Bug 289218
| Summary: | REGRESSION: ASSERTION FAILED: !m_needExceptionCheck: ./runtime/VM.cpp(1450) : void JSC::VM::verifyExceptionCheckNeedIsSatisfied(unsigned int, ExceptionEventLocation &) | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Fujii Hironori <fujii> |
| Component: | JavaScriptCore | Assignee: | Yusuke Suzuki <ysuzuki> |
| Status: | RESOLVED FIXED | ||
| Severity: | Normal | CC: | webkit-bug-importer, ysuzuki |
| Priority: | P2 | Keywords: | InRadar |
| Version: | WebKit Nightly Build | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
Fujii Hironori
Regressions: Unexpected crashes
js/dom/missing-exception-check-in-convertNumbers.html [ Crash ]
https://build.webkit.org/results/Apple-Sequoia-Debug-WK2-Tests/291650@main%20(990)/js/dom/missing-exception-check-in-convertNumbers-crash-log.txt
stderr:
ERROR: Unchecked JS exception:
This scope can throw a JS exception: deserialize @ /Volumes/Data/worker/Apple-Sequoia-Debug-Build/build/Source/WebCore/bindings/js/SerializedScriptValue.cpp:5397
(ExceptionScope::m_recursionDepth was 1)
But the exception was unchecked as of this scope: performMicrotaskCheckpoint @ ./runtime/MicrotaskQueue.cpp:96
(ExceptionScope::m_recursionDepth was 1)
Unchecked exception detected at:
1 0x5e54e208f JSC::VM::verifyExceptionCheckNeedIsSatisfied(unsigned int, JSC::ExceptionEventLocation&)
2 0x5e4e366fd JSC::CatchScope::CatchScope(JSC::VM&, JSC::ExceptionEventLocation)
3 0x5e4e364d3 JSC::CatchScope::CatchScope(JSC::VM&, JSC::ExceptionEventLocation)
4 0x5e532cb00 JSC::MicrotaskQueue::performMicrotaskCheckpoint(JSC::VM&)
5 0x5e54e1b2c JSC::VM::drainMicrotasks()
6 0x5e51476e3 JSC::JSLock::willReleaseLock()
7 0x5e5147630 JSC::JSLock::unlock(long)
8 0x5e5146d7a JSC::JSLock::unlock()
9 0x66507fb33 WTF::Locker<JSC::JSLock, void>::unlock()
10 0x66507faf5 WTF::Locker<JSC::JSLock, void>::~Locker()
11 0x66507f7c5 WTF::Locker<JSC::JSLock, void>::~Locker()
12 0x668aa9fe9 WebCore::MessageEvent::create(JSC::JSGlobalObject&, WTF::Ref<WebCore::SerializedScriptValue, WTF::RawPtrTraits<WebCore::SerializedScriptValue>, WTF::DefaultRefDerefTraits<WebCore::SerializedScriptValue>>&&, WTF::String const&, WTF::String const&, std::__1::optional<std::__1::variant<WTF::RefPtr<WebCore::WindowProxy, WTF::RawPtrTraits<WebCore::WindowProxy>, WTF::DefaultRefDerefTraits<WebCore::WindowProxy>>, WTF::RefPtr<WebCore::MessagePort, WTF::RawPtrTraits<WebCore::MessagePort>, WTF::DefaultRefDerefTraits<WebCore::MessagePort>>, WTF::RefPtr<WebCore::ServiceWorker, WTF::RawPtrTraits<WebCore::ServiceWorker>, WTF::DefaultRefDerefTraits<WebCore::ServiceWorker>>>>&&, WTF::Vector<WTF::Ref<WebCore::MessagePort, WTF::RawPtrTraits<WebCore::MessagePort>, WTF::DefaultRefDerefTraits<WebCore::MessagePort>>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&)
13 0x669a89ca6 WebCore::LocalDOMWindow::processPostMessage(JSC::JSGlobalObject&, WTF::String const&, WebCore::MessageWithMessagePorts const&, WTF::RefPtr<WebCore::WindowProxy, WTF::RawPtrTraits<WebCore::WindowProxy>, WTF::DefaultRefDerefTraits<WebCore::WindowProxy>>&&, WTF::RefPtr<WebCore::SecurityOrigin, WTF::RawPtrTraits<WebCore::SecurityOrigin>, WTF::DefaultRefDerefTraits<WebCore::SecurityOrigin>>&&)::$_0::operator()()
14 0x669a89699 WTF::Detail::CallableWrapper<WebCore::LocalDOMWindow::processPostMessage(JSC::JSGlobalObject&, WTF::String const&, WebCore::MessageWithMessagePorts const&, WTF::RefPtr<WebCore::WindowProxy, WTF::RawPtrTraits<WebCore::WindowProxy>, WTF::DefaultRefDerefTraits<WebCore::WindowProxy>>&&, WTF::RefPtr<WebCore::SecurityOrigin, WTF::RawPtrTraits<WebCore::SecurityOrigin>, WTF::DefaultRefDerefTraits<WebCore::SecurityOrigin>>&&)::$_0, void>::call()
