WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
123551
Assertion failure in js/dom/global-constructors-attributes-dedicated-worker.html
https://bugs.webkit.org/show_bug.cgi?id=123551
Summary
Assertion failure in js/dom/global-constructors-attributes-dedicated-worker.html
Ryosuke Niwa
Reported
2013-10-30 19:51:49 PDT
e.g. e.g.
http://build.webkit.org/results/Apple%20MountainLion%20Debug%20WK2%20(Tests)/r158334%20(13791)/results.html
CRASHING TEST: js/dom/global-constructors-attributes-dedicated-worker.html Thread 0:: Dispatch queue: com.apple.main-thread 0 com.apple.JavaScriptCore 0x000000010f9e55e4 WTF::ThreadSpecific<bool>::isSet() + 36 (ThreadSpecific.h:251) 1 com.apple.JavaScriptCore 0x000000010f9e54ae WTF::isCompilationThread() + 46 (CompilationThread.cpp:53) 2 com.apple.JavaScriptCore 0x000000010f360a2a JSC::WriteBarrierBase<JSC::Structure>::set(JSC::VM&, JSC::JSCell const*, JSC::Structure*) + 106 (WriteBarrier.h:77) 3 com.apple.JavaScriptCore 0x000000010f3608d4 JSC::JSCell::setStructure(JSC::VM&, JSC::Structure*) + 356 (JSCellInlines.h:150) 4 com.apple.JavaScriptCore 0x000000010f36055c JSC::JSObject::setStructure(JSC::VM&, JSC::Structure*) + 236 (JSObject.h:1146) 5 com.apple.JavaScriptCore 0x000000010f360304 JSC::JSObject::setStructureAndButterfly(JSC::VM&, JSC::Structure*, JSC::Butterfly*) + 52 (JSObject.h:1139) 6 com.apple.JavaScriptCore 0x000000010f3606cc JSC::JSObject::setStructureAndReallocateStorageIfNecessary(JSC::VM&, unsigned int, JSC::Structure*) + 236 (JSObject.h:1403) 7 com.apple.JavaScriptCore 0x000000010f3605d7 JSC::JSObject::setStructureAndReallocateStorageIfNecessary(JSC::VM&, JSC::Structure*) + 71 (JSObject.h:1410) 8 com.apple.JavaScriptCore 0x000000010f35fe02 bool JSC::JSObject::putDirectInternal<(JSC::JSObject::PutMode)1>(JSC::VM&, JSC::PropertyName, JSC::JSValue, unsigned int, JSC::PutPropertySlot&, JSC::JSCell*) + 2194 (JSObject.h:1381) 9 com.apple.JavaScriptCore 0x000000010f35da4b JSC::JSObject::putDirect(JSC::VM&, JSC::PropertyName, JSC::JSValue, unsigned int) + 219 (JSObject.h:1426) 10 com.apple.JavaScriptCore 0x000000010f657dbf JSC::InternalFunction::finishCreation(JSC::VM&, WTF::String const&) + 303 (InternalFunction.cpp:48) 11 com.apple.JavaScriptCore 0x000000010f6ec9be JSC::JSGenericTypedArrayViewConstructor<JSC::JSGenericTypedArrayView<JSC::Float64Adaptor> >::finishCreation(JSC::VM&, JSC::JSObject*, WTF::String const&) + 62 (JSGenericTypedArrayViewConstructor.h:45) 12 com.apple.JavaScriptCore 0x000000010f6eb403 JSC::JSGenericTypedArrayViewConstructor<JSC::JSGenericTypedArrayView<JSC::Float64Adaptor> >::create(JSC::VM&, JSC::Structure*, JSC::JSObject*, WTF::String const&) + 115 (JSGenericTypedArrayViewConstructorInlines.h:61) 13 com.apple.JavaScriptCore 0x000000010f6e3204 JSC::JSGlobalObject::reset(JSC::JSValue) + 25476 (JSGlobalObject.cpp:410) 14 com.apple.JavaScriptCore 0x000000010f6dce3f JSC::JSGlobalObject::init(JSC::JSObject*) + 223 (JSGlobalObject.cpp:182) 15 com.apple.WebCore 0x00000001115db198 JSC::JSGlobalObject::finishCreation(JSC::VM&, JSC::JSObject*) + 120 (JSGlobalObject.h:283) 16 com.apple.WebCore 0x00000001115dacea WebCore::JSDOMGlobalObject::finishCreation(JSC::VM&, JSC::JSObject*) + 58 (JSDOMGlobalObject.cpp:67) 17 com.apple.WebCore 0x0000000111644c08 WebCore::JSDOMWindowBase::finishCreation(JSC::VM&, WebCore::JSDOMWindowShell*) + 72 (JSDOMWindowBase.cpp:66) 18 com.apple.WebCore 0x000000011164d214 WebCore::JSDOMWindow::create(JSC::VM&, JSC::Structure*, WTF::PassRefPtr<WebCore::DOMWindow>, WebCore::JSDOMWindowShell*) + 164 (JSDOMWindow.h:41) 19 com.apple.WebCore 0x000000011164cbf7 WebCore::JSDOMWindowShell::setWindow(WTF::PassRefPtr<WebCore::DOMWindow>) + 343 (JSDOMWindowShell.cpp:86) 20 com.apple.WebCore 0x0000000111fa6f23 WebCore::ScriptController::clearWindowShell(WebCore::DOMWindow*, bool) + 323 (ScriptController.cpp:191) 21 com.apple.WebCore 0x000000011109f0ce WebCore::FrameLoader::clear(WebCore::Document*, bool, bool, bool) + 430 (FrameLoader.cpp:595) 22 com.apple.WebCore 0x0000000110e80a8f WebCore::DocumentWriter::begin(WebCore::URL const&, bool, WebCore::Document*) + 495 (DocumentWriter.cpp:140) 23 com.apple.WebCore 0x0000000110e50aea WebCore::DocumentLoader::commitData(char const*, unsigned long) + 106 (DocumentLoader.cpp:764) 24 com.apple.WebCore 0x0000000110e5060b WebCore::DocumentLoader::finishedLoading(double) + 539 (DocumentLoader.cpp:405) 25 com.apple.WebCore 0x0000000110e54c65 WebCore::DocumentLoader::maybeLoadEmpty() + 