Bug 165871

Summary:

The stress GC bot crashes in JavaScriptCore beneath ShadowChicken::update and Inspector::jsToInspectorValue

Product:

WebKit

Reporter:

Michael Saboff <msaboff>

Component:

JavaScriptCore

Assignee:

Michael Saboff <msaboff>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

commit-queue, keith_miller, mark.lam, saam

Priority:

Keywords:

InRadar

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
Patch	mark.lam: review+

Michael Saboff

Reported 2016-12-14 14:38:42 PST

The test LayoutTests/inspector/worker/debugger-multiple-targets-pause.html is usually the one that crashes. It crashes with one of two backtraces. Usual backtrace: Thread 16 Crashed:: WebCore: Worker 0 com.apple.JavaScriptCore 0x0000000100b3aca5 JSC::JSCell::classInfo() const + 69 1 com.apple.JavaScriptCore 0x0000000100b3ac39 JSC::JSCell::inherits(JSC::ClassInfo const*) const + 25 2 com.apple.JavaScriptCore 0x0000000100f15113 JSC::JSScope* JSC::jsCast<JSC::JSScope*, JSC::JSCell>(JSC::JSCell*) + 51 3 com.apple.JavaScriptCore 0x0000000100f1166d JSC::Register::scope() const + 29 4 com.apple.JavaScriptCore 0x0000000100f5a64e JSC::ExecState::scope(int) const + 46 5 com.apple.JavaScriptCore 0x000000010185bd7c JSC::ShadowChicken::update(JSC::VM&, JSC::ExecState*)::$_1::operator()(JSC::StackVisitor&) const + 380 6 com.apple.JavaScriptCore 0x000000010185b41a void JSC::StackVisitor::visit<JSC::ShadowChicken::update(JSC::VM&, JSC::ExecState*)::$_1>(JSC::ExecState*, JSC::ShadowChicken::update(JSC::VM&, JSC::ExecState*)::$_1 const&) + 74 7 com.apple.JavaScriptCore 0x000000010185b008 JSC::ShadowChicken::update(JSC::VM&, JSC::ExecState*) + 1832 8 com.apple.JavaScriptCore 0x000000010185a8a0 JSC::ShadowChicken::log(JSC::VM&, JSC::ExecState*, JSC::ShadowChicken::Packet const&) + 48 9 com.apple.JavaScriptCore 0x0000000101702593 JSC::genericUnwind(JSC::VM*, JSC::ExecState*, JSC::UnwindStart) + 403 10 com.apple.JavaScriptCore 0x00000001017027bf JSC::genericUnwind(JSC::VM*, JSC::ExecState*) + 31 11 com.apple.JavaScriptCore 0x0000000101917362 llint_slow_path_handle_exception + 146 12 com.apple.JavaScriptCore 0x00000001019219e5 llint_entry + 19297 13 com.apple.JavaScriptCore 0x000000010192432b llint_entry + 29863 14 com.apple.JavaScriptCore 0x000000010192432b llint_entry + 29863 15 com.apple.JavaScriptCore 0x000000010192432b llint_entry + 29863 16 com.apple.JavaScriptCore 0x000000010192469c llint_entry + 30744 17 com.apple.JavaScriptCore 0x000000010192432b llint_entry + 29863 18 com.apple.JavaScriptCore 0x000000010192469c llint_entry + 30744 19 com.apple.JavaScriptCore 0x000000010191cc6e vmEntryToJavaScript + 334 20 com.apple.JavaScriptCore 0x00000001016feafc JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) + 332 21 com.apple.JavaScriptCore 0x0000000101676c6f JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 1231 22 com.apple.JavaScriptCore 0x0000000100e452ee JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 190 23 com.apple.JavaScriptCore 0x0000000100e453c9 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) + 201 24 com.apple.WebCore 0x000000010cfb61da WebCore::functionCallHandlerFromAnyThread(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) + 170 25 com.apple.JavaScriptCore 0x0000000101b6f1b8 Deprecated::ScriptFunctionCall::call(bool&) + 632 26 com.apple.JavaScriptCore 0x00000001015b6005 Inspector::InjectedScriptBase::callFunctionWithEvalEnabled(Deprecated::ScriptFunctionCall&, bool&) const + 69 27 com.apple.JavaScriptCore 0x00000001015b2fc6 Inspector::InjectedScript::wrapCallFrames(JSC::JSValue) const + 310 28 com.apple.JavaScriptCore 0x000000010162818b Inspector::InspectorDebuggerAgent::currentCallFrames(Inspector::InjectedScript const&) + 187 29 com.apple.JavaScriptCore 0x000000010162915c Inspector::InspectorDebuggerAgent::didPause(JSC::ExecState&, JSC::JSValue, JSC::JSValue) + 