search

apimall / chromiumembedded

Automatically exported from code.google.com/p/chromiumembedded
0 stars 1 forks source link

Crash when shutting down immediately after starting up #1319

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. Start Brackets
2. Quit immediately after file is rendered

What is the expected output? What do you see instead?
No Crash

What version of the product are you using? On what operating system?
1750.1738, 1916

Please provide any additional information below.

Symbolized Stack:

>   libcef.dll!v8::internal::GlobalHandles::Node::DecreaseBlockUses()  Line 439 
+ 0x3 bytes C++
    libcef.dll!CefV8ValueImpl::Handle::~Handle()  Line 1062 + 0xd bytes C++
    libcef.dll!CefV8ValueImpl::Handle::`scalar deleting destructor'()  + 0xb bytes  C++
    libcef.dll!CefV8DeleteOnMessageLoopThread::Destruct<CefV8HandleBase>(const CefV8HandleBase * x)  Line 77 + 0x8 bytes    C++
    libcef.dll!CefV8ValueImpl::~CefV8ValueImpl()  Line 1274 + 0x39 bytes    C++
    libcef.dll!CefV8ValueImpl::`scalar deleting destructor'()  + 0x10 bytes C++
    libcef.dll!CefV8ValueImpl::Release()  Line 346 + 0x2d bytes C++
    libcef.dll!CefCppToC<CefV8ValueCppToC,CefV8Value,_cef_v8value_t>::Release()  Line 109   C++
    libcef.dll!CefCppToC<CefV8ValueCppToC,CefV8Value,_cef_v8value_t>::struct_release(_cef_base_t * base)  Line 142 + 0xb bytes  C++
    Brackets.exe!CefCToCpp<CefV8ValueCToCpp,CefV8Value,_cef_v8value_t>::Release()  Line 79  C++
    Brackets.exe!std::_Tree<std::_Tmap_traits<int,std::pair<CefRefPtr<CefV8Context>,CefRefPtr<CefV8Value> >,std::less<int>,std::allocator<std::pair<int const ,std::pair<CefRefPtr<CefV8Context>,CefRefPtr<CefV8Value> > > >,0> >::_Erase(std::_Tree_nod<std::_Tmap_traits<int,std::pair<CefRefPtr<CefV8Context>,CefRefPtr<CefV8Value> >,std::less<int>,std::allocator<std::pair<int const ,std::pair<CefRefPtr<CefV8Context>,CefRefPtr<CefV8Value> > > >,0> >::_Node * _Rootnode)  Line 1617 + 0x1a bytes  C++
    Brackets.exe!std::_Tree<std::_Tmap_traits<int,std::pair<CefRefPtr<CefV8Context>,CefRefPtr<CefV8Value> >,std::less<int>,std::allocator<std::pair<int const ,std::pair<CefRefPtr<CefV8Context>,CefRefPtr<CefV8Value> > > >,0> >::_Erase(std::_Tree_nod<std::_Tmap_traits<int,std::pair<CefRefPtr<CefV8Context>,CefRefPtr<CefV8Value> >,std::less<int>,std::allocator<std::pair<int const ,std::pair<CefRefPtr<CefV8Context>,CefRefPtr<CefV8Value> > > >,0> >::_Node * _Rootnode)  Line 1617   C++
    Brackets.exe!std::_Tree<std::_Tmap_traits<int,std::pair<CefRefPtr<CefV8Context>,CefRefPtr<CefV8Value> >,std::less<int>,std::allocator<std::pair<int const ,std::pair<CefRefPtr<CefV8Context>,CefRefPtr<CefV8Value> > > >,0> >::_Erase(std::_Tree_nod<std::_Tmap_traits<int,std::pair<CefRefPtr<CefV8Context>,CefRefPtr<CefV8Value> >,std::less<int>,std::allocator<std::pair<int const ,std::pair<CefRefPtr<CefV8Context>,CefRefPtr<CefV8Value> > > >,0> >::_Node * _Rootnode)  Line 1617   C++
    Brackets.exe!std::_Tree<std::_Tmap_traits<int,std::pair<CefRefPtr<CefV8Context>,CefRefPtr<CefV8Value> >,std::less<int>,std::allocator<std::pair<int const ,std::pair<CefRefPtr<CefV8Context>,CefRefPtr<CefV8Value> > > >,0> >::_Erase(std::_Tree_nod<std::_Tmap_traits<int,std::pair<CefRefPtr<CefV8Context>,CefRefPtr<CefV8Value> >,std::less<int>,std::allocator<std::pair<int const ,std::pair<CefRefPtr<CefV8Context>,CefRefPtr<CefV8Value> > > >,0> >::_Node * _Rootnode)  Line 1617   C++
