Assert crash in CompositorChild::Get () with Embedlite Setup

NEW
Unassigned

Status

()

Core
Graphics: Layers
3 years ago
3 years ago

People

(Reporter: tatiana, Unassigned)

Tracking

Trunk
x86_64
Linux
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

3 years ago
When I'm running embedlite setup with APZC Omtc, I'm hitting this code-path:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 2963]
0x48a2c348 in mozilla::layers::CompositorChild::Get () at mozilla-central/gfx/layers/ipc/CompositorChild.cpp:94
94	  MOZ_ASSERT(XRE_GetProcessType() != GeckoProcessType_Default);
(gdb) bt
#0  0x48a2c348 in mozilla::layers::CompositorChild::Get () at mozilla-central/gfx/layers/ipc/CompositorChild.cpp:94
#1  0x489f99cc in mozilla::layers::SharedFrameMetricsHelper::UpdateFromCompositorFrameMetrics (this=0x5386b3bc, aLayer=0x56016350, 
    aHasPendingNewThebesContent=<optimized out>, aLowPrecision=<optimized out>, aCompositionBounds=..., aZoom=...)
    at mozilla-central/gfx/layers/client/TiledContentClient.cpp:149
#2  0x48a1dedc in ComputeProgressiveUpdateRegion (aIsRepeated=20, aPaintData=0x0, aRegionToPaint=..., aOldValidRegion=..., aInvalidRegion=..., this=<optimized out>)
    at mozilla-central/gfx/layers/client/TiledContentClient.cpp:931
#3  mozilla::layers::ClientTiledLayerBuffer::ProgressiveUpdate (this=<optimized out>, aValidRegion=..., aInvalidRegion=..., aOldValidRegion=..., aPaintData=0x55f6c2c8, 
    aCallback=
    0x49ce791c <mozilla::FrameLayerBuilder::DrawThebesLayer(mozilla::layers::ThebesLayer*, gfxContext*, nsIntRegion const&, mozilla::layers::DrawRegionClip, nsIntRegion const&, void*)>, aCallbackData=0x4d6fe0c8) at mozilla-central/gfx/layers/client/TiledContentClient.cpp:1069
#4  0x489ebd70 in mozilla::layers::ClientTiledThebesLayer::RenderLayer (this=0x55f6c108)
    at mozilla-central/gfx/layers/client/ClientTiledThebesLayer.cpp:360
#5  0x489ecdec in mozilla::layers::ClientContainerLayer::RenderLayer (this=0x56016350)
    at mozilla-central/gfx/layers/client/ClientContainerLayer.h:79
#6  0x489e40d0 in mozilla::layers::ClientLayerManager::EndTransactionInternal (this=0x55fb7298, 
    aCallback=0x49ce791c <mozilla::FrameLayerBuilder::DrawThebesLayer(mozilla::layers::ThebesLayer*, gfxContext*, nsIntRegion const&, mozilla::layers::DrawRegionClip, nsIntRegion const&, void*)>, aCallbackData=0x4d6fe0c8) at mozilla-central/gfx/layers/client/ClientLayerManager.cpp:190
#7  0x489edeac in mozilla::layers::ClientLayerManager::EndTransaction (this=0x55fb7298, 
    aCallback=0x49ce791c <mozilla::FrameLayerBuilder::DrawThebesLayer(mozilla::layers::ThebesLayer*, gfxContext*, nsIntRegion const&, mozilla::layers::DrawRegionClip, nsIntRegion const&, void*)>, aCallbackData=0x4d6fe0c8, aFlags=mozilla::layers::LayerManager::END_DEFAULT)
    at mozilla-central/gfx/layers/client/ClientLayerManager.cpp:216
#8  0x49d3b1c4 in nsDisplayList::PaintForFrame (this=<optimized out>, aBuilder=0x4d6fe0c8, aCtx=<optimized out>, aForFrame=<optimized out>, aFlags=13)
---Type <return> to continue, or q <return> to quit---
    at mozilla-central/layout/base/nsDisplayList.cpp:1378
#9  0x49d5bbec in PaintRoot (aFlags=<optimized out>, aCtx=0x0, aBuilder=0x4d6fe0c0, this=0x4d6fe3a0)
    at mozilla-central/layout/base/nsDisplayList.cpp:1219
#10 nsLayoutUtils::PaintFrame (aRenderingContext=0x0, aFrame=0x5457fbf8, aDirtyRegion=..., aBackstop=4, aFlags=772)
    at mozilla-central/layout/base/nsLayoutUtils.cpp:2484
#11 0x49cbf55c in Paint (aFlags=<optimized out>, aDirtyRegion=..., aViewToPaint=<optimized out>, this=0x545782b0)
    at mozilla-central/layout/base/nsPresShell.cpp:5923
#12 PresShell::Paint (this=0x545782b0, aViewToPaint=<optimized out>, aDirtyRegion=..., aFlags=<optimized out>)
    at mozilla-central/layout/base/nsPresShell.cpp:5807
#13 0x49562eb0 in nsViewManager::ProcessPendingUpdatesPaint (this=0x54570ef0, aWidget=0x54571028)
    at mozilla-central/view/src/nsViewManager.cpp:452
#14 0x49563568 in nsViewManager::ProcessPendingUpdatesForView (this=0x54570ef0, aView=<optimized out>, aFlushDirtyRegion=<optimized out>)
    at mozilla-central/view/src/nsViewManager.cpp:393
#15 0x49cccfb8 in nsRefreshDriver::Tick (this=<optimized out>, aNowEpoch=<optimized out>, aNowTime=...)
    at mozilla-central/layout/base/nsRefreshDriver.cpp:1207
#16 0x49cce65c in TickDriver (now=..., jsnow=<optimized out>, driver=0x545701c8)
    at mozilla-central/layout/base/nsRefreshDriver.cpp:168