972 30 com.apple.JavaScriptCore 0x000000010162936f non-virtual thunk to Inspector::InspectorDebuggerAgent::didPause(JSC::ExecState&, JSC::JSValue, JSC::JSValue) + 63 31 com.apple.JavaScriptCore 0x0000000101b67643 Inspector::ScriptDebugServer::dispatchDidPause(Inspector::ScriptDebugListener*) + 307 32 com.apple.JavaScriptCore 0x0000000101b67f05 Inspector::ScriptDebugServer::dispatchFunctionToListeners(WTF::HashSet<Inspector::ScriptDebugListener*, WTF::PtrHash<Inspector::ScriptDebugListener*>, WTF::HashTraits<Inspector::ScriptDebugListener*> > const&, void (Inspector::ScriptDebugServer::*)(Inspector::ScriptDebugListener*)) + 229 33 com.apple.JavaScriptCore 0x0000000101b67e0a Inspector::ScriptDebugServer::dispatchFunctionToListeners(void (Inspector::ScriptDebugServer::*)(Inspector::ScriptDebugListener*)) + 170 34 com.apple.JavaScriptCore 0x0000000101b68219 Inspector::ScriptDebugServer::handlePause(JSC::JSGlobalObject*, JSC::Debugger::ReasonForPause) + 73 35 com.apple.JavaScriptCore 0x0000000100f426f5 JSC::Debugger::pauseIfNeeded(JSC::ExecState*) + 853 36 com.apple.JavaScriptCore 0x0000000100f429d4 JSC::Debugger::updateCallFrame(JSC::ExecState*, JSC::Debugger::CallFrameUpdateAction) + 100 37 com.apple.JavaScriptCore 0x0000000100f4316f JSC::Debugger::didReachBreakpoint(JSC::ExecState*) + 111 38 com.apple.JavaScriptCore 0x0000000101677f57 JSC::Interpreter::debug(JSC::ExecState*, JSC::DebugHookType) + 487 39 com.apple.JavaScriptCore 0x0000000101917203 llint_slow_path_debug + 211 40 com.apple.JavaScriptCore 0x0000000101924e5c llint_entry + 32728 41 com.apple.JavaScriptCore 0x00000001019243a5 llint_entry + 29985 42 com.apple.JavaScriptCore 0x000000010191cc6e vmEntryToJavaScript + 334 43 com.apple.JavaScriptCore 0x00000001016feafc JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) + 332 44 com.apple.JavaScriptCore 0x0000000101676c6f JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 1231 45 com.apple.JavaScriptCore 0x0000000100e452ee JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 190 46 com.apple.JavaScriptCore 0x0000000100e453c9 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) + 201 47 com.apple.JavaScriptCore 0x0000000100e455cd JSC::profiledCall(JSC::ExecState*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) + 125 48 com.apple.WebCore 0x000000010ddd0608 WebCore::ScheduledAction::executeFunctionInContext(JSC::JSGlobalObject*, JSC::JSValue, WebCore::ScriptExecutionContext&) + 728 49 com.apple.WebCore 0x000000010ddd02ad WebCore::ScheduledAction::execute(WebCore::WorkerGlobalScope&) + 221 50 com.apple.WebCore 0x000000010ddd003d WebCore::ScheduledAction::execute(WebCore::ScriptExecutionContext&) + 93 51 com.apple.WebCore 0x000000010c15a88e WebCore::DOMTimer::fired() + 990 52 com.apple.WebCore 0x000000010e2bb8fa WebCore::ThreadTimers::sharedTimerFiredInternal() + 394 53 com.apple.WebCore 0x000000010e2bcb41 WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0::operator()() const + 33 54 com.apple.WebCore 0x000000010e2bcb0d void std::__1::__invoke_void_return_wrapper<void>::__call<WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0&>(WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0&&&) + 45 55 com.apple.WebCore 0x000000010e2bcaac std::__1::__function::__func<WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0, std::__1::allocator<WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0>, void ()>::operator()() + 44 56 com.apple.WebCore 0x000000010b956c5a std::__1::function<void ()>::operator()() const + 26 57 com.apple.WebCore 0x000000010e574c6c WebCore::WorkerSharedTimer::fire() + 28 58 com.apple.WebCore 0x000000010e57372a WebCore::WorkerRunLoop::runInMode(WebCore::WorkerGlobalScope*, WebCore::ModePredicate const&, WebCore::WorkerRunLoop::WaitMode) + 1322 59 com.apple.WebCore 