153281 2016-01-20 11:28:05 -0800 TypedArray's .buffer does not return the JSArrayBuffer that was passed to it on creation. 2023-05-12 07:50:26 -0700 1 1 1 Unclassified WebKit JavaScriptCore WebKit Nightly Build Unspecified Unspecified RESOLVED CONFIGURATION CHANGED P2 Normal --- 153300 1 keith_miller keith_miller annevk commit-queue ddkilzer mark.lam msaboff saam oldest_to_newest 1156985 0 keith_miller 2016-01-20 11:28:05 -0800 For example: buffer = new ArrayBuffer(16); array = new Int32Array(buffer); return array.buffer == buffer; will return false. 1157016 1 269374 keith_miller 2016-01-20 12:49:33 -0800 Created attachment 269374 Patch 1157019 2 269374 ggaren 2016-01-20 12:54:43 -0800 Comment on attachment 269374 Patch r=me 1157033 3 269374 commit-queue 2016-01-20 13:49:20 -0800 Comment on attachment 269374 Patch Clearing flags on attachment: 269374 Committed r195375: <http://trac.webkit.org/changeset/195375> 1157034 4 commit-queue 2016-01-20 13:49:23 -0800 All reviewed patches have been landed. Closing bug. 1157185 5 ap 2016-01-20 20:40:27 -0800 I think that this has caused many crashes on GuardMalloc bots. The range is pretty large (r195374-195392), but this patch seems most relevant. Will try rolling out. +fast/canvas/webgl/typed-arrays-in-workers.html crash log sample history +fast/workers/worker-terminate-forever.html crash log sample history +http/tests/websocket/tests/hybi/workers/receive-arraybuffer.html crash log sample history +http/tests/websocket/tests/hybi/workers/receive-blob.html crash log sample history +http/tests/websocket/tests/hybi/workers/send-arraybufferview.html crash log sample history +imported/blink/fast/workers/worker-shared-asm-buffer.html crash log sample history +webgl/1.0.2/conformance/typedarrays/typed-arrays-in-workers.html crash log sample history Thread 23 Crashed:: WebCore: Worker 0 com.apple.JavaScriptCore 0x000000011c5d2a17 JSC::weakClearSlowCase(JSC::WeakImpl*&) + 7 1 com.apple.JavaScriptCore 0x000000011cbcca45 WTF::DeferrableRefCounted<JSC::ArrayBuffer>::setIsDeferred(bool) + 53 2 com.apple.JavaScriptCore 0x000000011cbcc9e5 bool JSC::GCIncomingRefCounted<JSC::ArrayBuffer>::filterIncomingReferences<bool (JSC::JSCell*)>(bool (&)(JSC::JSCell*)) + 293 3 com.apple.JavaScriptCore 0x000000011c766d4f JSC::Heap::~Heap() + 1679 4 com.apple.JavaScriptCore 0x000000011c762fbd JSC::VM::~VM() + 7757 5 com.apple.JavaScriptCore 0x000000011c5ccce2 JSC::JSLockHolder::~JSLockHolder() + 66 6 com.apple.WebCore 0x000000011e310ee4 WebCore::WorkerScriptController::~WorkerScriptController() + 148 7 com.apple.WebCore 0x000000011e3133e5 std::__1::__function::__func<WebCore::WorkerThread::stop()::$_0::operator()(WebCore::ScriptExecutionContext&) const::'lambda'(WebCore::ScriptExecutionContext&), std::__1::allocator<WebCore::WorkerThread::stop()::$_0::operator()(WebCore::ScriptExecutionContext&) const::'lambda'(WebCore::ScriptExecutionContext&)>, void (WebCore::ScriptExecutionContext&)>::operator()(WebCore::ScriptExecutionContext&) + 37 8 com.apple.WebCore 0x000000011e30fd6f WebCore::WorkerRunLoop::runCleanupTasks(WebCore::WorkerGlobalScope*) + 207 1157187 6 commit-queue 2016-01-20 20:42:51 -0800 Re-opened since this is blocked by bug 153300 1954970 7 annevk 2023-05-12 07:50:26 -0700 This can't really be broken at this point. 269374 2016-01-20 12:49:33 -0800 2016-01-20 13:49:20 -0800 Patch bug-153281-20160120124905.patch text/plain 2531 keith_miller U3VidmVyc2lvbiBSZXZpc2lvbjogMTk1MzYwCmRpZmYgLS1naXQgYS9Tb3VyY2UvSmF2YVNjcmlw dENvcmUvQ2hhbmdlTG9nIGIvU291cmNlL0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwppbmRleCA5 ZjhhZjU5MWNlZjM2Y2NlYWQwNzE3Y2I5YTU5ZmExMjM2MWFkZGU1Li44NDgzZTZjYzNkMTMxODYw YWM4MTYxMjA1MzJhNzU5OTBiODk2MmZlIDEwMDY0NAotLS0gYS9Tb3VyY2UvSmF2YVNjcmlwdENv cmUvQ2hhbmdlTG9nCisrKyBiL1NvdXJjZS9KYXZhU2NyaXB0Q29yZS9DaGFuZ2VMb2cKQEAgLTEs MyArMSwyMCBAQAorMjAxNi0wMS0yMCAgS2VpdGggTWlsbGVyICA8a2VpdGhfbWlsbGVyQGFwcGxl LmNvbT4KKworICAgICAgICBUeXBlZEFycmF5J3MgLmJ1ZmZlciBkb2VzIG5vdCByZXR1cm4gdGhl IEpTQXJyYXlCdWZmZXIgdGhhdCB3YXMgcGFzc2VkIHRvIGl0IG9uIGNyZWF0aW9uLgorICAgICAg ICBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9MTUzMjgxCisKKyAgICAg ICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BTISkuCisKKyAgICAgICAgV2hlbiBjcmVhdGluZyBh biBKU0FycmF5QnVmZmVyIHdlIHNob3VsZCBtYWtlIHN1cmUgdGhhdCB0aGUgYmFja2luZyBBcnJh eUJ1ZmZlciB1c2VzIHRoZQorICAgICAgICBuZXcgSlNBcnJheUJ1ZmZlciBhcyBpdHMgd3JhcHBl ci4gVGhpcyBjYXVzZXMgaXNzdWVzIHdoZW4gd2UgZ2V0IHRoZSBidWZmZXIgb2YgYSBUeXBlZCBB cnJheQorICAgICAgICBjcmVhdGVkIGJ5IHBhc3NpbmcgYSBKU0FycmF5QnVmZmVyIGFzIHRoZSBi YWNraW5nIEFycmF5QnVmZmVyIGRvZXMgbm90IGhhdmUgYSByZWZlcmVuY2UgdG8KKyAgICAgICAg