Bug 274732
| Summary: | REGRESSION(279321@main): js/dom/missing-exception-check-in-convertVariadicArguments.html is crashing : Unchecked exception detected at JSC::VM::verifyExceptionCheckNeedIsSatisfied : ASSERTION FAILED: !m_needExceptionCheck | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Fujii Hironori <Hironori.Fujii> |
| Component: | JavaScriptCore | Assignee: | Sam Weinig <sam> |
| Status: | RESOLVED FIXED | ||
| Severity: | Normal | CC: | j_stfleur, sam, webkit-bot-watchers-bugzilla, webkit-bug-importer |
| Priority: | P2 | Keywords: | InRadar |
| Version: | WebKit Nightly Build | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
Fujii Hironori
After 279321@main, debug builds are crashing for js/dom/missing-exception-check-in-convertVariadicArguments.html.
History:
https://results.webkit.org/?suite=layout-tests&test=js%2Fdom%2Fmissing-exception-check-in-convertVariadicArguments.html
Buildbot: builder Apple-Sonoma-Debug-AppleSilicon-WK2-Tests build 2838 : 279321@main
https://build.webkit.org/#/builders/934/builds/2838
ERROR: Unchecked JS exception:
This scope can throw a JS exception: convert @ /Volumes/Data/worker/Apple-Sonoma-Debug-Build/build/Source/WebCore/bindings/js/JSDOMConvertAny.h:74
(ExceptionScope::m_recursionDepth was 5)
But the exception was unchecked as of this scope: convert @ /Volumes/Data/worker/Apple-Sonoma-Debug-Build/build/Source/WebCore/bindings/js/JSDOMConvertAny.h:74
(ExceptionScope::m_recursionDepth was 5)
Unchecked exception detected at:
1 0x127eb222c JSC::VM::verifyExceptionCheckNeedIsSatisfied(unsigned int, JSC::ExceptionEventLocation&)
2 0x127e8e3a4 JSC::ThrowScope::ThrowScope(JSC::VM&, JSC::ExceptionEventLocation)
3 0x127e8e3e0 JSC::ThrowScope::ThrowScope(JSC::VM&, JSC::ExceptionEventLocation)
4 0x355ceb074 WebCore::VariadicConverter<WebCore::IDLAny>::convert(JSC::JSGlobalObject&, JSC::JSValue)
5 0x355ceaf34 WTF::FixedVector<WebCore::VariadicConverter<WebCore::IDLAny>::Item> WebCore::convertVariadicArguments<WebCore::IDLAny>(JSC::JSGlobalObject&, JSC::CallFrame&, unsigned long)::'lambda'(unsigned long)::operator()(unsigned long) const
6 0x355ceae30 WTF::TrailingArray<WTF::EmbeddedFixedVector<JSC::Strong<JSC::Unknown, (JSC::ShouldStrongDestructorGrabLock)0>>, JSC::Strong<JSC::Unknown, (JSC::ShouldStrongDestructorGrabLock)0>>::TrailingArray<WTF::FixedVector<WebCore::VariadicConverter<WebCore::IDLAny>::Item> WebCore::convertVariadicArguments<WebCore::IDLAny>(JSC::JSGlobalObject&, JSC::CallFrame&, unsigned long)::'lambda'(unsigned long)>(WTF::TrailingArray<WTF::EmbeddedFixedVector<JSC::Strong<JSC::Unknown, (JSC::ShouldStrongDestructorGrabLock)0>>, JSC::Strong<JSC::Unknown, (JSC::ShouldStrongDestructorGrabLock)0>>::Failable, unsigned int, WebCore::IDLAny&&)
7 0x355ceadb8 WTF::EmbeddedFixedVector<JSC::Strong<JSC::Unknown, (JSC::ShouldStrongDestructorGrabLock)0>>::EmbeddedFixedVector<WTF::FixedVector<WebCore::VariadicConverter<WebCore::IDLAny>::Item> WebCore::convertVariadicArguments<WebCore::IDLAny>(JSC::JSGlobalObject&, JSC::CallFrame&, unsigned long)::'lambda'(unsigned long)>(WTF::TrailingArray<WTF::EmbeddedFixedVector<JSC::Strong<JSC::Unknown, (JSC::ShouldStrongDestructorGrabLock)0>>, JSC::Strong<JSC::Unknown, (JSC::ShouldStrongDestructorGrabLock)0>>::Failable, unsigned int, WebCore::IDLAny&&)