0x000000010e5731c6 WebCore::WorkerRunLoop::run(WebCore::WorkerGlobalScope*) + 86 60 com.apple.WebCore 0x000000010e57c4e5 WebCore::WorkerThread::runEventLoop() + 53 61 com.apple.WebCore 0x000000010bfea339 WebCore::DedicatedWorkerThread::runEventLoop() + 89 62 com.apple.WebCore 0x000000010e57c30c WebCore::WorkerThread::workerThread() + 1372 63 com.apple.WebCore 0x000000010e57bda5 WebCore::WorkerThread::workerThreadStart(void*) + 21 64 com.apple.JavaScriptCore 0x0000000101e32269 WTF::createThread(void (*)(void*), void*, char const*)::$_0::operator()() const + 25 65 com.apple.JavaScriptCore 0x0000000101e3223d void std::__1::__invoke_void_return_wrapper<void>::__call<WTF::createThread(void (*)(void*), void*, char const*)::$_0&>(WTF::createThread(void (*)(void*), void*, char const*)::$_0&&&) + 45 66 com.apple.JavaScriptCore 0x0000000101e321dc std::__1::__function::__func<WTF::createThread(void (*)(void*), void*, char const*)::$_0, std::__1::allocator<WTF::createThread(void (*)(void*), void*, char const*)::$_0>, void ()>::operator()() + 44 67 com.apple.JavaScriptCore 0x000000010131e02a std::__1::function<void ()>::operator()() const + 26 68 com.apple.JavaScriptCore 0x0000000101e30e3e WTF::threadEntryPoint(void*) + 158 69 com.apple.JavaScriptCore 0x0000000101e328e1 WTF::wtfThreadEntryPoint(void*) + 289 70 libsystem_pthread.dylib 0x000000011853399d _pthread_body + 131 71 libsystem_pthread.dylib 0x000000011853391a _pthread_start + 168 Much less likely backtrace (from debugger): * thread #37: tid = 0x12566c7, 0x0000000102425644, queue = 'None, stop reason = EXC_BAD_ACCESS (code=1, addre\320SQ\207\303\260RQ frame #0: 0x0000000102425644 JavaScriptCore`::WTFCrash() + 36 at Assertions.cpp:323 frame #1: 0x00000001021c6d11 JavaScriptCore`Inspector::jsToInspectorValue(scriptState=0x000000011deb40e0, value=JSValue @ 0x000070000b2723c8, maxDepth=1000) + 97 at ScriptValue.cpp:46 frame #2: 0x00000001021c6c99 JavaScriptCore`Inspector::toInspectorValue(state=0x000000011deb40e0, value=JSValue @ 0x000070000b272408) + 73 at ScriptValue.cpp:101 frame #3: 0x0000000101bfffeb JavaScriptCore`Inspector::InjectedScript::wrapCallFrames(this=0x000070000b272650, callFrames=JSValue @ 0x000070000b272518) const + 427 at InjectedScript.cpp:223 frame #4: 0x0000000101c77a29 JavaScriptCore`Inspector::InspectorDebuggerAgent::currentCallFrames(this=0x000000011ed55000, injectedScript=0x000070000b272650) + 185 at InspectorDebuggerAgent.cpp:870 frame #5: 0x0000000101c78cb1 JavaScriptCore`Inspector::InspectorDebuggerAgent::didPause(this=0x000000011ed55000, scriptState=0x000000011deb40e0, callFrames=JSValue @ 0x000070000b2726b0, exceptionOrCaughtValue=JSValue @ 0x000070000b2726a8) + 961 at InspectorDebuggerAgent.cpp:1004 frame #6: 0x0000000101c790bc JavaScriptCore`non-virtual thunk to Inspector::InspectorDebuggerAgent::didPause(this=0x000000011ed55000, scriptState=0x000000011deb40e0, callFrames=JSValue @ 0x000070000b272708, exceptionOrCaughtValue=JSValue @ 0x000070000b272700) + 60 at InspectorDebuggerAgent.cpp:952 frame #7: 0x00000001021bf2e3 JavaScriptCore`Inspector::ScriptDebugServer::dispatchDidPause(this=0x0000000109433230, listener=0x000000011ed55000) + 307 at ScriptDebugServer.cpp:135 frame #8: 0x00000001021bfe6c JavaScriptCore`Inspector::ScriptDebugServer::dispatchFunctionToListeners(this=0x0000000109433230, listeners=0x0000000109433390, callback=b0 f1 1b 02 01 00 00 00 00 00 00 00 00 00 00 00)(Inspector::ScriptDebugListener*)) + 220 at ScriptDebugServer.cpp:277 frame #9: 0x00000001021bfd7a JavaScriptCore`Inspector::ScriptDebugServer::dispatchFunctionToListeners(this=0x0000000109433230, callback=b0 f1 1b 02 01 00 00 00 00 00 00 00 00 00 00 00)(Inspector::ScriptDebugListener*)) + 170 at ScriptDebugServer.cpp:269 frame #10: 0x00000001021c01b9 