dGhlIG9yaWdpbmFsIEpTQXJyYXlCdWZmZXIgYW5kIGEgbmV3IG9iamVjdCBpcyBjcmVhdGVkLgor CisgICAgICAgICogcnVudGltZS9KU0FycmF5QnVmZmVyLmNwcDoKKyAgICAgICAgKEpTQzo6SlNB cnJheUJ1ZmZlcjo6ZmluaXNoQ3JlYXRpb24pOgorICAgICAgICAqIHRlc3RzL3N0cmVzcy90eXBl ZGFycmF5LWJ1ZmZlci1uZXV0ZXJlZC5qczogQWRkZWQuCisgICAgICAgIChhcnJheXMudHlwZWRB cnJheXMubWFwKToKKwogMjAxNi0wMS0xOSAgS2VpdGggTWlsbGVyICA8a2VpdGhfbWlsbGVyQGFw cGxlLmNvbT4KIAogICAgICAgICBbRVM2XSBGaXggdmFyaW91cyBpc3N1ZXMgd2l0aCBUeXBlZEFy cmF5cy4KZGlmZiAtLWdpdCBhL1NvdXJjZS9KYXZhU2NyaXB0Q29yZS9ydW50aW1lL0pTQXJyYXlC dWZmZXIuY3BwIGIvU291cmNlL0phdmFTY3JpcHRDb3JlL3J1bnRpbWUvSlNBcnJheUJ1ZmZlci5j cHAKaW5kZXggNjJhYjg5YTNkZTI0YjRhMzdlNTRjOTRiZWMyMmMzYjZkNDI0ZWJmMC4uNTQzNDUy YjIwNDYxM2EwNmIxNGYyYTU0NDczZTNhZGY4MWZkZTE4NyAxMDA2NDQKLS0tIGEvU291cmNlL0ph dmFTY3JpcHRDb3JlL3J1bnRpbWUvSlNBcnJheUJ1ZmZlci5jcHAKKysrIGIvU291cmNlL0phdmFT Y3JpcHRDb3JlL3J1bnRpbWUvSlNBcnJheUJ1ZmZlci5jcHAKQEAgLTQ0LDYgKzQ0LDcgQEAgdm9p ZCBKU0FycmF5QnVmZmVyOjpmaW5pc2hDcmVhdGlvbihWTSYgdm0pCiB7CiAgICAgQmFzZTo6Zmlu aXNoQ3JlYXRpb24odm0pOwogICAgIHZtLmhlYXAuYWRkUmVmZXJlbmNlKHRoaXMsIG1faW1wbCk7 CisgICAgbV9pbXBsLT5tX3dyYXBwZXIgPSB0aGlzOwogfQogCiBKU0FycmF5QnVmZmVyKiBKU0Fy cmF5QnVmZmVyOjpjcmVhdGUoCmRpZmYgLS1naXQgYS9Tb3VyY2UvSmF2YVNjcmlwdENvcmUvdGVz dHMvc3RyZXNzL3R5cGVkYXJyYXktYnVmZmVyLW5ldXRlcmVkLmpzIGIvU291cmNlL0phdmFTY3Jp cHRDb3JlL3Rlc3RzL3N0cmVzcy90eXBlZGFycmF5LWJ1ZmZlci1uZXV0ZXJlZC5qcwpuZXcgZmls ZSBtb2RlIDEwMDY0NAppbmRleCAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwLi5kZmI5NmNiOTA0MTZjNTc0ZDBhNjgzODc4OWQ3MWRmNTcyNzExOTc2Ci0tLSAvZGV2L251 bGwKKysrIGIvU291cmNlL0phdmFTY3JpcHRDb3JlL3Rlc3RzL3N0cmVzcy90eXBlZGFycmF5LWJ1 ZmZlci1uZXV0ZXJlZC5qcwpAQCAtMCwwICsxLDEzIEBACit0eXBlZEFycmF5cyA9IFtJbnQ4QXJy YXksIFVpbnQ4QXJyYXksIFVpbnQ4Q2xhbXBlZEFycmF5LCBJbnQxNkFycmF5LCBVaW50MTZBcnJh eSwgSW50MzJBcnJheSwgVWludDMyQXJyYXksIEZsb2F0MzJBcnJheSwgRmxvYXQ2NEFycmF5XTsK KworYnVmZmVyID0gbmV3IEFycmF5QnVmZmVyKDE2KTsKK3RyYW5zZmVyQXJyYXlCdWZmZXIoYnVm ZmVyKTsKKworYXJyYXlzID0gdHlwZWRBcnJheXMubWFwKGZ1bmN0aW9uKGNvbnN0cnVjdG9yKSB7 IHJldHVybiBuZXcgY29uc3RydWN0b3IoYnVmZmVyKTsgfSk7CisKK2ZvciAoaSA9IDA7IGkgPCAx MDAwMDA7IGkrKykgeworICAgIGFycmF5cy5mb3JFYWNoKGZ1bmN0aW9uKGFycmF5KSB7CisgICAg ICAgIGlmIChhcnJheS5idWZmZXIgIT09IGJ1ZmZlcikKKyAgICAgICAgICAgIHRocm93ICJ3cm9u ZyBidWZmZXIiOworICAgIH0pOworfQo=