Bug 26476

Summary: Crash below ResourceRequestBase::isConditional in RapidWeaver with Safari 4's WebKit
Product: WebKit Reporter: Gilberto De Faveri <gilberto.defaveri>
Component: Page LoadingAssignee: Nobody <webkit-unassigned>
Status: RESOLVED INVALID    
Severity: Critical CC: beidson, gilberto.defaveri
Priority: P2 Keywords: InRadar, NeedsReduction
Version: 528+ (Nightly build)   
Hardware: Mac   
OS: OS X 10.5   
Attachments:
Description Flags
RapidWeaver rwsw file to reproduce JavaScriptCore crash
none
Full crash log none

Gilberto De Faveri
Reported 2009-06-17 01:45:46 PDT
I'm working on a RapidWeaver plugin (Cocoa) which uses a WebView on its main window. Using Safari 3 everything works as expected, but after installing Safari 4 final release, RapidWeaver crashes when re-opening the same plugin saving more than once. The crash is 100% reproducible but, unfortunately, I'm not able to reproduce the issue outside RapidWeaver plugin SDK. The problems seems to be in JavaScriptCore: ***** Process: RapidWeaver [4901] Path: /Applications/RapidWeaver.app/Contents/MacOS/RapidWeaver Identifier: com.realmacsoftware.rapidweaverpro Version: ??? (4.2.1) Code Type: X86 (Native) Parent Process: launchd [74] Architecture: i386 Date/Time: 2009-06-11 13:25:20.531 +0200 OS Version: Mac OS X 10.5.7 (9J61) Report Version: 6 Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_PROTECTION_FAILURE at 0x00000000be8fd800 Crashed Thread: 0 Thread 0 Crashed: 0 com.apple.JavaScriptCore 0x95b8bd83 void* WTF::fastMalloc<true>(unsigned long) + 435 1 com.apple.WebCore 0x927623ac std::pair<WTF::HashTableIteratorAdapter<WTF::HashTable<WebCore::StringImpl*, WebCore::StringImpl*, WTF::IdentityExtractor<WebCore::StringImpl*>, WebCore::StringHash, WTF::HashTraits<WebCore::StringImpl*>, WTF::HashTraits<WebCore::StringImpl*> >, WebCore::StringImpl*>, bool> WTF::HashSet<WebCore::StringImpl*, WebCore::StringHash, WTF::HashTraits<WebCore::StringImpl*> >::add<char const*, WebCore::CStringTranslator>(char const* const&) + 492 2 com.apple.WebCore 0x921bc2f4 WebCore::AtomicString::add(char const*) + 52 3 com.apple.WebCore 0x9226a35d WebCore::ResourceRequestBase::isConditional() const + 397 4 com.apple.WebCore 0x922698e1 WebCore::SubresourceLoader::create(WebCore::Frame*, WebCore::SubresourceLoaderClient*, WebCore::ResourceRequest const&, bool, bool, bool) + 769 5 com.apple.WebCore 0x92268fae WebCore::Loader::Host::servePendingRequests(WTF::Deque<WebCore::Request*>&, bool&) + 942 6 com.apple.WebCore 0x92268be2 WebCore::Loader::Host::servePendingRequests(WebCore::Loader::Priority) + 82 7 com.apple.WebCore 0x92268598 WebCore::Loader::load(WebCore::DocLoader*, WebCore::CachedResource*, bool, bool, bool) + 280 8 com.apple.WebCore 0x92268469 WebCore::CachedResource::load(WebCore::DocLoader*, bool, bool, bool) + 89 9 com.apple.WebCore 0x92268400 WebCore::CachedResource::load(WebCore::DocLoader*) + 48 10 com.apple.WebCore 0x92267bf0 WebCore::Cache::requestResource(WebCore::DocLoader*, WebCore::CachedResource::Type, WebCore::KURL const&, WebCore::String const&, bool) + 192 11 com.apple.WebCore 0x92267560 WebCore::DocLoader::requestResource(WebCore::CachedResource::Type, WebCore::String const&, WebCore::String const&, bool) + 192 12 com.apple.WebCore 0x9230697f WebCore::DocLoader::requestScript(WebCore::String const&, WebCore::String const&) + 47 13 com.apple.WebCore 0x9226fb30 WebCore::HTMLTokenizer::scriptHandler(WebCore::HTMLTokenizer::State) + 3568 14 com.apple.WebCore 0x92261c9b WebCore::HTMLTokenizer::parseSpecial(WebCore::SegmentedString&, WebCore::HTMLTokenizer::State) + 2267 15 com.apple.WebCore 0x9224f6df