901 (DocumentLoader.cpp:1347) 26 com.apple.WebCore 0x0000000110e54da2 WebCore::DocumentLoader::startLoadingMainResource() + 274 (DocumentLoader.cpp:1359) 27 com.apple.WebCore 0x00000001110a8109 WebCore::FrameLoader::continueLoadAfterWillSubmitForm() + 185 (FrameLoader.cpp:2227) 28 com.apple.WebCore 0x00000001110a4a42 WebCore::FrameLoader::continueLoadAfterNavigationPolicy(WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool) + 978 (FrameLoader.cpp:2876) 29 com.apple.WebCore 0x00000001110a4b57 WebCore::FrameLoader::callContinueLoadAfterNavigationPolicy(void*, WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool) + 87 (FrameLoader.cpp:2707) 30 com.apple.WebCore 0x0000000111c2bd0c WebCore::PolicyCallback::call(bool) + 140 (PolicyCallback.cpp:103) 31 com.apple.WebCore 0x0000000111c2cd3a WebCore::PolicyChecker::continueAfterNavigationPolicy(WebCore::PolicyAction) + 682 (PolicyChecker.cpp:183) 32 com.apple.WebCore 0x0000000111c3283e WebCore::PolicyChecker::checkNavigationPolicy(WebCore::ResourceRequest const&, WebCore::DocumentLoader*, WTF::PassRefPtr<WebCore::FormState>, void (*)(void*, WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool), void*)::$_0::operator()(WebCore::PolicyAction) const + 30 (PolicyChecker.cpp:100) 33 com.apple.WebCore 0x0000000111c3280e std::__1::__function::__func<WebCore::PolicyChecker::checkNavigationPolicy(WebCore::ResourceRequest const&, WebCore::DocumentLoader*, WTF::PassRefPtr<WebCore::FormState>, void (*)(void*, WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool), void*)::$_0, std::__1::allocator<WebCore::PolicyChecker::checkNavigationPolicy(WebCore::ResourceRequest const&, WebCore::DocumentLoader*, WTF::PassRefPtr<WebCore::FormState>, void (*)(void*, WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool), void*)::$_0>, void (WebCore::PolicyAction)>::operator()(WebCore::PolicyAction&&) + 94 (functional:1059) 34 com.apple.WebKit2 0x000000010dce605c std::__1::function<void (WebCore::PolicyAction)>::operator()(WebCore::PolicyAction) const + 44 (functional:1435) 35 com.apple.WebKit2 0x000000010dcec5cc WebKit::WebFrameLoaderClient::dispatchDecidePolicyForNavigationAction(WebCore::NavigationAction const&, WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, std::__1::function<void (WebCore::PolicyAction)>) + 380 (WebFrameLoaderClient.cpp:698) 36 com.apple.WebCore 0x0000000111c2c7a9 WebCore::PolicyChecker::checkNavigationPolicy(WebCore::ResourceRequest const&, WebCore::DocumentLoader*, WTF::PassRefPtr<WebCore::FormState>, void (*)(void*, WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool), void*) + 1193 (PolicyChecker.cpp:98) 37 com.apple.WebCore 0x00000001110a4487 WebCore::FrameLoader::loadWithDocumentLoader(WebCore::DocumentLoader*, WebCore::FrameLoadType, WTF::PassRefPtr<WebCore::FormState>) + 1495 (FrameLoader.cpp:1424) 38 com.apple.WebCore 0x00000001110a1b3d WebCore::FrameLoader::load(WebCore::DocumentLoader*) + 429 (FrameLoader.cpp:1365) 39 com.apple.WebCore 0x00000001110a3e63 WebCore::FrameLoader::load(WebCore::FrameLoadRequest const&) + 1219 (FrameLoader.cpp:1315) 40 com.apple.WebKit2 0x000000010dd70c7d WebKit::WebPage::loadURLRequest(WebCore::ResourceRequest const&, WebKit::SandboxExtension::Handle const&, CoreIPC::MessageDecoder&) + 397 (WebPage.cpp:853) 41 com.apple.WebKit2 0x000000010dd70aba WebKit::WebPage::loadURL(WTF::String const&, WebKit::SandboxExtension::Handle const&, CoreIPC::MessageDecoder&) + 122 (WebPage.cpp:834) 42 com.apple.WebKit2 0x000000010ddd052a void CoreIPC::callMemberFunction<WebKit::WebPage, void (WebKit::WebPage::*)(WTF::String const&, WebKit::SandboxExtension::Handle const&, CoreIPC::MessageDecoder&), WTF::String, WebKit::SandboxExtension::Handle>(std::__1::tuple<WTF::String, WebKit::SandboxExtension::Handle>&&, CoreIPC::MessageDecoder&, WebKit::WebPage*, void (WebKit::WebPage::*)(WTF::String const&, WebKit::SandboxExtension::Handle const&, CoreIPC::MessageDecoder&)) + 186 (HandleMessage.h:315) 43 com.apple.WebKit2 0x000000010ddbf30c void CoreIPC::handleMessageVariadic<Messages::WebPage::LoadURL, WebKit::WebPage, void (WebKit::WebPage::*)(WTF::String const&, WebKit::SandboxExtension::Handle const&, CoreIPC::MessageDecoder&)>(CoreIPC::MessageDecoder&, WebKit::WebPage*, void (WebKit::WebPage::*)(WTF::String const&, WebKit::SandboxExtension::Handle const&, CoreIPC::MessageDecoder&)) + 220 (HandleMessage.h:416) 44 com.apple.WebKit2 0x000000010ddb8e78 