PhantomJS getting crashed

[lavesh bhandari]

Hi 

I am running PhantomJS on my windows machine and it is crashing after running the whole script. I tried raising it as a issue on github but its not allowing me to attach .dmp file. 

Also there is nothing written about the process for a windows machine on the wiki.

Am attaching the .dmp file here .

Thanks

[Vitaliy Slobodin]

Hi,

Could you post your script please?

Regarding crash dumps on Windows. To examine your (or any other) crash dump, you'll need:
- a crash dump :)
- debug symbols;
- and WinDbg

That's why we didn't write anything for Windows.

Regards,
Vitaliy.

lavesh bhandari wrote:

--
You received this message because you are subscribed to the Google
Groups "phantomjs" group.
To unsubscribe from this group and stop receiving emails from it , send
an email to phantomjs+...@googlegroups.com.
Visit this group at http://groups.google.com/group/phantomjs.
For more options, visit https://groups.google.com/groups/opt_out.

[lavesh bhandari]

Sorry for the very delayed resoponse. Please find attached the script with this code.

--
You received this message because you are subscribed to a topic in the Google Groups "phantomjs" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/phantomjs/iiJqEqPOaFY/unsubscribe.
To unsubscribe from this group and all its topics, send an email to phantomjs+...@googlegroups.com.

[Brandon White]

Hello Vitaly:

Phantom JS 1.9.7 is crashing for me infrequently on a Windows 7 box.  Using windbg on a recent crash dump, it shows that an access violation occurs.  Because I don't have debug symbols for the phantomjs binary, that's as much information as I'm going to get for now. 

It would be nice if you could provide debug symbol files for your Windows builds on https://bitbucket.org/ariya/phantomjs/downloads. You have debug symbol downloads for the other platforms you support. The alternative is that I need to build a debug phantom JS binary and then try to reproduce the crash with it instead.

Do you have debug symbol files for the Windows build that you're hosting at the above link?

thanks,

Brandon

[phantom...@gmail.com]

are you calling abort() on network requests ? or calling page.open() while it's still loading resources, which I think calls abort since it's still loading things.

There's a bug in webkit impacts 1.9.x which consistently hits me.. I'm surprised more people haven't reported it.

[Brandon White]

No my script is not calling abort() on network requests and it's not invoking page.open() while page loading is in-progress. As far as I can tell, I think my script is using the phantomjs API correctly.

Using the instructions on http://phantomjs.org/build.html and additional help on https://groups.google.com/forum/#!topic/phantomjs/qgcpXILe-_0, I was able to build a debug phantomjs.exe binary based on the 1.9 branch from the phantomjs git repository (I think this amounts to 1.9.7 + some additional commits).

Using this binary, I was able to reproduce what appears to be the same crash on a relatively consistent basis. I generated a new crash dump file and was able to get more information thanks to the debug symbols. But I quickly realized that the thread stacks in the crash dump file were not quite as useful because they were captured _after_ the access violation had occurred. The stack on one of the threads shows that it's using the google breakpad library to write out the minidump.

I started the phantomjs process within windbg and that proved more useful. Windbg breaks at the point where the access violation occurs and allowed me to inspect the thread stacks and local variables. It looks like the crash is occurring during JavaScript garbage collection but that's just my naive guess since I'm not intimately familiar with WebKit:

phantomjs!WTF::Bitmap<2048>::testAndSet+0x36

phantomjs!JSC::MarkedBlock::testAndSetMarked+0x1f

phantomjs!JSC::MarkedSpace::testAndSetMarked+0x1a

phantomjs!JSC::Heap::testAndSetMarked+0xc

phantomjs!JSC::MarkStack::internalAppend+0x10

phantomjs!JSC::MarkStack::append<JSC::Structure>+0x1a

phantomjs!JSC::PolymorphicAccessStructureList::visitAggregate+0x3e

phantomjs!JSC::StructureStubInfo::visitAggregate+0xba

phantomjs!JSC::CodeBlock::visitAggregate+0x1f3

phantomjs!JSC::FunctionExecutable::visitChildren+0x39

phantomjs!JSC::MarkStack::visitChildren+0x9f

phantomjs!JSC::MarkStack::drain+0x185

phantomjs!JSC::Heap::markRoots+0xe8

phantomjs!JSC::Heap::reset+0x11

phantomjs!JSC::Heap::allocateSlowCase+0x13

phantomjs!JSC::Heap::allocate+0x44

phantomjs!JSC::JSCell::operator new+0x15

phantomjs!JSC::StructureChain::create+0x11

phantomjs!JSC::Structure::prototypeChain+0x7c

phantomjs!cti_op_get_by_id_proto_list+0x381

In the MarkStack::internalAppend function, the JSCell pointer is null:

ALWAYS_INLINE void MarkStack::internalAppend(JSCell* cell)

    {

        ASSERT(!m_isCheckingForDefaultMarkViolation);

        ASSERT(cell);

        if (Heap::testAndSetMarked(cell))

            return;

        if (cell->structure()->typeInfo().type() >= CompoundType)

            m_values.append(cell);

    }

[phantom...@gmail.com]

Ah.. fascinating.  The main issue we're running into at this point is that webkit is so old.  

It's three years at this point.

So this *may* have been a but that has been fixed a long time ago.

Phantom 2.x might fix this problem , but it's alpha right now and still fails some unit tests.

In fact, it locks up before all the unit tests are even run. 

If you can build phantom2 , I'd suggest trying it if it works for your load.

It may not though... it seems more stable than 1.9.7 even with the failing unit tests.

[Brandon White]

FWIW, I have created a new issue on the Phantom JS github site here:  https://github.com/ariya/phantomjs/issues/12238.

I am interested in the progress of phantom 2.x and will definitely try it out when it becomes more stable.

[phantom...@gmail.com]

See if you can create a reproducible unit test for this issue.

I'm going to try to create a few for phantom so that we can verify that they're fixed (and stay fixed) for 2.x.

The problem is that they can be nondeterminstic in their behavior so *sometimes* they can crash, but not always.

[Brandon White]

I agree that creating a reproducible test case would be useful but unfortunately other priorities will prevent me from doing this in the short or medium term. I have attached as much information as I can in the bug report: https://github.com/ariya/phantomjs/issues/12238

[phantom...@gmail.com]

:)... pretty much everyone on the list is like that ;)

I think I'm just going to try to contribute tests at this point.  The developers seem to be overloaded and talking about hypotheticals I imagine is somewhat frustrating.  

Plus if I can reproduce my OWN issues instead of them being non-deterministic it will help me prevent any regressions in phantom.