158687 2016-06-13 02:54:49 -0700 Stack overflow at RefPtr::release on Windows port since r201782 2016-06-13 18:54:18 -0700 1 1 1 Unclassified WebKit Web Template Framework WebKit Nightly Build PC Windows 10 RESOLVED FIXED https://bugs.webkit.org/show_bug.cgi?id=157596 P2 Normal --- 1 fujii webkit-unassigned achristensen aestes andersca ap beidson benjamin bfulgham cdumez cmarcelo commit-queue darin krollin pvollan rniwa youennf oldest_to_newest 1201807 0 fujii 2016-06-13 02:54:49 -0700 [Win] Stack overflow at RefPtr::release trunk@201986 AppleWin Debug (CMake) build When starting MiniBrowser, following dialog will be shown: > Unhandled exception at 0x100694E0 (WebKit.dll) in MiniBrowser.exe: 0xC00000FD: Stack overflow (parameters: 0x00000001, 0x00092FFC). Callstack: > WebKit.dll!WTF::RefPtr<WTF::StringImpl>::RefPtr<WTF::StringImpl>(WTF::StringImpl * ptr, WTF::RefPtr<WTF::StringImpl>::AdoptTag __formal) Line 108 C++ > WebKit.dll!WTF::adoptRef<WTF::StringImpl>(WTF::StringImpl * p) Line 243 C++ > WebKit.dll!WTF::RefPtr<WTF::StringImpl>::release() Line 69 C++ > WebKit.dll!WTF::RefPtr<WTF::StringImpl>::RefPtr<WTF::StringImpl>(WTF::RefPtr<WTF::StringImpl> && o) Line 52 C++ > WebKit.dll!WTF::RefPtr<WTF::StringImpl>::release() Line 69 C++ > WebKit.dll!WTF::RefPtr<WTF::StringImpl>::RefPtr<WTF::StringImpl>(WTF::RefPtr<WTF::StringImpl> && o) Line 52 C++ > WebKit.dll!WTF::RefPtr<WTF::StringImpl>::release() Line 69 C++ > WebKit.dll!WTF::RefPtr<WTF::StringImpl>::RefPtr<WTF::StringImpl>(WTF::RefPtr<WTF::StringImpl> && o) Line 52 C++ > WebKit.dll!WTF::RefPtr<WTF::StringImpl>::release() Line 69 C++ > WebKit.dll!WTF::RefPtr<WTF::StringImpl>::RefPtr<WTF::StringImpl>(WTF::RefPtr<WTF::StringImpl> && o) Line 52 C++ (...) > WebKit.dll!WTF::RefPtr<WTF::StringImpl>::release() Line 69 C++ > WebKit.dll!WTF::RefPtr<WTF::StringImpl>::RefPtr<WTF::StringImpl>(WTF::RefPtr<WTF::StringImpl> && o) Line 52 C++ > WebKit.dll!WTF::RefPtr<WTF::StringImpl>::release() Line 69 C++ > WebKit.dll!WTF::RefPtr<WTF::StringImpl>::RefPtr<WTF::StringImpl>(WTF::RefPtr<WTF::StringImpl> && o) Line 52 C++ > WebKit.dll!WTF::RefPtr<WTF::StringImpl>::release() Line 69 C++ > WebKit.dll!WTF::RefPtr<WTF::StringImpl>::RefPtr<WTF::StringImpl>(WTF::RefPtr<WTF::StringImpl> && o) Line 52 C++ > WebKit.dll!WTF::RefPtr<WTF::StringImpl>::release() Line 69 C++ > WebKit.dll!WTF::RefPtr<WTF::StringImpl>::RefPtr<WTF::StringImpl>(WTF::RefPtr<WTF::StringImpl> && o) Line 52 C++ > The maximum number of stack frames supported by Visual Studio has been exceeded. 1201808 1 fujii 2016-06-13 02:57:53 -0700 Another callstack by stoping with a breakpoint: > WebKit.dll!WTF::RefPtr<WTF::StringImpl>::RefPtr<WTF::StringImpl>(WTF::RefPtr<WTF::StringImpl> && o) Line 52 C++ > WebKit.dll!WTF::RefPtr<WTF::StringImpl>::release() Line 69 C++ > WebKit.dll!WTF::RefPtr<WTF::StringImpl>::RefPtr<WTF::StringImpl>(WTF::RefPtr<WTF::StringImpl> && o) Line 52 C++ > WebKit.dll!WTF::RefPtr<WTF::StringImpl>::release() Line 69 C++ > WebKit.dll!WTF::RefPtr<WTF::StringImpl>::RefPtr<WTF::StringImpl>(WTF::RefPtr<WTF::StringImpl> && o) Line 52 C++ > WebKit.dll!WTF::RefPtr<WTF::StringImpl>::release() Line 69 C++ > WebKit.dll!WTF::RefPtr<WTF::StringImpl>::RefPtr<WTF::StringImpl>(WTF::RefPtr<WTF::StringImpl> && o) Line 52 C++ > WebKit.dll!WTF::RefPtr<WTF::StringImpl>::release() Line 69 C++ > WebKit.dll!WTF::RefPtr<WTF::StringImpl>::RefPtr<WTF::StringImpl>(WTF::RefPtr<WTF::StringImpl> && o) Line 52 C++ > WebKit.dll!WTF::RefPtr<WTF::StringImpl>::release() Line 69 C++ > WebKit.dll!WTF::RefPtr<WTF::StringImpl>::RefPtr<WTF::StringImpl>(WTF::RefPtr<WTF::StringImpl> && o) Line 52 C++ > WebKit.dll!WTF::RefPtr<WTF::StringImpl>::operator=(WTF::RefPtr<WTF::StringImpl> && o) Line 173 C++ > WebKit.dll!WTF::String::operator=(WTF::String && other) Line 134 C++ > WebKit.dll!WTF::HashMapTranslator<WTF::HashMap<WTF::String,unsigned int,WTF::StringHash,WTF::HashTraits<WTF::String>,WTF::HashTraits<unsigned int> >::KeyValuePairTraits,WTF::StringHash>::translate<WTF::KeyValuePair<WTF::String,unsigned int>,WTF::String,int>(WTF::KeyValuePair<WTF::String,unsigned int> & location, WTF::String && key, int && mapped) Line 185 C++ > WebKit.dll!WTF::HashTable<WTF::String,WTF::KeyValuePair<WTF::String,unsigned int>,WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<WTF::String,unsigned int> >,WTF::StringHash,WTF::HashMap<WTF::String,unsigned int,WTF::StringHash,WTF::HashTraits<WTF::String>,WTF::HashTraits<unsigned int> >::KeyValuePairTraits,WTF::HashTraits<WTF::String> >::add<WTF::HashMapTranslator<WTF::HashMap<WTF::String,unsigned int,WTF::StringHash,WTF::HashTraits<WTF::String>,WTF::HashTraits<unsigned int> >::KeyValuePairTraits,WTF::StringHash>,WTF::String,int>(WTF::String && key, int && extra) Line 932 C++ > WebKit.dll!WTF::HashMap<WTF::String,unsigned int,WTF::StringHash,WTF::HashTraits<WTF::String>,WTF::HashTraits<unsigned int> >::inlineAdd<WTF::String,int>(WTF::String && key, int && value) Line 316 C++ > WebKit.dll!WTF::HashMap<WTF::String,unsigned int,WTF::StringHash,WTF::HashTraits<WTF::String>,WTF::HashTraits<unsigned int> >::add<int>(WTF::String && key, int && mapped) Line 358 C++ > WebKit.dll!WTF::HashCountedSet<WTF::String,WTF::StringHash,WTF::HashTraits<WTF::String> >::add(WTF::String && value) Line 194 C++ > WebKit.dll!WebKitClassFactory::WebKitClassFactory(_GUID targetClass) Line 71 C++ > WebKit.dll!DllGetClassObject(const _GUID & rclsid, const _GUID & riid, void * * ppv) Line 105 C++ > WebKit.dll!classFactory(const _GUID & clsid) Line 61 C++ > WebKit.dll!WebKitCreateInstance(const _GUID & rclsid, IUnknown * pUnkOuter, const _GUID & riid, void * * ppvObject) Line 72 C++ > MiniBrowserLib.dll!MiniBrowser::seedInitialDefaultPreferences() Line 171 C++ > MiniBrowserLib.dll!wWinMain(HINSTANCE__ * hInstance, HINSTANCE__ * hPrevInstance, wchar_t * lpstrCmdLine, int nCmdShow) Line 117 C++ > MiniBrowserLib.dll!dllLauncherEntryPoint(HINSTANCE__ * hInstance, HINSTANCE__ * hPrevInstance, wchar_t * lpstrCmdLine, int nCmdShow) Line 857 C++ > MiniBrowser.exe!wWinMain(HINSTANCE__ * hInstance, HINSTANCE__ * hPrevInstance, wchar_t * lpstrCmdLine, int nCmdShow) Line 249 C++ > [External Code] > [Frames below may be incorrect and/or missing, no symbols loaded for kernel32.dll] 1201813 2 281165 fujii 2016-06-13 04:30:08 -0700 Created attachment 281165 Patch 1201839 3 bfulgham 2016-06-13 08:29:56 -0700 This seems like it should be affecting all ports, not just Windows. I wonder why we don't see it elsewhere? 1201841 4 krollin 2016-06-13 08:45:13 -0700 Yeah, I wondered that, too. It may have to do with how the compiler handles optimizing the assigning of the result of adoptRef() to "tmp" in release(). If it uses the move constructor, then we have the recursion problem. If it uses the "construct the result in the caller-provided variable" optimization, then we won't. So I can see how different compilers could have different results. What I'm wondering is why we're only seeing it in MiniBrowser and not all over the place on Windows. 1201846 5 281165 cdumez 2016-06-13 09:02:48 -0700 Comment on attachment 281165 Patch R=me 1201853 6 281165 commit-queue 2016-06-13 09:26:14 -0700 Comment on attachment 281165 Patch Clearing flags on attachment: 281165 Committed r201991: <http://trac.webkit.org/changeset/201991> 1201854 7 commit-queue 2016-06-13 09:26:21 -0700 All reviewed patches have been landed. Closing bug. 1202050 8 fujii 2016-06-13 18:54:18 -0700 Release build has no problem. All programs (MiniBrowser DumpRenderTree, TestWTF, TestWebKit, jsc, testapi, testRegExp) of Debug build have the problem. 