119108 2013-07-25 14:53:52 -0700 ASSERT(m_vm->apiLock().currentThreadIsHoldingLock()); fails for Safari on current ToT 2013-07-25 17:12:09 -0700 1 1 1 Unclassified WebKit JavaScriptCore 528+ (Nightly build) Unspecified Unspecified RESOLVED FIXED P2 Normal --- 1 mark.lam andersca andersca barraclough ggaren mark.lam mhahnenberg sergio oldest_to_newest 911772 0 mark.lam 2013-07-25 14:53:52 -0700 Here's the back trace: (gdb) bt #0 WTFCrash () at /Volumes/Data/ws6/OpenSource/Source/WTF/wtf/Assertions.cpp:339 #1 0x000000010732e094 in JSC::Heap::protect (this=0x7f827a04a418, k={u = {asInt64 = 4627690608, ptr = 0x113d4f470, asBits = {payload = 332723312, tag = 1}}}) at /Volumes/Data/ws6/OpenSource/Source/JavaScriptCore/heap/Heap.cpp:337 #2 0x00000001073bf333 in JSC::gcProtect (val=0x113d4f470) at Protect.h:32 #3 0x00000001073be9b9 in JSGlobalContextRetain (ctx=0x113d4f4e0) at /Volumes/Data/ws6/OpenSource/Source/JavaScriptCore/API/JSContextRef.cpp:158 #4 0x00000001109d8822 in WBSJSController::setContext (this=0x7f827b860690, context=0x113d4f4e0) at /Volumes/Data/ws6/Internal/SafariShared/WBSJSController.mm:107 #5 0x00000001109d8c50 in WBSJSController::scriptObjectReady (this=0x7f827b860690, ctx=0x113d4f4e0) at /Volumes/Data/ws6/Internal/SafariShared/WBSJSController.mm:64 … The rest of the stack trace shows this initiated from Reader. I saw this assertion failure crash by launching a debug build of ToT (r153339) with the Safari set to load "http://www.zazzle.com/vintage_zebra_blue_mojo_pillow-189636972500458458" on launch. Per our conversation, it looks like the assertion is failing because of the recent added code to check for "vm.exclusiveThread". gdb confirms that this code was active in this case. Here are the gdb details: (gdb) frame 3 #3 0x00000001073be9b9 in JSGlobalContextRetain (ctx=0x113d4f4e0) at /Volumes/Data/ws6/OpenSource/Source/JavaScriptCore/API/JSContextRef.cpp:158 158 gcProtect(exec->dynamicGlobalObject()); (gdb) list 153 { 154 ExecState* exec = toJS(ctx); 155 APIEntryShim entryShim(exec); 156 157 VM& vm = exec->vm(); 158 gcProtect(exec->dynamicGlobalObject()); 