Loading any complex page with the new HTML5 parser set to 'true' crashes the browser on page load. 1. Load www.cnn.com 2. crash before page loads Crash-report here: http://crash-stats.mozilla.com/report/index/14604f15-d79d-4ef1-8f9c-5343b2090629?p=1 Using nightly build: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2a1pre) Gecko/20090629 Minefield/3.6a1pre Firefox/3.0.11 ID:20090629044912 changeset: http://hg.mozilla.org/mozilla-central/rev/643cdff78555

Signature _aulldiv UUID 14604f15-d79d-4ef1-8f9c-5343b2090629 Time 2009-06-29 06:45:52.502461 Uptime 35 Last Crash 37626 seconds before submission Product Firefox Version 3.6a1pre Build ID 20090629044912 Branch 1.9.2 OS Windows NT OS Version 6.1.7100 CPU x86 CPU Info AuthenticAMD family 16 model 2 stepping 3 Crash Reason EXCEPTION_INT_DIVIDE_BY_ZERO Crash Address 0x68ebc924 User Comments HTML5 enabled - crash loading CNN Processor Notes Crashing Thread Frame Module Signature [Expand] Source 0 xul.dll _aulldiv ulldiv.asm:87 1 xul.dll nsHtml5TreeBuilder::end parser/html/nsHtml5TreeBuilderCppSupplement.h:281 2 xul.dll nsHtml5TreeBuilder::endTokenization parser/html/nsHtml5TreeBuilder.cpp:555 3 xul.dll nsHtml5Tokenizer::end parser/html/nsHtml5Tokenizer.cpp:3181 4 xul.dll nsHtml5Parser::ParseFragment parser/html/nsHtml5Parser.cpp:527 ted suggests: http://hg.mozilla.org/mozilla-central/annotate/643cdff78555/parser/html/nsHtml5TreeBuilderCppSupplement.h#l487 hsivonen@29805 487 sTreeOpQueueMaxLength = (PRUint32)((NS_HTML5_TREE_BUILDER_MAX_QUEUE_TIME * (PRUint64)opQueueLength) / (PR_Now() - flushStart)); and he notes that flushStart is assigned from PR_Now() earlier.

ted mentioned PR_IntervalNow() bsmedberg recommended mozilla::TimeStamp

Crashing Thread on Win XP: 0 xul.dll _aulldiv ulldiv.asm:87 1 xul.dll nsHtml5TreeBuilder::end parser/html/nsHtml5TreeBuilderCppSupplement.h:281 2 xul.dll nsHtml5TreeBuilder::endTokenization parser/html/nsHtml5TreeBuilder.cpp:555 3 xul.dll nsHtml5Tokenizer::end parser/html/nsHtml5Tokenizer.cpp:3181 4 xul.dll nsHtml5Parser::DidBuildModel parser/html/nsHtml5Parser.cpp:789 5 xul.dll nsHtml5Parser::ParseUntilSuspend parser/html/nsHtml5Parser.cpp:1200 6 xul.dll nsHtml5Parser::OnStopRequest parser/html/nsHtml5Parser.cpp:655 7 xul.dll nsDocumentOpenInfo::OnStopRequest uriloader/base/nsURILoader.cpp:323 8 xul.dll nsStreamListenerTee::OnStopRequest netwerk/base/src/nsStreamListenerTee.cpp:65 9 xul.dll nsHttpChannel::OnStopRequest netwerk/protocol/http/src/nsHttpChannel.cpp:5031 10 xul.dll nsInputStreamPump::OnStateStop netwerk/base/src/nsInputStreamPump.cpp:576 11 xul.dll nsInputStreamPump::OnInputStreamReady netwerk/base/src/nsInputStreamPump.cpp:401 12 xul.dll nsOutputStreamReadyEvent::Run xpcom/io/nsStreamUtils.cpp:190 13 xul.dll nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:527 14 xul.dll nsBaseAppShell::Run widget/src/xpwidgets/nsBaseAppShell.cpp:170 15 xul.dll nsAppStartup::Run toolkit/components/startup/src/nsAppStartup.cpp:193 16 nspr4.dll PR_GetEnv 17 firefox.exe wmain toolkit/xre/nsWindowsWMain.cpp:110 18 firefox.exe firefox.exe@0x21a7 19 kernel32.dll kernel32.dll@0x17076

Martijn, I think this is the crash you were seeing?

Could be, I have these crash reports: http://crash-stats.mozilla.com/report/index/c31e85f6-ad13-4418-9585-6b6a02090629?p=1 http://crash-stats.mozilla.com/report/index/6b081bc2-3f59-443a-9201-912ec2090629?p=1

Could this be at fault: http://hg.mozilla.org/mozilla-central/annotate/643cdff78555/parser/html/nsHtml5TreeBuilderCppSupplement.h#l487 ?

To be more specific: PRNow() is only accurate to 15 miliseconds iirc, so the second call to PRNow could be of equivalent value to flushStart hence making the division by zero...

henri, et al: looks like same stack as when loading http://tinderbox.mozilla.org/showbuilds.cgi?tree=Firefox in case you're looking for a test case that's a bit less a moving target than cnn http://crash-stats.mozilla.com/report/index/2ec2d988-805c-4bcc-9cda-cc47b2090629?p=1

Docs say PR_IntervalNow() and PR_Now() have different units, so need to change the magic constant accordingly.

Comment on attachment 385983 [details] [diff] [review] Change the constant to milliseconds, too The patch seems to work. Thanks, timeless! However, my Windows box is a virtual machine, so I may not seeing the same timing as one would have on a real box.

Comment on attachment 385983 [details] [diff] [review] Change the constant to milliseconds, too You can't assume that PRIntervalNow returns milliseconds. You have to use PR_IntervalToMilliseconds r/sr=me with that

Pushed patch for the record. With PR_IntervalToMilliseconds. Thanks.

Verified fixed, no more instant crash on complex pages with HTMO5 = True changeset: http://hg.mozilla.org/mozilla-central/rev/231fe6f453d8 Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2a1pre) Gecko/20090702 Minefield/3.6a1pre Firefox/3.0.11 ID:20090702004326