Bug 36336

Summary: [v8] Crash if the worker is terminated before its initial script is executed.
Product: WebKit Reporter: Dmitry Titov <dimich>
Component: WebCore JavaScriptAssignee: Dmitry Titov <dimich>
Status: RESOLVED FIXED    
Severity: Normal CC: atwilson, dglazkov
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   
Attachments:
Description Flags
Patch. japhet: review+, dimich: commit-queue-

Dmitry Titov
Reported 2010-03-18 16:43:49 PDT
TerminateExecution() which happens during v8 initialization will terminate init and return NULL context. Need a check.
Attachments
Patch. (6.97 KB, patch)
2010-03-18 16:53 PDT, Dmitry Titov 		japhet: review+
dimich: commit-queue-
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Dmitry Titov
Comment 1 2010-03-18 16:53:19 PDT
Created attachment 51111 [details] Patch. I figured out a test for this, but it is a flakey test (because of timing involved). Thankfully, when it hits unfortunate timing, it is a false positive. When it fails, it's a failure.
Nate Chapin
Comment 2 2010-03-19 14:53:34 PDT
Comment on attachment 51111 [details] Patch. Ok. My only concern is with the (admittedly unavoidable) inherently flaky test. Do you happen to know what the false positive rate is?
Dmitry Titov
Comment 3 2010-03-22 18:11:04 PDT
> My only concern is with the (admittedly unavoidable) inherently flaky test. Do > you happen to know what the false positive rate is? It's fairly 'stable'. The v8 initialization takes ~50ms on a 2.6GHz machine, debug build. The termination request comes right about in the middle of that range at the moment, so I have 100% repro rate on my local Mac.
Dmitry Titov
Comment 4 2010-03-22 19:22:09 PDT
Landed: http://trac.webkit.org/changeset/56375
Note You need to log in before you can comment on or make changes to this bug.