159 vm.ref(); 160 return ctx; 161 } 162 (gdb) p vm.exclusiveThread $1 = 1 Based on the APIEntryShim code, this means that it does not acquire the VM lock on allocation of the shim. 911796 1 sergio 2013-07-25 16:23:59 -0700 Not sure it's related, but I get a similar ASSERT [vm()->apiLock().currentThreadIsHoldingLock()] on an EFL build, right after starting MiniBrowser - trying to load google.com. The assert it's hitting is in Heap::collect() [Source/JavaScriptCore/heap/Heap.cpp(714)]. 911804 2 mhahnenberg 2013-07-25 17:02:32 -0700 Change that triggered this: http://trac.webkit.org/changeset/153331 911810 3 207496 andersca 2013-07-25 17:10:09 -0700 Created attachment 207496 Patch 911811 4 207496 mhahnenberg 2013-07-25 17:11:21 -0700 Comment on attachment 207496 Patch r=me 911812 5 andersca 2013-07-25 17:12:09 -0700 Committed r153357: <http://trac.webkit.org/changeset/153357> 207496 2013-07-25 17:10:09 -0700 2013-07-25 17:11:21 -0700 Patch bug-119108-20130725171049.patch text/plain 5407 andersca U3VidmVyc2lvbiBSZXZpc2lvbjogMTUzMzU1CmRpZmYgLS1naXQgYS9Tb3VyY2UvSmF2YVNjcmlw dENvcmUvQ2hhbmdlTG9nIGIvU291cmNlL0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwppbmRleCBh ZjJjNDY3OTljYjA1MjZmYjlmNzdkYzA2YWQ3ZjlmN2YyZDNiNDFiLi5mYjMwYzM0OTdkYTE4ZGJm YThlZTYwNzhmNzllMDZhMzgwNjU4MzY1IDEwMDY0NAotLS0gYS9Tb3VyY2UvSmF2YVNjcmlwdENv cmUvQ2hhbmdlTG9nCisrKyBiL1NvdXJjZS9KYXZhU2NyaXB0Q29yZS9DaGFuZ2VMb2cKQEAgLTEs MyArMSwyNSBAQAorMjAxMy0wNy0yNSAgQW5kZXJzIENhcmxzc29uICA8YW5kZXJzY2FAYXBwbGUu Y29tPgorCisgICAgICAgIEFTU0VSVChtX3ZtLT5hcGlMb2NrKCkuY3VycmVudFRocmVhZElzSG9s ZGluZ0xvY2soKSk7IGZhaWxzIGZvciBTYWZhcmkgb24gY3VycmVudCBUb1QKKyAgICAgICAgaHR0 cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTExOTEwOAorCisgICAgICAgIFJl dmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAgIEFkZCBhIGN1cnJlbnRUaHJlYWRJ c0hvbGRpbmdBUElMb2NrKCkgZnVuY3Rpb24gdG8gVk0gdGhhdCBjaGVja3MgaWYgdGhlIGN1cnJl bnQgdGhyZWFkIGlzIHRoZSBleGNsdXNpdmUgQVBJIHRocmVhZC4KKworICAgICAgICAqIGhlYXAv Q29waWVkU3BhY2UuY3BwOgorICAgICAgICAoSlNDOjpDb3BpZWRTcGFjZTo6dHJ5QWxsb2NhdGVT