Bug 157915

Summary: Modern IDB: Crash/ASSERT in random IDB tests in IDBDatabaseIdentifier::hash
Product: WebKit Reporter: Brady Eidson <beidson>
Component: WebCore Misc.Assignee: Nobody <webkit-unassigned>
Status: RESOLVED DUPLICATE    
Severity: Normal CC: ap
Priority: P2    
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 149117, 154968    

Description Brady Eidson 2016-05-19 13:10:59 PDT 
Modern IDB: Crash/ASSERT in random IDB tests in IDBDatabaseIdentifier::hash

Example at https://build.webkit.org/results/Apple%20Yosemite%20Release%20WK1%20(Tests)/r201174%20(14824)/storage/websql/database-lock-after-reload-crash-log.txt

This has been happening since yesterday and is almost certainly caused by http://trac.webkit.org/changeset/201081 or http://trac.webkit.org/changeset/201098

What's happening is that a IDBDatabaseIdentifier that has null databaseName/origin/mainFrameOrigins is being asked to hash.

StringHash can't hash a String without a StringImpl.

I could change IDBDatabaseIdentifier::hash to null check things first, but it actually should *not* ever come up in practice.

Another weird, weird thing about these IDBDatabaseIdentifiers, at least each time I've caught this in the debugger: The opening origin has a port of -2 and the mainFrame origin has a port of -3.

If it were -1,-1 then it would obviously be the deletedValue object.
If it were -2,-2 then it would obviously be the empty IDBDatabaseIdentifier() object.

-2,-3 should never exist.
Comment 1 Brady Eidson 2016-05-19 13:15:20 PDT 
Will be trying with guardmalloc soon.

For posterity, I can reproduce this, though not *quickly*, with:
run-webkit-tests -1 storage/indexeddb imported/w3c/web-platform-tests/IndexedDB --child-processes=1
Comment 2 Brady Eidson 2016-05-19 13:43:26 PDT 
This might be related to a general problem with guardmalloc enabled that I'm exploring elsewhere.
Comment 3 Brady Eidson 2016-05-19 14:59:45 PDT 
Once I fixed the cause of https://bugs.webkit.org/show_bug.cgi?id=157917, this went away.

Reverse duping.
Comment 4 Brady Eidson 2016-05-19 14:59:56 PDT 

*** This bug has been marked as a duplicate of bug 157917 ***