8 0x355cead14 WTF::EmbeddedFixedVector<JSC::Strong<JSC::Unknown, (JSC::ShouldStrongDestructorGrabLock)0>>::EmbeddedFixedVector<WTF::FixedVector<WebCore::VariadicConverter<WebCore::IDLAny>::Item> WebCore::convertVariadicArguments<WebCore::IDLAny>(JSC::JSGlobalObject&, JSC::CallFrame&, unsigned long)::'lambda'(unsigned long)>(WTF::TrailingArray<WTF::EmbeddedFixedVector<JSC::Strong<JSC::Unknown, (JSC::ShouldStrongDestructorGrabLock)0>>, JSC::Strong<JSC::Unknown, (JSC::ShouldStrongDestructorGrabLock)0>>::Failable, unsigned int, WebCore::IDLAny&&)
9 0x355ceab60 std::__1::unique_ptr<WTF::EmbeddedFixedVector<JSC::Strong<JSC::Unknown, (JSC::ShouldStrongDestructorGrabLock)0>>, std::__1::default_delete<WTF::EmbeddedFixedVector<JSC::Strong<JSC::Unknown, (JSC::ShouldStrongDestructorGrabLock)0>>>> WTF::EmbeddedFixedVector<JSC::Strong<JSC::Unknown, (JSC::ShouldStrongDestructorGrabLock)0>>::createWithSizeFromGenerator<WTF::FixedVector<WebCore::VariadicConverter<WebCore::IDLAny>::Item> WebCore::convertVariadicArguments<WebCore::IDLAny>(JSC::JSGlobalObject&, JSC::CallFrame&, unsigned long)::'lambda'(unsigned long)>(unsigned int, WebCore::IDLAny&&)
10 0x355ceaa5c WTF::FixedVector<JSC::Strong<JSC::Unknown, (JSC::ShouldStrongDestructorGrabLock)0>> WTF::FixedVector<JSC::Strong<JSC::Unknown, (JSC::ShouldStrongDestructorGrabLock)0>>::createWithSizeFromGenerator<WTF::FixedVector<WebCore::VariadicConverter<WebCore::IDLAny>::Item> WebCore::convertVariadicArguments<WebCore::IDLAny>(JSC::JSGlobalObject&, JSC::CallFrame&, unsigned long)::'lambda'(unsigned long)>(unsigned long, WebCore::IDLAny&&)
11 0x355ce9800 WTF::FixedVector<WebCore::VariadicConverter<WebCore::IDLAny>::Item> WebCore::convertVariadicArguments<WebCore::IDLAny>(JSC::JSGlobalObject&, JSC::CallFrame&, unsigned long)
12 0x355ce93b8 WebCore::jsDOMWindowInstanceFunction_setTimeoutBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSDOMWindow*)
13 0x355ce90e4 long long WebCore::IDLOperation<WebCore::JSDOMWindow>::call<&WebCore::jsDOMWindowInstanceFunction_setTimeoutBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSDOMWindow*), (WebCore::CastedThisErrorBehavior)0>(JSC::JSGlobalObject&, JSC::CallFrame&, char const*)
14 0x355ccf7fc WebCore::jsDOMWindowInstanceFunction_setTimeout(JSC::JSGlobalObject*, JSC::CallFrame*)
15 0x30001003c 14 ??? 0x000000030001003c 0x0 + 12884967484
16 0x12860322c llint_entry
17 0x1285dc9b4 vmEntryToJavaScript
18 0x1276423a8 JSC::Interpreter::executeProgram(JSC::SourceCode const&, JSC::JSGlobalObject*, JSC::JSObject*)
19 0x12798bbc0 JSC::evaluate(JSC::JSGlobalObject*, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&)
20 0x12798bd0c JSC::profiledEvaluate(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&)
21 0x358808238 WebCore::JSExecState::profiledEvaluate(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&)
22 0x358807cd0 WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld&)
23 0x358807b04 WebCore::ScriptController::evaluateInWorldIgnoringException(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld&)
24 0x3588084dc WebCore::ScriptController::evaluateIgnoringException(WebCore::ScriptSourceCode const&)
25 0x3593f9ddc WebCore::ScriptElement::executeClassicScript(WebCore::ScriptSourceCode const&)
26 0x3593f7a44 WebCore::ScriptElement::prepareScript(WTF::TextPosition const&)
27 0x359a64ab0 WebCore::HTMLScriptRunner::runScript(WebCore::ScriptElement&, WTF::TextPosition const&)
28 0x359a648e0 WebCore::HTMLScriptRunner::execute(WTF::Ref<WebCore::ScriptElement, WTF::RawPtrTraits<WebCore::ScriptElement>, WTF::DefaultRefDerefTraits<WebCore::ScriptElement>>&&, WTF::TextPosition const&)
29 0x359a234f0 WebCore::HTMLDocumentParser::runScriptsForPausedTreeBuilder()
30 0x359a23a00 WebCore::HTMLDocumentParser::pumpTokenizerLoop(WebCore::HTMLDocumentParser::SynchronousMode, bool, WebCore::PumpSession&)
31 0x359a22d6c WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode)
32 0x359a22504 WebCore::HTMLDocumentParser::pumpTokenizerIfPossible(WebCore::HTMLDocumentParser::SynchronousMode)
33 0x359a24548 WebCore::HTMLDocumentParser::append(WTF::RefPtr<WTF::StringImpl, WTF::RawPtrTraits<WTF::StringImpl>, WTF::DefaultRefDerefTraits<WTF::StringImpl>>&&, WebCore::HTMLDocumentParser::SynchronousMode)
34 0x359a243a4 WebCore::HTMLDocumentParser::append(WTF::RefPtr<WTF::StringImpl, WTF::RawPtrTraits<WTF::StringImpl>, WTF::DefaultRefDerefTraits<WTF::StringImpl>>&&)
35 0x35916f09c WebCore::DecodedDataDocumentParser::flush(WebCore::DocumentWriter&)
36 0x359ef3310 WebCore::DocumentWriter::end()
37 0x359ef23f8 WebCore::DocumentLoader::finishedLoading()
38 0x359ef1fa8 WebCore::DocumentLoader::notifyFinished(WebCore::CachedResource&, WebCore::NetworkLoadMetrics const&, WebCore::LoadWillContinueInAnotherProcess)
39 0x35a0a1ed4 WebCore::CachedResource::checkNotify(WebCore::NetworkLoadMetrics const&, WebCore::LoadWillContinueInAnotherProcess)
40 0x35a09d9e4 WebCore::CachedResource::finishLoading(WebCore::FragmentedSharedBuffer const*, WebCore::NetworkLoadMetrics const&)
41 0x35a09efe0 WebCore::CachedRawResource::finishLoading(WebCore::FragmentedSharedBuffer const*, WebCore::NetworkLoadMetrics const&)
42 0x35a019808 WebCore::SubresourceLoader::didFinishLoading(WebCore::NetworkLoadMetrics const&)
43 0x13ea21bb8 WebKit::WebResourceLoader::didFinishResourceLoad(WebCore::NetworkLoadMetrics&&)
44 0x13f7c7c10 auto void IPC::callMemberFunction<WebKit::WebResourceLoader, WebKit::WebResourceLoader, void (WebCore::NetworkLoadMetrics&&), std::__1::tuple<WebCore::NetworkLoadMetrics>>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics&&), std::__1::tuple<WebCore::NetworkLoadMetrics>&&)::'lambda'(auto&&...)::operator()<WebCore::NetworkLoadMetrics>(auto&&...) const
45 0x13f7c7b64 decltype(std::declval<WebKit::WebResourceLoader>()(std::declval<WebCore::NetworkLoadMetrics>())) std::__1::__invoke[abi:sn170006]<void IPC::callMemberFunction<WebKit::WebResourceLoader, WebKit::WebResourceLoader, void (WebCore::NetworkLoadMetrics&&), std::__1::tuple<WebCore::NetworkLoadMetrics>>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics&&), std::__1::tuple<WebCore::NetworkLoadMetrics>&&)::'lambda'(auto&&...), WebCore::NetworkLoadMetrics>(WebKit::WebResourceLoader&&, WebCore::NetworkLoadMetrics&&)
46 0x13f7c7b38 decltype(auto) std::__1::__apply_tuple_impl[abi:sn170006]<void IPC::callMemberFunction<WebKit::WebResourceLoader, WebKit::WebResourceLoader, void (WebCore::NetworkLoadMetrics&&), std::__1::tuple<WebCore::NetworkLoadMetrics>>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics&&), std::__1::tuple<WebCore::NetworkLoadMetrics>&&)::'lambda'(auto&&...), std::__1::tuple<WebCore::NetworkLoadMetrics>, 0ul>(WebKit::WebResourceLoader&&, WebKit::WebResourceLoader&&, std::__1::__tuple_indices<0ul>)