WebCore::HTMLTokenizer::parseTag(WebCore::SegmentedString&, WebCore::HTMLTokenizer::State) + 9103 16 com.apple.WebCore 0x9224cc9b WebCore::HTMLTokenizer::write(WebCore::SegmentedString const&, bool) + 2907 17 com.apple.WebCore 0x921f7c50 WebCore::FrameLoader::write(char const*, int, bool) + 432 18 com.apple.WebCore 0x9224b3f7 WebCore::FrameLoader::addData(char const*, int) + 39 19 com.apple.WebKit 0x9322ec0c -[WebFrame(WebInternal) _receivedData:textEncodingName:] + 140 20 com.apple.WebKit 0x9322eb33 -[WebHTMLRepresentation receivedData:withDataSource:] + 499 21 com.apple.WebKit 0x9322e8db -[WebDataSource(WebInternal) _receivedData:] + 91 22 com.apple.WebKit 0x9322e859 WebFrameLoaderClient::committedLoad(WebCore::DocumentLoader*, char const*, int) + 137 23 com.apple.WebCore 0x9223d356 WebCore::DocumentLoader::commitLoad(char const*, int) + 70 24 com.apple.WebCore 0x9223cf85 WebCore::ResourceLoader::didReceiveData(char const*, int, long long, bool) + 69 25 com.apple.WebCore 0x9223c752 WebCore::MainResourceLoader::didReceiveData(char const*, int, long long, bool) + 114 26 com.apple.WebCore 0x9223c6d8 WebCore::ResourceLoader::didReceiveData(WebCore::ResourceHandle*, char const*, int, int) + 56 27 com.apple.Foundation 0x950f8ed7 -[NSURLConnection(NSURLConnectionReallyInternal) sendDidReceiveData:originalLength:] + 119 28 com.apple.Foundation 0x950f8e21 _NSURLConnectionDidReceiveData + 177 29 com.apple.CFNetwork 0x9315096a URLConnectionClient::_clientDidReceiveData(__CFData const*, URLConnectionClient::ClientConnectionEventQueue*) + 248 30 com.apple.CFNetwork 0x931518b2 URLConnectionClient::ClientConnectionEventQueue::processAllEventsAndConsumePayload(XConnectionEventInfo<XClientEvent, XClientEventParams>*, long) + 264 31 com.apple.CFNetwork 0x93151b90 URLConnectionClient::ClientConnectionEventQueue::processAllEventsAndConsumePayload(XConnectionEventInfo<XClientEvent, XClientEventParams>*, long) + 998 32 com.apple.CFNetwork 0x9315036c URLConnectionClient::processEvents() + 104 33 com.apple.CFNetwork 0x930fddbf MultiplexerSource::perform() + 189 34 com.apple.CoreFoundation 0x91fbd5df CFRunLoopRunSpecific + 3215 35 com.apple.CoreFoundation 0x91fbdc78 CFRunLoopRunInMode + 88 36 com.apple.HIToolbox 0x96db928c RunCurrentEventLoopInMode + 283 37 com.apple.HIToolbox 0x96db90a5 ReceiveNextEventCommon + 374 38 com.apple.HIToolbox 0x96db8f19 BlockUntilNextEventMatchingListInMode + 106 39 com.apple.AppKit 0x963c3d0d _DPSNextEvent + 657 40 com.apple.AppKit 0x963c35c0 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 128 41 com.apple.AppKit 0x963bc5fb -[NSApplication run] + 795 42 com.apple.AppKit 0x96389834 NSApplicationMain + 574 43 ...lmacsoftware.rapidweaverpro 0x0000306e 0x1000 + 8302 44 ...lmacsoftware.rapidweaverpro 0x00002dd6 0x1000 + 7638 *****
Attachments
RapidWeaver rwsw file to reproduce JavaScriptCore crash (12.76 KB, application/zip)
2009-06-17 01:57 PDT, Gilberto De Faveri 		no flags
Details
Full crash log (41.08 KB, text/plain)
2009-06-25 14:18 PDT, Gilberto De Faveri 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Gilberto De Faveri
Comment 1 2009-06-17 01:57:36 PDT
Created attachment 31406 [details] RapidWeaver rwsw file to reproduce JavaScriptCore crash Steps to reproduce: 1) Install Safari 4 final release on Mac 2) Install RapidWeaver: http://s3.amazonaws.com/rapidweaver/rapidweaver_423.dmg 3) Install RapidMaps plugin: http://www.omnidea.it/files/rapidmaps/RapidMaps.dmg 4) Open attached rwsw file (everything works as expected) 5) Close the document, without closing RapidWeaver 6) Re-open the rwsw file 7) RapidWeaver hangs with crashed thread in JavaScriptCore Please note: everything works as expected on test machines using older Safari 3 final.
