Closed
Bug 992256
Opened 12 years ago
Closed 12 years ago
Assertion failure: !isLocked(), at js/src/jsworkers.cpp:479
Categories
(Core :: JavaScript Engine, defect)
Core
JavaScript Engine
Tracking
()
RESOLVED
FIXED
mozilla31
People
(Reporter: h4writer, Assigned: bhackett1024)
Details
Attachments
(1 file)
|
6.21 KB,
patch
|
h4writer
:
review+
|
Details | Diff | Splinter Review |
Logical locking/asserting problem
in GlobalWorkerThreadState::ensureInitialized()
> jsworkers.cpp:420 AutoLockWorkerThreadState lock;
> ...
> jsworkers.cpp:437 threads[j].destroy();
in WorkerThread::destroy()
> jsworkers.cpp:694 if (threads) {
> jsworkers.cpp:696 AutoLockWorkerThreadState lock;
As a result we are asserting in the destroy function that we already have the lock.
I needinfo Brian since that code was last changed in bug 941805 by Brian.
|
Reporter | |
Updated•12 years ago
|
Flags: needinfo?(bhackett1024)
|
Assignee | |
Comment 1•12 years ago
|
||
Good catch. Worker thread initialization only happens once near process startup so there's really no incentive to try to recover from OOM here.
Assignee: nobody → bhackett1024
Attachment #8404752 -
Flags: review?(hv1989)
Flags: needinfo?(bhackett1024)
|
|
Reporter | |
Comment 2•12 years ago
|
||
Comment on attachment 8404752 [details] [diff] [review]
patch
Review of attachment 8404752 [details] [diff] [review]:
-----------------------------------------------------------------
However this patch would fix the issue, I don't see the reason to introduce a crash statement?
I think we can just fix this issue without removing the fallibility of ensureInitialized, with using the normal way to propagate errors.
Wouldn't it work to have a "destroyAlreadyHavingLock" which has the meat of destroy() and asserts we indeed have a lock?
the "destroy" funtion would in that case just do "AutoLockWorkerThreadState lock;" and call "destroyAlreadyHavingLock();"?
|
|
Assignee | |
Comment 3•12 years ago
|
||
Doing that would work, but it would be more complicated and difficult to test (seeing as how fuzzers didn't find this bug). I don't think we should have complicated OOM handling logic unless doing otherwise will cause crashes in practice, e.g. see bug 988619. Per comment 1 the only way these calls will fail is if we run out of memory around when we start up the process, which means we're pretty much doomed anyways.
|
|
Reporter | |
Comment 4•12 years ago
|
||
Comment on attachment 8404752 [details] [diff] [review]
patch
Review of attachment 8404752 [details] [diff] [review]:
-----------------------------------------------------------------
Although I would prefer to have less of these CrashAtUnhandlableOOM("FOO");. It makes sense. Thanks for fixing!
Attachment #8404752 -
Flags: review?(hv1989) → review+
|
|
Assignee | |
Comment 5•12 years ago
|
||
|
||
Comment 6•12 years ago
|
||
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla31
You need to log in
before you can comment on or make changes to this bug.
Description
•