    Brackets.exe!std::_Tree<std::_Tmap_traits<int,std::pair<CefRefPtr<CefV8Context>,CefRefPtr<CefV8Value> >,std::less<int>,std::allocator<std::pair<int const ,std::pair<CefRefPtr<CefV8Context>,CefRefPtr<CefV8Value> > > >,0> >::_Erase(std::_Tree_nod<std::_Tmap_traits<int,std::pair<CefRefPtr<CefV8Context>,CefRefPtr<CefV8Value> >,std::less<int>,std::allocator<std::pair<int const ,std::pair<CefRefPtr<CefV8Context>,CefRefPtr<CefV8Value> > > >,0> >::_Node * _Rootnode)  Line 1617   C++
    Brackets.exe!std::_Tree<std::_Tmap_traits<int,std::pair<CefRefPtr<CefV8Context>,CefRefPtr<CefV8Value> >,std::less<int>,std::allocator<std::pair<int const ,std::pair<CefRefPtr<CefV8Context>,CefRefPtr<CefV8Value> > > >,0> >::_Erase(std::_Tree_nod<std::_Tmap_traits<int,std::pair<CefRefPtr<CefV8Context>,CefRefPtr<CefV8Value> >,std::less<int>,std::allocator<std::pair<int const ,std::pair<CefRefPtr<CefV8Context>,CefRefPtr<CefV8Value> > > >,0> >::_Node * _Rootnode)  Line 1617   C++
    Brackets.exe!std::_Tree<std::_Tmap_traits<int,std::pair<CefRefPtr<CefV8Context>,CefRefPtr<CefV8Value> >,std::less<int>,std::allocator<std::pair<int const ,std::pair<CefRefPtr<CefV8Context>,CefRefPtr<CefV8Value> > > >,0> >::_Erase(std::_Tree_nod<std::_Tmap_traits<int,std::pair<CefRefPtr<CefV8Context>,CefRefPtr<CefV8Value> >,std::less<int>,std::allocator<std::pair<int const ,std::pair<CefRefPtr<CefV8Context>,CefRefPtr<CefV8Value> > > >,0> >::_Node * _Rootnode)  Line 1617   C++
    Brackets.exe!std::_Tree<std::_Tmap_traits<int,std::pair<CefRefPtr<CefV8Context>,CefRefPtr<CefV8Value> >,std::less<int>,std::allocator<std::pair<int const ,std::pair<CefRefPtr<CefV8Context>,CefRefPtr<CefV8Value> > > >,0> >::_Erase(std::_Tree_nod<std::_Tmap_traits<int,std::pair<CefRefPtr<CefV8Context>,CefRefPtr<CefV8Value> >,std::less<int>,std::allocator<std::pair<int const ,std::pair<CefRefPtr<CefV8Context>,CefRefPtr<CefV8Value> > > >,0> >::_Node * _Rootnode)  Line 1617   C++
    Brackets.exe!std::_Tree<std::_Tmap_traits<int,std::pair<CefRefPtr<CefV8Context>,CefRefPtr<CefV8Value> >,std::less<int>,std::allocator<std::pair<int const ,std::pair<CefRefPtr<CefV8Context>,CefRefPtr<CefV8Value> > > >,0> >::_Erase(std::_Tree_nod<std::_Tmap_traits<int,std::pair<CefRefPtr<CefV8Context>,CefRefPtr<CefV8Value> >,std::less<int>,std::allocator<std::pair<int const ,std::pair<CefRefPtr<CefV8Context>,CefRefPtr<CefV8Value> > > >,0> >::_Node * _Rootnode)  Line 1617   C++
    Brackets.exe!std::_Tree<std::_Tmap_traits<int,std::pair<CefRefPtr<CefV8Context>,CefRefPtr<CefV8Value> >,std::less<int>,std::allocator<std::pair<int const ,std::pair<CefRefPtr<CefV8Context>,CefRefPtr<CefV8Value> > > >,0> >::_Erase(std::_Tree_nod<std::_Tmap_traits<int,std::pair<CefRefPtr<CefV8Context>,CefRefPtr<CefV8Value> >,std::less<int>,std::allocator<std::pair<int const ,std::pair<CefRefPtr<CefV8Context>,CefRefPtr<CefV8Value> > > >,0> >::_Node * _Rootnode)  Line 1617   C++
    Brackets.exe!std::_Tree<std::_Tmap_traits<int,std::pair<CefRefPtr<CefV8Context>,CefRefPtr<CefV8Value> >,std::less<int>,std::allocator<std::pair<int const ,std::pair<CefRefPtr<CefV8Context>,CefRefPtr<CefV8Value> > > >,0> >::_Erase(std::_Tree_nod<std::_Tmap_traits<int,std::pair<CefRefPtr<CefV8Context>,CefRefPtr<CefV8Value> >,std::less<int>,std::allocator<std::pair<int const ,std::pair<CefRefPtr<CefV8Context>,CefRefPtr<CefV8Value> > > >,0> >::_Node * _Rootnode)  Line 1617   C++
    Brackets.exe!std::_Tree<std::_Tmap_traits<int,std::pair<CefRefPtr<CefV8Context>,CefRefPtr<CefV8Value> >,std::less<int>,std::allocator<std::pair<int const ,std::pair<CefRefPtr<CefV8Context>,CefRefPtr<CefV8Value> > > >,0> >::_Erase(std::_Tree_nod<std::_Tmap_traits<int,std::pair<CefRefPtr<CefV8Context>,CefRefPtr<CefV8Value> >,std::less<int>,std::allocator<std::pair<int const ,std::pair<CefRefPtr<CefV8Context>,CefRefPtr<CefV8Value> > > >,0> >::_Node * _Rootnode)  Line 1617   C++