JavaScriptCore`Inspector::ScriptDebugServer::handlePause(this=0x0000000109433230, vmEntryGlobalObject=0x000000011deb40a0, (null)=PausedForDebuggerStatement) + 73 at ScriptDebugServer.cpp:310 frame #11: 0x00000001015805dc JavaScriptCore`JSC::Debugger::pauseIfNeeded(this=0x0000000109433230, callFrame=0x000070000b272c60) + 844 at Debugger.cpp:737 frame #12: 0x00000001015808ce JavaScriptCore`JSC::Debugger::updateCallFrame(this=0x0000000109433230, callFrame=0x000070000b272c60, action=AttemptPause) + 94 at Debugger.cpp:666 frame #13: 0x000000010158112f JavaScriptCore`JSC::Debugger::didReachBreakpoint(this=0x0000000109433230, callFrame=0x000070000b272c60) + 111 at Debugger.cpp:907 frame #14: 0x0000000101cc5bc2 JavaScriptCore`JSC::Interpreter::debug(this=0x000000011ed3f798, callFrame=0x000070000b272c60, debugHookType=DidReachBreakpoint) + 482 at Interpreter.cpp:1233 frame #15: 0x0000000101f61ee3 JavaScriptCore`::llint_slow_path_debug(exec=0x000070000b272c60, pc=0x00000001094fa9b8) + 211 at LLIntSlowPaths.cpp:1507 frame #16: 0x0000000101f6f21c foo#AVFb9Z [LLInt](Cell[DedicatedWorkerGlobalScope ID: 209]: 0x11deb40a0) frame #17: 0x0000000101f6e765 workInThread1#Eh79B7 [LLInt](Cell[DedicatedWorkerGlobalScope ID: 209]: 0x11deb40a0) frame #18: 0x0000000101f6702e JavaScriptCore`llintPCRangeStart + 334 at LowLevelInterpreter64.asm:254 frame #19: 0x0000000101d499e9 JavaScriptCore`JSC::JITCode::execute(this=0x000000011ec31118, vm=0x000000011a7ec000, protoCallFrame=0x000070000b272e90) + 329 at JITCode.cpp:81 frame #20: 0x0000000101cc428f JavaScriptCore`JSC::Interpreter::executeCall(this=0x000000011ed3f798, callFrame=0x000000011deb40e0, function=0x000000011dea0a00, callType=JS, callData=0x000070000b273308, thisValue=JSValue @ 0x000070000b272f90, args=0x000070000b273218) + 1215 at Interpreter.cpp:927 frame #21: 0x000000010147fea8 JavaScriptCore`JSC::call(exec=0x000000011deb40e0, functionObject=JSValue @ 0x000070000b273010, callType=JS, callData=0x000070000b273308, thisValue=JSValue @ 0x000070000b273008, args=0x000070000b273218) + 184 at CallData.cpp:39 frame #22: 0x000000010147ffb9 JavaScriptCore`JSC::call(exec=0x000000011deb40e0, functionObject=JSValue @ 0x000070000b273100, callType=JS, callData=0x000070000b273308, thisValue=JSValue @ 0x000070000b2730f8, args=0x000070000b273218, returnedException=0x000070000b273260) + 201 at CallData.cpp:46 frame #23: 0x000000010148022d JavaScriptCore`JSC::profiledCall(exec=0x000000011deb40e0, reason=Other, functionObject=JSValue @ 0x000070000b273190, callType=JS, callData=0x000070000b273308, thisValue=JSValue @ 0x000070000b273188, args=0x000070000b273218, returnedException=0x000070000b273260) + 125 at CallData.cpp:65 frame #24: 0x000000010bcc255f WebCore`WebCore::ScheduledAction::executeFunctionInContext(this=0x000000011ec310f0, globalObject=0x000000011deb40a0, thisValue=JSValue @ 0x000070000b273338, context=0x000000011edc5000) + 719 at ScheduledAction.cpp:107 frame #25: 0x000000010bcc220d WebCore`WebCore::ScheduledAction::execute(this=0x000000011ec310f0, workerGlobalScope=0x000000011edc5000) + 221 at ScheduledAction.cpp:140 frame #26: 0x000000010bcc1f9d WebCore`WebCore::ScheduledAction::execute(this=0x000000011ec310f0, context=0x000000011edc5000) + 93 at ScheduledAction.cpp:81 frame #27: 0x000000010a0bdd68 WebCore`WebCore::DOMTimer::fired(this=0x000000011d306c80) + 968 at DOMTimer.cpp:355 frame #28: 0x000000010c19898a WebCore`WebCore::ThreadTimers::sharedTimerFiredInternal(this=0x000000011edce5c8) + 394 at ThreadTimers.cpp:121 frame #29: 0x000000010c199bb1 WebCore`WebCore::ThreadTimers::setSharedTimer(this=0x000000011edb46f8)::$_0::operator()() const + 33 at ThreadTimers.cpp:73 frame #30: 0x000000010c199b7d WebCore`void std::__1::__invoke_void_return_wrapper<void>::__call<WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0&>(WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0&&&) [inlined] decltype(__f=0x000000011edb46f8)::$_0&>(fp)(std::__1::forward<>(fp0))) std::__1::__invoke<WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0&>(WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0&&&) + 45 at __functional_base:416 frame #31: 0x000000010c199b6c WebCore`void std::__1::__invoke_void_return_wrapper<void>::__call<WebCore::ThreadTimers::setSharedTimer(__args=0x000000011edb46f8)::$_0&>(WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0&&&) + 28 at __functional_base:468 frame #32: 0x000000010c199b29 WebCore`std::__1::__function::__func<WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0, std::__1::allocator<WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0>, void ()>::operator(this=0x000000011edb46f0)() + 41 at functional:1437 frame #33: 0x000000010993945a WebCore`std::__1::function<void ()>::operator(this=0x000000011edb46f0)() const + 26 at functional:1817 frame #34: 0x000000010c4711e9 WebCore`WebCore::WorkerSharedTimer::fire(this=0x000000011edb46e0) + 25 at WorkerRunLoop.cpp:58 frame #35: 0x000000010c4702f6 WebCore`WebCore::WorkerRunLoop::runInMode(this=0x000000011edd4dc0, context=0x000000011edc5000, predicate=0x000070000b2739a8, waitMode=WaitForMessage) + 1302 at WorkerRunLoop.cpp:195 frame #36: 0x000000010c46fd46 WebCore`WebCore::WorkerRunLoop::run(this=0x000000011edd4dc0, context=0x000000011edc5000) + 86 at WorkerRunLoop.cpp:137 frame #37: 0x000000010c478fb3 WebCore`WebCore::WorkerThread::runEventLoop(this=0x000000011edd4da8) + 51 at WorkerThread.cpp:228 frame #38: 0x0000000109f535a8 WebCore`WebCore::DedicatedWorkerThread::runEventLoop(this=0x000000011edd4da8) + 88 at DedicatedWorkerThread.cpp:60 frame #39: 0x000000010c478cd1 WebCore`WebCore::WorkerThread::workerThread(this=0x000000011edd4da8) + 1345 at WorkerThread.cpp:188 frame #40: 0x000000010c478785 WebCore`WebCore::WorkerThread::workerThreadStart(thread=0x000000011edd4da8) + 21 at WorkerThread.cpp:147 frame #41: 0x0000000102496059 JavaScriptCore`WTF::createThread(this=0x000070000b273d88)(void*), void*, char const*)::$_0::operator()() const + 25 at Threading.cpp:83 frame #42: 0x000000010249602d JavaScriptCore`void std::__1::__invoke_void_return_wrapper<void>::__call<WTF::createThread(void (*)(void*), void*, char const*)::$_0&>(WTF::createThread(void (*)(void*), void*, char const*)::$_0&&&) [inlined] decltype(__f=0x000070000b273d88)(void*), void*, char const*)::$_0&>(fp)(std::__1::forward<>(fp0))) std::__1::__invoke<WTF::createThread(void (*)(void*), void*, char const*)::$_0&>(WTF::createThread(void (*)(void*), void*, char const*)::$_0&&&) + 45 at __functional_base:416 frame #43: 0x000000010249601c JavaScriptCore`void std::__1::__invoke_void_return_wrapper<void>::__call<WTF::createThread(__args=0x000070000b273d88)(void*), void*, char const*)::$_0&>(WTF::createThread(void (*)(void*), void*, char const*)::$_0&&&) + 28 at __functional_base:468 frame #44: 0x0000000102495fd9 JavaScriptCore`std::__1::__function::__func<WTF::createThread(void (*)(void*), void*, char const*)::$_0, std::__1::allocator<WTF::createThread(void (*)(void*), void*, char const*)::$_0>, void ()>::operator(this=0x000070000b273d80)() + 41 at functional:1437 frame #45: 0x000000010192bb5a JavaScriptCore`std::__1::function<void ()>::operator(this=0x000070000b273d80)() const + 26 at functional:1817 frame #46: 0x0000000102494c77 JavaScriptCore`WTF::threadEntryPoint(contextData=0x000000011d240d00) + 151 at Threading.cpp:60 frame #47: 0x0000000102496641 JavaScriptCore`WTF::wtfThreadEntryPoint(param=0x000000011d2d0b90) + 289 at ThreadingPthreads.cpp:164 frame #48: 0x00007fff8d585aab libsystem_pthread.dylib`_pthread_body + 180 frame #49: 0x00007fff8d5859f7 libsystem_pthread.dylib`_pthread_start + 286 frame #50: 0x00007fff8d5851fd libsystem_pthread.dylib`thread_start + 13