WebKit::WebPage::didReceiveWebPageMessage(CoreIPC::Connection*, CoreIPC::MessageDecoder&) + 3592 (WebPageMessageReceiver.cpp:184) 45 com.apple.WebKit2 0x000000010dd78309 WebKit::WebPage::didReceiveMessage(CoreIPC::Connection*, CoreIPC::MessageDecoder&) + 537 (WebPage.cpp:3040) 46 com.apple.WebKit2 0x000000010dd78357 non-virtual thunk to WebKit::WebPage::didReceiveMessage(CoreIPC::Connection*, CoreIPC::MessageDecoder&) + 55 (WebPage.cpp:3040) 47 com.apple.WebKit2 0x000000010da7caf0 CoreIPC::MessageReceiverMap::dispatchMessage(CoreIPC::Connection*, CoreIPC::MessageDecoder&) + 496 (MessageReceiverMap.cpp:87) 48 com.apple.WebKit2 0x000000010deaaaaa WebKit::WebProcess::didReceiveMessage(CoreIPC::Connection*, CoreIPC::MessageDecoder&) + 58 (WebProcess.cpp:636) 49 com.apple.WebKit2 0x000000010d9bd423 CoreIPC::Connection::dispatchMessage(CoreIPC::MessageDecoder&) + 51 (Connection.cpp:789) 50 com.apple.WebKit2 0x000000010d9b5ad0 CoreIPC::Connection::dispatchMessage(std::__1::unique_ptr<CoreIPC::MessageDecoder, std::__1::default_delete<CoreIPC::MessageDecoder> >) + 368 (Connection.cpp:809) 51 com.apple.WebKit2 0x000000010d9bd1b1 CoreIPC::Connection::dispatchOneMessage() + 1377 (Connection.cpp:835) 52 com.apple.WebKit2 0x000000010d9c9af2 WTF::FunctionWrapper<void (CoreIPC::Connection::*)()>::operator()(CoreIPC::Connection*) + 114 (Functional.h:218) 53 com.apple.WebKit2 0x000000010d9c9a75 WTF::BoundFunctionImpl<WTF::FunctionWrapper<void (CoreIPC::Connection::*)()>, void (CoreIPC::Connection*)>::operator()() + 53 (Functional.h:496) 54 com.apple.WebKit2 0x000000010d9d15f2 WTF::Function<void ()>::operator()() const + 114 (Functional.h:704) 55 com.apple.WebKit2 0x000000010d9d156c std::__1::__function::__func<WTF::Function<void ()>, std::__1::allocator<WTF::Function<void ()> >, void ()()>::operator()() + 60 (functional:1059) 56 com.apple.WebCore 0x0000000111f8b05a std::__1::function<void ()>::operator()() const + 26 (functional:1435) 57 com.apple.WebCore 0x0000000111f8ace7 WebCore::RunLoop::performWork() + 519 (RunLoop.cpp:106) 58 com.apple.WebCore 0x0000000111f8c224 WebCore::RunLoop::performWork(void*) + 36 (RunLoopCF.cpp:38) 59 com.apple.CoreFoundation 0x00007fff892bcb31 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17 60 com.apple.CoreFoundation 0x00007fff892bc455 __CFRunLoopDoSources0 + 245 61 com.apple.CoreFoundation 0x00007fff892df7f5 __CFRunLoopRun + 789 62 com.apple.CoreFoundation 0x00007fff892df0e2 CFRunLoopRunSpecific + 290 63 com.apple.HIToolbox 0x00007fff91955eb4 RunCurrentEventLoopInMode + 209 64 com.apple.HIToolbox 0x00007fff91955c52 ReceiveNextEventCommon + 356 65 com.apple.HIToolbox 0x00007fff91955ae3 BlockUntilNextEventMatchingListInMode + 62 66 com.apple.AppKit 0x00007fff92698533 _DPSNextEvent + 685 67 com.apple.AppKit 0x00007fff92697df2 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 128 68 com.apple.AppKit 0x00007fff9268f1a3 -[NSApplication run] + 517 69 com.apple.WebKit2 0x000000010dc7aeef WebKit::WebContentProcessMainDelegate::startRunLoop() + 95 (WebContentProcessMain.mm:172) 70 com.apple.WebKit2 0x000000010dc79f2f int WebKit::ChildProcessMain<WebKit::WebProcess, WebKit::WebContentProcessMainDelegate>(int, char**) + 671 (ChildProcessEntryPoint.h:93) 71 com.apple.WebKit2 0x000000010dc79c7b WebContentProcessMain + 27 (WebContentProcessMain.mm:183) 72 com.apple.WebProcess 0x000000010d8e1d1d WebKit::BootstrapMain(int, char**) + 381 73 com.apple.WebProcess 0x000000010d8e1b92 main + 34 74 libdyld.dylib 0x00007fff895a87e1 start + 1
Attachments
the patch
(4.48 KB, patch)
2013-10-30 20:37 PDT
,
Filip Pizlo
mhahnenberg
: review+
Details
Formatted Diff
Diff
View All
Add attachment
proposed patch, testcase, etc.
Ryosuke Niwa
Comment 1
2013-10-30 19:53:11 PDT
http://webkit-test-results.appspot.com/dashboards/flakiness_dashboard.html#tests=js%2Fdom%2Fglobal-constructors-attributes-shared-worker.html
Ryosuke Niwa
Comment 2
2013-10-30 19:57:58 PDT
There are multiple tests that started hitting assertions around the same time as well:
http://webkit-test-results.appspot.com/dashboards/flakiness_dashboard.html#tests=fast%2Ffiles%2Fworkers%2Fworker-read-file-sync.html%2Cfast%2Fworkers%2Fworker-call.html%2Cjs%2Fdom%2Fglobal-constructors-attributes-shared-worker.html
Ryosuke Niwa
Comment 3
2013-10-30 19:59:21 PDT
Given the blame list:
http://trac.webkit.org/log/?verbose=on&rev=158313&stop_rev=158301
The most likely culprit is
http://trac.webkit.org/changeset/158304
Filip Pizlo
Comment 4
2013-10-30 20:02:25 PDT
I'm investigating it.