bG93Q2FzZSk6CisgICAgICAgICogaGVhcC9IZWFwLmNwcDoKKyAgICAgICAgKEpTQzo6SGVhcDo6 cHJvdGVjdCk6CisgICAgICAgIChKU0M6OkhlYXA6OnVucHJvdGVjdCk6CisgICAgICAgIChKU0M6 OkhlYXA6OmNvbGxlY3QpOgorICAgICAgICAqIGhlYXAvTWFya2VkQWxsb2NhdG9yLmNwcDoKKyAg ICAgICAgKEpTQzo6TWFya2VkQWxsb2NhdG9yOjphbGxvY2F0ZVNsb3dDYXNlKToKKyAgICAgICAg KiBydW50aW1lL0pTR2xvYmFsT2JqZWN0LmNwcDoKKyAgICAgICAgKEpTQzo6SlNHbG9iYWxPYmpl Y3Q6OmluaXQpOgorICAgICAgICAqIHJ1bnRpbWUvVk0uaDoKKyAgICAgICAgKEpTQzo6Vk06OmN1 cnJlbnRUaHJlYWRJc0hvbGRpbmdBUElMb2NrKToKKwogMjAxMy0wNy0yNSAgWmFuIERvYmVyc2Vr ICA8emRvYmVyc2VrQGlnYWxpYS5jb20+CiAKICAgICAgICAgUkVHUkVTU0lPTihGVEwpOiBNb3N0 IGxheW91dCB0ZXN0cyBjcmFzaGVzCmRpZmYgLS1naXQgYS9Tb3VyY2UvSmF2YVNjcmlwdENvcmUv aGVhcC9Db3BpZWRTcGFjZS5jcHAgYi9Tb3VyY2UvSmF2YVNjcmlwdENvcmUvaGVhcC9Db3BpZWRT cGFjZS5jcHAKaW5kZXggYjIzZTg3Mzk3ZjFkNzM1Y2E2ODc0NzNmMDY4ZGNmYWU4ZGM0YTI4NS4u ZjBlNzcyMmE1ZWJlM2RkNTRhM2JlYjI4MTNiNGNjZWU3ZGUxMTEwMCAxMDA2NDQKLS0tIGEvU291 cmNlL0phdmFTY3JpcHRDb3JlL2hlYXAvQ29waWVkU3BhY2UuY3BwCisrKyBiL1NvdXJjZS9KYXZh U2NyaXB0Q29yZS9oZWFwL0NvcGllZFNwYWNlLmNwcApAQCAtNjksNyArNjksNyBAQCBDaGVja2Vk Qm9vbGVhbiBDb3BpZWRTcGFjZTo6dHJ5QWxsb2NhdGVTbG93Q2FzZShzaXplX3QgYnl0ZXMsIHZv aWQqKiBvdXRQdHIpCiAgICAgaWYgKGlzT3ZlcnNpemUoYnl0ZXMpKQogICAgICAgICByZXR1cm4g dHJ5QWxsb2NhdGVPdmVyc2l6ZShieXRlcywgb3V0UHRyKTsKICAgICAKLSAgICBBU1NFUlQobV9o ZWFwLT52bSgpLT5hcGlMb2NrKCkuY3VycmVudFRocmVhZElzSG9sZGluZ0xvY2soKSk7CisgICAg QVNTRVJUKG1faGVhcC0+dm0oKS0+Y3VycmVudFRocmVhZElzSG9sZGluZ0FQSUxvY2soKSk7CiAg ICAgbV9oZWFwLT5kaWRBbGxvY2F0ZShtX2FsbG9jYXRvci5jdXJyZW50Q2FwYWNpdHkoKSk7CiAK ICAgICBhbGxvY2F0ZUJsb2NrKCk7CmRpZmYgLS1naXQgYS9Tb3VyY2UvSmF2YVNjcmlwdENvcmUv aGVhcC9IZWFwLmNwcCBiL1NvdXJjZS9KYXZhU2NyaXB0Q29yZS9oZWFwL0hlYXAuY3BwCmluZGV4 IDc3YjVkMzA0YTlhN2U1ZDE0ZGZhMmYxY2Q1ODhjNThlOTU5ZmU0M2MuLjVhODlmZGI4MWEzMWY2 ZDZlMjhkNzIyODk0MjRiZWM3OWJmODQ3ZGUgMTAwNjQ0Ci0tLSBhL1NvdXJjZS9KYXZhU2NyaXB0 Q29yZS9oZWFwL0hlYXAuY3BwCisrKyBiL1NvdXJjZS9KYXZhU2NyaXB0Q29yZS9oZWFwL0hlYXAu Y3BwCkBAIC0xNjcsNyArMTY3LDcgQEAgc3RhdGljIGlubGluZSBzaXplX3QgcHJvcG9ydGlvbmFs SGVhcFNpemUoc2l6ZV90IGhlYXBTaXplLCBzaXplX3QgcmFtU2l6ZSkKIAogc3RhdGljIGlubGlu ZSBib29sIGlzVmFsaWRTaGFyZWRJbnN0YW5jZVRocmVhZFN0YXRlKFZNKiB2bSkKIHsKLSAgICBy