47 0x13f7c7afc decltype(auto) std::__1::apply[abi:sn170006]<void IPC::callMemberFunction<WebKit::WebResourceLoader, WebKit::WebResourceLoader, void (WebCore::NetworkLoadMetrics&&), std::__1::tuple<WebCore::NetworkLoadMetrics>>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics&&), std::__1::tuple<WebCore::NetworkLoadMetrics>&&)::'lambda'(auto&&...), std::__1::tuple<WebCore::NetworkLoadMetrics>>(WebKit::WebResourceLoader&&, WebKit::WebResourceLoader&&)
48 0x13f7c75b4 void IPC::callMemberFunction<WebKit::WebResourceLoader, WebKit::WebResourceLoader, void (WebCore::NetworkLoadMetrics&&), std::__1::tuple<WebCore::NetworkLoadMetrics>>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics&&), std::__1::tuple<WebCore::NetworkLoadMetrics>&&)
49 0x13f7c0c44 void IPC::handleMessage<Messages::WebResourceLoader::DidFinishResourceLoad, WebKit::WebResourceLoader, WebKit::WebResourceLoader, void (WebCore::NetworkLoadMetrics&&)>(IPC::Connection&, IPC::Decoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics&&))
50 0x13f7c029c WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::Decoder&)
51 0x13e9fd6bc WebKit::NetworkProcessConnection::didReceiveMessage(IPC::Connection&, IPC::Decoder&)
52 0x13f94c9ac IPC::Connection::dispatchMessage(IPC::Decoder&)
53 0x13f94cde4 IPC::Connection::dispatchMessage(WTF::UniqueRef<IPC::Decoder>)
54 0x13f94d10c IPC::Connection::dispatchOneIncomingMessage()
55 0x13f96a768 IPC::Connection::enqueueIncomingMessage(WTF::UniqueRef<IPC::Decoder>)::$_14::operator()() const
56 0x13f96a6c4 WTF::Detail::CallableWrapper<IPC::Connection::enqueueIncomingMessage(WTF::UniqueRef<IPC::Decoder>)::$_14, void>::call()
57 0x127c195d4 WTF::Function<void ()>::operator()() const
58 0x125e76754 WTF::RunLoop::performWork()
59 0x125e7ad48 WTF::RunLoop::performWork(void*)
60 0x18a03e4d8 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__
61 0x18a03e46c __CFRunLoopDoSource0
62 0x18a03e1dc __CFRunLoopDoSources0
63 0x18a03cdc8 __CFRunLoopRun
64 0x18a03c434 CFRunLoopRunSpecific
65 0x18b170a88 -[NSRunLoop(NSRunLoop) runMode:beforeDate:]
66 0x18b1ea6c4 -[NSRunLoop(NSRunLoop) run]
67 0x189c77468 _xpc_objc_main
68 0x189c86e58 _xpc_main
69 0x189c77014 _xpc_copy_xpcservice_dictionary
70 0x13d202af4 WebKit::XPCServiceMain(int, char const**)
71 0x13f8cb59c WKXPCServiceMain
72 0x100c37f90 main
73 0x189bd60e0 start
ASSERTION FAILED: !m_needExceptionCheck
./runtime/VM.cpp(1441) : void JSC::VM::verifyExceptionCheckNeedIsSatisfied(unsigned int, ExceptionEventLocation &)
com.apple.WebKit.WebContent.Development terminated (pid 22917) for reason: crash
LEAK: 4 WebPageProxy
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Radar WebKit Bug Importer
<rdar://problem/128901317>
EWS
Test gardening commit 279407@main (c922e71a44e3): <https://commits.webkit.org/279407@main>
Reviewed commits have been landed. Closing PR #29195 and removing active labels.
Sam Weinig
Pull request: https://github.com/WebKit/WebKit/pull/29386
EWS
Committed 279617@main (dc54b6a653e3): <https://commits.webkit.org/279617@main>
Reviewed commits have been landed. Closing PR #29386 and removing active labels.