Gilberto De Faveri
Comment 2 2009-06-17 01:58:04 PDT
Steps to reproduce: 1) Install Safari 4 final release on Mac 2) Install RapidWeaver: http://s3.amazonaws.com/rapidweaver/rapidweaver_423.dmg 3) Install RapidMaps plugin: http://www.omnidea.it/files/rapidmaps/RapidMaps.dmg 4) Open attached rwsw file (everything works as expected) 5) Close the document, without closing RapidWeaver 6) Re-open the rwsw file 7) RapidWeaver hangs with crashed thread in JavaScriptCore Please note: everything works as expected on test machines using older Safari 3 final.
Mark Rowe (bdash)
Comment 3 2009-06-17 08:33:07 PDT
<rdar://problem/6980446>
Deirdre Saoirse Moen
Comment 4 2009-06-25 14:12:01 PDT
Could you please attach the entire crash log?
Gilberto De Faveri
Comment 5 2009-06-25 14:18:53 PDT
Created attachment 31875 [details] Full crash log Here's full crash log.
Gilberto De Faveri
Comment 6 2009-07-02 08:28:42 PDT
After further testing, it turned out that the problem was due to a previous WebKit Threading Violation. WebKit Threading Violation - objc_object* -[WebView initWithCoder:](WebView*, objc_selector*, NSCoder*) called from secondary thread WebKit Threading Violation - void -[WebView(WebPrivate) _commonInitializationWithFrameName:groupName:usesDocumentViews:](WebView*, objc_selector*, NSString*, NSString*, BOOL) called from secondary thread DOMNode* kit(WebCore::Node*) was called from a secondary thread
Brady Eidson
Comment 7 2009-07-08 17:32:28 PDT
I can't reproduce this... any more hints as to how it's repro on your machine?
Gilberto De Faveri
Comment 8 2009-07-09 01:48:28 PDT
(In reply to comment #7) > I can't reproduce this... any more hints as to how it's repro on your machine? I've talked to a RapidWeaver developer. It turned out that plugin initialization is pushed out of front thread, making any plugin webkit initialization not thread safe. I've soved the problem for RapidMaps forcing to perform plugin init on main thread. I suppose further low level implementation details depends on RapidWeaver internals, so I really can't help you reproducing this issue outside RapidWeaver SDK.
Brady Eidson
Comment 9 2009-07-09 09:46:25 PDT
Well, it's true that doing operations on WebViews on a non-main thread is unsupported. If that's the cause of this bug, then it's up to them to fix it. This bug is much less useful without steps to reproduce that *ANYONE* can take...
Gilberto De Faveri
Comment 10 2009-07-09 23:36:45 PDT
(In reply to comment #9) > Well, it's true that doing operations on WebViews on a non-main thread is > unsupported. If that's the cause of this bug, then it's up to them to fix it. Yes, I suppose that is the only cause. Thank you for your support.
Note You need to log in before you can comment on or make changes to this bug.