165871 2016-12-14 14:38:42 -0800 The stress GC bot crashes in JavaScriptCore beneath ShadowChicken::update and Inspector::jsToInspectorValue 2016-12-14 17:42:28 -0800 1 1 1 Unclassified WebKit JavaScriptCore WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 1 msaboff msaboff commit-queue keith_miller mark.lam saam oldest_to_newest 1259908 0 msaboff 2016-12-14 14:38:42 -0800 The test LayoutTests/inspector/worker/debugger-multiple-targets-pause.html is usually the one that crashes. It crashes with one of two backtraces. Usual backtrace: Thread 16 Crashed:: WebCore: Worker 0 com.apple.JavaScriptCore 0x0000000100b3aca5 JSC::JSCell::classInfo() const + 69 1 com.apple.JavaScriptCore 0x0000000100b3ac39 JSC::JSCell::inherits(JSC::ClassInfo const*) const + 25 2 com.apple.JavaScriptCore 0x0000000100f15113 JSC::JSScope* JSC::jsCast<JSC::JSScope*, JSC::JSCell>(JSC::JSCell*) + 51 3 com.apple.JavaScriptCore 0x0000000100f1166d JSC::Register::scope() const + 29 4 com.apple.JavaScriptCore 0x0000000100f5a64e JSC::ExecState::scope(int) const + 46 5 com.apple.JavaScriptCore 0x000000010185bd7c JSC::ShadowChicken::update(JSC::VM&, JSC::ExecState*)::$_1::operator()(JSC::StackVisitor&) const + 380 6 com.apple.JavaScriptCore 0x000000010185b41a void JSC::StackVisitor::visit<JSC::ShadowChicken::update(JSC::VM&, JSC::ExecState*)::$_1>(JSC::ExecState*, JSC::ShadowChicken::update(JSC::VM&, JSC::ExecState*)::$_1 const&) + 74 7 com.apple.JavaScriptCore 0x000000010185b008 JSC::ShadowChicken::update(JSC::VM&, JSC::ExecState*) + 1832 8 com.apple.JavaScriptCore 0x000000010185a8a0 JSC::ShadowChicken::log(JSC::VM&, JSC::ExecState*, JSC::ShadowChicken::Packet const&) + 48 9 com.apple.JavaScriptCore 0x0000000101702593 JSC::genericUnwind(JSC::VM*, JSC::ExecState*, JSC::UnwindStart) + 403 10 com.apple.JavaScriptCore 0x00000001017027bf JSC::genericUnwind(JSC::VM*, JSC::ExecState*) + 31 11 com.apple.JavaScriptCore 0x0000000101917362 llint_slow_path_handle_exception + 146 12 com.apple.JavaScriptCore 0x00000001019219e5 llint_entry + 19297 13 com.apple.JavaScriptCore 0x000000010192432b llint_entry + 29863 14 com.apple.JavaScriptCore 0x000000010192432b llint_entry + 29863 15 com.apple.JavaScriptCore 0x000000010192432b llint_entry + 29863 16 com.apple.JavaScriptCore 0x000000010192469c llint_entry + 30744 17 com.apple.JavaScriptCore 0x000000010192432b llint_entry + 29863 18 com.apple.JavaScriptCore 0x000000010192469c llint_entry + 30744 19 com.apple.JavaScriptCore 0x000000010191cc6e vmEntryToJavaScript + 334 20 com.apple.JavaScriptCore 0x00000001016feafc JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) + 332 21 com.apple.JavaScriptCore 0x0000000101676c6f JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 1231 22 com.apple.JavaScriptCore 0x0000000100e452ee JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 190 23 com.apple.JavaScriptCore 0x0000000100e453c9 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) + 201 24 com.apple.WebCore 0x000000010cfb61da WebCore::functionCallHandlerFromAnyThread(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) + 170 25 com.apple.JavaScriptCore 0x0000000101b6f1b8 Deprecated::ScriptFunctionCall::call(bool&) + 632 26 com.apple.JavaScriptCore 0x00000001015b6005 Inspector::InjectedScriptBase::callFunctionWithEvalEnabled(Deprecated::ScriptFunctionCall&, bool&) const + 69 27 com.apple.JavaScriptCore 0x00000001015b2fc6 Inspector::InjectedScript::wrapCallFrames(JSC::JSValue) const + 310 28 com.apple.JavaScriptCore 