.cc : 215 + 0x5]
     r4 = 0xbea4987c    r5 = 0x42d9f2e0    r6 = 0x40316880    r7 = 0x00000003
     r8 = 0xbea49a18    r9 = 0x00000000   r10 = 0x00000000    fp = 0x00000000
     sp = 0xbea48fc0    pc = 0x40881bdf
    Found by: call frame info
18  libxul.so!nsBaseAppShell::Run() [nsBaseAppShell.cpp : 161 + 0x7]
     r4 = 0x00000000    r5 = 0x42d9f2e0    r6 = 0x40316880    r7 = 0x00000003
     r8 = 0xbea49a18    r9 = 0x00000000   r10 = 0x00000000    fp = 0x00000000
     sp = 0xbea48fd8    pc = 0x40c4243d
    Found by: call frame info
19  libxul.so!XRE_RunAppShell [nsEmbedFunctions.cpp : 679 + 0x5]
     r4 = 0x80004005    r5 = 0x40302ac0    r6 = 0x4033dc00    r7 = 0x00000003
     r8 = 0xbea49a18    r9 = 0x00000000   r10 = 0x00000000    fp = 0x00000000
     sp = 0xbea48fe8    pc = 0x41249ea3
    Found by: call frame info
20  libxul.so!mozilla::ipc::MessagePumpForChildProcess::Run(base::MessagePump::Delegate*) [MessagePump.cpp : 217 + 0x3]
     r4 = 0xbea4987c    r5 = 0x40302ac0    r6 = 0x4033dc00    r7 = 0x00000003
     r8 = 0xbea49a18    r9 = 0x00000000   r10 = 0x00000000    fp = 0x00000000
     sp = 0xbea48ff8    pc = 0x4088bc55
    Found by: call frame info
21  libxul.so!MessageLoop::RunInternal() [message_loop.cc : 222 + 0x5]
     r4 = 0xbea4987c    r5 = 0xbea4998c    r6 = 0x4033dc00    r7 = 0x00000003
     r8 = 0xbea49a18    r9 = 0x00000000   r10 = 0x00000000    fp = 0x00000000
     sp = 0xbea49010    pc = 0x40881b61
    Found by: call frame info
22  libxul.so!MessageLoop::Run() [message_loop.cc : 215 + 0x5]
     r4 = 0xbea4987c    r5 = 0xbea4998c    r6 = 0x4033dc00    r7 = 0x00000003
     r8 = 0xbea49a18    r9 = 0x00000000   r10 = 0x00000000    fp = 0x00000000
     sp = 0xbea49018    pc = 0x40881bdf
    Found by: call frame info
23  libxul.so!XRE_InitChildProcess [nsEmbedFunctions.cpp : 516 + 0x9]
     r4 = 0xbea49998    r5 = 0xbea4998c    r6 = 0x4033dc00    r7 = 0x00000003
     r8 = 0xbea49a18    r9 = 0x00000000   r10 = 0x00000000    fp = 0x00000000
     sp = 0xbea49030    pc = 0x4124a311
    Found by: call frame info
24  plugin-container!main [MozillaRuntimeMain.cpp : 137 + 0x5]
     r4 = 0x00000001    r5 = 0xbea49a14    r6 = 0x00000008    r7 = 0x000087f3
     r8 = 0x00000009    r9 = 0xbea49a34   r10 = 0x00000000    fp = 0x00000000
     sp = 0xbea499d8    pc = 0x00008751
    Found by: call frame info
25  libc.so!__libc_init [libc_init_dynamic.c : 114 + 0x7]
     r4 = 0x00008674    r5 = 0xbea49a14    r6 = 0x00000009    r7 = 0xbea49a3c
     r8 = 0x00000000    r9 = 0x00000000   r10 = 0x00000000    fp = 0x00000000
     sp = 0xbea499f8    pc = 0x4012ba57
    Found by: call frame info
26  0xb0001dc5
     r4 = 0x00000000    r5 = 0x00000000    r6 = 0x00000000    r7 = 0x00000000
     r8 = 0x00000000    r9 = 0x00000000   r10 = 0x00000000    fp = 0x00000000
     sp = 0xbea49a10    pc = 0xb0001dc7
    Found by: call frame info