15 0x663c4c357 WTF::Function<void ()>::operator()() const
16 0x668a4ec19 WebCore::EventLoopFunctionDispatchTask::execute()
17 0x668a4170d WebCore::EventLoop::run(std::__1::optional<WTF::ApproximateTime>)
18 0x668c18353 WebCore::WindowEventLoop::didReachTimeToRun()
19 0x668c1b7b6 WebCore::Timer::Timer<WebCore::WindowEventLoop, WebCore::WindowEventLoop>(WebCore::WindowEventLoop&, void (WebCore::WindowEventLoop::*)())::'lambda'()::operator()() const
20 0x668c1b719 WTF::Detail::CallableWrapper<WebCore::Timer::Timer<WebCore::WindowEventLoop, WebCore::WindowEventLoop>(WebCore::WindowEventLoop&, void (WebCore::WindowEventLoop::*)())::'lambda'(), void>::call()
21 0x663c4c357 WTF::Function<void ()>::operator()() const
22 0x663d971a9 WebCore::Timer::fired()
23 0x669e10228 WebCore::ThreadTimers::sharedTimerFiredInternal()
24 0x669e19fb1 WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0::operator()() const
25 0x669e19f69 WTF::Detail::CallableWrapper<WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0, void>::call()
26 0x663c4c357 WTF::Function<void ()>::operator()() const
27 0x669dbd576 WebCore::MainThreadSharedTimer::fired()
28 0x669f253b6 WebCore::timerFired(__CFRunLoopTimer*, void*)
29 0x7ff81738670e __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__
30 0x7ff8173862bc __CFRunLoopDoTimer
31 0x7ff817385ee8 __CFRunLoopDoTimers
32 0x7ff81736cb73 __CFRunLoopRun
33 0x7ff81736bc6e CFRunLoopRunSpecific
34 0x7ff8183a46d9 -[NSRunLoop(NSRunLoop) runMode:beforeDate:]
35 0x7ff818424967 -[NSRunLoop(NSRunLoop) run]
36 0x7ff816f97a1d _xpc_objc_main
37 0x7ff816fa4b69 _xpc_main
38 0x7ff816f9762c _xpc_copy_xpcservice_dictionary
39 0x60d0e5710 WebKit::XPCServiceMain(int, char const**)
40 0x60fecea4b WKXPCServiceMain
41 0x108970f72 main
42 0x7ff816ef82cd start
ASSERTION FAILED: !m_needExceptionCheck
./runtime/VM.cpp(1450) : void JSC::VM::verifyExceptionCheckNeedIsSatisfied(unsigned int, ExceptionEventLocation &)
1 0x5e54e21a5 JSC::VM::verifyExceptionCheckNeedIsSatisfied(unsigned int, JSC::ExceptionEventLocation&)
2 0x5e4e366fd JSC::CatchScope::CatchScope(JSC::VM&, JSC::ExceptionEventLocation)
3 0x5e4e364d3 JSC::CatchScope::CatchScope(JSC::VM&, JSC::ExceptionEventLocation)
4 0x5e532cb00 JSC::MicrotaskQueue::performMicrotaskCheckpoint(JSC::VM&)
5 0x5e54e1b2c JSC::VM::drainMicrotasks()
6 0x5e51476e3 JSC::JSLock::willReleaseLock()
7 0x5e5147630 JSC::JSLock::unlock(long)
8 0x5e5146d7a JSC::JSLock::unlock()
9 0x66507fb33 WTF::Locker<JSC::JSLock, void>::unlock()
10 0x66507faf5 WTF::Locker<JSC::JSLock, void>::~Locker()
11 0x66507f7c5 WTF::Locker<JSC::JSLock, void>::~Locker()
12 0x668aa9fe9 WebCore::MessageEvent::create(JSC::JSGlobalObject&, WTF::Ref<WebCore::SerializedScriptValue, WTF::RawPtrTraits<WebCore::SerializedScriptValue>, WTF::DefaultRefDerefTraits<WebCore::SerializedScriptValue>>&&, WTF::String const&, WTF::String const&, std::__1::optional<std::__1::variant<WTF::RefPtr<WebCore::WindowProxy, WTF::RawPtrTraits<WebCore::WindowProxy>, WTF::DefaultRefDerefTraits<WebCore::WindowProxy>>, WTF::RefPtr<WebCore::MessagePort, WTF::RawPtrTraits<WebCore::MessagePort>, WTF::DefaultRefDerefTraits<WebCore::MessagePort>>, WTF::RefPtr<WebCore::ServiceWorker, WTF::RawPtrTraits<WebCore::ServiceWorker>, WTF::DefaultRefDerefTraits<WebCore::ServiceWorker>>>>&&, WTF::Vector<WTF::Ref<WebCore::MessagePort, WTF::RawPtrTraits<WebCore::MessagePort>, WTF::DefaultRefDerefTraits<WebCore::MessagePort>>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&)
