Bug 230208

Summary: REGRESSION(r282278): ASSERTION FAILED: !m_needExceptionCheck in JSC::VM::verifyExceptionCheckNeedIsSatisfied
Product: WebKit Reporter: Fujii Hironori <fujii.hironori>
Component: WebCore Misc.Assignee: Fujii Hironori <fujii.hironori>
Status: RESOLVED FIXED    
Severity: Normal CC: webkit-bug-importer, youennf
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=230207
Bug Depends on: 230146    
Bug Blocks:    
Attachments:
Description Flags
Patch
none
Patch for landing none

Fujii Hironori
Reported 2021-09-12 21:26:30 PDT
REGRESSION(r282278): ASSERTION FAILED: !m_needExceptionCheck in JSC::VM::verifyExceptionCheckNeedIsSatisfied r282278 (Bug 230146) introduced a new assertion failure for WinCairo Debug WK2 test. Regressions: Unexpected crashes (1) js/dom/transform-stream.html [ Crash ] ERROR: 00000220F35B8AE0 - ResourceLoadStatisticsDatabaseStore::turnOnIncrementalAutoVacuum failed, error message: not an error C:\home\webkit\gc\Source\WebKit\NetworkProcess/Classifier/ResourceLoadStatisticsDatabaseStore.cpp(315) : WebKit::ResourceLoadStatisticsDatabaseStore::ResourceLoadStatisticsDatabaseStore ERROR: Unchecked JS exception: This scope can throw a JS exception: JSC::JSObject::get @ C:\home\webkit\gc\WebKitBuild\Debug\JavaScriptCore\PrivateHeaders\JavaScriptCore\JSObject.h:1504 (ExceptionScope::m_recursionDepth was 13) But the exception was unchecked as of this scope: WebCore::invokeWritableStreamFunction @ C:\home\webkit\gc\Source\WebCore\bindings/js/InternalWritableStream.cpp:42 (ExceptionScope::m_recursionDepth was 13) Unchecked exception detected at: 1 00007FFC0D8A464F JSC::VM::verifyExceptionCheckNeedIsSatisfied 2 00007FFC0D878924 JSC::ThrowScope::ThrowScope 3 00007FFBEE14D4EB WebCore::invokeWritableStreamFunction 4 00007FFBEE14C6E1 WebCore::InternalWritableStream::create 5 00007FFBEDF0733C WebCore::WritableStream::create 6 00007FFBEDF07207 WebCore::WritableStream::create 7 00007FFBEDAF98B6 WebCore::JSDOMConstructor<WebCore::JSWritableStream>::construct 8 00007FFC0D05BB6F JSC::NativeFunction::operator() 9 00007FFC0D05BBBC JSC::TaggedNativeFunction::operator() 10 00007FFC0D0F567B JSC::LLInt::handleHostCall 11 00007FFC0D10BC4A JSC::LLInt::setUpCall 12 00007FFC0D1016D6 JSC::LLInt::genericCall<JSC::OpConstruct> 13 00007FFC0D0EDBAF llint_slow_path_construct 14 00007FFC0C02C4C6 llint_entry ASSERTION FAILED: !m_needExceptionCheck C:\home\webkit\gc\Source\JavaScriptCore\runtime/VM.cpp(1490) : JSC::VM::verifyExceptionCheckNeedIsSatisfied 1 00007FFC0A1F1DEB WTFCrash 2 00007FFC0C02FFBE WTFCrashWithInfo 3 00007FFC0D8A4790 JSC::VM::verifyExceptionCheckNeedIsSatisfied 4 00007FFC0D878924 JSC::ThrowScope::ThrowScope 5 00007FFBEE14D4EB WebCore::invokeWritableStreamFunction 6 00007FFBEE14C6E1 WebCore::InternalWritableStream::create 7 00007FFBEDF0733C WebCore::WritableStream::create 8 00007FFBEDF07207 WebCore::WritableStream::create 9 00007FFBEDAF98B6 WebCore::JSDOMConstructor<WebCore::JSWritableStream>::construct 10 00007FFC0D05BB6F JSC::NativeFunction::operator() 11 00007FFC0D05BBBC JSC::TaggedNativeFunction::operator() 12 00007FFC0D0F567B JSC::LLInt::handleHostCall 13 00007FFC0D10BC4A JSC::LLInt::setUpCall 14 00007FFC0D1016D6 JSC::LLInt::genericCall<JSC::OpConstruct> 15 00007FFC0D0EDBAF llint_slow_path_construct 16 00007FFC0C02C4C6 llint_entry
Attachments
Patch (2.02 KB, patch)
2021-09-13 00:55 PDT, Fujii Hironori 		no flags
DetailsFormatted DiffDiff
Patch for landing (2.22 KB, patch)
2021-09-13 12:52 PDT, Fujii Hironori 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Fujii Hironori
Comment 1 2021-09-13 00:55:45 PDT
Created attachment 438019 [details] Patch
Fujii Hironori
Comment 2 2021-09-13 01:00:31 PDT
This is not WinCairo specific issue. Other bug (Bug 230207) seems to hide this. Fixing Bug 230207 reveals this for Mac port.
youenn fablet
Comment 3 2021-09-13 01:59:14 PDT
Comment on attachment 438019 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=438019&action=review > Source/WebCore/bindings/js/InternalWritableStream.cpp:47 > auto result = call(&globalObject, function, callData, JSC::jsUndefined(), arguments); Can we also change the if(UNLIKELY(...) return Exception... with: RETURN_IF_EXCEPTION(scope, Exception { ExistingExceptionError }); This is more inline with other parts of the codebase.
Fujii Hironori
Comment 4 2021-09-13 12:52:54 PDT
Created attachment 438066 [details] Patch for landing
Fujii Hironori
Comment 5 2021-09-13 13:21:45 PDT
Comment on attachment 438066 [details] Patch for landing Clearing flags on attachment: 438066 Committed r282351 (241617@main): <https://commits.webkit.org/241617@main>
Fujii Hironori
Comment 6 2021-09-13 13:21:49 PDT
All reviewed patches have been landed. Closing bug.
Radar WebKit Bug Importer
Comment 7 2021-09-13 13:22:21 PDT
<rdar://problem/83069483>
Note You need to log in before you can comment on or make changes to this bug.