Bug 146478
| Summary: | Crash at WebCore::MemoryCache::remove(WebCore::CachedResource&) | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Chris Dumez <cdumez> |
| Component: | WebCore Misc. | Assignee: | Chris Dumez <cdumez> |
| Status: | ASSIGNED | ||
| Severity: | Normal | CC: | ap, simon.fraser |
| Priority: | P2 | ||
| Version: | 528+ (Nightly build) | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
Chris Dumez
Flaky crash on webgl/1.0.2/conformance/ogles/GL/floor/floor_001_to_006.html:
Time Awake Since Boot: 820000 seconds
Crashed Thread: 0 Dispatch queue: com.apple.main-thread
Exception Type: EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000004
VM Regions Near 0x4:
-->
__TEXT 000000010d9f8000-000000010da96000 [ 632K] r-x/rwx SM=COW /Volumes/VOLUME/*
Application Specific Information:
CRASHING TEST: webgl/1.0.2/conformance/ogles/GL/floor/floor_001_to_006.html
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 com.apple.JavaScriptCore 0x000000010dd8640c WTF::StringImpl::length() const + 12
1 com.apple.JavaScriptCore 0x000000010e82d8e9 bool WTF::equalCommon<WTF::StringImpl, WTF::StringImpl>(WTF::StringImpl const&, WTF::StringImpl const&) + 25
2 com.apple.JavaScriptCore 0x000000010e8290dd WTF::equal(WTF::StringImpl const&, WTF::StringImpl const&) + 29
3 com.apple.WebCore 0x000000011288508d WTF::StringHash::equal(WTF::StringImpl const*, WTF::StringImpl const*) + 29 (StringHash.h:48)
4 com.apple.WebCore 0x0000000112885062 WTF::StringHash::equal(WTF::String const&, WTF::String const&) + 50 (StringHash.h:68)
5 com.apple.WebCore 0x0000000112b6e882 WebCore::URLHash::equal(WebCore::URL const&, WebCore::URL const&) + 50 (URLHash.h:43)
6 com.apple.WebCore 0x0000000113dd091d WTF::PairHash<WebCore::URL, WTF::String>::equal(std::__1::pair<WebCore::URL, WTF::String> const&, std::__1::pair<WebCore::URL, WTF::String> const&) + 29 (HashFunctions.h:163)
7 com.apple.WebCore 0x0000000113dd08ed bool WTF::IdentityHashTranslator<WTF::PairHash<WebCore::URL, WTF::String> >::equal<std::__1::pair<WebCore::URL, WTF::String>, std::__1::pair<WebCore::URL, WTF::String> >(std::__1::pair<WebCore::URL, WTF::String> const&, std::__1::pair<WebCore::URL, WTF::String> const&) + 29 (HashTable.h:282)
8 com.apple.WebCore 0x0000000113dd081c WTF::KeyValuePair<std::__1::pair<WebCore::URL, WTF::String>, WebCore::CachedResource*>* WTF::HashTable<std::__1::pair<WebCore::URL, WTF::String>, WTF::KeyValuePair<std::__1::pair<WebCore::URL, WTF::String>, WebCore::CachedResource*>, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<std::__1::pair<WebCore::URL, WTF::String>, WebCore::CachedResource*> >, WTF::PairHash<WebCore::URL, WTF::String>, WTF::HashMap<std::__1::pair<WebCore::URL, WTF::String>, WebCore::CachedResource*, WTF::PairHash<WebCore::URL, WTF::String>, WTF::HashTraits<std::__1::pair<WebCore::URL, WTF::String> >, WTF::HashTraits<WebCore::CachedResource*> >::KeyValuePairTraits, WTF::HashTraits<std::__1::pair<WebCore::URL, WTF::String> > >::lookup<WTF::IdentityHashTranslator<WTF::PairHash<WebCore::URL, WTF::String> >, std::__1::pair<WebCore::URL, WTF::String> >(std::__1::pair<WebCore::URL, WTF::String> const&) + 220 (HashTable.h:624)
9 com.apple.WebCore 0x0000000113dd06ff WTF::HashTableIterator<std::__1::pair<WebCore::URL, WTF::String>, WTF::KeyValuePair<std::__1::pair<WebCore::URL, WTF::String>, WebCore::CachedResource*>, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<std::__1::pair<WebCore::URL, WTF::String>, WebCore::CachedResource*> >, WTF::PairHash<WebCore::URL, WTF::String>, WTF::HashMap<std::__1::pair<WebCore::URL, WTF::String>, WebCore::CachedResource*, WTF::PairHash<WebCore::URL, WTF::String>, WTF::HashTraits<std::__1::pair<WebCore::URL, WTF::String> >, WTF::HashTraits<WebCore::CachedResource*> >::KeyValuePairTraits, WTF::HashTraits<std::__1::pair<WebCore::URL, WTF::String> > > WTF::HashTable<std::__1::pair<WebCore::URL, WTF::String>, WTF::KeyValuePair<std::__1::pair<WebCore::URL, WTF::String>, WebCore::CachedResource*>, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<std::__1::pair<WebCore::URL, WTF::String>, WebCore::CachedResource*> >, WTF::PairHash<WebCore::URL, WTF::String>, WTF::HashMap<std::__1::pair<WebCore::URL, WTF::String>, WebCore::CachedResource*, WTF::PairHash<WebCore::URL, WTF::String>, WTF::HashTraits<std::__1::pair<WebCore::URL, WTF::String> >, WTF::HashTraits<WebCore::CachedResource*> >::KeyValuePairTraits, WTF::HashTraits<std::__1::pair<WebCore::URL, WTF::String> > >::find<WTF::IdentityHashTranslator<WTF::PairHash<WebCore::URL, WTF::String> >, std::__1::pair<WebCore::URL, WTF::String> >(std::__1::pair<WebCore::URL, WTF::String> const&) + 79 (HashTable.h:939)
10 com.apple.WebCore 0x0000000113dd06a4 WTF::HashTable<std::__1::pair<WebCore::URL, WTF::String>, WTF::KeyValuePair<std::__1::pair<WebCore::URL, WTF::String>, WebCore::CachedResource*>, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<std::__1::pair<WebCore::URL, WTF::String>, WebCore::CachedResource*> >, WTF::PairHash<WebCore::URL, WTF::String>, WTF::HashMap<std::__1::pair<WebCore::URL, WTF::String>, WebCore::CachedResource*, WTF::PairHash<WebCore::URL, WTF::String>, WTF::HashTraits<std::__1::pair<WebCore::URL, WTF::String> >, WTF::HashTraits<WebCore::CachedResource*> >::KeyValuePairTraits, WTF::HashTraits<std::__1::pair<WebCore::URL, WTF::String> > >::find(std::__1::pair<WebCore::URL, WTF::String> const&) + 36 (HashTable.h:387)
11 com.apple.WebCore 0x0000000113dd065f WTF::HashMap<std::__1::pair<WebCore::URL, WTF::String>, WebCore::CachedResource*, WTF::PairHash<WebCore::URL, WTF::String>, WTF::HashTraits<std::__1::pair<WebCore::URL, WTF::String> >, WTF::HashTraits<WebCore::CachedResource*> >::find(std::__1::pair<WebCore::URL, WTF::String> const&) + 47 (HashMap.h:242)
12 com.apple.WebCore 0x0000000113dca988 WTF::HashMap<std::__1::pair<WebCore::URL, WTF::String>, WebCore::CachedResource*, WTF::PairHash<WebCore::URL, WTF::String>, WTF::HashTraits<std::__1::pair<WebCore::URL, WTF::String> >, WTF::HashTraits<WebCore::CachedResource*> >::remove(std::__1::pair<WebCore::URL, WTF::String> const&) + 40 (HashMap.h:377)
13 com.apple.WebCore 0x0000000113dc544d WebCore::MemoryCache::remove(WebCore::CachedResource&) + 413 (MemoryCache.cpp:435)
14 com.apple.WebCore 0x0000000113dc6a95 WebCore::MemoryCache::pruneDeadResourcesToSize(unsigned int) + 1221 (MemoryCache.cpp:395)
15 com.apple.WebCore 0x0000000113dc65ca WebCore::MemoryCache::pruneDeadResources() + 106 (MemoryCache.cpp:338)
16 com.apple.WebCore 0x0000000113dc6cef WebCore::MemoryCache::prune() + 47 (MemoryCache.cpp:758)
17 com.apple.WebCore 0x0000000113dc4725 WebCore::MemoryCache::pruneTimerFired() + 21 (MemoryCache.cpp:765)
18 com.apple.WebCore 0x0000000113dd3db3 std::__1::__function::__func<std::__1::__bind<void (WebCore::MemoryCache::*&)(), WebCore::MemoryCache*>, std::__1::allocator<std::__1::__bind<void (WebCore::MemoryCache::*&)(), WebCore::MemoryCache*> >, void ()>::operator()() + 259 (functional:1370)
19 com.apple.WebCore 0x0000000112841aca std::__1::function<void ()>::operator()() const + 26 (functional:1756)
20 com.apple.WebCore 0x0000000112841a7c WebCore::Timer::fired() + 28 (Timer.h:134)
21 com.apple.WebCore 0x00000001147c5b6e WebCore::ThreadTimers::sharedTimerFiredInternal() + 398 (ThreadTimers.cpp:135)
22 com.apple.WebCore 0x00000001147c5829 WebCore::ThreadTimers::sharedTimerFired() + 25 (ThreadTimers.cpp:108)
23 com.apple.WebCore 0x00000001144773b2 WebCore::timerFired(__CFRunLoopTimer*, void*) + 34 (SharedTimerCF.cpp:82)
24 com.apple.CoreFoundation 0x00007fff961172e4 __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 20
25 com.apple.CoreFoundation 0x00007fff96116f73 __CFRunLoopDoTimer + 1059
26 com.apple.CoreFoundation 0x00007fff9618a53d __CFRunLoopDoTimers + 301
27 com.apple.CoreFoundation 0x00007fff960d2608 __CFRunLoopRun + 2024
28 com.apple.CoreFoundation 0x00007fff960d1bd8 CFRunLoopRunSpecific + 296
29 DumpRenderTree 0x000000010da16818 runTest(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&) + 6536 (DumpRenderTree.mm:2012)
30 DumpRenderTree 0x000000010da14e2a runTestingServerLoop() + 330 (DumpRenderTree.mm:1176)
31 DumpRenderTree 0x000000010da143a0 dumpRenderTree(int, char const**) + 448 (DumpRenderTree.mm:1285)
32 DumpRenderTree 0x000000010da1710d DumpRenderTreeMain(int, char const**) + 125 (DumpRenderTree.mm:1420)
33 DumpRenderTree 0x000000010da6c722 main + 34 (DumpRenderTreeMain.mm:30)
34 libdyld.dylib 0x00007fff9ab6d5c9 start + 1
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Alexey Proskuryakov
Is webgl/1.0.2/conformance/ogles/GL/floor/floor_001_to_006.html the culprit, or is it some other test that leaves the cache in a broken state?
Chris Dumez
This is a crash when pruning the memory cache it is likely unrelated to this particular test. It looks like we have a bug in the memory cache implementation.