13 0x669a89ca6 WebCore::LocalDOMWindow::processPostMessage(JSC::JSGlobalObject&, WTF::String const&, WebCore::MessageWithMessagePorts const&, WTF::RefPtr<WebCore::WindowProxy, WTF::RawPtrTraits<WebCore::WindowProxy>, WTF::DefaultRefDerefTraits<WebCore::WindowProxy>>&&, WTF::RefPtr<WebCore::SecurityOrigin, WTF::RawPtrTraits<WebCore::SecurityOrigin>, WTF::DefaultRefDerefTraits<WebCore::SecurityOrigin>>&&)::$_0::operator()()
14 0x669a89699 WTF::Detail::CallableWrapper<WebCore::LocalDOMWindow::processPostMessage(JSC::JSGlobalObject&, WTF::String const&, WebCore::MessageWithMessagePorts const&, WTF::RefPtr<WebCore::WindowProxy, WTF::RawPtrTraits<WebCore::WindowProxy>, WTF::DefaultRefDerefTraits<WebCore::WindowProxy>>&&, WTF::RefPtr<WebCore::SecurityOrigin, WTF::RawPtrTraits<WebCore::SecurityOrigin>, WTF::DefaultRefDerefTraits<WebCore::SecurityOrigin>>&&)::$_0, void>::call()
15 0x663c4c357 WTF::Function<void ()>::operator()() const
16 0x668a4ec19 WebCore::EventLoopFunctionDispatchTask::execute()
17 0x668a4170d WebCore::EventLoop::run(std::__1::optional<WTF::ApproximateTime>)
18 0x668c18353 WebCore::WindowEventLoop::didReachTimeToRun()
19 0x668c1b7b6 WebCore::Timer::Timer<WebCore::WindowEventLoop, WebCore::WindowEventLoop>(WebCore::WindowEventLoop&, void (WebCore::WindowEventLoop::*)())::'lambda'()::operator()() const
20 0x668c1b719 WTF::Detail::CallableWrapper<WebCore::Timer::Timer<WebCore::WindowEventLoop, WebCore::WindowEventLoop>(WebCore::WindowEventLoop&, void (WebCore::WindowEventLoop::*)())::'lambda'(), void>::call()
21 0x663c4c357 WTF::Function<void ()>::operator()() const
22 0x663d971a9 WebCore::Timer::fired()
23 0x669e10228 WebCore::ThreadTimers::sharedTimerFiredInternal()
24 0x669e19fb1 WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0::operator()() const
25 0x669e19f69 WTF::Detail::CallableWrapper<WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0, void>::call()
26 0x663c4c357 WTF::Function<void ()>::operator()() const
27 0x669dbd576 WebCore::MainThreadSharedTimer::fired()
28 0x669f253b6 WebCore::timerFired(__CFRunLoopTimer*, void*)
29 0x7ff81738670e __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__
30 0x7ff8173862bc __CFRunLoopDoTimer
31 0x7ff817385ee8 __CFRunLoopDoTimers
com.apple.WebKit.WebContent.Development terminated (pid 39137) for reason: crash
LEAK: 1 WebPageProxy
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Fujii Hironori
This is reproducible with Windows Debug build.
> python ./Tools/Scripts/run-webkit-tests --debug --iter=2 js/dom/missing-exception-check-in-clone-serializer-serialize.html
Fujii Hironori
History:
https://results.webkit.org/?suite=layout-tests&test=js%2Fdom%2Fmissing-exception-check-in-convertNumbers.html&style=debug
Radar WebKit Bug Importer
<rdar://problem/146364641>
Yusuke Suzuki
Pull request: https://github.com/WebKit/WebKit/pull/41987
EWS
Committed 291689@main (151ef788a55c): <https://commits.webkit.org/291689@main>
Reviewed commits have been landed. Closing PR #41987 and removing active labels.
Robert Jenner
<rdar://problem/148446813>
EWS
Committed 289651.394@safari-7621-branch (17307e3a0d8a): <https://commits.webkit.org/289651.394@safari-7621-branch>
Reviewed commits have been landed. Closing PR #2944 and removing active labels.