132021 2014-04-22 12:49:11 -0700 WebCore::HTMLMediaElement::ensureMediaControlsInjectedScript() needs to acquire the JSLock before calling into JS 2014-04-24 16:46:03 -0700 1 1 1 Unclassified WebKit JavaScriptCore 528+ (Nightly build) Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 1 mark.lam mark.lam calvaris commit-queue eric.carlson esprehn+autocc glenn gyuyoung.kim jer.noble mhahnenberg msaboff philipj sergio thorton webkit-bug-importer oldest_to_newest 1003036 0 mark.lam 2014-04-22 12:49:11 -0700 And because it's not acquiring the lock, we see the following failure: http://build.webkit.org/results/Apple%20Mavericks%20Debug%20WK2%20(Tests)/r167665%20(4123)/media/video-controller-currentTime-crash-log.txt ASSERTION FAILED: vm()->currentThreadIsHoldingAPILock() /Volumes/Data/slave/mavericks-debug/build/Source/JavaScriptCore/heap/Heap.cpp(977) : void JSC::Heap::collect(JSC::HeapOperation) 1 0x1092840a0 WTFCrash 2 0x108e9eabd JSC::Heap::collect(JSC::HeapOperation) 3 0x108b58e67 JSC::Heap::collectIfNecessaryOrDefer() 4 0x108b58d92 JSC::Heap::decrementDeferralDepthAndGCIfNeeded() 5 0x108b58d68 JSC::DeferGC::~DeferGC() 6 0x108b58435 JSC::DeferGC::~DeferGC() 7 0x10920888e JSC::Structure::get(JSC::VM&, JSC::PropertyName, unsigned int&, JSC::JSCell*&) 8 0x108b5b08d JSC::JSObject::inlineGetOwnPropertySlot(JSC::ExecState*, JSC::VM&, JSC::Structure&, JSC::PropertyName, JSC::PropertySlot&) 9 0x108b5479e JSC::JSObject::getOwnPropertySlot(JSC::JSObject*, JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&) 10 0x108fa9c19 bool JSC::getStaticFunctionSlot<JSC::JSSegmentedVariableObject>(JSC::ExecState*, JSC::HashTable const&, JSC::JSObject*, JSC::PropertyName, JSC::PropertySlot&) 11 0x108f9762c JSC::JSGlobalObject::getOwnPropertySlot(JSC::JSObject*, JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&) 12 0x10b28f9ed WebCore::JSDOMWindow::getOwnPropertySlot(JSC::JSObject*, JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&) 13 0x10a89ff74 JSC::JSObject::fastGetOwnPropertySlot(JSC::ExecState*, JSC::VM&, JSC::Structure&, JSC::PropertyName, JSC::PropertySlot&) 14 0x10a89fd1e JSC::JSObject::getPropertySlot(JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&) 15 0x10a89db95 JSC::JSObject::get(JSC::ExecState*, JSC::PropertyName) const 16 0x10ada8974 WebCore::HTMLMediaElement::ensureMediaControlsInjectedScript() 17 0x10ada8b93 WebCore::HTMLMediaElement::didAddUserAgentShadowRoot(WebCore::ShadowRoot*) 18 0x10aa3f586 WebCore::Element::ensureUserAgentShadowRoot() 19 0x10ad949cb WebCore::HTMLMediaElement::configureMediaControls() 20 0x10ad95414 WebCore::HTMLMediaElement::insertedInto(WebCore::ContainerNode&) 21 0x10a5feff3 WebCore::ChildNodeInsertionNotifier::notifyNodeInsertedIntoDocument(WebCore::Node&) 22 0x10a5f72a3 WebCore::ChildNodeInsertionNotifier::notify(WebCore::Node&) 23 0x10a5f2dc6 WebCore::ContainerNode::parserAppendChild(WTF::PassRefPtr<WebCore::Node>) 24 0x10ad2859a WebCore::insert(WebCore::HTMLConstructionSiteTask&) 25 0x10ad281ee WebCore::executeInsertTask(WebCore::HTMLConstructionSiteTask&) 26 0x10ad24d00 WebCore::executeTask(WebCore::HTMLConstructionSiteTask&) 27 0x10ad24c92 WebCore::HTMLConstructionSite::executeQueuedTasks() 