0x000000010162818b Inspector::InspectorDebuggerAgent::currentCallFrames(Inspector::InjectedScript const&) + 187 29 com.apple.JavaScriptCore 0x000000010162915c Inspector::InspectorDebuggerAgent::didPause(JSC::ExecState&, JSC::JSValue, JSC::JSValue) + 972 30 com.apple.JavaScriptCore 0x000000010162936f non-virtual thunk to Inspector::InspectorDebuggerAgent::didPause(JSC::ExecState&, JSC::JSValue, JSC::JSValue) + 63 31 com.apple.JavaScriptCore 0x0000000101b67643 Inspector::ScriptDebugServer::dispatchDidPause(Inspector::ScriptDebugListener*) + 307 32 com.apple.JavaScriptCore 0x0000000101b67f05 Inspector::ScriptDebugServer::dispatchFunctionToListeners(WTF::HashSet<Inspector::ScriptDebugListener*, WTF::PtrHash<Inspector::ScriptDebugListener*>, WTF::HashTraits<Inspector::ScriptDebugListener*> > const&, void (Inspector::ScriptDebugServer::*)(Inspector::ScriptDebugListener*)) + 229 33 com.apple.JavaScriptCore 0x0000000101b67e0a Inspector::ScriptDebugServer::dispatchFunctionToListeners(void (Inspector::ScriptDebugServer::*)(Inspector::ScriptDebugListener*)) + 170 34 com.apple.JavaScriptCore 0x0000000101b68219 Inspector::ScriptDebugServer::handlePause(JSC::JSGlobalObject*, JSC::Debugger::ReasonForPause) + 73 35 com.apple.JavaScriptCore 0x0000000100f426f5 JSC::Debugger::pauseIfNeeded(JSC::ExecState*) + 853 36 com.apple.JavaScriptCore 0x0000000100f429d4 JSC::Debugger::updateCallFrame(JSC::ExecState*, JSC::Debugger::CallFrameUpdateAction) + 100 37 com.apple.JavaScriptCore 0x0000000100f4316f JSC::Debugger::didReachBreakpoint(JSC::ExecState*) + 111 38 com.apple.JavaScriptCore 0x0000000101677f57 JSC::Interpreter::debug(JSC::ExecState*, JSC::DebugHookType) + 487 39 com.apple.JavaScriptCore 0x0000000101917203 llint_slow_path_debug + 211 40 com.apple.JavaScriptCore 0x0000000101924e5c llint_entry + 32728 41 com.apple.JavaScriptCore 0x00000001019243a5 llint_entry + 29985 42 com.apple.JavaScriptCore 0x000000010191cc6e vmEntryToJavaScript + 334 43 com.apple.JavaScriptCore 0x00000001016feafc JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) + 332 44 com.apple.JavaScriptCore 0x0000000101676c6f JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 1231 45 com.apple.JavaScriptCore 0x0000000100e452ee JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 190 46 com.apple.JavaScriptCore 0x0000000100e453c9 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) + 201 47 com.apple.JavaScriptCore 0x0000000100e455cd JSC::profiledCall(JSC::ExecState*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) + 125 48 com.apple.WebCore 0x000000010ddd0608 WebCore::ScheduledAction::executeFunctionInContext(JSC::JSGlobalObject*, JSC::JSValue, WebCore::ScriptExecutionContext&) + 728 49 com.apple.WebCore 0x000000010ddd02ad WebCore::ScheduledAction::execute(WebCore::WorkerGlobalScope&) + 221 50 com.apple.WebCore 0x000000010ddd003d WebCore::ScheduledAction::execute(WebCore::ScriptExecutionContext&) + 93 51 com.apple.WebCore 0x000000010c15a88e WebCore::DOMTimer::fired() + 990 52 com.apple.WebCore 0x000000010e2bb8fa WebCore::ThreadTimers::sharedTimerFiredInternal() + 394 53 com.apple.WebCore 0x000000010e2bcb41 WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0::operator()() const + 33 54 com.apple.WebCore 0x000000010e2bcb0d void std::__1::__invoke_void_return_wrapper<void>::__call<WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0&>(WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0&&&) + 45 55 com.apple.WebCore 0x000000010e2bcaac std::__1::__function::__func<WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0, std::__1::allocator<WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0>, void ()>::operator()() + 44 56 com.apple.WebCore 0x000000010b956c5a std::__1::function<void ()>::operator()() const + 26 57 com.apple.WebCore 0x000000010e574c6c WebCore::WorkerSharedTimer::fire() + 28 58 com.apple.WebCore 0x000000010e57372a WebCore::WorkerRunLoop::runInMode(WebCore::WorkerGlobalScope*, WebCore::ModePredicate const&, WebCore::WorkerRunLoop::WaitMode) + 1322 59 com.apple.WebCore 0x000000010e5731c6 WebCore::WorkerRunLoop::run(WebCore::WorkerGlobalScope*) + 86 60 com.apple.WebCore 0x000000010e57c4e5 WebCore::WorkerThread::runEventLoop() + 53 61 com.apple.WebCore 0x000000010bfea339 WebCore::DedicatedWorkerThread::runEventLoop() + 89 62 com.apple.WebCore 0x000000010e57c30c WebCore::WorkerThread::workerThread() + 1372 63 com.apple.WebCore 0x000000010e57bda5 WebCore::WorkerThread::workerThreadStart(void*) + 21 64 com.apple.JavaScriptCore 0x0000000101e32269 WTF::createThread(void (*)(void*), void*, char const*)::$_0::operator()() const + 25 65 com.apple.JavaScriptCore 0x0000000101e3223d void std::__1::__invoke_void_return_wrapper<void>::__call<WTF::createThread(void (*)(void*), void*, char const*)::$_0&>(WTF::createThread(void (*)(void*), void*, char const*)::$_0&&&) + 45 66 com.apple.JavaScriptCore 0x0000000101e321dc std::__1::__function::__func<WTF::createThread(void (*)(void*), void*, char const*)::$_0, std::__1::allocator<WTF::createThread(void (*)(void*), void*, char const*)::$_0>, void ()>::operator()() + 44 67 com.apple.JavaScriptCore 0x000000010131e02a std::__1::function<void ()>::operator()() const + 26 68 com.apple.JavaScriptCore 0x0000000101e30e3e WTF::threadEntryPoint(void*) + 158 69 com.apple.JavaScriptCore 0x0000000101e328e1 WTF::wtfThreadEntryPoint(void*) + 289 70 libsystem_pthread.dylib 0x000000011853399d _pthread_body + 131 71 libsystem_pthread.dylib 0x000000011853391a _pthread_start + 168 Much less likely backtrace (from debugger): * thread #37: tid = 0x12566c7, 0x0000000102425644, queue = 'None, stop reason = EXC_BAD_ACCESS (code=1, addre\320SQ\207\303\260RQ frame #0: 0x0000000102425644 JavaScriptCore`::WTFCrash() + 36 at Assertions.cpp:323 frame #1: 0x00000001021c6d11 JavaScriptCore`Inspector::jsToInspectorValue(scriptState=0x000000011deb40e0, value=JSValue @ 0x000070000b2723c8, maxDepth=1000) + 97 at ScriptValue.cpp:46 frame #2: 0x00000001021c6c99 JavaScriptCore`Inspector::toInspectorValue(state=0x000000011deb40e0, value=JSValue @ 0x000070000b272408) + 73 at ScriptValue.cpp:101 frame #3: 0x0000000101bfffeb JavaScriptCore`Inspector::InjectedScript::wrapCallFrames(this=0x000070000b272650, callFrames=JSValue @ 0x000070000b272518) const + 427 at InjectedScript.cpp:223 frame #4: 0x0000000101c77a29 JavaScriptCore`Inspector::InspectorDebuggerAgent::currentCallFrames(this=0x000000011ed55000, injectedScript=0x000070000b272650) + 185 at InspectorDebuggerAgent.cpp:870 frame #5: 0x0000000101c78cb1 JavaScriptCore`Inspector::InspectorDebuggerAgent::didPause(this=0x000000011ed55000, scriptState=0x000000011deb40e0, callFrames=JSValue @ 0x000070000b2726b0, exceptionOrCaughtValue=JSValue @ 0x000070000b2726a8) + 961 at InspectorDebuggerAgent.cpp:1004 frame #6: 0x0000000101c790bc JavaScriptCore`non-virtual thunk to Inspector::InspectorDebuggerAgent::didPause(this=0x000000011ed55000, scriptState=0x000000011deb40e0, callFrames=JSValue @ 0x000070000b272708, exceptionOrCaughtValue=JSValue @ 0x000070000b272700) + 60 at InspectorDebuggerAgent.cpp:952 frame #7: 0x00000001021bf2e3 JavaScriptCore`Inspector::ScriptDebugServer::dispatchDidPause(this=0x0000000109433230, listener=0x000000011ed55000) + 307 at ScriptDebugServer.cpp:135 frame #8: 0x00000001021bfe6c JavaScriptCore`Inspector::ScriptDebugServer::dispatchFunctionToListeners(this=0x0000000109433230, listeners=0x0000000109433390, callback=b0 f1 1b 02 01 00 00 00 00 00 00 00 00 00 00 00)(Inspector::ScriptDebugListener*)) + 220 at ScriptDebugServer.cpp:277 frame #9: 0x00000001021bfd7a JavaScriptCore`Inspector::ScriptDebugServer::dispatchFunctionToListeners(this=0x0000000109433230, callback=b0 f1 1b 02 01 00 00 00 00 00 00 00 00 00 00 00)(Inspector::ScriptDebugListener*)) + 170 at ScriptDebugServer.cpp:269 frame #10: 0x00000001021c01b9 JavaScriptCore`Inspector::ScriptDebugServer::handlePause(this=0x0000000109433230, vmEntryGlobalObject=0x000000011deb40a0, (null)=PausedForDebuggerStatement) + 73 at ScriptDebugServer.cpp:310 frame #11: 0x00000001015805dc JavaScriptCore`JSC::Debugger::pauseIfNeeded(this=0x0000000109433230, callFrame=0x000070000b272c60) + 844 at Debugger.cpp:737 frame #12: 0x00000001015808ce JavaScriptCore`JSC::Debugger::updateCallFrame(this=0x0000000109433230, callFrame=0x000070000b272c60, action=AttemptPause) + 94 at Debugger.cpp:666 frame #13: 0x000000010158112f JavaScriptCore`JSC::Debugger::didReachBreakpoint(this=0x0000000109433230, callFrame=0x000070000b272c60) + 111 at Debugger.cpp:907 frame #14: 0x0000000101cc5bc2 JavaScriptCore`JSC::Interpreter::debug(this=0x000000011ed3f798, callFrame=0x000070000b272c60, debugHookType=DidReachBreakpoint) + 482 at Interpreter.cpp:1233 frame #15: 0x0000000101f61ee3 JavaScriptCore`::llint_slow_path_debug(exec=0x000070000b272c60, pc=0x00000001094fa9b8) + 211 at LLIntSlowPaths.cpp:1507 frame #16: 0x0000000101f6f21c foo#AVFb9Z [LLInt](Cell[DedicatedWorkerGlobalScope ID: 209]: 0x11deb40a0) frame #17: 0x0000000101f6e765 workInThread1#Eh79B7 [LLInt](Cell[DedicatedWorkerGlobalScope ID: 209]: 0x11deb40a0) frame #18: 0x0000000101f6702e JavaScriptCore`llintPCRangeStart + 334 at LowLevelInterpreter64.asm:254 frame #19: 0x0000000101d499e9 JavaScriptCore`JSC::JITCode::execute(this=0x000000011ec31118, vm=0x000000011a7ec000, protoCallFrame=0x000070000b272e90) + 329 at JITCode.cpp:81 frame #20: 0x0000000101cc428f JavaScriptCore`JSC::Interpreter::executeCall(this=0x000000011ed3f798, callFrame=0x000000011deb40e0, function=0x000000011dea0a00, callType=JS, callData=0x000070000b273308, thisValue=JSValue @ 0x000070000b272f90, args=0x000070000b273218) + 1215 at Interpreter.cpp:927 frame #21: 0x000000010147fea8 JavaScriptCore`JSC::call(exec=0x000000011deb40e0, functionObject=JSValue @ 0x000070000b273010, callType=JS, callData=0x000070000b273308, thisValue=JSValue @ 0x000070000b273008, args=0x000070000b273218) + 184 at CallData.cpp:39 frame #22: 0x000000010147ffb9 JavaScriptCore`JSC::call(exec=0x000000011deb40e0, functionObject=JSValue @ 0x000070000b273100, callType=JS, callData=0x000070000b273308, thisValue=JSValue @ 0x000070000b2730f8, args=0x000070000b273218, returnedException=0x000070000b273260) + 201 at CallData.cpp:46 frame #23: 0x000000010148022d JavaScriptCore`JSC::profiledCall(exec=0x000000011deb40e0, reason=Other, functionObject=JSValue @ 0x000070000b273190, callType=JS, callData=0x000070000b273308, thisValue=JSValue @ 0x000070000b273188, args=0x000070000b273218, returnedException=0x000070000b273260) + 125 at CallData.cpp:65 frame #24: 0x000000010bcc255f WebCore`WebCore::ScheduledAction::executeFunctionInContext(this=0x000000011ec310f0, globalObject=0x000000011deb40a0, thisValue=JSValue @ 0x000070000b273338, context=0x000000011edc5000) + 719 at ScheduledAction.cpp:107 frame #25: 0x000000010bcc220d WebCore`WebCore::ScheduledAction::execute(this=0x000000011ec310f0, workerGlobalScope=0x000000011edc5000) + 221 at ScheduledAction.cpp:140 frame #26: 0x000000010bcc1f9d WebCore`WebCore::ScheduledAction::execute(this=0x000000011ec310f0, context=0x000000011edc5000) + 93 at ScheduledAction.cpp:81 frame #27: 0x000000010a0bdd68 WebCore`WebCore::DOMTimer::fired(this=0x000000011d306c80) + 968 at DOMTimer.cpp:355 frame #28: 0x000000010c19898a WebCore`WebCore::ThreadTimers::sharedTimerFiredInternal(this=0x000000011edce5c8) + 394 at ThreadTimers.cpp:121 frame #29: 0x000000010c199bb1 WebCore`WebCore::ThreadTimers::setSharedTimer(this=0x000000011edb46f8)::$_0::operator()() const + 33 at ThreadTimers.cpp:73 frame #30: 0x000000010c199b7d WebCore`void std::__1::__invoke_void_return_wrapper<void>::__call<WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0&>(WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0&&&) [inlined] decltype(__f=0x000000011edb46f8)::$_0&>(fp)(std::__1::forward<>(fp0))) std::__1::__invoke<WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0&>(WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0&&&) + 45 at __functional_base:416 frame #31: 0x000000010c199b6c WebCore`void std::__1::__invoke_void_return_wrapper<void>::__call<WebCore::ThreadTimers::setSharedTimer(__args=0x000000011edb46f8)::$_0&>(WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0&&&) + 28 at __functional_base:468 frame #32: 0x000000010c199b29 WebCore`std::__1::__function::__func<WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0, std::__1::allocator<WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0>, void ()>::operator(this=0x000000011edb46f0)() + 41 at functional:1437 frame #33: 0x000000010993945a WebCore`std::__1::function<void ()>::operator(this=0x000000011edb46f0)() const + 26 at functional:1817 frame #34: 0x000000010c4711e9 WebCore`WebCore::WorkerSharedTimer::fire(this=0x000000011edb46e0) + 25 at WorkerRunLoop.cpp:58 frame #35: 0x000000010c4702f6 WebCore`WebCore::WorkerRunLoop::runInMode(this=0x000000011edd4dc0, context=0x000000011edc5000, predicate=0x000070000b2739a8, waitMode=WaitForMessage) + 1302 at WorkerRunLoop.cpp:195 frame #36: 0x000000010c46fd46 WebCore`WebCore::WorkerRunLoop::run(this=0x000000011edd4dc0, context=0x000000011edc5000) + 86 at WorkerRunLoop.cpp:137 frame #37: 0x000000010c478fb3 WebCore`WebCore::WorkerThread::runEventLoop(this=0x000000011edd4da8) + 51 at WorkerThread.cpp:228 frame #38: 0x0000000109f535a8 WebCore`WebCore::DedicatedWorkerThread::runEventLoop(this=0x000000011edd4da8) + 88 at DedicatedWorkerThread.cpp:60 frame #39: 0x000000010c478cd1 WebCore`WebCore::WorkerThread::workerThread(this=0x000000011edd4da8) + 1345 at WorkerThread.cpp:188 frame #40: 0x000000010c478785 WebCore`WebCore::WorkerThread::workerThreadStart(thread=0x000000011edd4da8) + 21 at WorkerThread.cpp:147 frame #41: 0x0000000102496059 JavaScriptCore`WTF::createThread(this=0x000070000b273d88)(void*), void*, char const*)::$_0::operator()() const + 25 at Threading.cpp:83 frame #42: 0x000000010249602d JavaScriptCore`void std::__1::__invoke_void_return_wrapper<void>::__call<WTF::createThread(void (*)(void*), void*, char const*)::$_0&>(WTF::createThread(void (*)(void*), void*, char const*)::$_0&&&) [inlined] decltype(__f=0x000070000b273d88)(void*), void*, char const*)::$_0&>(fp)(std::__1::forward<>(fp0))) std::__1::__invoke<WTF::createThread(void (*)(void*), void*, char const*)::$_0&>(WTF::createThread(void (*)(void*), void*, char const*)::$_0&&&) + 45 at __functional_base:416 frame #43: 0x000000010249601c JavaScriptCore`void std::__1::__invoke_void_return_wrapper<void>::__call<WTF::createThread(__args=0x000070000b273d88)(void*), void*, char const*)::$_0&>(WTF::createThread(void (*)(void*), void*, char const*)::$_0&&&) + 28 at __functional_base:468 frame #44: 0x0000000102495fd9 JavaScriptCore`std::__1::__function::__func<WTF::createThread(void (*)(void*), void*, char const*)::$_0, std::__1::allocator<WTF::createThread(void (*)(void*), void*, char const*)::$_0>, void ()>::operator(this=0x000070000b273d80)() + 41 at functional:1437 frame #45: 0x000000010192bb5a JavaScriptCore`std::__1::function<void ()>::operator(this=0x000070000b273d80)() const + 26 at functional:1817 frame #46: 0x0000000102494c77 JavaScriptCore`WTF::threadEntryPoint(contextData=0x000000011d240d00) + 151 at Threading.cpp:60 frame #47: 0x0000000102496641 JavaScriptCore`WTF::wtfThreadEntryPoint(param=0x000000011d2d0b90) + 289 at ThreadingPthreads.cpp:164 frame #48: 0x00007fff8d585aab libsystem_pthread.dylib`_pthread_body + 180 frame #49: 0x00007fff8d5859f7 libsystem_pthread.dylib`_pthread_start + 286 frame #50: 0x00007fff8d5851fd libsystem_pthread.dylib`thread_start + 13 1259909 1 msaboff 2016-12-14 14:39:28 -0800 <rdar://problem/29538575> 1259926 2 297133 msaboff 2016-12-14 15:09:21 -0800 Created attachment 297133 Patch 1259930 3 297133 joepeck 2016-12-14 15:16:35 -0800 Comment on attachment 297133 Patch Inspector piece looks fine to me. Thanks for filing bug 165875. 1259933 4 297133 mark.lam 2016-12-14 15:21:40 -0800 Comment on attachment 297133 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=297133&action=review r=me with comments. > Source/JavaScriptCore/ChangeLog:15 > + When the watchdig fires, the function we get an exception at op_watchdog. In processing that exception, /watchdig/watchdog/. Please clarify phrasing in "the function we get an exception at op_watchdog". > Source/JavaScriptCore/inspector/InjectedScript.cpp:222 > auto callFramesValue = callFunctionWithEvalEnabled(function, hadException); > + if (!callFramesValue) Should hadException be true here? I think it's clearer to check for that if possible. 1259934 5 297133 mark.lam 2016-12-14 15:22:36 -0800 Comment on attachment 297133 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=297133&action=review > Source/JavaScriptCore/ChangeLog:4 > + https://bugs.webkit.org/show_bug.cgi?id=165871 I think these days, it's also encouraged to add the rdar url here. Please add it. 1259942 6 msaboff 2016-12-14 15:36:58 -0800 (In reply to comment #4) > Comment on attachment 297133 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=297133&action=review > > r=me with comments. > > > Source/JavaScriptCore/ChangeLog:15 > > + When the watchdig fires, the function we get an exception at op_watchdog. In processing that exception, > > /watchdig/watchdog/. > Please clarify phrasing in "the function we get an exception at op_watchdog". Changed the sentence to When the watchdog fires, the function will get an exception at op_watchdog. > > Source/JavaScriptCore/inspector/InjectedScript.cpp:222 > > auto callFramesValue = callFunctionWithEvalEnabled(function, hadException); > > + if (!callFramesValue) > > Should hadException be true here? I think it's clearer to check for that if > possible. In the case of the watch dog firing, hadException will be false and callFunctionWithEvalEnabled(), which calls ScriptFunctionCall::call(), will return an empty JSValue instead. > Source/JavaScriptCore/ChangeLog:4 > + https://bugs.webkit.org/show_bug.cgi?id=165871 Opened <rdar://problem/29671015> and added it to the ChangeLog. 1259985 7 msaboff 2016-12-14 17:42:28 -0800 Committed r209847: <http://trac.webkit.org/changeset/209847> 297133 2016-12-14 15:09:21 -0800 2016-12-14 15:21:40 -0800 Patch 165871.patch text/plain 4706 msaboff SW5kZXg6IFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9DaGFuZ2VMb2cKPT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291 cmNlL0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkocmV2aXNpb24gMjA5ODM1KQorKysgU291cmNl L0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDM4IEBA CisyMDE2LTEyLTE0ICBNaWNoYWVsIFNhYm9mZiAgPG1zYWJvZmZAYXBwbGUuY29tPgorCisgICAg ICAgIFRoZSBzdHJlc3MgR0MgYm90IGNyYXNoZXMgaW4gSmF2YVNjcmlwdENvcmUgYmVuZWF0aCBT aGFkb3dDaGlja2VuOjp1cGRhdGUgYW5kIEluc3BlY3Rvcjo6anNUb0luc3BlY3RvclZhbHVlCisg ICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD0xNjU4NzEKKwor ICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICBUaGlzIGZpeGVz IHR3byBpc3N1ZXMgd2l0aCB0aGUgVk0gd2F0Y2ggZG9nIHRpbWVyIGZpcmluZyBpbiBhIHdvcmtl ci4KKworICAgICAgICBUaGUgZmlyc3QgaXNzdWUgaGFzIHRvIGRvIHdpdGggYnl0ZWNvZGUgb3Jk ZXJpbmcuICBQcmlvciB0byB0aGlzIGNoYW5nZSwgdGhlIGZpcnN0IGZldyBvcGNvZGVzCisgICAg ICAgIGdlbmVyYXRlZCB3aGVuIHRoZSB3YXRjaCBkb2cgaXMgZW5hYmxlZCBhcmU6CisgICAgICAg ICAgICAgICAgb3BfZW50ZXIKKyAgICAgICAgICAgICAgICBvcF93YXRjaGRvZworICAgICAgICAg ICAgICAgIG9wX2dldF9zY29wZQorICAgICAgICBXaGVuIHRoZSB3YXRjaGRpZyBmaXJlcywgdGhl IGZ1bmN0aW9uIHdlIGdldCBhbiBleGNlcHRpb24gYXQgb3Bfd2F0Y2hkb2cuICBJbiBwcm9jZXNz aW5nIHRoYXQgZXhjZXB0aW9uLAorICAgICAgICB3ZSdsbCB0cnkgdG8gdXBkYXRlIHRoZSBTaGFk b3dDaGlja2VuIHNoYWRvdyBzdGFjay4gIFRoYXQgdXBkYXRlIGFzc3VtZXMgdGhhdCBpZiB0aGVy ZSBpcyBhIHNjb3BlIAorICAgICAgICBWaXJ0dWFsUmVnaXN0ZXIgYWxsb2NhdGVkLCB0aGVuIHRo ZSBzbG90IGNvbnRhaW5zIGEgdmFsaWQgSlNTY29wZS4gIFdpdGggdGhlIGN1cnJlbnQgYnl0ZWNv ZGUgb3JkZXJpbmcsCisgICAgICAgIHRoaXMgaXMgbm90IHRydWUgYXQgb3Bfd2F0Y2hkb2cgYXMg b3BfZW50ZXIgd2lsbCBwdXQgSlNVbmRlZmluZWQgaW4gdGhlIHNjb3BlIHNsb3QuICBJdCBpc24n dCB1bnRpbCB0aGUKKyAgICAgICAgb3BfZ2V0X3Njb3BlIGdldHMgcHJvY2Vzc2VkIHRoYXQgd2Un bGwgaGF2ZSBhIHZhbGlkIHNjb3BlIGluIHRoZSBzbG90LiAgVGhlIGZpeCBmb3IgdGhpcyBpc3N1 ZSBpcyB0byAKKyAgICAgICAgZW5zdXJlIHRoYXQgb3BfZ2V0X3Njb3BlIGhhcHBlbnMgYmVmb3Jl IHRoZSBvcF93YXRjaGRvZy4KKworICAgICAgICBUaGUgc2Vjb25kIGlzc3VlIGlzIHRoYXQgU2Ny aXB0RnVuY3Rpb25DYWxsOjpjYWxsKCkgd2lsbCBub3QgdGVsbCBpdHMgY2FsbGVyIHRoYXQgYSB0 ZXJtaW5hdGVkCisgICAgICAgIGV4ZWN1dGlvbiBleGNlcHRpb24gaGFwcGVuZWQuICBJbnN0ZWFk IGNhbGwoKSByZXR1cm5zIGFuIGVtcHR5IEpTVmFsdWUuICBJbmplY3RlZFNjcmlwdDo6d3JhcENh bGxGcmFtZXMoKQorICAgICAgICB3YXNuJ3QgY2hlY2tpbmcgZm9yIGFuIGVtcHR5IEpTVmFsdWUs IGJ1dCB3YXMgcGFzc2luZyBpdCB0byBhbm90aGVyIGZ1bmN0aW9uLiAgQWRkZWQgYSBzaG9ydCBj aXJjdWl0CisgICAgICAgIHJldHVybiB3aGVuIGNhbGwgcmV0dXJucyBhbiBlbXB0eSBKU1ZhbHVl LgorCisgICAgICAgIEFkZGVkIDxodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/ aWQ9MTY1ODc1PiB0byBmaXggb3RoZXIgY2FsbGVycyBvZiBTY3JpcHRGdW5jdGlvbkNhbGw6OmNh bGwoKQorICAgICAgICB0byBjaGVjayBmb3IgYW4gZW1wdHkgSlNWYWx1ZSByZXR1cm4gdmFsdWUu CisKKyAgICAgICAgKiBieXRlY29tcGlsZXIvQnl0ZWNvZGVHZW5lcmF0b3IuY3BwOgorICAgICAg ICAoSlNDOjpCeXRlY29kZUdlbmVyYXRvcjo6Qnl0ZWNvZGVHZW5lcmF0b3IpOgorICAgICAgICAo