Thread 1
 0  libc.so + 0xd518
     r4 = 0x00000000    r5 = 0x40305600    r6 = 0x4032a600    r7 = 0x000000fc
     r8 = 0x00000000    r9 = 0x40305600   r10 = 0x00000000    fp = 0x41dddc20
     sp = 0x40349b90    lr = 0x400ddfa5    pc = 0x40122518
    Found by: given as instruction pointer in context
 1  libxul.so!epoll_dispatch [epoll.c : 407 + 0xb]
     sp = 0x40349bc8    pc = 0x4087a18f
    Found by: stack scanning
 2  libxul.so!event_base_loop [event.c : 1607 + 0x5]
     r4 = 0x4034a180    r5 = 0x00000000    r6 = 0x41dba2c4    r7 = 0xffffa3cc
     r8 = 0x00000000    r9 = 0x40349c68   r10 = 0x00000000    sp = 0x40349be8
     pc = 0x4087815d
    Found by: call frame info
 3  libxul.so!base::MessagePumpLibevent::Run(base::MessagePump::Delegate*) [message_pump_libevent.cc : 340 + 0x7]
     r4 = 0x40302af0    r5 = 0x40349cc4    r6 = 0x40349c70    r7 = 0x40302b00
     r8 = 0x40349c60    r9 = 0x40349c68   r10 = 0x00000000    fp = 0x00000000
     sp = 0x40349c60    pc = 0x4087a8bb
    Found by: call frame info
 4  libxul.so!MessageLoop::RunInternal() [message_loop.cc : 222 + 0x5]
     r4 = 0x40349cc4    r5 = 0x40349cc4    r6 = 0x00000012    r7 = 0x40329052
     r8 = 0x40329040    r9 = 0x40301f20   r10 = 0x00008000    fp = 0x00000000
     sp = 0x40349ca0    pc = 0x40881b61
    Found by: call frame info
 5  libxul.so!MessageLoop::Run() [message_loop.cc : 215 + 0x5]
     r4 = 0x40349cc4    r5 = 0x40349cc4    r6 = 0x00000012    r7 = 0x40329052
     r8 = 0x40329040    r9 = 0x40301f20   r10 = 0x00008000    fp = 0x00000000
     sp = 0x40349ca8    pc = 0x40881bdf
    Found by: call frame info
 6  libxul.so!base::Thread::ThreadMain() [thread.cc : 162 + 0x5]
     r4 = 0x40337188    r5 = 0x40349cc4    r6 = 0x00000012    r7 = 0x40329052
     r8 = 0x40329040    r9 = 0x40301f20   r10 = 0x00008000    fp = 0x00000000
     sp = 0x40349cc0    pc = 0x4088440b
    Found by: call frame info
 7  libxul.so!ThreadFunc [platform_thread_posix.cc : 39 + 0x5]
     r4 = 0x4033e000    r5 = 0x40349ed4    r6 = 0x4033e000    r7 = 0x00000078
     r8 = 0x400de299    r9 = 0x4033e000   r10 = 0x00008000    fp = 0x00000000
     sp = 0x40349dc8    pc = 0x4087ac15
    Found by: call frame info
 8  0x400de2d7
     r4 = 0x4033e000    r5 = 0x40349ed4    r6 = 0x4033e000    r7 = 0x00000078
     r8 = 0x400de299    r9 = 0x4033e000   r10 = 0x00008000    fp = 0x00000000
     sp = 0x40349dd0    pc = 0x400de2d9
    Found by: call frame info
Flags: needinfo?(ttsai)
Flags: needinfo?(sotaro.ikeda.g)
blocking-b2g: --- → 1.3T?
Oh, it's the same as Bug 945992.
blocking-b2g: 1.3T? → ---
After creating the bug. We recognize that we still need intentional crash because of abnormal shutdown at CompositorChild::ActorDestroy(). It is necessary to differentiate the cause of the problem. Actual crash problem have to have handled by the actual bug like Bug 945992.

I set this bug as WONTFIX.
Status: NEW → RESOLVED
Closed: 10 years ago
Flags: needinfo?(sotaro.ikeda.g)
Resolution: --- → WONTFIX
(In reply to James Zhang from comment #3)
> Oh, it's the same as Bug 945992.

CompositorChild::ActorDestroy() just says that an application aborted because of IPC shutdown. Actual cause of problems are different places. To debug the problem, enable IPC log is necessary.
(In reply to Sotaro Ikeda [:sotaro] from comment #5)
> (In reply to James Zhang from comment #3)
> > Oh, it's the same as Bug 945992.
> 
> CompositorChild::ActorDestroy() just says that an application aborted
> because of IPC shutdown. Actual cause of problems are different places. To
> debug the problem, enable IPC log is necessary.

I tried to enable IPC log to debug it but the system got stuck after the system boot up. I guess too much IPC message dump cause the problem. For this, do you have any idea for this?
Flags: needinfo?(ttsai) → needinfo?(sotaro.ikeda.g)
(In reply to Vincent Liu[:vliu] from comment #6)
> 
> I tried to enable IPC log to debug it but the system got stuck after the
> system boot up. I guess too much IPC message dump cause the problem. For
> this, do you have any idea for this?

How did you enable ipc log?
Flags: needinfo?(sotaro.ikeda.g)

    
    

    
  
(In reply to Sotaro Ikeda [:sotaro] from comment #7)
> (In reply to Vincent Liu[:vliu] from comment #6)
> > 
> > I tried to enable IPC log to debug it but the system got stuck after the
> > system boot up. I guess too much IPC message dump cause the problem. For
> > this, do you have any idea for this?
> 
> How did you enable ipc log?

I enabled the ipc log by modifying the code like  attachment 8385539 [details] [diff] [review].

    
    

    
  
system seems to work without problem with attachment 8385539 [details] [diff] [review].

    
    

    
  
There is a bug to improve ipc logging. It is Bug 879580. There seems no progress recently.

    
    

    
  
(In reply to Sotaro Ikeda [:sotaro] from comment #7)
> (In reply to Vincent Liu[:vliu] from comment #6)
> > 
> > I tried to enable IPC log to debug it but the system got stuck after the
> > system boot up. I guess too much IPC message dump cause the problem. For
> > this, do you have any idea for this?
> 
> How did you enable ipc log?

Thanks for your info. The method we enables ipc log by following.

adb shell stop b2g
adb shell MOZ_IPC_MESSAGE_LOG=1 b2g.sh

Is it the same purpose you offered in Comment 8? I will still try suggestion.

    
    

    
  
(In reply to Vincent Liu[:vliu] from comment #12)
> 
> Thanks for your info. The method we enables ipc log by following.
> 
> adb shell stop b2g
> adb shell MOZ_IPC_MESSAGE_LOG=1 b2g.sh
> 
> Is it the same purpose you offered in Comment 8? I will still try suggestion.

Same purpose. MOZ_IPC_MESSAGE_LOG seems to request debug build.

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: