Bug 156765

Summary: REGRESSION(r190289): Spin trying to view/sign in to hbogo.com
Product: WebKit Reporter: Michael Saboff <msaboff>
Component: JavaScriptCoreAssignee: Michael Saboff <msaboff>
Status: RESOLVED FIXED    
Severity: Normal CC: commit-queue, keith_miller, mark.lam, saam
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
URL: http://hbogo.com
Attachments:
Description Flags
Patch saam: review+

Description Michael Saboff 2016-04-19 15:39:30 PDT 
We appear to get into a deadlock.  Here is a backtrace from the debugger:

* thread #1: tid = 0x3684cc9, 0x00007fffa16d1db6 libsystem_kernel.dylib`__psynch_cvwait + 10, queue = 'com.apple.main-thread', stop reason = signal SIGSTOP
  * frame #0: 0x00007fffa16d1db6 libsystem_kernel.dylib`__psynch_cvwait + 10
    frame #1: 0x00007fff94d52728 libsystem_pthread.dylib`_pthread_cond_wait + 767
    frame #2: 0x00007fff9ec8e68f libc++.1.dylib`std::__1::condition_variable::wait(std::__1::unique_lock<std::__1::mutex>&) + 47
    frame #3: 0x0000000108c8102e JavaScriptCore`WTF::ParkingLot::parkConditionally(address=0x00000001153e1658, validation=function<bool ()> at 0x00007fff58873210, beforeSleep=function<void ()> at 0x00007fff588731e0, timeout=<unavailable>)>, std::__1::function<void ()>, std::__1::chrono::time_point<std::__1::chrono::steady_clock, std::__1::chrono::duration<long long, std::__1::ratio<1l, 1000000000l> > >) + 2398 at ParkingLot.cpp:570
    frame #4: 0x0000000108c79556 JavaScriptCore`WTF::LockBase::lockSlow() [inlined] bool WTF::ParkingLot::compareAndPark<unsigned char, int>(expected=3) + 54 at ParkingLot.h:65
    frame #5: 0x0000000108c79520 JavaScriptCore`WTF::LockBase::lockSlow(this=0x00000001153e1658) + 368 at Lock.cpp:76
    frame #6: 0x000000010846a201 JavaScriptCore`JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit(unsigned int) [inlined] WTF::LockBase::lock() + 23 at Lock.h:62
    frame #7: 0x000000010846a1ea JavaScriptCore`JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit(unsigned int) [inlined] WTF::Locker<WTF::LockBase>::lock() at Locker.h:55
    frame #8: 0x000000010846a1ea JavaScriptCore`JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit(unsigned int) [inlined] WTF::Locker<WTF::LockBase>::Locker(WTF::LockBase*) at Locker.h:39
    frame #9: 0x000000010846a1ea JavaScriptCore`JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit(unsigned int) [inlined] WTF::Locker<WTF::LockBase>::Locker(WTF::LockBase*) at Locker.h:39
    frame #10: 0x000000010846a1ea JavaScriptCore`JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit(unsigned int) [inlined] JSC::ConcurrentJITLockerBase::ConcurrentJITLockerBase(lockable=0x00000001153e1658) at ConcurrentJITLock.h:47
    frame #11: 0x000000010846a1ea JavaScriptCore`JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit(unsigned int) [inlined] JSC::ConcurrentJITLocker::ConcurrentJITLocker(lockable=0x00000001153e1658) at ConcurrentJITLock.h:106
    frame #12: 0x000000010846a1ea JavaScriptCore`JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit(unsigned int) [inlined] JSC::ConcurrentJITLocker::ConcurrentJITLocker(lockable=0x00000001153e1658) at ConcurrentJITLock.h:107
    frame #13: 0x000000010846a1ea JavaScriptCore`JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit(this=<unavailable>, bytecodeIndex=45) + 826 at DFGByteCodeParser.cpp:847
    frame #14: 0x0000000108449934 JavaScriptCore`JSC::DFG::ByteCodeParser::handleCall(int, JSC::DFG::NodeType, JSC::CallMode, unsigned int, JSC::DFG::Node*, int, int, JSC::CallLinkStatus) [inlined] JSC::DFG::ByteCodeParser::getPrediction(this=0x00007fff588747d8, bytecodeIndex=<unavailable>) + 8 at DFGByteCodeParser.cpp:856
    frame #15: 0x000000010844992c JavaScriptCore`JSC::DFG::ByteCodeParser::handleCall(int, JSC::DFG::NodeType, JSC::CallMode, unsigned int, JSC::DFG::Node*, int, int, JSC::CallLinkStatus) [inlined] JSC::DFG::ByteCodeParser::getPrediction(this=0x00007fff588747d8) + 5 at DFGByteCodeParser.cpp:874
    frame #16: 0x0000000108449927 JavaScriptCore`JSC::DFG::ByteCodeParser::handleCall(this=0x00007fff588747d8, result=-7, op=TailCall, callMode=<unavailable>, instructionSize=9, callTarget=0x0000000114762b90, argumentCountIncludingThis=2, registerOffset=-16, callLinkStatus=CallLinkStatus at 0x00007fff588733b8) + 199 at DFGByteCodeParser.cpp:1175
    frame #17: 0x00000001084497e5 JavaScriptCore`JSC::DFG::ByteCodeParser::handleCall(this=0x00007fff588747d8, result=-7, op=TailCall, callMode=Tail, instructionSize=9, callee=<unavailable>, argumentCountIncludingThis=<unavailable>, registerOffset=<unavailable>) + 277 at DFGByteCodeParser.cpp:1163
    frame #18: 0x0000000108459db0 JavaScriptCore`JSC::DFG::ByteCodeParser::parseBlock(unsigned int) [inlined] JSC::DFG::ByteCodeParser::handleCall(this=0x00007fff588747d8, pc=<unavailable>, op=TailCall, callMode=Tail) + 53 at DFGByteCodeParser.cpp:1148
    frame #19: 0x0000000108459d7b JavaScriptCore`JSC::DFG::ByteCodeParser::parseBlock(this=0x00007fff588747d8, limit=54) + 10555 at DFGByteCodeParser.cpp:4188
    frame #20: 0x0000000108465e6b JavaScriptCore`JSC::DFG::ByteCodeParser::parseCodeBlock(this=0x00007fff588747d8) + 1291 at DFGByteCodeParser.cpp:5094
    frame #21: 0x000000010844dd2c JavaScriptCore`bool JSC::DFG::ByteCodeParser::attemptToInlineCall<JSC::DFG::ByteCodeParser::handleInlining(JSC::DFG::Node*, int, JSC::CallLinkStatus const&, int, JSC::VirtualRegister, JSC::VirtualRegister, unsigned int, int, unsigned int, JSC::DFG::NodeType, JSC::InlineCallFrame::Kind, unsigned int)::$_0>(JSC::DFG::Node*, int, JSC::CallVariant, int, int, unsigned int, JSC::InlineCallFrame::Kind, JSC::DFG::ByteCodeParser::CallerLinkability, unsigned int, unsigned int&, JSC::DFG::ByteCodeParser::handleInlining(JSC::DFG::Node*, int, JSC::CallLinkStatus const&, int, JSC::VirtualRegister, JSC::VirtualRegister, unsigned int, int, unsigned int, JSC::DFG::NodeType, JSC::InlineCallFrame::Kind, unsigned int)::$_0 const&) [inlined] void JSC::DFG::ByteCodeParser::inlineCall<JSC::DFG::ByteCodeParser::handleInlining(JSC::DFG::Node*, int, JSC::CallLinkStatus const&, int, JSC::VirtualRegister, JSC::VirtualRegister, unsigned int, int, unsigned int, JSC::DFG::NodeType, JSC::InlineCallFrame::Kind, unsigned int)::$_0>(callee=<unavailable>, callerLinkability=CallerDoesNormalLinking)::$_0 const&) + 1721 at DFGByteCodeParser.cpp:1473
    frame #22: 0x000000010844d673 JavaScriptCore`bool JSC::DFG::ByteCodeParser::attemptToInlineCall<JSC::DFG::ByteCodeParser::handleInlining(JSC::DFG::Node*, int, JSC::CallLinkStatus const&, int, JSC::VirtualRegister, JSC::VirtualRegister, unsigned int, int, unsigned int, JSC::DFG::NodeType, JSC::InlineCallFrame::Kind, unsigned int)::$_0>(this=<unavailable>, callTargetNode=<unavailable>, resultOperand=<unavailable>, callee=<unavailable>, registerOffset=<unavailable>, argumentCountIncludingThis=<unavailable>, nextOffset=<unavailable>, kind=<unavailable>, callerLinkability=CallerDoesNormalLinking, prediction=<unavailable>, inliningBalance=<unavailable>, insertChecks=<unavailable>)::$_0 const&) + 6179 at DFGByteCodeParser.cpp:1637
    frame #23: 0x000000010844a0c8 JavaScriptCore`JSC::DFG::ByteCodeParser::handleInlining(this=0x00007fff588747d8, callTargetNode=<unavailable>, resultOperand=<unavailable>, callLinkStatus=0x00007fff58873f50, registerOffsetOrFirstFreeReg=-24, thisArgument=<unavailable>, argumentsArgument=<unavailable>, argumentsOffset=<unavailable>, argumentCountIncludingThis=<unavailable>, nextOffset=<unavailable>, callOp=<unavailable>, kind=<unavailable>, prediction=<unavailable>) + 936 at DFGByteCodeParser.cpp:1707
    frame #24: 0x0000000108449b98 JavaScriptCore`JSC::DFG::ByteCodeParser::handleCall(this=0x00007fff588747d8, result=-10, op=Call, kind=GetterCall, instructionSize=<unavailable>, callTarget=0x0000000114761870, argumentCountIncludingThis=1, registerOffset=-24, callLinkStatus=<unavailable>, prediction=<unavailable>) + 312 at DFGByteCodeParser.cpp:1213
    frame #25: 0x0000000108455652 JavaScriptCore`JSC::DFG::ByteCodeParser::handleGetById(this=0x00007fff588747d8, destinationOperand=-10, prediction=1, base=<unavailable>, identifierNumber=<unavailable>, getByIdStatus=<unavailable>, type=<unavailable>) + 3234 at DFGByteCodeParser.cpp:3043
    frame #26: 0x000000010845f857 JavaScriptCore`JSC::DFG::ByteCodeParser::parseBlock(this=0x00007fff588747d8, limit=62) + 33815 at DFGByteCodeParser.cpp:3807
    frame #27: 0x0000000108465e6b JavaScriptCore`JSC::DFG::ByteCodeParser::parseCodeBlock(this=0x00007fff588747d8) + 1291 at DFGByteCodeParser.cpp:5094
    frame #28: 0x00000001084661e7 JavaScriptCore`JSC::DFG::ByteCodeParser::parse(this=0x00007fff588747d8) + 263 at DFGByteCodeParser.cpp:5144
    frame #29: 0x0000000108466469 JavaScriptCore`JSC::DFG::parse(graph=0x00007fff58874ea0) + 425 at DFGByteCodeParser.cpp:5168
    frame #30: 0x000000010858dd90 JavaScriptCore`JSC::DFG::Plan::compileInThreadImpl(this=0x0000000112931080, longLivedState=<unavailable>) + 256 at DFGPlan.cpp:239
    frame #31: 0x000000010858d951 JavaScriptCore`JSC::DFG::Plan::compileInThread(this=0x0000000112931080, longLivedState=0x00000001123b68e0, threadData=<unavailable>) + 577 at DFGPlan.cpp:182
    frame #32: 0x00000001084d3e04 JavaScriptCore`JSC::DFG::compile(JSC::VM&, JSC::CodeBlock*, JSC::CodeBlock*, JSC::DFG::CompilationMode, unsigned int, JSC::Operands<JSC::JSValue, JSC::OperandValueTraits<JSC::JSValue> > const&, WTF::PassRefPtr<JSC::DeferredCompilationCallback>) [inlined] JSC::DFG::compileImpl(profiledDFGCodeBlock=0x0000000000000000, osrEntryBytecodeIndex=0, mustHandleValues=0x00007fff58875488, callback=PassRefPtr<JSC::DeferredCompilationCallback> at scalar(0x0000000000000000)) + 182 at DFGDriver.cpp:99
    frame #33: 0x00000001084d3d4e JavaScriptCore`JSC::DFG::compile(vm=0x0000000114605000, codeBlock=0x0000000119e74ba0, profiledDFGCodeBlock=0x0000000000000000, mode=<unavailable>, osrEntryBytecodeIndex=0, mustHandleValues=0x00007fff58875488, passedCallback=PassRefPtr<JSC::DeferredCompilationCallback> at 0x00007fff58875478) + 910 at DFGDriver.cpp:117
    frame #34: 0x000000010885b7b2 JavaScriptCore`::operationOptimize(exec=0x00007fff58875620, bytecodeIndex=0) + 1650 at JITOperations.cpp:1365
    frame #35: 0x00003d00e85c9244
    frame #36: 0x00003d00e85bb133
    frame #37: 0x00003d00e85ba4d7
    frame #38: 0x00003d00e85b75db
Comment 1 Michael Saboff 2016-04-19 15:40:19 PDT 
<rdar://problem/25394203>
Comment 2 Michael Saboff 2016-04-20 12:32:03 PDT 
Created attachment 276844 [details]
Patch
Comment 3 Michael Saboff 2016-04-20 13:31:00 PDT 
Committed r199783: <http://trac.webkit.org/changeset/199783>