Filip Pizlo
Comment 5
2013-10-30 20:33:16 PDT
(In reply to
comment #0
)
> e.g. > > e.g.
http://build.webkit.org/results/Apple%20MountainLion%20Debug%20WK2%20(Tests)/r158334%20(13791)/results.html
> > CRASHING TEST: js/dom/global-constructors-attributes-dedicated-worker.html > > Thread 0:: Dispatch queue: com.apple.main-thread > 0 com.apple.JavaScriptCore 0x000000010f9e55e4 WTF::ThreadSpecific<bool>::isSet() + 36 (ThreadSpecific.h:251) > 1 com.apple.JavaScriptCore 0x000000010f9e54ae WTF::isCompilationThread() + 46 (CompilationThread.cpp:53) > 2 com.apple.JavaScriptCore 0x000000010f360a2a JSC::WriteBarrierBase<JSC::Structure>::set(JSC::VM&, JSC::JSCell const*, JSC::Structure*) + 106 (WriteBarrier.h:77) > 3 com.apple.JavaScriptCore 0x000000010f3608d4 JSC::JSCell::setStructure(JSC::VM&, JSC::Structure*) + 356 (JSCellInlines.h:150) > 4 com.apple.JavaScriptCore 0x000000010f36055c JSC::JSObject::setStructure(JSC::VM&, JSC::Structure*) + 236 (JSObject.h:1146) > 5 com.apple.JavaScriptCore 0x000000010f360304 JSC::JSObject::setStructureAndButterfly(JSC::VM&, JSC::Structure*, JSC::Butterfly*) + 52 (JSObject.h:1139) > 6 com.apple.JavaScriptCore 0x000000010f3606cc JSC::JSObject::setStructureAndReallocateStorageIfNecessary(JSC::VM&, unsigned int, JSC::Structure*) + 236 (JSObject.h:1403) > 7 com.apple.JavaScriptCore 0x000000010f3605d7 JSC::JSObject::setStructureAndReallocateStorageIfNecessary(JSC::VM&, JSC::Structure*) + 71 (JSObject.h:1410) > 8 com.apple.JavaScriptCore 0x000000010f35fe02 bool JSC::JSObject::putDirectInternal<(JSC::JSObject::PutMode)1>(JSC::VM&, JSC::PropertyName, JSC::JSValue, unsigned int, JSC::PutPropertySlot&, JSC::JSCell*) + 2194 (JSObject.h:1381) > 9 com.apple.JavaScriptCore 0x000000010f35da4b JSC::JSObject::putDirect(JSC::VM&, JSC::PropertyName, JSC::JSValue, unsigned int) + 219 (JSObject.h:1426) > 10 com.apple.JavaScriptCore 0x000000010f657dbf JSC::InternalFunction::finishCreation(JSC::VM&, WTF::String const&) + 303 (InternalFunction.cpp:48) > 11 com.apple.JavaScriptCore 0x000000010f6ec9be JSC::JSGenericTypedArrayViewConstructor<JSC::JSGenericTypedArrayView<JSC::Float64Adaptor> >::finishCreation(JSC::VM&, JSC::JSObject*, WTF::String const&) + 62 (JSGenericTypedArrayViewConstructor.h:45) > 12 com.apple.JavaScriptCore 0x000000010f6eb403 JSC::JSGenericTypedArrayViewConstructor<JSC::JSGenericTypedArrayView<JSC::Float64Adaptor> >::create(JSC::VM&, JSC::Structure*, JSC::JSObject*, WTF::String const&) + 115 (JSGenericTypedArrayViewConstructorInlines.h:61) > 13 com.apple.JavaScriptCore 0x000000010f6e3204 JSC::JSGlobalObject::reset(JSC::JSValue) + 25476 (JSGlobalObject.cpp:410) > 14 com.apple.JavaScriptCore 0x000000010f6dce3f JSC::JSGlobalObject::init(JSC::JSObject*) + 223 (JSGlobalObject.cpp:182) > 15 com.apple.WebCore 0x00000001115db198 JSC::JSGlobalObject::finishCreation(JSC::VM&, JSC::JSObject*) + 120 (JSGlobalObject.h:283) > 16 com.apple.WebCore 0x00000001115dacea WebCore::JSDOMGlobalObject::finishCreation(JSC::VM&, JSC::JSObject*) + 58 (JSDOMGlobalObject.cpp:67) > 17 com.apple.WebCore 0x0000000111644c08 WebCore::JSDOMWindowBase::finishCreation(JSC::VM&, WebCore::JSDOMWindowShell*) + 72 (JSDOMWindowBase.cpp:66) > 18 com.apple.WebCore 0x000000011164d214 WebCore::JSDOMWindow::create(JSC::VM&, JSC::Structure*, WTF::PassRefPtr<WebCore::DOMWindow>, WebCore::JSDOMWindowShell*) + 164 (JSDOMWindow.h:41) > 19 com.apple.WebCore 0x000000011164cbf7 WebCore::JSDOMWindowShell::setWindow(WTF::PassRefPtr<WebCore::DOMWindow>) + 343 (JSDOMWindowShell.cpp:86) > 20 com.apple.WebCore 0x0000000111fa6f23 WebCore::ScriptController::clearWindowShell(WebCore::DOMWindow*, bool) + 323 (ScriptController.cpp:191) > 21 com.apple.WebCore 0x000000011109f0ce WebCore::FrameLoader::clear(WebCore::Document*, bool, bool, bool) + 430 (FrameLoader.cpp:595) > 22 com.apple.WebCore 0x0000000110e80a8f WebCore::DocumentWriter::begin(WebCore::URL const&, bool, WebCore::Document*) + 495 (DocumentWriter.cpp:140) > 23 com.apple.WebCore 0x0000000110e50aea WebCore::DocumentLoader::commitData(char const*, unsigned long) + 106 (DocumentLoader.cpp:764) > 24 com.apple.WebCore 0x0000000110e5060b WebCore::DocumentLoader::finishedLoading(double) + 539 (DocumentLoader.cpp:405) > 25 com.apple.WebCore 0x0000000110e54c65 WebCore::DocumentLoader::maybeLoadEmpty() + 