281165 2016-06-13 04:30:08 -0700 2016-06-13 09:26:14 -0700 Patch bug-158687-20160613203141.patch text/plain 1714 fujii U3VidmVyc2lvbiBSZXZpc2lvbjogMjAxOTg2CmRpZmYgLS1naXQgYS9Tb3VyY2UvV1RGL0NoYW5n ZUxvZyBiL1NvdXJjZS9XVEYvQ2hhbmdlTG9nCmluZGV4IGRiYTg1YjUyNjYyNjk5YWQ1ZDk3MTlk MDg3NTAwZTZlMTdmNjk4MzEuLjgwOTU2NWJmNzcxOTg5MzJlOTQ1MmFkNjI2MzNlYzI3MGVmNjM4 M2UgMTAwNjQ0Ci0tLSBhL1NvdXJjZS9XVEYvQ2hhbmdlTG9nCisrKyBiL1NvdXJjZS9XVEYvQ2hh bmdlTG9nCkBAIC0xLDMgKzEsMTggQEAKKzIwMTYtMDYtMTMgIEZ1amlpIEhpcm9ub3JpICA8SGly b25vcmkuRnVqaWlAc29ueS5jb20+CisKKyAgICAgICAgU3RhY2sgb3ZlcmZsb3cgYXQgUmVmUHRy OjpyZWxlYXNlIG9uIFdpbmRvd3MgcG9ydCBzaW5jZSByMjAxNzgyCisgICAgICAgIGh0dHBzOi8v YnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD0xNTg2ODcKKworICAgICAgICBSZXZpZXdl ZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICBSZWZQdHI6OnJlbGVhc2UgY2FsbHMgUmVm UHRyOjpSZWZQdHIsIGFuZCBSZWZQdHI6OlJlZlB0ciBjYWxscworICAgICAgICBSZWZQdHI6OnJl bGVhc2UuCisKKyAgICAgICAgUmVmUHRyOjpSZWZQdHIgZG9lcyBub3QgbmVlZCB0byBjYWxsIFJl ZlB0cjo6cmVsZWFzZS4KKworICAgICAgICAqIHd0Zi9SZWZQdHIuaDoKKyAgICAgICAgKFdURjo6 UmVmUHRyOjpSZWZQdHIpOiBEbyBub3QgY2FsbCBSZWZQdHI6OnJlbGVhc2UuCisKIDIwMTYtMDYt MTEgIE15bGVzIEMuIE1heGZpZWxkICA8bW1heGZpZWxkQGFwcGxlLmNvbT4KIAogICAgICAgICBB ZGRyZXNzaW5nIHBvc3QtcmV2aWV3IGNvbW1lbnRzIGFmdGVyIHIyMDE5NzguCmRpZmYgLS1naXQg YS9Tb3VyY2UvV1RGL3d0Zi9SZWZQdHIuaCBiL1NvdXJjZS9XVEYvd3RmL1JlZlB0ci5oCmluZGV4 IGRlNDdiNjZiNGUzYjE5NTg5NmEwYjRhNDEzY2NkMzQzZDkyMGNiMmQuLmE4Y2I2YzljNTE2NDM2 YmQ4NGYzNWUyYmJjYTkzODk2Yzg2NjYyOGMgMTAwNjQ0Ci0tLSBhL1NvdXJjZS9XVEYvd3RmL1Jl ZlB0ci5oCisrKyBiL1NvdXJjZS9XVEYvd3RmL1JlZlB0ci5oCkBAIC00OSw4ICs0OSw4IEBAIHB1 YmxpYzoKICAgICBBTFdBWVNfSU5MSU5FIFJlZlB0cihjb25zdCBSZWZQdHImIG8pIDogbV9wdHIo by5tX3B0cikgeyByZWZJZk5vdE51bGwobV9wdHIpOyB9CiAgICAgdGVtcGxhdGU8dHlwZW5hbWUg VT4gUmVmUHRyKGNvbnN0IFJlZlB0cjxVPiYgbykgOiBtX3B0cihvLmdldCgpKSB7IHJlZklmTm90 TnVsbChtX3B0cik7IH0KIAotICAgIEFMV0FZU19JTkxJTkUgUmVmUHRyKFJlZlB0ciYmIG8pIDog bV9wdHIoby5yZWxlYXNlKCkubGVha1JlZigpKSB7IH0KLSAgICB0ZW1wbGF0ZTx0eXBlbmFtZSBV PiBSZWZQdHIoUmVmUHRyPFU+JiYgbykgOiBtX3B0cihvLnJlbGVhc2UoKS5sZWFrUmVmKCkpIHsg fQorICAgIEFMV0FZU19JTkxJTkUgUmVmUHRyKFJlZlB0ciYmIG8pIDogbV9wdHIoby5sZWFrUmVm KCkpIHsgfQorICAgIHRlbXBsYXRlPHR5cGVuYW1lIFU+IFJlZlB0cihSZWZQdHI8VT4mJiBvKSA6 IG1fcHRyKG8ubGVha1JlZigpKSB7IH0KIAogICAgIC8vIFNlZSBjb21tZW50cyBpbiBQYXNzUmVm UHRyLmggZm9yIGFuIGV4cGxhbmF0aW9uIG9mIHdoeSB0aGlzIHRha2VzIGEgY29uc3QgcmVmZXJl bmNlLgogICAgIHRlbXBsYXRlPHR5cGVuYW1lIFU+IFJlZlB0cihjb25zdCBQYXNzUmVmUHRyPFU+ Jik7Cg==