ZXR1cm4gdm0tPmFwaUxvY2soKS5jdXJyZW50VGhyZWFkSXNIb2xkaW5nTG9jaygpOworICAgIHJl dHVybiB2bS0+Y3VycmVudFRocmVhZElzSG9sZGluZ0FQSUxvY2soKTsKIH0KIAogc3RhdGljIGlu bGluZSBib29sIGlzVmFsaWRUaHJlYWRTdGF0ZShWTSogdm0pCkBAIC0zMzQsNyArMzM0LDcgQEAg dm9pZCBIZWFwOjpkaWRBYmFuZG9uKHNpemVfdCBieXRlcykKIHZvaWQgSGVhcDo6cHJvdGVjdChK U1ZhbHVlIGspCiB7CiAgICAgQVNTRVJUKGspOwotICAgIEFTU0VSVChtX3ZtLT5hcGlMb2NrKCku Y3VycmVudFRocmVhZElzSG9sZGluZ0xvY2soKSk7CisgICAgQVNTRVJUKG1fdm0tPmN1cnJlbnRU aHJlYWRJc0hvbGRpbmdBUElMb2NrKCkpOwogCiAgICAgaWYgKCFrLmlzQ2VsbCgpKQogICAgICAg ICByZXR1cm47CkBAIC0zNDUsNyArMzQ1LDcgQEAgdm9pZCBIZWFwOjpwcm90ZWN0KEpTVmFsdWUg aykKIGJvb2wgSGVhcDo6dW5wcm90ZWN0KEpTVmFsdWUgaykKIHsKICAgICBBU1NFUlQoayk7Ci0g ICAgQVNTRVJUKG1fdm0tPmFwaUxvY2soKS5jdXJyZW50VGhyZWFkSXNIb2xkaW5nTG9jaygpKTsK KyAgICBBU1NFUlQobV92bS0+Y3VycmVudFRocmVhZElzSG9sZGluZ0FQSUxvY2soKSk7CiAKICAg ICBpZiAoIWsuaXNDZWxsKCkpCiAgICAgICAgIHJldHVybiBmYWxzZTsKQEAgLTcxMSw3ICs3MTEs NyBAQCB2b2lkIEhlYXA6OmNvbGxlY3QoU3dlZXBUb2dnbGUgc3dlZXBUb2dnbGUpCiAgICAgCiAg ICAgUkVMRUFTRV9BU1NFUlQoIW1fZGVmZXJyYWxEZXB0aCk7CiAgICAgR0NQSEFTRShDb2xsZWN0 KTsKLSAgICBBU1NFUlQodm0oKS0+YXBpTG9jaygpLmN1cnJlbnRUaHJlYWRJc0hvbGRpbmdMb2Nr KCkpOworICAgIEFTU0VSVCh2bSgpLT5jdXJyZW50VGhyZWFkSXNIb2xkaW5nQVBJTG9jaygpKTsK ICAgICBSRUxFQVNFX0FTU0VSVCh2bSgpLT5pZGVudGlmaWVyVGFibGUgPT0gd3RmVGhyZWFkRGF0 YSgpLmN1cnJlbnRJZGVudGlmaWVyVGFibGUoKSk7CiAgICAgQVNTRVJUKG1faXNTYWZlVG9Db2xs ZWN0KTsKICAgICBKQVZBU0NSSVBUQ09SRV9HQ19CRUdJTigpOwpkaWZmIC0tZ2l0IGEvU291cmNl L0phdmFTY3JpcHRDb3JlL2hlYXAvTWFya2VkQWxsb2NhdG9yLmNwcCBiL1NvdXJjZS9KYXZhU2Ny aXB0Q29yZS9oZWFwL01hcmtlZEFsbG9jYXRvci5jcHAKaW5kZXggZTJlMmEyY2QxNzJhYzBlNjdm NjJlMTBhZjA1MWY0ZDRiYzgyZmYxMS4uNWJlN2FiMjliYzJjNzQ3MzgyM2NmNDQ2YTFhZDA0ZWVm OGIzNjYyYyAxMDA2NDQKLS0tIGEvU291cmNlL0phdmFTY3JpcHRDb3JlL2hlYXAvTWFya2VkQWxs b2NhdG9yLmNwcAorKysgYi9Tb3VyY2UvSmF2YVNjcmlwdENvcmUvaGVhcC9NYXJrZWRBbGxvY2F0 b3IuY3BwCkBAIC03MCw3ICs3MCw3IEBAIGlubGluZSB2b2lkKiBNYXJrZWRBbGxvY2F0b3I6OnRy eUFsbG9jYXRlKHNpemVfdCBieXRlcykKICAgICAKIHZvaWQqIE1hcmtlZEFsbG9jYXRvcjo6YWxs b2NhdGVTbG93Q2FzZShzaXplX3QgYnl0ZXMpCiB7Ci0gICAgQVNTRVJUKG1faGVhcC0+dm0oKS0+ YXBpTG9jaygpLmN1cnJlbnRUaHJlYWRJc0hvbGRpbmdMb2NrKCkpOworICAgIEFTU0VSVChtX2hl YXAtPnZtKCktPmN1cnJlbnRUaHJlYWRJc0hvbGRpbmdBUElMb2NrKCkpOwogI2lmIENPTExFQ1Rf T05fRVZFUllfQUxMT0NBVElPTgogICAgIG1faGVhcC0+Y29sbGVjdEFsbEdhcmJhZ2UoKTsKICAg ICBBU1NFUlQobV9oZWFwLT5tX29wZXJhdGlvbkluUHJvZ3Jlc3MgPT0gTm9PcGVyYXRpb24pOwpk aWZmIC0tZ2l0IGEvU291cmNlL0phdmFTY3JpcHRDb3JlL3J1bnRpbWUvSlNHbG9iYWxPYmplY3Qu Y3BwIGIvU291cmNlL0phdmFTY3JpcHRDb3JlL3J1bnRpbWUvSlNHbG9iYWxPYmplY3QuY3BwCmlu ZGV4IGViNTkwY2UyZDc1MGU2OTFmZmExYWFjYWFjOTVlYzEyODYxNmFiM2QuLmQ3MGZiMzc5MDc4 Njc5YWRhOGUxYmMwMDU0ZTNkZTI2OTY2YzYyZWEgMTAwNjQ0Ci0tLSBhL1NvdXJjZS9KYXZhU2Ny aXB0Q29yZS9ydW50aW1lL0pTR2xvYmFsT2JqZWN0LmNwcAorKysgYi9Tb3VyY2UvSmF2YVNjcmlw dENvcmUvcnVudGltZS9KU0dsb2JhbE9iamVjdC5jcHAKQEAgLTEzNyw3ICsxMzcsNyBAQCB2b2lk IEpTR2xvYmFsT2JqZWN0OjpzZXRHbG9iYWxUaGlzKFZNJiB2bSwgSlNPYmplY3QqIGdsb2JhbFRo aXMpCiAKIHZvaWQgSlNHbG9iYWxPYmplY3Q6OmluaXQoSlNPYmplY3QqIHRoaXNWYWx1ZSkKIHsK LSAgICBBU1NFUlQodm0oKS5hcGlMb2NrKCkuY3VycmVudFRocmVhZElzSG9sZGluZ0xvY2soKSk7 CisgICAgQVNTRVJUKHZtKCkuY3VycmVudFRocmVhZElzSG9sZGluZ0FQSUxvY2soKSk7CiAKICAg ICBzZXRHbG9iYWxUaGlzKHZtKCksIHRoaXNWYWx1ZSk7CiAgICAgSlNHbG9iYWxPYmplY3Q6Omds b2JhbEV4ZWMoKS0+aW5pdCgwLCAwLCB0aGlzLCBDYWxsRnJhbWU6Om5vQ2FsbGVyKCksIDAsIDAp OwpkaWZmIC0tZ2l0IGEvU291cmNlL0phdmFTY3JpcHRDb3JlL3J1bnRpbWUvVk0uaCBiL1NvdXJj ZS9KYXZhU2NyaXB0Q29yZS9ydW50aW1lL1ZNLmgKaW5kZXggNmQ3ZTQ5YjdmZjljNjhiMjhhYzk1 ZDg5M2VlZmZiZTZjNDkwZDllOC4uZTQ4NDNiMTljMmU4ZjM5ZDcwNjJlNjczODQyYzdlNWI4MzBl ZGFhNCAxMDA2NDQKLS0tIGEvU291cmNlL0phdmFTY3JpcHRDb3JlL3J1bnRpbWUvVk0uaAorKysg Yi9Tb3VyY2UvSmF2YVNjcmlwdENvcmUvcnVudGltZS9WTS5oCkBAIC00NjgsNiArNDY4LDExIEBA IG5hbWVzcGFjZSBKU0MgewogICAgICAgICAgICAgfQogICAgICAgICB9CiAKKyAgICAgICAgYm9v bCBjdXJyZW50VGhyZWFkSXNIb2xkaW5nQVBJTG9jaygpIGNvbnN0CisgICAgICAgIHsKKyAgICAg ICAgICAgIHJldHVybiBtX2FwaUxvY2stPmN1cnJlbnRUaHJlYWRJc0hvbGRpbmdMb2NrKCkgfHwg ZXhjbHVzaXZlVGhyZWFkID09IGN1cnJlbnRUaHJlYWQoKTsKKyAgICAgICAgfQorCiAgICAgICAg IEpTTG9jayYgYXBpTG9jaygpIHsgcmV0dXJuICptX2FwaUxvY2s7IH0KICAgICAgICAgQ29kZUNh Y2hlKiBjb2RlQ2FjaGUoKSB7IHJldHVybiBtX2NvZGVDYWNoZS5nZXQoKTsgfQogCg==