Bug 180860

<rdar://problem/36066500>

Created attachment 329453 [details]
Adds a relesae assert

Comment on attachment 329453 [details]
Adds a relesae assert

Attachment 329453 [details] did not pass ios-sim-ews (ios-simulator-wk2):
Output: http://webkit-queues.webkit.org/results/5669607

New failing tests:
webgl/1.0.2/conformance/context/context-release-with-workers.html

Created attachment 329462 [details]
Archive of layout-test-results from ews124 for ios-simulator-wk2

The attached test failures were seen while running run-webkit-tests on the ios-sim-ews.
Bot: ews124  Port: ios-simulator-wk2  Platform: Mac OS X 10.12.6

(In reply to Build Bot from comment #3)
> Comment on attachment 329453 [details]
> Adds a relesae assert
> 
> Attachment 329453 [details] did not pass ios-sim-ews (ios-simulator-wk2):
> Output: http://webkit-queues.webkit.org/results/5669607
> 
> New failing tests:
> webgl/1.0.2/conformance/context/context-release-with-workers.html

I don't think a crash in RuleFeatureSet is related to this patch.

CRASHING TEST: webgl/1.0.2/conformance/context/context-release-with-workers.html
CoreSimulator 494.13.6 - Device: iPhone 5s WebKit Tester10 - Runtime: iOS 11.0 (15A372) - DeviceType: iPhone 5s

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   com.apple.WebCore             	0x000000011aadbc70 WebCore::RuleFeatureSet::~RuleFeatureSet() + 240 (RefPtr.h:67)
1   com.apple.WebCore             	0x000000011aaf715d WebCore::RuleSet::~RuleSet() + 29 (Vector.h:315)
2   com.apple.WebCore             	0x000000011aad8657 WebCore::DocumentRuleSets::~DocumentRuleSets() + 503 (RuleSet.h:136)
3   com.apple.WebCore             	0x000000011b41cb53 WebCore::Style::Scope::clearResolver() + 35 (StyleResolver.h:127)
4   com.apple.WebCore             	0x000000011abaf44d WebCore::Document::~Document() + 973 (Ref.h:113)
5   com.apple.WebCore             	0x000000011ad4274e WebCore::HTMLDocument::~HTMLDocument() + 14 (Node.h:81)
6   JavaScriptCore                	0x00000001179e4b46 void JSC::MarkedBlock::Handle::specializedSweep<true, (JSC::MarkedBlock::Handle::EmptyMode)1, (JSC::MarkedBlock::Handle::SweepMode)1, (JSC::MarkedBlock::Handle::SweepDestructionMode)1, (JSC::MarkedBlock::Handle::ScribbleMode)0, (JSC::MarkedBlock::Handle::NewlyAllocatedMode)1, (JSC::MarkedBlock::Handle::MarksMode)1, JSC::JSDestructibleObjectDestroyFunc>(JSC::FreeList*, JSC::MarkedBlock::Handle::EmptyMode, JSC::MarkedBlock::Handle::SweepMode, JSC::MarkedBlock::Handle::SweepDestructionMode, JSC::MarkedBlock::Handle::ScribbleMode, JSC::MarkedBlock::Handle::NewlyAllocatedMode, JSC::MarkedBlock::Handle::MarksMode, JSC::JSDestructibleObjectDestroyFunc const&) + 198
7   JavaScriptCore                	0x00000001179e346b void JSC::MarkedBlock::Handle::finishSweepKnowingHeapCellType<JSC::JSDestructibleObjectDestroyFunc>(JSC::FreeList*, JSC::JSDestructibleObjectDestroyFunc const&)::'lambda'()::operator()() const + 379
8   JavaScriptCore                	0x00000001179e15bb void JSC::MarkedBlock::Handle::finishSweepKnowingHeapCellType<JSC::JSDestructibleObjectDestroyFunc>(JSC::FreeList*, JSC::JSDestructibleObjectDestroyFunc const&) + 315 (MarkedBlockInlines.h:425)
9   JavaScriptCore                	0x00000001179e147a JSC::JSDestructibleObjectHeapCellType::finishSweep(JSC::MarkedBlock::Handle&, JSC::FreeList*) + 26 (JSDestructibleObjectHeapCellType.cpp:53)

Comment on attachment 329453 [details]
Adds a relesae assert

r=me

Comment on attachment 329453 [details]
Adds a relesae assert

Clearing flags on attachment: 329453

Committed r225985: <https://trac.webkit.org/changeset/225985>

All reviewed patches have been landed.  Closing bug.