    Brackets.exe!std::_Tree<std::_Tmap_traits<int,std::pair<CefRefPtr<CefV8Context>,CefRefPtr<CefV8Value> >,std::less<int>,std::allocator<std::pair<int const ,std::pair<CefRefPtr<CefV8Context>,CefRefPtr<CefV8Value> > > >,0> >::_Erase(std::_Tree_nod<std::_Tmap_traits<int,std::pair<CefRefPtr<CefV8Context>,CefRefPtr<CefV8Value> >,std::less<int>,std::allocator<std::pair<int const ,std::pair<CefRefPtr<CefV8Context>,CefRefPtr<CefV8Value> > > >,0> >::_Node * _Rootnode)  Line 1617   C++
    Brackets.exe!std::_Tree<std::_Tmap_traits<int,std::pair<CefRefPtr<CefV8Context>,CefRefPtr<CefV8Value> >,std::less<int>,std::allocator<std::pair<int const ,std::pair<CefRefPtr<CefV8Context>,CefRefPtr<CefV8Value> > > >,0> >::_Erase(std::_Tree_nod<std::_Tmap_traits<int,std::pair<CefRefPtr<CefV8Context>,CefRefPtr<CefV8Value> >,std::less<int>,std::allocator<std::pair<int const ,std::pair<CefRefPtr<CefV8Context>,CefRefPtr<CefV8Value> > > >,0> >::_Node * _Rootnode)  Line 1617   C++
    Brackets.exe!std::_Tree<std::_Tmap_traits<int,std::pair<CefRefPtr<CefV8Context>,CefRefPtr<CefV8Value> >,std::less<int>,std::allocator<std::pair<int const ,std::pair<CefRefPtr<CefV8Context>,CefRefPtr<CefV8Value> > > >,0> >::_Erase(std::_Tree_nod<std::_Tmap_traits<int,std::pair<CefRefPtr<CefV8Context>,CefRefPtr<CefV8Value> >,std::less<int>,std::allocator<std::pair<int const ,std::pair<CefRefPtr<CefV8Context>,CefRefPtr<CefV8Value> > > >,0> >::_Node * _Rootnode)  Line 1617   C++
    Brackets.exe!std::_Tree<std::_Tmap_traits<int,std::pair<CefRefPtr<CefV8Context>,CefRefPtr<CefV8Value> >,std::less<int>,std::allocator<std::pair<int const ,std::pair<CefRefPtr<CefV8Context>,CefRefPtr<CefV8Value> > > >,0> >::_Erase(std::_Tree_nod<std::_Tmap_traits<int,std::pair<CefRefPtr<CefV8Context>,CefRefPtr<CefV8Value> >,std::less<int>,std::allocator<std::pair<int const ,std::pair<CefRefPtr<CefV8Context>,CefRefPtr<CefV8Value> > > >,0> >::_Node * _Rootnode)  Line 1617   C++
    Brackets.exe!std::_Tree<std::_Tmap_traits<int,std::pair<CefRefPtr<CefV8Context>,CefRefPtr<CefV8Value> >,std::less<int>,std::allocator<std::pair<int const ,std::pair<CefRefPtr<CefV8Context>,CefRefPtr<CefV8Value> > > >,0> >::_Erase(std::_Tree_nod<std::_Tmap_traits<int,std::pair<CefRefPtr<CefV8Context>,CefRefPtr<CefV8Value> >,std::less<int>,std::allocator<std::pair<int const ,std::pair<CefRefPtr<CefV8Context>,CefRefPtr<CefV8Value> > > >,0> >::_Node * _Rootnode)  Line 1617   C++
    Brackets.exe!std::_Tree<std::_Tmap_traits<int,std::pair<CefRefPtr<CefV8Context>,CefRefPtr<CefV8Value> >,std::less<int>,std::allocator<std::pair<int const ,std::pair<CefRefPtr<CefV8Context>,CefRefPtr<CefV8Value> > > >,0> >::erase(std::_Tree_const_iterator<std::_Tree_val<std::_Tmap_traits<int,std::pair<CefRefPtr<CefV8Context>,CefRefPtr<CefV8Value> >,std::less<int>,std::allocator<std::pair<int const ,std::pair<CefRefPtr<CefV8Context>,CefRefPtr<CefV8Value> > > >,0> > > _First, std::_Tree_const_iterator<std::_Tree_val<std::_Tmap_traits<int,std::pair<CefRefPtr<CefV8Context>,CefRefPtr<CefV8Value> >,std::less<int>,std::allocator<std::pair<int const ,std::pair<CefRefPtr<CefV8Context>,CefRefPtr<CefV8Value> > > >,0> > > _Last)  Line 1382 + 0xb bytes    C++
    Brackets.exe!ClientApp::`scalar deleting destructor'()  + 0x1c bytes    C++
    Brackets.exe!ClientApp::Release()  Line 138 + 0x2e bytes    C++

