Bug 158687

Summary: Stack overflow at RefPtr::release on Windows port since r201782
Product: WebKit Reporter: Fujii Hironori <Hironori.Fujii>
Component: Web Template FrameworkAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: achristensen, aestes, andersca, ap, beidson, benjamin, bfulgham, cdumez, cmarcelo, commit-queue, darin, krollin, pvollan, rniwa, youennf
Priority: P2    
Version: WebKit Nightly Build   
Hardware: PC   
OS: Windows 10   
See Also: https://bugs.webkit.org/show_bug.cgi?id=157596
Attachments:
Description Flags
Patch none

Description Fujii Hironori 2016-06-13 02:54:49 PDT 
[Win] Stack overflow at RefPtr::release

trunk@201986 AppleWin Debug (CMake) build

When starting MiniBrowser, following dialog will be shown:

> Unhandled exception at 0x100694E0 (WebKit.dll) in MiniBrowser.exe: 0xC00000FD: Stack overflow (parameters: 0x00000001, 0x00092FFC).

Callstack:

> 	WebKit.dll!WTF::RefPtr<WTF::StringImpl>::RefPtr<WTF::StringImpl>(WTF::StringImpl * ptr, WTF::RefPtr<WTF::StringImpl>::AdoptTag __formal) Line 108	C++
>  	WebKit.dll!WTF::adoptRef<WTF::StringImpl>(WTF::StringImpl * p) Line 243	C++
>  	WebKit.dll!WTF::RefPtr<WTF::StringImpl>::release() Line 69	C++
>  	WebKit.dll!WTF::RefPtr<WTF::StringImpl>::RefPtr<WTF::StringImpl>(WTF::RefPtr<WTF::StringImpl> && o) Line 52	C++
>  	WebKit.dll!WTF::RefPtr<WTF::StringImpl>::release() Line 69	C++
>  	WebKit.dll!WTF::RefPtr<WTF::StringImpl>::RefPtr<WTF::StringImpl>(WTF::RefPtr<WTF::StringImpl> && o) Line 52	C++
>  	WebKit.dll!WTF::RefPtr<WTF::StringImpl>::release() Line 69	C++
>  	WebKit.dll!WTF::RefPtr<WTF::StringImpl>::RefPtr<WTF::StringImpl>(WTF::RefPtr<WTF::StringImpl> && o) Line 52	C++
>  	WebKit.dll!WTF::RefPtr<WTF::StringImpl>::release() Line 69	C++
>  	WebKit.dll!WTF::RefPtr<WTF::StringImpl>::RefPtr<WTF::StringImpl>(WTF::RefPtr<WTF::StringImpl> && o) Line 52	C++
(...)
>  	WebKit.dll!WTF::RefPtr<WTF::StringImpl>::release() Line 69	C++
>  	WebKit.dll!WTF::RefPtr<WTF::StringImpl>::RefPtr<WTF::StringImpl>(WTF::RefPtr<WTF::StringImpl> && o) Line 52	C++
>  	WebKit.dll!WTF::RefPtr<WTF::StringImpl>::release() Line 69	C++
>  	WebKit.dll!WTF::RefPtr<WTF::StringImpl>::RefPtr<WTF::StringImpl>(WTF::RefPtr<WTF::StringImpl> && o) Line 52	C++
>  	WebKit.dll!WTF::RefPtr<WTF::StringImpl>::release() Line 69	C++
>  	WebKit.dll!WTF::RefPtr<WTF::StringImpl>::RefPtr<WTF::StringImpl>(WTF::RefPtr<WTF::StringImpl> && o) Line 52	C++
>  	WebKit.dll!WTF::RefPtr<WTF::StringImpl>::release() Line 69	C++
>  	WebKit.dll!WTF::RefPtr<WTF::StringImpl>::RefPtr<WTF::StringImpl>(WTF::RefPtr<WTF::StringImpl> && o) Line 52	C++
>  	The maximum number of stack frames supported by Visual Studio has been exceeded.
Comment 1 Fujii Hironori 2016-06-13 02:57:53 PDT 
Another callstack by stoping with a breakpoint:

> WebKit.dll!WTF::RefPtr<WTF::StringImpl>::RefPtr<WTF::StringImpl>(WTF::RefPtr<WTF::StringImpl> && o) Line 52	C++
> WebKit.dll!WTF::RefPtr<WTF::StringImpl>::release() Line 69	C++
> WebKit.dll!WTF::RefPtr<WTF::StringImpl>::RefPtr<WTF::StringImpl>(WTF::RefPtr<WTF::StringImpl> && o) Line 52	C++
> WebKit.dll!WTF::RefPtr<WTF::StringImpl>::release() Line 69	C++
> WebKit.dll!WTF::RefPtr<WTF::StringImpl>::RefPtr<WTF::StringImpl>(WTF::RefPtr<WTF::StringImpl> && o) Line 52	C++
> WebKit.dll!WTF::RefPtr<WTF::StringImpl>::release() Line 69	C++
> WebKit.dll!WTF::RefPtr<WTF::StringImpl>::RefPtr<WTF::StringImpl>(WTF::RefPtr<WTF::StringImpl> && o) Line 52	C++
> WebKit.dll!WTF::RefPtr<WTF::StringImpl>::release() Line 69	C++
> WebKit.dll!WTF::RefPtr<WTF::StringImpl>::RefPtr<WTF::StringImpl>(WTF::RefPtr<WTF::StringImpl> && o) Line 52	C++
> WebKit.dll!WTF::RefPtr<WTF::StringImpl>::release() Line 69	C++
> WebKit.dll!WTF::RefPtr<WTF::StringImpl>::RefPtr<WTF::StringImpl>(WTF::RefPtr<WTF::StringImpl> && o) Line 52	C++
> WebKit.dll!WTF::RefPtr<WTF::StringImpl>::operator=(WTF::RefPtr<WTF::StringImpl> && o) Line 173	C++
> WebKit.dll!WTF::String::operator=(WTF::String && other) Line 134	C++
> WebKit.dll!WTF::HashMapTranslator<WTF::HashMap<WTF::String,unsigned int,WTF::StringHash,WTF::HashTraits<WTF::String>,WTF::HashTraits<unsigned int> >::KeyValuePairTraits,WTF::StringHash>::translate<WTF::KeyValuePair<WTF::String,unsigned int>,WTF::String,int>(WTF::KeyValuePair<WTF::String,unsigned int> & location, WTF::String && key, int && mapped) Line 185	C++
> WebKit.dll!WTF::HashTable<WTF::String,WTF::KeyValuePair<WTF::String,unsigned int>,WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<WTF::String,unsigned int> >,WTF::StringHash,WTF::HashMap<WTF::String,unsigned int,WTF::StringHash,WTF::HashTraits<WTF::String>,WTF::HashTraits<unsigned int> >::KeyValuePairTraits,WTF::HashTraits<WTF::String> >::add<WTF::HashMapTranslator<WTF::HashMap<WTF::String,unsigned int,WTF::StringHash,WTF::HashTraits<WTF::String>,WTF::HashTraits<unsigned int> >::KeyValuePairTraits,WTF::StringHash>,WTF::String,int>(WTF::String && key, int && extra) Line 932	C++
> WebKit.dll!WTF::HashMap<WTF::String,unsigned int,WTF::StringHash,WTF::HashTraits<WTF::String>,WTF::HashTraits<unsigned int> >::inlineAdd<WTF::String,int>(WTF::String && key, int && value) Line 316	C++
> WebKit.dll!WTF::HashMap<WTF::String,unsigned int,WTF::StringHash,WTF::HashTraits<WTF::String>,WTF::HashTraits<unsigned int> >::add<int>(WTF::String && key, int && mapped) Line 358	C++
> WebKit.dll!WTF::HashCountedSet<WTF::String,WTF::StringHash,WTF::HashTraits<WTF::String> >::add(WTF::String && value) Line 194	C++
> WebKit.dll!WebKitClassFactory::WebKitClassFactory(_GUID targetClass) Line 71	C++
> WebKit.dll!DllGetClassObject(const _GUID & rclsid, const _GUID & riid, void * * ppv) Line 105	C++
> WebKit.dll!classFactory(const _GUID & clsid) Line 61	C++
> WebKit.dll!WebKitCreateInstance(const _GUID & rclsid, IUnknown * pUnkOuter, const _GUID & riid, void * * ppvObject) Line 72	C++
> MiniBrowserLib.dll!MiniBrowser::seedInitialDefaultPreferences() Line 171	C++
> MiniBrowserLib.dll!wWinMain(HINSTANCE__ * hInstance, HINSTANCE__ * hPrevInstance, wchar_t * lpstrCmdLine, int nCmdShow) Line 117	C++
> MiniBrowserLib.dll!dllLauncherEntryPoint(HINSTANCE__ * hInstance, HINSTANCE__ * hPrevInstance, wchar_t * lpstrCmdLine, int nCmdShow) Line 857	C++
> MiniBrowser.exe!wWinMain(HINSTANCE__ * hInstance, HINSTANCE__ * hPrevInstance, wchar_t * lpstrCmdLine, int nCmdShow) Line 249	C++
> [External Code]	
> [Frames below may be incorrect and/or missing, no symbols loaded for kernel32.dll]
Comment 2 Fujii Hironori 2016-06-13 04:30:08 PDT 
Created attachment 281165 [details]
Patch
Comment 3 Brent Fulgham 2016-06-13 08:29:56 PDT 
This seems like it should be affecting all ports, not just Windows. I wonder why we don't see it elsewhere?
Comment 4 Keith Rollin 2016-06-13 08:45:13 PDT 
Yeah, I wondered that, too. It may have to do with how the compiler handles optimizing the assigning of the result of adoptRef() to "tmp" in release(). If it uses the move constructor, then we have the recursion problem. If it uses the "construct the result in the caller-provided variable" optimization, then we won't.

So I can see how different compilers could have different results. What I'm wondering is why we're only seeing it in MiniBrowser and not all over the place on Windows.
Comment 5 Chris Dumez 2016-06-13 09:02:48 PDT 
Comment on attachment 281165 [details]
Patch

R=me
Comment 6 WebKit Commit Bot 2016-06-13 09:26:14 PDT 
Comment on attachment 281165 [details]
Patch

Clearing flags on attachment: 281165

Committed r201991: <http://trac.webkit.org/changeset/201991>
Comment 7 WebKit Commit Bot 2016-06-13 09:26:21 PDT 
All reviewed patches have been landed.  Closing bug.
Comment 8 Fujii Hironori 2016-06-13 18:54:18 PDT 
Release build has no problem.

All programs (MiniBrowser DumpRenderTree, TestWTF, TestWebKit, jsc, testapi, testRegExp) of Debug build have the problem.