901 (DocumentLoader.cpp:1347) > 26 com.apple.WebCore 0x0000000110e54da2 WebCore::DocumentLoader::startLoadingMainResource() + 274 (DocumentLoader.cpp:1359) > 27 com.apple.WebCore 0x00000001110a8109 WebCore::FrameLoader::continueLoadAfterWillSubmitForm() + 185 (FrameLoader.cpp:2227) > 28 com.apple.WebCore 0x00000001110a4a42 WebCore::FrameLoader::continueLoadAfterNavigationPolicy(WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool) + 978 (FrameLoader.cpp:2876) > 29 com.apple.WebCore 0x00000001110a4b57 WebCore::FrameLoader::callContinueLoadAfterNavigationPolicy(void*, WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool) + 87 (FrameLoader.cpp:2707) > 30 com.apple.WebCore 0x0000000111c2bd0c WebCore::PolicyCallback::call(bool) + 140 (PolicyCallback.cpp:103) > 31 com.apple.WebCore 0x0000000111c2cd3a WebCore::PolicyChecker::continueAfterNavigationPolicy(WebCore::PolicyAction) + 682 (PolicyChecker.cpp:183) > 32 com.apple.WebCore 0x0000000111c3283e WebCore::PolicyChecker::checkNavigationPolicy(WebCore::ResourceRequest const&, WebCore::DocumentLoader*, WTF::PassRefPtr<WebCore::FormState>, void (*)(void*, WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool), void*)::$_0::operator()(WebCore::PolicyAction) const + 30 (PolicyChecker.cpp:100) > 33 com.apple.WebCore 0x0000000111c3280e std::__1::__function::__func<WebCore::PolicyChecker::checkNavigationPolicy(WebCore::ResourceRequest const&, WebCore::DocumentLoader*, WTF::PassRefPtr<WebCore::FormState>, void (*)(void*, WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool), void*)::$_0, std::__1::allocator<WebCore::PolicyChecker::checkNavigationPolicy(WebCore::ResourceRequest const&, WebCore::DocumentLoader*, WTF::PassRefPtr<WebCore::FormState>, void (*)(void*, WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool), void*)::$_0>, void (WebCore::PolicyAction)>::operator()(WebCore::PolicyAction&&) + 94 (functional:1059) > 34 com.apple.WebKit2 0x000000010dce605c std::__1::function<void (WebCore::PolicyAction)>::operator()(WebCore::PolicyAction) const + 44 (functional:1435) > 35 com.apple.WebKit2 0x000000010dcec5cc WebKit::WebFrameLoaderClient::dispatchDecidePolicyForNavigationAction(WebCore::NavigationAction const&, WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, std::__1::function<void (WebCore::PolicyAction)>) + 380 (WebFrameLoaderClient.cpp:698) > 36 com.apple.WebCore 0x0000000111c2c7a9 WebCore::PolicyChecker::checkNavigationPolicy(WebCore::ResourceRequest const&, WebCore::DocumentLoader*, WTF::PassRefPtr<WebCore::FormState>, void (*)(void*, WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool), void*) + 1193 (PolicyChecker.cpp:98) > 37 com.apple.WebCore 0x00000001110a4487 WebCore::FrameLoader::loadWithDocumentLoader(WebCore::DocumentLoader*, WebCore::FrameLoadType, WTF::PassRefPtr<WebCore::FormState>) + 1495 (FrameLoader.cpp:1424) > 38 com.apple.WebCore 0x00000001110a1b3d WebCore::FrameLoader::load(WebCore::DocumentLoader*) + 429 (FrameLoader.cpp:1365) > 39 com.apple.WebCore 0x00000001110a3e63 WebCore::FrameLoader::load(WebCore::FrameLoadRequest const&) + 1219 (FrameLoader.cpp:1315) > 40 com.apple.WebKit2 0x000000010dd70c7d WebKit::WebPage::loadURLRequest(WebCore::ResourceRequest const&, WebKit::SandboxExtension::Handle const&, CoreIPC::MessageDecoder&) + 397 (WebPage.cpp:853) > 41 com.apple.WebKit2 0x000000010dd70aba WebKit::WebPage::loadURL(WTF::String const&, WebKit::SandboxExtension::Handle const&, CoreIPC::MessageDecoder&) + 122 (WebPage.cpp:834) > 42 com.apple.WebKit2 0x000000010ddd052a void CoreIPC::callMemberFunction<WebKit::WebPage, void (WebKit::WebPage::*)(WTF::String const&, WebKit::SandboxExtension::Handle const&, CoreIPC::MessageDecoder&), WTF::String, WebKit::SandboxExtension::Handle>(std::__1::tuple<WTF::String, WebKit::SandboxExtension::Handle>&&, CoreIPC::MessageDecoder&, WebKit::WebPage*, void (WebKit::WebPage::*)(WTF::String const&, WebKit::SandboxExtension::Handle const&, CoreIPC::MessageDecoder&)) + 186 (HandleMessage.h:315) > 43 com.apple.WebKit2 0x000000010ddbf30c void CoreIPC::handleMessageVariadic<Messages::WebPage::LoadURL, WebKit::WebPage, void (WebKit::WebPage::*)(WTF::String const&, WebKit::SandboxExtension::Handle const&, CoreIPC::MessageDecoder&)>(CoreIPC::MessageDecoder&, WebKit::WebPage*, void (WebKit::WebPage::*)(WTF::String const&, WebKit::SandboxExtension::Handle const&, CoreIPC::MessageDecoder&)) + 220 (HandleMessage.h:416) > 44 com.apple.WebKit2 0x000000010ddb8e78 WebKit::WebPage::didReceiveWebPageMessage(CoreIPC::Connection*, CoreIPC::MessageDecoder&) + 3592 (WebPageMessageReceiver.cpp:184) > 45 com.apple.WebKit2 0x000000010dd78309 WebKit::WebPage::didReceiveMessage(CoreIPC::Connection*, CoreIPC::MessageDecoder&) + 537 (WebPage.cpp:3040) > 46 com.apple.WebKit2 0x000000010dd78357 non-virtual thunk to WebKit::WebPage::didReceiveMessage(CoreIPC::Connection*, CoreIPC::MessageDecoder&) + 55 (WebPage.cpp:3040) > 47 com.apple.WebKit2 0x000000010da7caf0 CoreIPC::MessageReceiverMap::dispatchMessage(CoreIPC::Connection*, CoreIPC::MessageDecoder&) + 496 (MessageReceiverMap.cpp:87) > 48 com.apple.WebKit2 0x000000010deaaaaa WebKit::WebProcess::didReceiveMessage(CoreIPC::Connection*, CoreIPC::MessageDecoder&) + 58 (WebProcess.cpp:636) > 49 com.apple.WebKit2 0x000000010d9bd423 CoreIPC::Connection::dispatchMessage(CoreIPC::MessageDecoder&) + 51 (Connection.cpp:789) > 50 com.apple.WebKit2 0x000000010d9b5ad0 CoreIPC::Connection::dispatchMessage(std::__1::unique_ptr<CoreIPC::MessageDecoder, std::__1::default_delete<CoreIPC::MessageDecoder> >) + 368 (Connection.cpp:809) > 51 com.apple.WebKit2 0x000000010d9bd1b1 CoreIPC::Connection::dispatchOneMessage() + 1377 (Connection.cpp:835) > 52 com.apple.WebKit2 0x000000010d9c9af2 WTF::FunctionWrapper<void (CoreIPC::Connection::*)()>::operator()(CoreIPC::Connection*) + 114 (Functional.h:218) > 53 com.apple.WebKit2 0x000000010d9c9a75 WTF::BoundFunctionImpl<WTF::FunctionWrapper<void (CoreIPC::Connection::*)()>, void (CoreIPC::Connection*)>::operator()() + 53 (Functional.h:496) > 54 com.apple.WebKit2 0x000000010d9d15f2 WTF::Function<void ()>::operator()() const + 114 (Functional.h:704) > 55 com.apple.WebKit2 0x000000010d9d156c std::__1::__function::__func<WTF::Function<void ()>, std::__1::allocator<WTF::Function<void ()> >, void ()()>::operator()() + 60 (functional:1059) > 56 com.apple.WebCore 0x0000000111f8b05a std::__1::function<void ()>::operator()() const + 26 (functional:1435) > 57 com.apple.WebCore 0x0000000111f8ace7 WebCore::RunLoop::performWork() + 519 (RunLoop.cpp:106) > 58 com.apple.WebCore 0x0000000111f8c224 WebCore::RunLoop::performWork(void*) + 36 (RunLoopCF.cpp:38) > 59 com.apple.CoreFoundation 0x00007fff892bcb31 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17 > 60 com.apple.CoreFoundation 0x00007fff892bc455 __CFRunLoopDoSources0 + 245 > 61 com.apple.CoreFoundation 0x00007fff892df7f5 __CFRunLoopRun + 789 > 62 com.apple.CoreFoundation 0x00007fff892df0e2 CFRunLoopRunSpecific + 290 > 63 com.apple.HIToolbox 0x00007fff91955eb4 RunCurrentEventLoopInMode + 209 > 64 com.apple.HIToolbox 0x00007fff91955c52 ReceiveNextEventCommon + 356 > 65 com.apple.HIToolbox 0x00007fff91955ae3 BlockUntilNextEventMatchingListInMode + 62 > 66 com.apple.AppKit 0x00007fff92698533 _DPSNextEvent + 685 > 67 com.apple.AppKit 0x00007fff92697df2 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 128 > 68 com.apple.AppKit 0x00007fff9268f1a3 -[NSApplication run] + 517 > 69 com.apple.WebKit2 0x000000010dc7aeef WebKit::WebContentProcessMainDelegate::startRunLoop() + 95 (WebContentProcessMain.mm:172) > 70 com.apple.WebKit2 0x000000010dc79f2f int WebKit::ChildProcessMain<WebKit::WebProcess, WebKit::WebContentProcessMainDelegate>(int, char**) + 671 (ChildProcessEntryPoint.h:93) > 71 com.apple.WebKit2 0x000000010dc79c7b WebContentProcessMain + 27 (WebContentProcessMain.mm:183) > 72 com.apple.WebProcess 0x000000010d8e1d1d WebKit::BootstrapMain(int, char**) + 381 > 73 com.apple.WebProcess 0x000000010d8e1b92 main + 34 > 74 libdyld.dylib 0x00007fff895a87e1 start + 1
This isn't the crashing thread. Please make sure that when you post a stack trace, you post either all of the stack traces for all of the threads, or you find the crashing thread and post that thread's stack trace.
Ryosuke Niwa
Comment 6
2013-10-30 20:34:50 PDT
(In reply to
comment #5
) >
> This isn't the crashing thread. > > Please make sure that when you post a stack trace, you post either all of the stack traces for all of the threads, or you find the crashing thread and post that thread's stack trace.
Oops, sorry, you're right.
