Bug 36336

Summary:

[v8] Crash if the worker is terminated before its initial script is executed.

Product:

WebKit

Reporter:

Dmitry Titov <dimich>

Component:

WebCore JavaScript

Assignee:

Dmitry Titov <dimich>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

atwilson, dglazkov

Priority:

Version:

528+ (Nightly build)

Hardware:

All

OS:

All

Attachments:

Description	Flags
Patch.	japhet: review+, dimich: commit-queue-

Description Dmitry Titov 2010-03-18 16:43:49 PDT

TerminateExecution() which happens during v8 initialization will terminate init and return NULL context. Need a check.

Comment 1 Dmitry Titov 2010-03-18 16:53:19 PDT

Created attachment 51111 [details]
Patch.

I figured out a test for this, but it is a flakey test (because of timing involved). Thankfully, when it hits unfortunate timing, it is a false positive. When it fails, it's a failure.

Comment 2 Nate Chapin 2010-03-19 14:53:34 PDT

Comment on attachment 51111 [details]
Patch.

Ok.

My only concern is with the (admittedly unavoidable) inherently flaky test. Do you happen to know what the false positive rate is?

Comment 3 Dmitry Titov 2010-03-22 18:11:04 PDT

> My only concern is with the (admittedly unavoidable) inherently flaky test. Do
> you happen to know what the false positive rate is?

It's fairly 'stable'. The v8 initialization takes ~50ms on a 2.6GHz machine, debug build. The termination request comes right about in the middle of that range at the moment, so I have 100% repro rate on my local Mac.

Comment 4 Dmitry Titov 2010-03-22 19:22:09 PDT

Landed: http://trac.webkit.org/changeset/56375