SlNDOjpCeXRlY29kZUdlbmVyYXRvcjo6ZW1pdEVudGVyKToKKyAgICAgICAgKiBpbnNwZWN0b3Iv SW5qZWN0ZWRTY3JpcHQuY3BwOgorICAgICAgICAoSW5zcGVjdG9yOjpJbmplY3RlZFNjcmlwdDo6 d3JhcENhbGxGcmFtZXMpOgorCiAyMDE2LTEyLTE0ICBLZWl0aCBNaWxsZXIgIDxrZWl0aF9taWxs ZXJAYXBwbGUuY29tPgogCiAgICAgICAgIFdlYkFzc2VtYmx5IEpTIEFQSTogaW1wbGVtZW50IEds b2JhbApJbmRleDogU291cmNlL0phdmFTY3JpcHRDb3JlL2J5dGVjb21waWxlci9CeXRlY29kZUdl bmVyYXRvci5jcHAKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291cmNlL0phdmFTY3JpcHRDb3JlL2J5dGVjb21w aWxlci9CeXRlY29kZUdlbmVyYXRvci5jcHAJKHJldmlzaW9uIDIwOTc3MykKKysrIFNvdXJjZS9K YXZhU2NyaXB0Q29yZS9ieXRlY29tcGlsZXIvQnl0ZWNvZGVHZW5lcmF0b3IuY3BwCSh3b3JraW5n IGNvcHkpCkBAIC0xOTcsNiArMTk3LDggQEAgQnl0ZWNvZGVHZW5lcmF0b3I6OkJ5dGVjb2RlR2Vu ZXJhdG9yKFZNJgogCiAgICAgYWxsb2NhdGVBbmRFbWl0U2NvcGUoKTsKIAorICAgIGVtaXRXYXRj aGRvZygpOworCiAgICAgY29uc3QgRnVuY3Rpb25TdGFjayYgZnVuY3Rpb25TdGFjayA9IHByb2dy YW1Ob2RlLT5mdW5jdGlvblN0YWNrKCk7CiAKICAgICBmb3IgKHNpemVfdCBpID0gMDsgaSA8IGZ1 bmN0aW9uU3RhY2suc2l6ZSgpOyArK2kpIHsKQEAgLTMzMCw2ICszMzIsOCBAQCBCeXRlY29kZUdl bmVyYXRvcjo6Qnl0ZWNvZGVHZW5lcmF0b3IoVk0mCiAKICAgICBhbGxvY2F0ZUFuZEVtaXRTY29w ZSgpOwogCisgICAgZW1pdFdhdGNoZG9nKCk7CisgICAgCiAgICAgaWYgKGZ1bmN0aW9uTmFtZUlz SW5TY29wZShmdW5jdGlvbk5vZGUtPmlkZW50KCksIGZ1bmN0aW9uTm9kZS0+ZnVuY3Rpb25Nb2Rl KCkpKSB7CiAgICAgICAgIEFTU0VSVChwYXJzZU1vZGUgIT0gU291cmNlUGFyc2VNb2RlOjpHZW5l cmF0b3JCb2R5TW9kZSk7CiAgICAgICAgIEFTU0VSVCghaXNBc3luY0Z1bmN0aW9uQm9keVBhcnNl TW9kZShwYXJzZU1vZGUpKTsKQEAgLTc1Niw2ICs3NjAsOCBAQCBCeXRlY29kZUdlbmVyYXRvcjo6 Qnl0ZWNvZGVHZW5lcmF0b3IoVk0mCiAKICAgICBhbGxvY2F0ZUFuZEVtaXRTY29wZSgpOwogCisg ICAgZW1pdFdhdGNoZG9nKCk7CisgICAgCiAgICAgY29uc3QgRGVjbGFyYXRpb25TdGFja3M6OkZ1 bmN0aW9uU3RhY2smIGZ1bmN0aW9uU3RhY2sgPSBldmFsTm9kZS0+ZnVuY3Rpb25TdGFjaygpOwog ICAgIGZvciAoc2l6ZV90IGkgPSAwOyBpIDwgZnVuY3Rpb25TdGFjay5zaXplKCk7ICsraSkKICAg ICAgICAgbV9jb2RlQmxvY2stPmFkZEZ1bmN0aW9uRGVjbChtYWtlRnVuY3Rpb24oZnVuY3Rpb25T dGFja1tpXSkpOwpAQCAtODM5LDYgKzg0NSw4IEBAIEJ5dGVjb2RlR2VuZXJhdG9yOjpCeXRlY29k ZUdlbmVyYXRvcihWTSYKIAogICAgIGFsbG9jYXRlQW5kRW1pdFNjb3BlKCk7CiAKKyAgICBlbWl0 V2F0Y2hkb2coKTsKKyAgICAKICAgICBtX2NhbGxlZVJlZ2lzdGVyLnNldEluZGV4KENhbGxGcmFt ZVNsb3Q6OmNhbGxlZSk7CiAKICAgICBtX2NvZGVCbG9jay0+c2V0TnVtUGFyYW1ldGVycygxKTsg Ly8gQWxsb2NhdGUgc3BhY2UgZm9yICJ0aGlzIgpAQCAtMTI0OSw3ICsxMjU3LDYgQEAgVW5saW5r ZWRWYWx1ZVByb2ZpbGUgQnl0ZWNvZGVHZW5lcmF0b3I6Ogogdm9pZCBCeXRlY29kZUdlbmVyYXRv cjo6ZW1pdEVudGVyKCkKIHsKICAgICBlbWl0T3Bjb2RlKG9wX2VudGVyKTsKLSAgICBlbWl0V2F0 Y2hkb2coKTsKIH0KIAogdm9pZCBCeXRlY29kZUdlbmVyYXRvcjo6ZW1pdExvb3BIaW50KCkKSW5k ZXg6IFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9pbnNwZWN0b3IvSW5qZWN0ZWRTY3JpcHQuY3BwCj09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT0KLS0tIFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9pbnNwZWN0b3IvSW5qZWN0ZWRTY3Jp cHQuY3BwCShyZXZpc2lvbiAyMDk3NzMpCisrKyBTb3VyY2UvSmF2YVNjcmlwdENvcmUvaW5zcGVj dG9yL0luamVjdGVkU2NyaXB0LmNwcAkod29ya2luZyBjb3B5KQpAQCAtMjE5LDYgKzIxOSw4IEBA IFJlZjxBcnJheTxJbnNwZWN0b3I6OlByb3RvY29sOjpEZWJ1Z2dlcjoKIAogICAgIGJvb2wgaGFk RXhjZXB0aW9uID0gZmFsc2U7CiAgICAgYXV0byBjYWxsRnJhbWVzVmFsdWUgPSBjYWxsRnVuY3Rp b25XaXRoRXZhbEVuYWJsZWQoZnVuY3Rpb24sIGhhZEV4Y2VwdGlvbik7CisgICAgaWYgKCFjYWxs RnJhbWVzVmFsdWUpCisgICAgICAgIHJldHVybiBBcnJheTxJbnNwZWN0b3I6OlByb3RvY29sOjpE ZWJ1Z2dlcjo6Q2FsbEZyYW1lPjo6Y3JlYXRlKCk7CiAgICAgQVNTRVJUKCFoYWRFeGNlcHRpb24p OwogICAgIFJlZlB0cjxJbnNwZWN0b3JWYWx1ZT4gcmVzdWx0ID0gdG9JbnNwZWN0b3JWYWx1ZSgq c2NyaXB0U3RhdGUoKSwgY2FsbEZyYW1lc1ZhbHVlKTsKICAgICBpZiAocmVzdWx0LT50eXBlKCkg PT0gSW5zcGVjdG9yVmFsdWU6OlR5cGU6OkFycmF5KQo=