Ryosuke Niwa
Comment 7
2013-10-30 20:35:29 PDT
Here's the crashing thread's stack trace: Thread 18 Crashed:: WebCore: Worker 0 com.apple.JavaScriptCore 0x000000010f362b2c JSC::WriteBarrierBase<JSC::Structure>::unvalidatedGet() const + 12 (WriteBarrier.h:145) 1 com.apple.JavaScriptCore 0x000000010f35cc35 JSC::JSCell::unvalidatedStructure() + 21 (JSCell.h:149) 2 com.apple.JavaScriptCore 0x000000010f6bf4d1 JSC::slowValidateCell(JSC::JSCell*) + 113 (JSCell.cpp:157) 3 com.apple.JavaScriptCore 0x000000010f35a5e5 void JSC::validateCell<JSC::JSCell*>(JSC::JSCell*) + 21 (WriteBarrier.h:59) 4 com.apple.JavaScriptCore 0x000000010f3619de JSC::WriteBarrierBase<JSC::JSGlobalObject>::get() const + 46 (WriteBarrier.h:110) 5 com.apple.JavaScriptCore 0x000000010f36a9dc JSC::CodeBlock::globalObject() + 28 (CodeBlock.h:672) 6 com.apple.JavaScriptCore 0x000000010f62ffe0 JSC::ExecutionCounter::setThreshold(JSC::CodeBlock*) + 304 (ExecutionCounter.cpp:153) 7 com.apple.JavaScriptCore 0x000000010f630079 JSC::ExecutionCounter::setNewThreshold(int, JSC::CodeBlock*) + 57 (ExecutionCounter.cpp:61) 8 com.apple.JavaScriptCore 0x000000010f3d58ef JSC::CodeBlock::optimizeAfterWarmUp() + 95 (CodeBlock.cpp:3099) 9 com.apple.JavaScriptCore 0x000000010f3da310 JSC::CodeBlock::jettison(JSC::ReoptimizationMode) + 496 (CodeBlock.cpp:2854) 10 com.apple.JavaScriptCore 0x000000010f4940b5 JSC::ProfiledCodeBlockJettisoningWatchpoint::fireInternal() + 245 (ProfiledCodeBlockJettisoningWatchpoint.cpp:51) 11 com.apple.JavaScriptCore 0x000000010f995676 JSC::Watchpoint::fire() + 22 (Watchpoint.h:42) 12 com.apple.JavaScriptCore 0x000000010f9950df JSC::WatchpointSet::fireAllWatchpoints() + 79 (Watchpoint.cpp:77) 13 com.apple.JavaScriptCore 0x000000010f995085 JSC::WatchpointSet::~WatchpointSet() + 21 (Watchpoint.cpp:53) 14 com.apple.JavaScriptCore 0x000000010f995065 JSC::WatchpointSet::~WatchpointSet() + 21 (Watchpoint.cpp:53) 15 com.apple.JavaScriptCore 0x000000010f6f9bc9 WTF::ThreadSafeRefCounted<JSC::WatchpointSet>::deref() + 73 (ThreadSafeRefCounted.h:116) 16 com.apple.JavaScriptCore 0x000000010f9953bb JSC::InlineWatchpointSet::freeFat() + 91 (Watchpoint.cpp:103) 17 com.apple.JavaScriptCore 0x000000010f6b63b4 JSC::InlineWatchpointSet::~InlineWatchpointSet() + 52 (Watchpoint.h:137) 18 com.apple.JavaScriptCore 0x000000010f6b6375 JSC::InlineWatchpointSet::~InlineWatchpointSet() + 21 (Watchpoint.h:138) 19 com.apple.JavaScriptCore 0x000000010f962b65 JSC::Structure::~Structure() + 37 (Structure.h:73) 20 com.apple.JavaScriptCore 0x000000010f9595c5 JSC::Structure::~Structure() + 21 (Structure.h:73) 21 com.apple.JavaScriptCore 0x000000010f955065 JSC::Structure::destroy(JSC::JSCell*) + 21 (Structure.cpp:239) 22 com.apple.JavaScriptCore 0x000000010f7caedd JSC::MarkedBlock::callDestructor(JSC::JSCell*) + 61 (MarkedBlock.cpp:67) 23 com.apple.JavaScriptCore 0x000000010f7cb2b8 JSC::MarkedBlock::FreeList JSC::MarkedBlock::specializedSweep<(JSC::MarkedBlock::BlockState)3, (JSC::MarkedBlock::SweepMode)0, (JSC::MarkedBlock::DestructorType)1>() + 216 (MarkedBlock.cpp:81) 24 com.apple.JavaScriptCore 0x000000010f7c9f3e JSC::MarkedBlock::FreeList JSC::MarkedBlock::sweepHelper<(JSC::MarkedBlock::DestructorType)1>(JSC::MarkedBlock::SweepMode) + 302 (MarkedBlock.cpp:140) 25 com.apple.JavaScriptCore 0x000000010f7c9a37 JSC::MarkedBlock::sweep(JSC::MarkedBlock::SweepMode) + 119 (MarkedBlock.cpp:117) 26 com.apple.JavaScriptCore 0x000000010f7cdc31 JSC::MarkedBlock::lastChanceToFinalize() + 65 (MarkedBlock.h:238) 27 com.apple.JavaScriptCore 0x000000010f7cdbe9 JSC::LastChanceToFinalize::operator()(JSC::MarkedBlock*) + 25 (MarkedSpace.cpp:109) 28 com.apple.JavaScriptCore 0x000000010f7cdbb2 void JSC::MarkedAllocator::forEachBlock<JSC::LastChanceToFinalize>(JSC::LastChanceToFinalize&) + 82 (MarkedAllocator.h:140) 29 com.apple.JavaScriptCore 0x000000010f7cda4b JSC::LastChanceToFinalize::ReturnType JSC::MarkedSpace::forEachBlock<JSC::LastChanceToFinalize>(JSC::LastChanceToFinalize&) + 139 (MarkedSpace.h:226) 30 com.apple.JavaScriptCore 0x000000010f7cc349 JSC::LastChanceToFinalize::ReturnType JSC::MarkedSpace::forEachBlock<JSC::LastChanceToFinalize>() + 25 (MarkedSpace.h:248) 31 com.apple.JavaScriptCore 0x000000010f7cb7b2 