Closed
      
        Bug 706281
      
      
        Opened 13 years ago
          Closed 13 years ago
      
        
    
  
Cycle collector unlinks nsDOMStringMap twice with weak map, dataset  
    Categories
(Core :: XPCOM, defect)
Tracking
()
        RESOLVED
        WONTFIX
        
    
  
People
(Reporter: jruderman, Assigned: mccr8)
References
Details
(Keywords: testcase)
Crash Data
Attachments
(2 files)
1. Load the testcase
2. Quit Firefox
or
1. Load the testcase
2. Close the testcase
3. Force cycle collection once or twice
Result: Crash [@ nsGenericHTMLElement::ClearDataset]
This might be a regression from bug 668855.
| Reporter | ||
| Comment 1•13 years ago
           | ||
| Assignee | ||
| Updated•13 years ago
           | 
Assignee: nobody → continuation
| Assignee | ||
| Comment 2•13 years ago
           | ||
Doesn't reproduce for me with 80675:5fd08d019d7d which is from a day before bug 668855 landed.  I'll update and try again.
| Assignee | ||
| Comment 3•13 years ago
           | ||
This actually looks like a dupe of bug 669903, though they didn't have a testcase for it.
| Assignee | ||
| Comment 4•13 years ago
           | ||
And they have a patch, but it looks like they didn't really understand why a null check was needed.  I'll look into this.
| Assignee | ||
| Updated•13 years ago
           | 
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → DUPLICATE
| Assignee | ||
| Comment 6•13 years ago
           | ||
Hmm.  Maybe I should undup this.  There's two problems in your test.  The first is that the double unlink crashes, the second is that there's a double unlink at all.  We can leave the other bug as a fix for the former.  I'll look into the latter.
Status: RESOLVED → REOPENED
Resolution: DUPLICATE → ---
| Reporter | ||
| Updated•13 years ago
           | 
Summary: Cycle collector crash with weak map, dataset property → Cycle collector unlinks nsDOMStringMap twice with weak map, dataset
| Assignee | ||
| Comment 7•13 years ago
           | ||
So, like I said in the other patch, double unlinks will happen any time an object is wrapped, and there are two cycle collections in a row without a GC in between.
I think my WeakMap patch is just causing wrapped natives to not be released properly, so this can be hit even if the CC doesn't run twice in a row.  I'm not really sure why that is, but bug 680937 seems to fix this, in that it makes wrapped natives actually be released in a timely fashion.
More broadly, I'm wondering how we can test for double unlinks that don't survive being done twice in a row. I filed bug 708480 for that.
Depends on: 680937
| Assignee | ||
| Comment 8•13 years ago
           | ||
I think this is probably okay.  Wrapped natives just get unlinked twice.  Weak maps may just make it easier to trigger these.
Status: REOPENED → RESOLVED
Closed: 13 years ago → 13 years ago
Resolution: --- → FIXED
| Assignee | ||
| Updated•13 years ago
           | 
Resolution: FIXED → WORKSFORME
| Reporter | ||
| Updated•13 years ago
           | 
Resolution: WORKSFORME → WONTFIX
          You need to log in
          before you can comment on or make changes to this bug.
        
Description
•