mozglue crash related

General discussion and chat (archived)
Fedor2

mozglue crash related

Unread post by Fedor2 » 2018-03-09, 07:36

Mozglue is replacing regular memory functions like malloc and free with its own functions. And in the code someone likes do free the NULL pointer; this handled normally by regular free, but eventually causes the mozglue crash, what is the point of that free nothing code?

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35473
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: mozglue crash related

Unread post by Moonchild » 2018-03-09, 07:39

mozglue contains jemalloc, our memory allocator lib. It also has plenty of checks and safeguards.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

Fedor2

Re: mozglue crash related

Unread post by Fedor2 » 2018-03-09, 14:04

It is wonderfully how heavy the mozglue code are executing, the most executing code at all, 100 times per second malloc and free for sure, can only roughly determine the place of the crash. Free the null pointer was not the cause. There are more functions variants _aligned_free and _aligned_malloc they. On the off-chance i had replaced them with regular ones and crashes have gone. :)

roytam1

Re: mozglue crash related

Unread post by roytam1 » 2018-03-09, 16:01

Fedor2 wrote:It is wonderfully how heavy the mozglue code are executing, the most executing code at all, 100 times per second malloc and free for sure, can only roughly determine the place of the crash. Free the null pointer was not the cause. There are more functions variants _aligned_free and _aligned_malloc they. On the off-chance i had replaced them with regular ones and crashes have gone. :)
I instead replaced mozjemalloc/jemalloc.c with newer version in firefox 54, and I don't encounter any crash(except OOM)

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35473
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: mozglue crash related

Unread post by Moonchild » 2018-03-10, 09:05

Fedor2 wrote:It is wonderfully how heavy the mozglue code are executing,
Perhaps you did not understand what I said: it has our memory allocator code. That *is* called 100s of times per second if you visit websites per normal.
roytam1 wrote:On the off-chance i had replaced them with regular ones and crashes have gone.
If with "regular ones" you mean using the system allocator calls instead, you're probably creating leaks, especially if your arena/recycling and surrounding memory management code is still jemalloc.
roytam1 wrote:I instead replaced mozjemalloc/jemalloc.c with newer version in firefox 54, and I don't encounter any crash(except OOM)
Interesting, I'll have to check and see what the diff is. that code doesn't get touched a lot.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

Fedor2

Re: mozglue crash related

Unread post by Fedor2 » 2018-03-10, 15:01

you mean using the system allocator calls instead
i meant regular malloc and free of the mozglue of courese but without aligned prefix
I instead replaced mozjemalloc/jemalloc.c with newer version in firefox 54
Well i shall look to it, c means that it still developed by old programmer, because i consider that today's newer is usually much worse.
Last edited by Fedor2 on 2018-03-10, 15:02, edited 1 time in total.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35473
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: mozglue crash related

Unread post by Moonchild » 2018-03-10, 15:41

well if you're replacing aligned allocations with unaligned ones, then you are most definitely creating microleaks with each alloc/dealloc and fragmenting your memory in an unrecoverable way.

Also, "c" means it's written in c and not c++. Related but different languages. It has nothing to do with "old" or "new" developers or how "modern" the code is.
Last edited by Moonchild on 2018-03-10, 15:43, edited 1 time in total.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

Fedor2

Re: mozglue crash related

Unread post by Fedor2 » 2018-03-10, 17:59

most definitely creating microleaks with each alloc/dealloc and fragmenting
Well i shall do some test, but does it not fixed in the mozglue? Also for linux there aligned version is disabled manually.
Last edited by Fedor2 on 2018-03-10, 18:00, edited 1 time in total.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35473
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: mozglue crash related

Unread post by Moonchild » 2018-03-10, 18:43

No idea what you're trying to say, sorry.

In the meantime I've made some minor adjustments/improvements to jemalloc -- one thing that was incorrect was the smallest alloc size on Windows, set to "1" instead of the normally smallest unit based on architecture. I'm pushing out a new unstable with these changes. Testing appreciated.
Last edited by Moonchild on 2018-03-10, 18:46, edited 1 time in total.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

Fedor2

Re: mozglue crash related

Unread post by Fedor2 » 2018-03-11, 14:50

I have compiled with your new jemalloc and it runs good, however with HAVE_ALIGNED_MALLOC still crashes mozglue. So i disabled aligned again. msvcrt's aligned maloc and free do not crash though. What is your guess?

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35473
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: mozglue crash related

Unread post by Moonchild » 2018-03-11, 15:33

um... HAVE_ALIGNED_MALLOC is not something that is used in Pale Moon (only in UXP).
So you're going to have to tell me exactly what your're doing to which tree and provide exact crash details (call stack)
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

Fedor2

Re: mozglue crash related

Unread post by Fedor2 » 2018-03-11, 17:18

Sorry yes, i do bad, i interbreed palemoon code with newer firefox, i added mozavcodec and mozavutil code
you are not to support this, if only you have some guess.

details
CPU - thread MediaPlayback #2 (00001100), module mozglue

EAX 000FF540
ECX 000FF540
EDX 00001000
EBX 00000000
ESP 0F3AF72C
EBP 09AFF540
ESI 0F3AF764
EDI 09A00000
EIP 6AF2E791 mozglue.6AF2E791

C 0 ES 002B 32bit 0(FFFFFFFF)
P 1 CS 0023 32bit 0(FFFFFFFF)
A 0 SS 002B 32bit 0(FFFFFFFF)
Z 0 DS 002B 32bit 0(FFFFFFFF)
S 0 FS 0053 32bit FF23C000(FFF)
T 0 GS 002B 32bit 0(FFFFFFFF)
D 0
O 0 LastErr 00000000 ERROR_SUCCESS
EFL 00010206 (NO,NB,NE,A,NS,PE,GE,G)

ST0 empty 0.0
ST1 empty 0.0
ST2 empty 0.3749542236328125000
ST3 empty 0.3968179665784622445
ST4 empty 0.5952269498672536630
ST5 empty 0.6299348907445034840
ST6 empty 1.0000000000000000000
ST7 empty 0.0
3 2 1 0 E S P U O Z D I
FST 0020 Cond 0 0 0 0 Err 0 0 1 0 0 0 0 0 (GT)
FCW 027F Prec NEAR,53 Mask 1 1 1 1 1 1
Last cmnd 0023:67CB1BA3 MSVCR120.67CB1BA3

XMM0 E5E5E5E5 E5E5E5E5 E5E5E5E5 E5E5E5E5
XMM1 000000A3 00000089 05EA64A5 05EA6490
XMM2 00000000 00000000 00000000 00000000
XMM3 00000000 00000000 00000000 00000000
XMM4 00000000 00000000 00000000 00000000
XMM5 00000000 00000000 00000000 00000000
XMM6 80000000 00000000 80000000 00000000
XMM7 3B78CC51 701B839A 80000000 00000000
P U O Z D I
MXCSR 00001FA0 FZ 0 DZ 0 Err 1 0 0 0 0 0
Rnd NEAR Mask 1 1 1 1 1 1


6AF2E780 8B4424 08 MOV EAX,DWORD PTR SS:[ESP+8] ; mozglue.arena_dalloc(ptr,offset)
6AF2E784 53 PUSH EBX
6AF2E785 55 PUSH EBP
6AF2E786 8B6C24 0C MOV EBP,DWORD PTR SS:[ESP+0C]
6AF2E78A 57 PUSH EDI
6AF2E78B 8BFD MOV EDI,EBP
6AF2E78D 2BF8 SUB EDI,EAX
6AF2E78F 8B1F MOV EBX,DWORD PTR DS:[EDI]
6AF2E791 813B 243D7D94 CMP DWORD PTR DS:[EBX],947D3D24
6AF2E797 75 50 JNE SHORT 6AF2E7E9
6AF2E799 C1E8 0C SHR EAX,0C
6AF2E79C 8D0440 LEA EAX,[EAX*2+EAX]
6AF2E79F 8D40 04 LEA EAX,[EAX+4]
6AF2E7A2 8D0487 LEA EAX,[EAX*4+EDI]
6AF2E7A5 894424 10 MOV DWORD PTR SS:[ESP+10],EAX
6AF2E7A9 8B40 08 MOV EAX,DWORD PTR DS:[EAX+8]
6AF2E7AC A8 01 TEST AL,01
6AF2E7AE 74 3E JE SHORT 6AF2E7EE
6AF2E7B0 A8 02 TEST AL,02
6AF2E7B2 75 26 JNE SHORT 6AF2E7DA
6AF2E7B4 56 PUSH ESI
6AF2E7B5 8D73 04 LEA ESI,[EBX+4]
6AF2E7B8 56 PUSH ESI
6AF2E7B9 FF15 2810F46A CALL DWORD PTR DS:[<&KERNEL32.EnterCriti
6AF2E7BF FF7424 14 PUSH DWORD PTR SS:[ESP+14]
6AF2E7C3 55 PUSH EBP
6AF2E7C4 57 PUSH EDI
6AF2E7C5 53 PUSH EBX
6AF2E7C6 E8 A5000000 CALL arena_dalloc_small
6AF2E7CB 83C4 10 ADD ESP,10
6AF2E7CE 56 PUSH ESI
6AF2E7CF FF15 2C10F46A CALL DWORD PTR DS:[<&KERNEL32.LeaveCriti
6AF2E7D5 5E POP ESI
6AF2E7D6 5F POP EDI
6AF2E7D7 5D POP EBP
6AF2E7D8 5B POP EBX
6AF2E7D9 C3 RETN
6AF2E7DA 55 PUSH EBP
6AF2E7DB 57 PUSH EDI
6AF2E7DC 53 PUSH EBX
6AF2E7DD E8 1E000000 CALL arena_dalloc_large
6AF2E7E2 83C4 0C ADD ESP,0C
6AF2E7E5 5F POP EDI
6AF2E7E6 5D POP EBP
6AF2E7E7 5B POP EBX
6AF2E7E8 C3 RETN
6AF2E7E9 E8 523D0000 CALL jemalloc_crash
6AF2E7EE E8 4D3D0000 CALL jemalloc_crash
6AF2E7F3 CC INT3
6AF2E7F4 CC INT3
6AF2E7F5 CC INT3
6AF2E7F6 CC INT3
6AF2E7F7 CC INT3
6AF2E7F8 CC INT3
6AF2E7F9 CC INT3
6AF2E7FA CC INT3
6AF2E7FB CC INT3
6AF2E7FC CC INT3
6AF2E7FD CC INT3
6AF2E7FE CC INT3
6AF2E7FF CC INT3
Attachments
callstack.txt
(113.11 KiB) Downloaded 17 times

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35473
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: mozglue crash related

Unread post by Moonchild » 2018-03-12, 13:45

Sorry I won't waste my time trying to troubleshoot this. Fine if you want to tinker with your build and trying to hybridize, but you are on your own.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

roytam1

Re: mozglue crash related

Unread post by roytam1 » 2018-03-13, 03:37

Fedor2 wrote:Sorry yes, i do bad, i interbreed palemoon code with newer firefox, i added mozavcodec and mozavutil code
you are not to support this, if only you have some guess.

details
CPU - thread MediaPlayback #2 (00001100), module mozglue

EAX 000FF540
ECX 000FF540
EDX 00001000
EBX 00000000
ESP 0F3AF72C
EBP 09AFF540
ESI 0F3AF764
EDI 09A00000
EIP 6AF2E791 mozglue.6AF2E791

C 0 ES 002B 32bit 0(FFFFFFFF)
P 1 CS 0023 32bit 0(FFFFFFFF)
A 0 SS 002B 32bit 0(FFFFFFFF)
Z 0 DS 002B 32bit 0(FFFFFFFF)
S 0 FS 0053 32bit FF23C000(FFF)
T 0 GS 002B 32bit 0(FFFFFFFF)
D 0
O 0 LastErr 00000000 ERROR_SUCCESS
EFL 00010206 (NO,NB,NE,A,NS,PE,GE,G)

ST0 empty 0.0
ST1 empty 0.0
ST2 empty 0.3749542236328125000
ST3 empty 0.3968179665784622445
ST4 empty 0.5952269498672536630
ST5 empty 0.6299348907445034840
ST6 empty 1.0000000000000000000
ST7 empty 0.0
3 2 1 0 E S P U O Z D I
FST 0020 Cond 0 0 0 0 Err 0 0 1 0 0 0 0 0 (GT)
FCW 027F Prec NEAR,53 Mask 1 1 1 1 1 1
Last cmnd 0023:67CB1BA3 MSVCR120.67CB1BA3

XMM0 E5E5E5E5 E5E5E5E5 E5E5E5E5 E5E5E5E5
XMM1 000000A3 00000089 05EA64A5 05EA6490
XMM2 00000000 00000000 00000000 00000000
XMM3 00000000 00000000 00000000 00000000
XMM4 00000000 00000000 00000000 00000000
XMM5 00000000 00000000 00000000 00000000
XMM6 80000000 00000000 80000000 00000000
XMM7 3B78CC51 701B839A 80000000 00000000
P U O Z D I
MXCSR 00001FA0 FZ 0 DZ 0 Err 1 0 0 0 0 0
Rnd NEAR Mask 1 1 1 1 1 1


6AF2E780 8B4424 08 MOV EAX,DWORD PTR SS:[ESP+8] ; mozglue.arena_dalloc(ptr,offset)
6AF2E784 53 PUSH EBX
6AF2E785 55 PUSH EBP
6AF2E786 8B6C24 0C MOV EBP,DWORD PTR SS:[ESP+0C]
6AF2E78A 57 PUSH EDI
6AF2E78B 8BFD MOV EDI,EBP
6AF2E78D 2BF8 SUB EDI,EAX
6AF2E78F 8B1F MOV EBX,DWORD PTR DS:[EDI]
6AF2E791 813B 243D7D94 CMP DWORD PTR DS:[EBX],947D3D24
6AF2E797 75 50 JNE SHORT 6AF2E7E9
6AF2E799 C1E8 0C SHR EAX,0C
6AF2E79C 8D0440 LEA EAX,[EAX*2+EAX]
6AF2E79F 8D40 04 LEA EAX,[EAX+4]
6AF2E7A2 8D0487 LEA EAX,[EAX*4+EDI]
6AF2E7A5 894424 10 MOV DWORD PTR SS:[ESP+10],EAX
6AF2E7A9 8B40 08 MOV EAX,DWORD PTR DS:[EAX+8]
6AF2E7AC A8 01 TEST AL,01
6AF2E7AE 74 3E JE SHORT 6AF2E7EE
6AF2E7B0 A8 02 TEST AL,02
6AF2E7B2 75 26 JNE SHORT 6AF2E7DA
6AF2E7B4 56 PUSH ESI
6AF2E7B5 8D73 04 LEA ESI,[EBX+4]
6AF2E7B8 56 PUSH ESI
6AF2E7B9 FF15 2810F46A CALL DWORD PTR DS:[<&KERNEL32.EnterCriti
6AF2E7BF FF7424 14 PUSH DWORD PTR SS:[ESP+14]
6AF2E7C3 55 PUSH EBP
6AF2E7C4 57 PUSH EDI
6AF2E7C5 53 PUSH EBX
6AF2E7C6 E8 A5000000 CALL arena_dalloc_small
6AF2E7CB 83C4 10 ADD ESP,10
6AF2E7CE 56 PUSH ESI
6AF2E7CF FF15 2C10F46A CALL DWORD PTR DS:[<&KERNEL32.LeaveCriti
6AF2E7D5 5E POP ESI
6AF2E7D6 5F POP EDI
6AF2E7D7 5D POP EBP
6AF2E7D8 5B POP EBX
6AF2E7D9 C3 RETN
6AF2E7DA 55 PUSH EBP
6AF2E7DB 57 PUSH EDI
6AF2E7DC 53 PUSH EBX
6AF2E7DD E8 1E000000 CALL arena_dalloc_large
6AF2E7E2 83C4 0C ADD ESP,0C
6AF2E7E5 5F POP EDI
6AF2E7E6 5D POP EBP
6AF2E7E7 5B POP EBX
6AF2E7E8 C3 RETN
6AF2E7E9 E8 523D0000 CALL jemalloc_crash
6AF2E7EE E8 4D3D0000 CALL jemalloc_crash
6AF2E7F3 CC INT3
6AF2E7F4 CC INT3
6AF2E7F5 CC INT3
6AF2E7F6 CC INT3
6AF2E7F7 CC INT3
6AF2E7F8 CC INT3
6AF2E7F9 CC INT3
6AF2E7FA CC INT3
6AF2E7FB CC INT3
6AF2E7FC CC INT3
6AF2E7FD CC INT3
6AF2E7FE CC INT3
6AF2E7FF CC INT3
You don't even release modified source codes in github and/or release page.

New Tobin Paradigm

Re: mozglue crash related

Unread post by New Tobin Paradigm » 2018-03-13, 03:42

He doesn't have to until/unless he distributes something in binary form.

Fedor2

Re: mozglue crash related

Unread post by Fedor2 » 2018-03-13, 09:10

You don't even release modified source codes in github
I try keeping updated patches, eventually i shall update.

Locked