JSC::MarkedSpace::lastChanceToFinalize() + 34 (MarkedSpace.cpp:116) 32 com.apple.JavaScriptCore 0x000000010f641d81 JSC::Heap::lastChanceToFinalize() + 161 (Heap.cpp:302) 33 com.apple.JavaScriptCore 0x000000010f983f1c JSC::VM::~VM() + 268 (VM.cpp:320) 34 com.apple.JavaScriptCore 0x000000010f983e05 JSC::VM::~VM() + 21 (VM.cpp:364) 35 com.apple.JavaScriptCore 0x000000010f634b99 WTF::ThreadSafeRefCounted<JSC::VM>::deref() + 73 (ThreadSafeRefCounted.h:116) 36 com.apple.JavaScriptCore 0x000000010f634b49 void WTF::derefIfNotNull<JSC::VM>(JSC::VM*) + 57 (PassRefPtr.h:40) 37 com.apple.JavaScriptCore 0x000000010f634a57 WTF::RefPtr<JSC::VM>::clear() + 39 (RefPtr.h:107) 38 com.apple.JavaScriptCore 0x000000010f7054a8 JSC::JSLockHolder::~JSLockHolder() + 88 (JSLock.cpp:83) 39 com.apple.JavaScriptCore 0x000000010f705445 JSC::JSLockHolder::~JSLockHolder() + 21 (JSLock.cpp:85) 40 com.apple.WebCore 0x00000001124121e9 WebCore::WorkerScriptController::~WorkerScriptController() + 73 (WorkerScriptController.cpp:72) 41 com.apple.WebCore 0x0000000112412195 WebCore::WorkerScriptController::~WorkerScriptController() + 21 (WorkerScriptController.cpp:72) 42 com.apple.WebCore 0x00000001124041fa void WTF::deleteOwnedPtr<WebCore::WorkerScriptController>(WebCore::WorkerScriptController*) + 42 (OwnPtrCommon.h:53) 43 com.apple.WebCore 0x000000011241a6f7 WTF::OwnPtr<WebCore::WorkerScriptController>::clear() + 39 (OwnPtr.h:99) 44 com.apple.WebCore 0x000000011241a6bc WebCore::WorkerGlobalScope::clearScript() + 28 (WorkerGlobalScope.h:77) 45 com.apple.WebCore 0x000000011241a670 WebCore::WorkerThreadShutdownFinishTask::performTask(WebCore::ScriptExecutionContext*) + 112 (WorkerThread.cpp:207) 46 com.apple.WebCore 0x000000011240df03 WebCore::WorkerRunLoop::Task::performTask(WebCore::WorkerRunLoop const&, WebCore::ScriptExecutionContext*) + 147 (WorkerRunLoop.cpp:224) 47 com.apple.WebCore 0x000000011240dcd2 WebCore::WorkerRunLoop::runCleanupTasks(WebCore::WorkerGlobalScope*) + 466 (WorkerRunLoop.cpp:191) 48 com.apple.WebCore 0x000000011240d756 WebCore::WorkerRunLoop::run(WebCore::WorkerGlobalScope*) + 118 (WorkerRunLoop.cpp:137) 49 com.apple.WebCore 0x0000000112417285 WebCore::WorkerThread::runEventLoop() + 53 (WorkerThread.cpp:189) 50 com.apple.WebCore 0x0000000110d7e959 WebCore::DedicatedWorkerThread::runEventLoop() + 89 (DedicatedWorkerThread.cpp:68) 51 com.apple.WebCore 0x00000001124171a1 WebCore::WorkerThread::workerThread() + 1393 (WorkerThread.cpp:170) 52 com.apple.WebCore 0x0000000112416c25 WebCore::WorkerThread::workerThreadStart(void*) + 21 (WorkerThread.cpp:143) 53 com.apple.JavaScriptCore 0x000000010fa225a0 WTF::threadEntryPoint(void*) + 144 (Threading.cpp:70) 54 com.apple.JavaScriptCore 0x000000010fa233a8 WTF::wtfThreadEntryPoint(void*) + 296 (ThreadingPthreads.cpp:195) 55 libsystem_c.dylib 0x00007fff9158a772 _pthread_start + 327 56 libsystem_c.dylib 0x00007fff915771a1 thread_start + 13
Filip Pizlo
Comment 8
2013-10-30 20:37:05 PDT
Created
attachment 215606
[details]
the patch
Filip Pizlo
Comment 9
2013-10-30 20:39:27 PDT
<
rdar://problem/15356238
>
Mark Hahnenberg
Comment 10
2013-10-30 20:39:57 PDT
Comment on
attachment 215606
[details]
the patch View in context:
https://bugs.webkit.org/attachment.cgi?id=215606&action=review
r=me
> Source/JavaScriptCore/ChangeLog:25 > + - The WatchpointSet constructor would get invoked from finalization/destruction.
s/constructor/destructor/ ?
Filip Pizlo
Comment 11
2013-10-30 20:40:38 PDT
(In reply to
comment #10
)
> (From update of
attachment 215606
[details]
) > View in context:
https://bugs.webkit.org/attachment.cgi?id=215606&action=review
> > r=me > > > Source/JavaScriptCore/ChangeLog:25 > > + - The WatchpointSet constructor would get invoked from finalization/destruction. > > s/constructor/destructor/ ?
Yeah!
Filip Pizlo
Comment 12
2013-10-30 20:51:17 PDT
Landed in
http://trac.webkit.org/changeset/158341
Ryosuke Niwa
Comment 13
2013-10-30 20:55:15 PDT
Thanks for the timely fix!
Filip Pizlo
Comment 14
2013-10-30 20:59:33 PDT
(In reply to
comment #13
)
> Thanks for the timely fix!
We should keep an eye on it - this is tricky stuff and I may have just broken more things than I fixed. ;-)
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug