Borrow hazard during FormData::create_an_entry #24118

jdm · 2019-08-30T22:05:11Z

26:46.57 pid:99354 Full command: /Users/worker/tasks/task_1567196401/repo/target/release/servo --hard-fail -u Servo/wptrunner -Z replace-surrogates -z http://web-platform.test:8000/xhr/formdata-set.htm --user-stylesheet /Users/worker/tasks/task_1567196401/repo/resources/ahem.css --certificate-path /Users/worker/tasks/task_1567196401/repo/tests/wpt/web-platform-tests/tools/certs/cacert.pem --pref=js.mem.gc.zeal.level=2 --pref=js.mem.gc.zeal.frequency=10
pid:99354 
27:51.23 pid:99354 DomRefCell<T> already mutably borrowed: BorrowError (thread ScriptThread PipelineId { namespace_id: PipelineNamespaceId(1), index: PipelineIndex(1) }, at src/libcore/result.rs:1084)
27:51.81 pid:99354 stack backtrace:
27:51.81 pid:99354    0: __ZN9backtrace9backtrace5trace17hc4a0d1f273e07024E (0x10724523b)
27:51.81 pid:99354    1: __ZN9backtrace7capture9Backtrace3new17h765760e39b281a50E (0x107244427)
27:51.81 pid:99354    2: __ZN5servo4main28_$u7b$$u7b$closure$u7d$$u7d$17h510947304905906eE (0x1039a793b)
27:51.81 pid:99354    3: __ZN3std9panicking20rust_panic_with_hook17h099fe3773ce1a793E (0x1073d1301)
27:51.81 pid:99354    4: __ZN3std9panicking18continue_panic_fmt17h8a4b76634870b383E (0x1073d0d6c)
27:51.81 pid:99354    5: _rust_begin_unwind (0x1073d0c68)
27:51.81 pid:99354    6: __ZN4core9panicking9panic_fmt17h885799c19d2b8b0cE (0x1073f149e)
27:51.81 pid:99354    7: __ZN4core6result13unwrap_failed17h91161a3faccc6622E (0x1073f1578)
27:51.81 pid:99354    8: __ZN3std9panicking3try7do_call17h76aece7b53b6b707E.llvm.16932765531113996662 (0x103f48d66)
27:51.81 pid:99354    9: ___rust_maybe_catch_panic (0x1073d969e)
27:51.81 pid:99354   10: __ZN6script3dom8bindings7codegen8Bindings15FormDataBinding15FormDataBinding6_trace17ha6509efa27895163E (0x10478c217)
27:51.81 pid:99354   11: __ZNK2js5Class7doTraceEP8JSTracerP8JSObject (0x1053a009b)
27:51.81 pid:99354   12: __ZL13CallTraceHookIZN2js8GCMarker19processMarkStackTopERNS0_11SliceBudgetEEUlT_E_EPNS0_12NativeObjectEOS4_P8JSTracerP8JSObject15CheckGeneration (0x105630a43)
27:51.81 pid:99354   13: __ZN2js8GCMarker19processMarkStackTopERNS_11SliceBudgetE (0x1055e938f)
27:51.81 pid:99354   14: __ZN2js8GCMarker24markUntilBudgetExhaustedERNS_11SliceBudgetE (0x1055cd5f4)
27:51.81 pid:99354   15: __ZN2js2gc9GCRuntime24markUntilBudgetExhaustedERNS_11SliceBudgetENS_7gcstats9PhaseKindE (0x1055ca3a5)
27:51.81 pid:99354   16: __ZN2js2gc9GCRuntime16incrementalSliceERNS_11SliceBudgetEN2JS8GCReasonERNS0_13AutoGCSessionE (0x1055d2623)
27:51.82 pid:99354   17: __ZN2js2gc9GCRuntime7gcCycleEbNS_11SliceBudgetEN2JS8GCReasonE (0x1055d42f2)
27:51.82 pid:99354   18: __ZN2js2gc9GCRuntime7collectEbNS_11SliceBudgetEN2JS8GCReasonE (0x1055d59a3)
27:51.82 pid:99354   19: __ZN2js2gc9GCRuntime2gcE18JSGCInvocationKindN2JS8GCReasonE (0x10559f176)
27:51.82 pid:99354   20: __ZN2js2gc9GCRuntime10runDebugGCEv (0x10559eef4)
27:51.82 pid:99354   21: __ZN2js2gc9GCRuntime22gcIfNeededAtAllocationEP9JSContext (0x10559e865)
27:51.82 pid:99354   22: __ZN2js2gc9GCRuntime19checkAllocatorStateILNS_7AllowGCE1EEEbP9JSContextNS0_9AllocKindE (0x105599eb1)
27:51.82 pid:99354   23: __ZN2js14AllocateObjectILNS_7AllowGCE1EEEP8JSObjectP9JSContextNS_2gc9AllocKindEmNS6_11InitialHeapEPKNS_5ClassE (0x105599de5)
27:51.82 pid:99354   24: __ZN10JSFunction6createEP9JSContextN2js2gc9AllocKindENS3_11InitialHeapEN2JS6HandleIPNS2_5ShapeEEENS7_IPNS2_11ObjectGroupEEE (0x104ff0e9e)
27:51.82 pid:99354   25: __ZL9NewObjectP9JSContextN2JS6HandleIPN2js11ObjectGroupEEENS3_2gc9AllocKindENS3_13NewObjectKindEj (0x104fbf0e1)
27:51.82 pid:99354   26: __ZN2js29NewObjectWithClassProtoCommonEP9JSContextPKNS_5ClassEN2JS6HandleIP8JSObjectEENS_2gc9AllocKindENS_13NewObjectKindE (0x104fbf8f7)
27:51.82 pid:99354   27: __ZN2js23NewObjectWithClassProtoEP9JSContextPKNS_5ClassEN2JS6HandleIP8JSObjectEENS_2gc9AllocKindENS_13NewObjectKindE (0x1053a095d)
27:51.82 pid:99354   28: __ZN2js23NewObjectWithClassProtoI10JSFunctionEEPT_P9JSContextN2JS6HandleIP8JSObjectEENS_2gc9AllocKindENS_13NewObjectKindE (0x104fa5c78)
27:51.82 pid:99354   29: __ZN2js20NewFunctionWithProtoEP9JSContextPFbS1_jPN2JS5ValueEEjN10JSFunction5FlagsENS2_6HandleIP8JSObjectEENS9_IP6JSAtomEESC_NS_2gc9AllocKindENS_13NewObjectKindE (0x104f9c825)
27:51.82 pid:99354   30: __ZN2js17NewNativeFunctionEP9JSContextPFbS1_jPN2JS5ValueEEjNS2_6HandleIP6JSAtomEENS_2gc9AllocKindENS_13NewObjectKindEN10JSFunction5FlagsE (0x10537b4a2)
27:51.82 pid:99354   31: __ZL26DefineAccessorPropertyByIdP9JSContextN2JS6HandleIP8JSObjectEENS2_INS1_11PropertyKeyEEERK15JSNativeWrapperSA_j (0x1053746e3)
27:51.82 pid:99354   32: __Z19JS_DefinePropertiesP9JSContextN2JS6HandleIP8JSObjectEEPK14JSPropertySpec (0x105379793)
27:51.82 pid:99354   33: __ZN5mozjs4rust17define_properties17h484ff079b70b2498E (0x104d0d147)
27:51.82 pid:99354   34: __ZN6script3dom8bindings9interface13create_object17h8986b5acf9af4f2dE (0x1047ee495)
27:51.82 pid:99354   35: __ZN6script3dom8bindings9interface33create_interface_prototype_object17h88cc524928e422e3E (0x1047edc0e)
27:51.82 pid:99354   36: __ZN6script3dom8bindings7codegen8Bindings11FileBinding11FileBinding14GetProtoObject17ha82a1fd45697d006E (0x104b01899)
27:51.82 pid:99354   37: __ZN6script3dom8bindings7codegen8Bindings11FileBinding11FileBinding4Wrap17h33b56c4d766e4afcE (0x104b014b4)
27:51.83 pid:99354   38: __ZN6script3dom8formdata8FormData15create_an_entry17h7a0777ca24cfbb42E (0x104910e55)
27:51.83 pid:99354   39: __ZN143_$LT$script..dom..formdata..FormData$u20$as$u20$script..dom..bindings..codegen..Bindings..FormDataBinding..FormDataBinding..FormDataMethods$GT$4Set_17hb5ad01fadce5cc05E (0x104910961)
27:51.83 pid:99354   40: __ZN101_$LT$std..panic..AssertUnwindSafe$LT$F$GT$$u20$as$u20$core..ops..function..FnOnce$LT$$LP$$RP$$GT$$GT$9call_once17h766df5d2f1fc3431E (0x1043140e6)
27:51.83 pid:99354   41: __ZN3std9panicking3try7do_call17hd0d438d1831a095eE.llvm.16932765531113996662 (0x103f69b5b)
27:51.83 pid:99354   42: ___rust_maybe_catch_panic (0x1073d969e)
27:51.83 pid:99354   43: __ZN6script3dom8bindings7codegen8Bindings15FormDataBinding15FormDataBinding3set17hdc043c705abe3b6fE (0x10478be83)
27:51.83 pid:99354   44: _CallJitMethodOp (0x104d10289)
27:51.83 pid:99354   45: __ZN6script3dom8bindings5utils12generic_call17ha24c6f5314ce23daE (0x103fd166c)
27:51.83 pid:99354   46: __ZN6script3dom8bindings5utils14generic_method17h3d0820cd85ff1ce4E (0x103fd17c1)
27:51.83 pid:99354   47: __Z12CallJSNativeP9JSContextPFbS0_jPN2JS5ValueEERKNS1_8CallArgsE (0x104d53581)
27:51.83 pid:99354   48: __ZN2js23InternalCallOrConstructEP9JSContextRKN2JS8CallArgsENS_14MaybeConstructE (0x104d53184)
27:51.83 pid:99354   49: __ZL12InternalCallP9JSContextRKN2js13AnyInvokeArgsE (0x104d53b1e)
27:51.83 pid:99354   50: __ZN2js13CallFromStackEP9JSContextRKN2JS8CallArgsE (0x104d5390c)
27:51.83 pid:99354   51: __ZL9InterpretP9JSContextRN2js8RunStateE (0x104d471e8)
27:51.83 pid:99354   52: __ZN2js9RunScriptEP9JSContextRNS_8RunStateE (0x104d3be95)
27:51.83 pid:99354   53: __ZN2js23InternalCallOrConstructEP9JSContextRKN2JS8CallArgsENS_14MaybeConstructE (0x104d53338)
27:51.83 pid:99354   54: __ZL12InternalCallP9JSContextRKN2js13AnyInvokeArgsE (0x104d53b1e)
27:51.84 pid:99354   55: __ZN2js4CallEP9JSContextN2JS6HandleINS2_5ValueEEES5_RKNS_13AnyInvokeArgsENS2_13MutableHandleIS4_EE (0x104d53bc3)
27:51.84 pid:99354   56: __ZN2js9fun_applyEP9JSContextjPN2JS5ValueE (0x104f9fff2)
27:51.84 pid:99354   57: __Z12CallJSNativeP9JSContextPFbS0_jPN2JS5ValueEERKNS1_8CallArgsE (0x104d53581)
27:51.84 pid:99354   58: __ZN2js23InternalCallOrConstructEP9JSContextRKN2JS8CallArgsENS_14MaybeConstructE (0x104d53184)
27:51.84 pid:99354   59: __ZL12InternalCallP9JSContextRKN2js13AnyInvokeArgsE (0x104d53b1e)
27:51.84 pid:99354   60: __ZN2js13CallFromStackEP9JSContextRKN2JS8CallArgsE (0x104d5390c)
27:51.84 pid:99354   61: __ZN2js3jit14DoCallFallbackEP9JSContextPNS0_13BaselineFrameEPNS0_15ICCall_FallbackEjPN2JS5ValueENS7_13MutableHandleIS8_EE (0x105757526)
27:51.84 pid:99354 [2019-08-30T20:50:12Z ERROR servo] DomRefCell<T> already mutably borrowed: BorrowError
27:52.46 pid:99354 Pipeline failed in hard-fail mode.  Crashing!


        Auto merge of #24069 - jdm:debug-mozjs, r=<try>

[WIP] Add debugmozjs CI task Fixes #24115. Fixes #24117. Fixes #24118. Fixes #24116.  --- This change is [<img src="https://reviewable.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.io/reviews/servo/servo/24069)


        Auto merge of #24069 - jdm:debug-mozjs, r=<try>

[WIP] Add debugmozjs CI task Fixes #24115. Fixes #24117. Fixes #24118. Fixes #24116.  --- This change is [<img src="https://reviewable.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.io/reviews/servo/servo/24069)

gterzian · 2019-09-02T09:15:27Z

To elaborate, it seems that:

When `FormData.Set_' is called,
self.data.borrow_mut() is called,
followed by a call to File::new
Which itself calls into FileBinding::Wrap as part of creating the file object
Which calls into SpiderMonkey,
Which then triggers a GC
Which ends-up tracing the FormData object, and which does a borrow on the self.data as part of tracing.

The takeaway seems to be that we shouldn't be borrowing a DomRefCell mutably and then call into something that can call into Spidermonkey, as that could trigger a GC and result in a borrowing of that same DomRefCell?

This can probably be fixed by making the below call, and assigning the return value to a let, before borrowing self.data:

servo/components/script/dom/formdata.rs

Line 176 in 461bce1

value: FormDatumValue::File(DomRoot::from_ref(

jdm added A-content/dom I-panic labels Aug 30, 2019

jdm linked a pull request that will close this issue Aug 31, 2019

[WIP] Add debugmozjs CI task #24069

Open

servo / servo

Borrow hazard during FormData::create_an_entry #24118

Borrow hazard during FormData::create_an_entry #24118

jdm commented Aug 30, 2019

gterzian commented Sep 2, 2019

servo / servo

Join GitHub today

Borrow hazard during FormData::create_an_entry #24118

Borrow hazard during FormData::create_an_entry #24118

Comments

jdm commented Aug 30, 2019

gterzian commented Sep 2, 2019