65638 2011-08-03 13:31:44 -0700 Interpreter can potentially GC in the middle of initializing a structure chain 2011-08-04 11:26:46 -0700 1 1 1 Unclassified WebKit JavaScriptCore 528+ (Nightly build) Unspecified Unspecified RESOLVED FIXED P2 Normal --- 1 mhahnenberg mhahnenberg oliver webkit.review.bot oldest_to_newest 446057 0 mhahnenberg 2011-08-03 13:31:44 -0700 Occasionally when running new-run-webkit-tests we can get a failure when the garbage collector decides to do a collection in the middle of initializing a structure chain in Interpreter.cpp around line 1396. It's difficult to reproduce on its own due to the fact that it depends on what the garbage collector is doing up to that point of the test. An easy fix would be to move the allocation of the prototypeChain before calling getOpcode. 446191 1 102850 mhahnenberg 2011-08-03 16:19:36 -0700 Created attachment 102850 Patch 446202 2 102850 msaboff 2011-08-03 16:31:25 -0700 Comment on attachment 102850 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=102850&action=review > Source/JavaScriptCore/interpreter/Interpreter.cpp:1392 > + StructureChain* prototypeChain = structure->prototypeChain(callFrame); I think it make sense to document why you do the call here and use a local so that some future unsuspecting engineer doesn't reintroduce the bug by eliminating the local. 446222 3 102859 mhahnenberg 2011-08-03 16:42:39 -0700 Created attachment 102859 Patch 446642 4 102859 webkit.review.bot 2011-08-04 11:26:42 -0700 Comment on attachment 102859 Patch Clearing flags on attachment: 102859 Committed r92393: <http://trac.webkit.org/changeset/92393> 446643 5 webkit.review.bot 2011-08-04 11:26:46 -0700 All reviewed patches have been landed. Closing bug. 102850 2011-08-03 16:19:36 -0700 2011-08-03 16:42:37 -0700 Patch bug-65638-20110803161935.patch text/plain 1983 mhahnenberg SW5kZXg6IFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9DaGFuZ2VMb2cKPT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291 cmNlL0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkocmV2aXNpb24gOTIzMjQpCisrKyBTb3VyY2Uv SmF2YVNjcmlwdENvcmUvQ2hhbmdlTG9nCSh3b3JraW5nIGNvcHkpCkBAIC0xLDMgKzEsMTcgQEAK KzIwMTEtMDgtMDMgIE1hcmsgSGFobmVuYmVyZyAgPG1oYWhuZW5iZXJnQGFwcGxlLmNvbT4KKwor ICAgICAgICBJbnRlcnByZXRlciBjYW4gcG90ZW50aWFsbHkgR0MgaW4gdGhlIG1pZGRsZSBvZiBp bml0aWFsaXppbmcgYSBzdHJ1Y3R1cmUgY2hhaW4KKyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtp dC5vcmcvc2hvd19idWcuY2dpP2lkPTY1NjM4CisKKyAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZ IChPT1BTISkuCisKKyAgICAgICAgTW92ZWQgdGhlIGFsbG9jYXRpb24gb2YgYSBwcm90b3R5cGUg U3RydWN0dXJlQ2hhaW4gYmVmb3JlIHRoZSBpbml0aWFsaXphdGlvbiBvZiAKKyAgICAgICAgdGhl IHN0cnVjdHVyZSBjaGFpbiB3aXRoaW4gdGhlIGludGVycHJldGVyIHRoYXQgd2FzIGNhdXNpbmcg aW50ZXJtaXR0ZW50IEdDIGNyYXNoZXMuCisKKyAgICAgICAgKiBpbnRlcnByZXRlci9JbnRlcnBy ZXRlci5jcHA6CisgICAgICAgIChKU0M6OkludGVycHJldGVyOjp0cnlDYWNoZVB1dEJ5SUQpOgor ICAgICAgICAqIHd0Zi9QbGF0Zm9ybS5oOgorCiAyMDExLTA4LTAzICBDYXJsb3MgR2FyY2lhIENh bXBvcyAgPGNnYXJjaWFAaWdhbGlhLmNvbT4KIAogICAgICAgICBbR1RLXSBSZW9yZ2FuaXplIHBr Zy1jb25maWcgZmlsZXMKSW5kZXg6IFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9pbnRlcnByZXRlci9J bnRlcnByZXRlci5jcHAKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291cmNlL0phdmFTY3JpcHRDb3JlL2ludGVy cHJldGVyL0ludGVycHJldGVyLmNwcAkocmV2aXNpb24gOTIzMDgpCisrKyBTb3VyY2UvSmF2YVNj cmlwdENvcmUvaW50ZXJwcmV0ZXIvSW50ZXJwcmV0ZXIuY3BwCSh3b3JraW5nIGNvcHkpCkBAIC0x Mzg5LDEwICsxMzg5LDExIEBAIE5FVkVSX0lOTElORSB2b2lkIEludGVycHJldGVyOjp0cnlDYWNo ZVAKICAgICAgICAgbm9ybWFsaXplUHJvdG90eXBlQ2hhaW4oY2FsbEZyYW1lLCBiYXNlQ2VsbCk7 CiAgICAgICAgIEpTQ2VsbCogb3duZXIgPSBjb2RlQmxvY2stPm93bmVyRXhlY3V0YWJsZSgpOwog ICAgICAgICBKU0dsb2JhbERhdGEmIGdsb2JhbERhdGEgPSBjYWxsRnJhbWUtPmdsb2JhbERhdGEo KTsKKyAgICAgICAgU3RydWN0dXJlQ2hhaW4qIHByb3RvdHlwZUNoYWluID0gc3RydWN0dXJlLT5w cm90b3R5cGVDaGFpbihjYWxsRnJhbWUpOwogICAgICAgICB2UENbMF0gPSBnZXRPcGNvZGUob3Bf cHV0X2J5X2lkX3RyYW5zaXRpb24pOwogICAgICAgICB2UENbNF0udS5zdHJ1Y3R1cmUuc2V0KGds b2JhbERhdGEsIG93bmVyLCBzdHJ1Y3R1cmUtPnByZXZpb3VzSUQoKSk7CiAgICAgICAgIHZQQ1s1 XS51LnN0cnVjdHVyZS5zZXQoZ2xvYmFsRGF0YSwgb3duZXIsIHN0cnVjdHVyZSk7Ci0gICAgICAg IHZQQ1s2XS51LnN0cnVjdHVyZUNoYWluLnNldChjYWxsRnJhbWUtPmdsb2JhbERhdGEoKSwgY29k ZUJsb2NrLT5vd25lckV4ZWN1dGFibGUoKSwgc3RydWN0dXJlLT5wcm90b3R5cGVDaGFpbihjYWxs RnJhbWUpKTsKKyAgICAgICAgdlBDWzZdLnUuc3RydWN0dXJlQ2hhaW4uc2V0KGNhbGxGcmFtZS0+ Z2xvYmFsRGF0YSgpLCBjb2RlQmxvY2stPm93bmVyRXhlY3V0YWJsZSgpLCBwcm90b3R5cGVDaGFp bik7CiAgICAgICAgIEFTU0VSVCh2UENbNl0udS5zdHJ1Y3R1cmVDaGFpbik7CiAgICAgICAgIHZQ Q1s3XSA9IHNsb3QuY2FjaGVkT2Zmc2V0KCk7CiAgICAgICAgIHJldHVybjsK 102859 2011-08-03 16:42:39 -0700 2011-08-04 11:26:42 -0700 Patch bug-65638-20110803164238.patch text/plain 2191 mhahnenberg SW5kZXg6IFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9DaGFuZ2VMb2cKPT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291 cmNlL0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkocmV2aXNpb24gOTIzMjQpCisrKyBTb3VyY2Uv SmF2YVNjcmlwdENvcmUvQ2hhbmdlTG9nCSh3b3JraW5nIGNvcHkpCkBAIC0xLDMgKzEsMTcgQEAK KzIwMTEtMDgtMDMgIE1hcmsgSGFobmVuYmVyZyAgPG1oYWhuZW5iZXJnQGFwcGxlLmNvbT4KKwor ICAgICAgICBJbnRlcnByZXRlciBjYW4gcG90ZW50aWFsbHkgR0MgaW4gdGhlIG1pZGRsZSBvZiBp bml0aWFsaXppbmcgYSBzdHJ1Y3R1cmUgY2hhaW4KKyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtp dC5vcmcvc2hvd19idWcuY2dpP2lkPTY1NjM4CisKKyAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZ IChPT1BTISkuCisKKyAgICAgICAgTW92ZWQgdGhlIGFsbG9jYXRpb24gb2YgYSBwcm90b3R5cGUg U3RydWN0dXJlQ2hhaW4gYmVmb3JlIHRoZSBpbml0aWFsaXphdGlvbiBvZiAKKyAgICAgICAgdGhl IHN0cnVjdHVyZSBjaGFpbiB3aXRoaW4gdGhlIGludGVycHJldGVyIHRoYXQgd2FzIGNhdXNpbmcg aW50ZXJtaXR0ZW50IEdDIGNyYXNoZXMuCisKKyAgICAgICAgKiBpbnRlcnByZXRlci9JbnRlcnBy ZXRlci5jcHA6CisgICAgICAgIChKU0M6OkludGVycHJldGVyOjp0cnlDYWNoZVB1dEJ5SUQpOgor ICAgICAgICAqIHd0Zi9QbGF0Zm9ybS5oOgorCiAyMDExLTA4LTAzICBDYXJsb3MgR2FyY2lhIENh bXBvcyAgPGNnYXJjaWFAaWdhbGlhLmNvbT4KIAogICAgICAgICBbR1RLXSBSZW9yZ2FuaXplIHBr Zy1jb25maWcgZmlsZXMKSW5kZXg6IFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9pbnRlcnByZXRlci9J bnRlcnByZXRlci5jcHAKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291cmNlL0phdmFTY3JpcHRDb3JlL2ludGVy cHJldGVyL0ludGVycHJldGVyLmNwcAkocmV2aXNpb24gOTIzMDgpCisrKyBTb3VyY2UvSmF2YVNj cmlwdENvcmUvaW50ZXJwcmV0ZXIvSW50ZXJwcmV0ZXIuY3BwCSh3b3JraW5nIGNvcHkpCkBAIC0x Mzg5LDEwICsxMzg5LDE0IEBAIE5FVkVSX0lOTElORSB2b2lkIEludGVycHJldGVyOjp0cnlDYWNo ZVAKICAgICAgICAgbm9ybWFsaXplUHJvdG90eXBlQ2hhaW4oY2FsbEZyYW1lLCBiYXNlQ2VsbCk7 CiAgICAgICAgIEpTQ2VsbCogb3duZXIgPSBjb2RlQmxvY2stPm93bmVyRXhlY3V0YWJsZSgpOwog ICAgICAgICBKU0dsb2JhbERhdGEmIGdsb2JhbERhdGEgPSBjYWxsRnJhbWUtPmdsb2JhbERhdGEo KTsKKyAgICAgICAgLy8gR2V0IHRoZSBwcm90b3R5cGUgaGVyZSBiZWNhdXNlIHRoZSBjYWxsIHRv IHByb3RvdHlwZUNoYWluIGNvdWxkIGNhdXNlIGEgCisgICAgICAgIC8vIEdDIGFsbG9jYXRpb24s IHdoaWNoIHdlIGRvbid0IHdhbnQgdG8gaGFwcGVuIHdoaWxlIHdlJ3JlIGluIHRoZSBtaWRkbGUg b2YgCisgICAgICAgIC8vIGluaXRpYWxpemluZyB0aGUgdW5pb24uCisgICAgICAgIFN0cnVjdHVy ZUNoYWluKiBwcm90b3R5cGVDaGFpbiA9IHN0cnVjdHVyZS0+cHJvdG90eXBlQ2hhaW4oY2FsbEZy YW1lKTsKICAgICAgICAgdlBDWzBdID0gZ2V0T3Bjb2RlKG9wX3B1dF9ieV9pZF90cmFuc2l0aW9u KTsKICAgICAgICAgdlBDWzRdLnUuc3RydWN0dXJlLnNldChnbG9iYWxEYXRhLCBvd25lciwgc3Ry dWN0dXJlLT5wcmV2aW91c0lEKCkpOwogICAgICAgICB2UENbNV0udS5zdHJ1Y3R1cmUuc2V0KGds b2JhbERhdGEsIG93bmVyLCBzdHJ1Y3R1cmUpOwotICAgICAgICB2UENbNl0udS5zdHJ1Y3R1cmVD aGFpbi5zZXQoY2FsbEZyYW1lLT5nbG9iYWxEYXRhKCksIGNvZGVCbG9jay0+b3duZXJFeGVjdXRh YmxlKCksIHN0cnVjdHVyZS0+cHJvdG90eXBlQ2hhaW4oY2FsbEZyYW1lKSk7CisgICAgICAgIHZQ Q1s2XS51LnN0cnVjdHVyZUNoYWluLnNldChjYWxsRnJhbWUtPmdsb2JhbERhdGEoKSwgY29kZUJs b2NrLT5vd25lckV4ZWN1dGFibGUoKSwgcHJvdG90eXBlQ2hhaW4pOwogICAgICAgICBBU1NFUlQo dlBDWzZdLnUuc3RydWN0dXJlQ2hhaW4pOwogICAgICAgICB2UENbN10gPSBzbG90LmNhY2hlZE9m ZnNldCgpOwogICAgICAgICByZXR1cm47Cg==