Original issue reported on code.google.com by dr.krow...@gmail.com on 18 Jun 2014 at 6:26

GoogleCodeExporter commented 9 years ago 
Crash occurs on Windows only

Original comment by dr.krow...@gmail.com on 18 Jun 2014 at 6:28

GoogleCodeExporter commented 9 years ago 
FYI - This is the issue description in Brackets 
https://github.com/adobe/brackets/issues/7683

Original comment by pthiessa...@gmail.com on 26 Jun 2014 at 2:43

GoogleCodeExporter commented 9 years ago 
Does the crash reproduce with cefclient?

Original comment by magreenb...@gmail.com on 2 Jul 2014 at 11:22

GoogleCodeExporter commented 9 years ago 
Nope. We suspect that it has to do with a promise that doesn't get resolved in 
a web worker thread but we're not sure how to replicate that scenario in cef 
client

Original comment by dr.krow...@gmail.com on 7 Jul 2014 at 5:09

GoogleCodeExporter commented 9 years ago 
After reviewing the scenario with a few others on the team it appears not to be 
related to a worker thread but, rather, V8 extensions that are being executed 
during the tear down process.  Since CEF Client doesn't implement V8 extensions 
we were not able to reproduce this with CEF Client without making 
modifications. 

In previous versions either V8 was blocked during shutdown or some other 
mechanism was preventing V8 extensions from executing.  Is there something that 
changed internally or were we just getting lucky?

Original comment by dr.krow...@gmail.com on 7 Jul 2014 at 5:41

GoogleCodeExporter commented 9 years ago 

There are some recent changes to V8 and Chromium that look like they were 
trying to address similar issues. Or maybe they introduced this one.

https://code.google.com/p/chromium/issues/detail?id=347534
https://code.google.com/p/chromium/issues/detail?id=359977
https://codereview.chromium.org/238353015/

Original comment by ethan.malasky@gmail.com on 8 Jul 2014 at 7:10

GoogleCodeExporter commented 9 years ago 
A little more info on this -- the reason why it doesn't crash in the cefclient 
sample app is because it crashes in a V8 call during shutdown and the sample 
app does not implement any V8 extensions.  

We've modified the sample app to include a simple V8 extension and an HTML page 
that calls it with instructions on how to reproduce the crash:
https://www.dropbox.com/s/wsx580pp5htbcyn/cef_crash.zip 

Ion was able to find a different crash in V8 using our recipe on 1916 and 
provided us with a stack trace and unit test patch diff: 
https://www.dropbox.com/s/8jvuu4838dmvkbn/v8Crash.zip

Unfortunately the two stack traces are somewhat different but it should 
probably be fixed in both branches and hopefully it helps you identify the 
crash we are seeing.

Original comment by dr.krow...@gmail.com on 5 Aug 2014 at 3:40

GoogleCodeExporter commented 9 years ago 
CEF is transitioning from Google Code to Bitbucket project hosting. If you 
would like to continue receiving notifications on this issue please add 
yourself as a Watcher at the new location: 
https://bitbucket.org/chromiumembedded/cef/issue/1319

Original comment by magreenb...@gmail.com on 14 Mar 2015 at 3:32