Attachments
Patch (4.60 KB, patch) 2016-12-14 15:09 PST, Michael Saboff	mark.lam: review+	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Michael Saboff

Comment 1 2016-12-14 14:39:28 PST

<rdar://problem/29538575>

Michael Saboff

Comment 2 2016-12-14 15:09:21 PST

Created attachment 297133 [details] Patch

Joseph Pecoraro

Comment 3 2016-12-14 15:16:35 PST

Comment on attachment 297133 [details] Patch Inspector piece looks fine to me. Thanks for filing bug 165875.

Mark Lam

Comment 4 2016-12-14 15:21:40 PST

Comment on attachment 297133 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=297133&action=review r=me with comments. > Source/JavaScriptCore/ChangeLog:15 > + When the watchdig fires, the function we get an exception at op_watchdog. In processing that exception, /watchdig/watchdog/. Please clarify phrasing in "the function we get an exception at op_watchdog". > Source/JavaScriptCore/inspector/InjectedScript.cpp:222 > auto callFramesValue = callFunctionWithEvalEnabled(function, hadException); > + if (!callFramesValue) Should hadException be true here? I think it's clearer to check for that if possible.

Mark Lam

Comment 5 2016-12-14 15:22:36 PST

Comment on attachment 297133 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=297133&action=review > Source/JavaScriptCore/ChangeLog:4 > + https://bugs.webkit.org/show_bug.cgi?id=165871 I think these days, it's also encouraged to add the rdar url here. Please add it.

Michael Saboff

Comment 6 2016-12-14 15:36:58 PST

(In reply to comment #4) > Comment on attachment 297133 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=297133&action=review > > r=me with comments. > > > Source/JavaScriptCore/ChangeLog:15 > > + When the watchdig fires, the function we get an exception at op_watchdog. In processing that exception, > > /watchdig/watchdog/. > Please clarify phrasing in "the function we get an exception at op_watchdog". Changed the sentence to When the watchdog fires, the function will get an exception at op_watchdog. > > Source/JavaScriptCore/inspector/InjectedScript.cpp:222 > > auto callFramesValue = callFunctionWithEvalEnabled(function, hadException); > > + if (!callFramesValue) > > Should hadException be true here? I think it's clearer to check for that if > possible. In the case of the watch dog firing, hadException will be false and callFunctionWithEvalEnabled(), which calls ScriptFunctionCall::call(), will return an empty JSValue instead. > Source/JavaScriptCore/ChangeLog:4 > + https://bugs.webkit.org/show_bug.cgi?id=165871 Opened <rdar://problem/29671015> and added it to the ChangeLog.

Michael Saboff

Comment 7 2016-12-14 17:42:28 PST

Committed r209847: <http://trac.webkit.org/changeset/209847>

Note You need to log in before you can comment on or make changes to this bug.