(gdb) p sCompositor
$1 = (mozilla::layers::CompositorChild *) 0x0

Is this code-path expected only for IPC b2g or something else wrong here?, it seems I did not hit that in Gecko 29.
(Reporter)

Updated

3 years ago
Summary: Assert in CompositorChild::Get () with Embedlite Setup → Assert crash in CompositorChild::Get () with Embedlite Setup
From an initial glance it looks like that assertion is bogus, and can be removed. Tatiana, can you verify everything works ok if you remove the assertion?

The assertion doesn't fire for B2G because in B2G the CompositorChild is always in the child process, but I'm guessing that in the Embedlite setup everything is in the same process so that's causing an error. However AFAIK CompositorChild is OK to use in the root process too, such as in Fennec where everything is single-process but the compositor lives on a different thread.

This probably started happening recently only because tiling was only turned on recently on B2G, and may have affected code paths being used in Embedlite. However it would be a good idea to bisect this regression to find out exactly what changed and whether or not it had any other unintended consequences.
(Reporter)

Comment 2

3 years ago
Yep it works ok with disabled assert.

Also I found that http://mxr.mozilla.org/mozilla-central/source/gfx/layers/client/ClientTiledThebesLayer.cpp#275 
invalidRegion.IsEmpty() become true somewhere between: 9592dabe915e372d0b11afcc98fd6ef1c06c8101..a14baa39be4ed6742243c3e7704a2f56132b1d13
(In reply to Tatiana Meshkova (:tatiana) from comment #2)
> 9592dabe915e372d0b11afcc98fd6ef1c06c8101

^ this doesn't seem to be a valid changeset id?
(Reporter)

Comment 4

3 years ago
> ^ this doesn't seem to be a valid changeset id?
this is Git id's
https://github.com/mozilla/gecko-dev/commit/9592dabe915e372d0b11afcc98fd6ef1c06c8101
Ok, well that's 4 days worth of changes. Not easy to figure out which change introduced this.

But I talked to some people and the assertion is actually correct. The problem is farther up the stack somewhere. In a single-process environment there shouldn't be a static CompositorChild instance, so the ::Get function shouldn't be called. I don't know the tiling code enough to say where the problem is.
(Reporter)

Comment 6

3 years ago
Current tiling code path with UseProgressiveTilePainting = true, and UseLowPrecisionBuffer = true, definitely allow to reach that assertion.
also at http://mxr.mozilla.org/mozilla-central/source/gfx/layers/client/TiledContentClient.cpp#149 we probably should not touch CompositorChild at all if we are not in Gecko_Content process type.
You need to log in before you can comment on or make changes to this bug.