28 0x10ae33245 WebCore::HTMLTreeBuilder::constructTree(WebCore::AtomicHTMLToken*) 29 0x10ad35a27 WebCore::HTMLDocumentParser::constructTreeFromHTMLToken(WebCore::HTMLToken&) 30 0x10ad34e32 WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode) 31 0x10ad34419 WebCore::HTMLDocumentParser::pumpTokenizerIfPossible(WebCore::HTMLDocumentParser::SynchronousMode) 1003038 1 mark.lam 2014-04-22 12:49:56 -0700 <rdar://problem/16689723> 1003039 2 229908 mark.lam 2014-04-22 12:54:04 -0700 Created attachment 229908 the patch. 1003040 3 229908 mhahnenberg 2014-04-22 12:55:58 -0700 Comment on attachment 229908 the patch. r=me 1003041 4 mark.lam 2014-04-22 12:59:26 -0700 Thanks. Landed in r167676: <http://trac.webkit.org/r167676>. 1003879 5 darin 2014-04-24 16:46:03 -0700 Moving all JavaScriptGlue bugs to JavaScriptCore. The JavaScriptGlue framework itself is long gone. And most of the more recent bugs put in this component were put there by people who thought this was for some other aspect of “JavaScript glue” and have nothing to do with the actual original reason for the existence of this component, which was an OS-X-only framework named JavaScriptGlue. 229908 2014-04-22 12:54:04 -0700 2014-04-22 12:55:58 -0700 the patch. bug-132021.patch text/plain 1467 mark.lam SW5kZXg6IFNvdXJjZS9XZWJDb3JlL0NoYW5nZUxvZwo9PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvV2Vi Q29yZS9DaGFuZ2VMb2cJKHJldmlzaW9uIDE2NzY3NSkKKysrIFNvdXJjZS9XZWJDb3JlL0NoYW5n ZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDE1IEBACisyMDE0LTA0LTIyICBNYXJrIExh bSAgPG1hcmsubGFtQGFwcGxlLmNvbT4KKworICAgICAgICBXZWJDb3JlOjpIVE1MTWVkaWFFbGVt ZW50OjplbnN1cmVNZWRpYUNvbnRyb2xzSW5qZWN0ZWRTY3JpcHQoKSBuZWVkcyB0byBhY3F1aXJl IHRoZSBKU0xvY2sgYmVmb3JlIGNhbGxpbmcgaW50byBKUy4KKyAgICAgICAgPGh0dHBzOi8vd2Vi a2l0Lm9yZy9iLzEzMjAyMT4KKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4K KworICAgICAgICBDb3ZlcmVkIGJ5IGV4aXN0aW5nIGxheW91dCB0ZXN0LgorCisgICAgICAgICog aHRtbC9IVE1MTWVkaWFFbGVtZW50LmNwcDoKKyAgICAgICAgKFdlYkNvcmU6OkhUTUxNZWRpYUVs ZW1lbnQ6OnBhcnNlQXR0cmlidXRlKToKKwogMjAxNC0wNC0yMiAgTWFudWVsIFJlZ28gQ2FzYXNu b3ZhcyAgPHJlZ29AaWdhbGlhLmNvbT4KIAogICAgICAgICBSRUdSRVNTSU9OIChyMTY3NjUyKTog QnJva2UgZmFzdC9yZWdpb25zL2Nzc29tL3JlZ2lvbi1yYW5nZS1mb3ItYm94LWNyYXNoLmh0bWwg aW4gZGVidWcgbW9kZQpJbmRleDogU291cmNlL1dlYkNvcmUvaHRtbC9IVE1MTWVkaWFFbGVtZW50 LmNwcAo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvV2ViQ29yZS9odG1sL0hUTUxNZWRpYUVsZW1lbnQu Y3BwCShyZXZpc2lvbiAxNjc2MjkpCisrKyBTb3VyY2UvV2ViQ29yZS9odG1sL0hUTUxNZWRpYUVs ZW1lbnQuY3BwCSh3b3JraW5nIGNvcHkpCkBAIC01OTM0LDYgKzU5MzQsNyBAQCBib29sIEhUTUxN ZWRpYUVsZW1lbnQ6OmVuc3VyZU1lZGlhQ29udHJvCiAgICAgU2NyaXB0Q29udHJvbGxlciYgc2Ny aXB0Q29udHJvbGxlciA9IHBhZ2UtPm1haW5GcmFtZSgpLnNjcmlwdCgpOwogICAgIEpTRE9NR2xv YmFsT2JqZWN0KiBnbG9iYWxPYmplY3QgPSBKU0M6OmpzQ2FzdDxKU0RPTUdsb2JhbE9iamVjdCo+ KHNjcmlwdENvbnRyb2xsZXIuZ2xvYmFsT2JqZWN0KHdvcmxkKSk7CiAgICAgSlNDOjpFeGVjU3Rh dGUqIGV4ZWMgPSBnbG9iYWxPYmplY3QtPmdsb2JhbEV4ZWMoKTsKKyAgICBKU0M6OkpTTG9ja0hv bGRlciBsb2NrKGV4ZWMpOwogCiAgICAgSlNDOjpKU1ZhbHVlIGZ1bmN0aW9uVmFsdWUgPSBnbG9i YWxPYmplY3QtPmdldChleGVjLCBKU0M6OklkZW50aWZpZXIoZXhlYywgImNyZWF0ZUNvbnRyb2xz IikpOwogICAgIGlmIChmdW5jdGlvblZhbHVlLmlzRnVuY3Rpb24oKSkK