Bug 85043
| Summary: | [GTK] http/tests/inspector-enabled/console-clear-arguments-on-frame-remove.html hits ASSERT | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Philippe Normand <pnormand> |
| Component: | WebKitGTK | Assignee: | Nobody <webkit-unassigned> |
| Status: | RESOLVED FIXED | ||
| Severity: | Normal | CC: | zan |
| Priority: | P2 | ||
| Version: | 528+ (Nightly build) | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
Philippe Normand
#0 0x00007f60d7038ed9 in WTF::Vector<WebCore::MemoryCache::LRUList, 32ul>::at (this=0xc5b090, i=18) at ../../Source/WTF/wtf/Vector.h:527
527 ASSERT(i < size());
Thread 1 (Thread 0x7f60db320900 (LWP 15080)):
#0 0x00007f60d7038ed9 in WTF::Vector<WebCore::MemoryCache::LRUList, 32ul>::at (this=0xc5b090, i=18) at ../../Source/WTF/wtf/Vector.h:527
#1 0x00007f60d7038585 in WTF::Vector<WebCore::MemoryCache::LRUList, 32ul>::operator[] (this=0xc5b090, i=18) at ../../Source/WTF/wtf/Vector.h:536
#2 0x00007f60d7036301 in WebCore::MemoryCache::pruneDeadResourcesToSize (this=0xc5b070, targetSize=3984588) at ../../Source/WebCore/loader/cache/MemoryCache.cpp:318
#3 0x00007f60d7035fe7 in WebCore::MemoryCache::pruneDeadResources (this=0xc5b070) at ../../Source/WebCore/loader/cache/MemoryCache.cpp:255
#4 0x00007f60d7037af6 in WebCore::MemoryCache::prune (this=0xc5b070) at ../../Source/WebCore/loader/cache/MemoryCache.cpp:744
#5 0x00007f60d7044343 in WebCore::CachedResource::removeClient (this=0x334f5a0, client=0x7f608417e130) at ../../Source/WebCore/loader/cache/CachedResource.cpp:449
#6 0x00007f60d6d15beb in WebCore::CachedScriptSourceProvider::~CachedScriptSourceProvider (this=0x7f608417e0e0, __in_chrg=<optimized out>) at ../../Source/WebCore/bindings/js/CachedScriptSourceProvider.h:45
#7 0x00007f60dacadb52 in WTF::RefCounted<JSC::SourceProvider>::deref (this=0x7f608417e0e8) at ../../Source/WTF/wtf/RefCounted.h:190
#8 0x00007f60dacada14 in WTF::derefIfNotNull<JSC::SourceProvider> (ptr=0x7f608417e0e0) at ../../Source/WTF/wtf/PassRefPtr.h:52
#9 0x00007f60dacad7a5 in WTF::RefPtr<JSC::SourceProvider>::~RefPtr (this=0x7f607cbfeed8, __in_chrg=<optimized out>) at ../../Source/WTF/wtf/RefPtr.h:56
#10 0x00007f60dacad418 in JSC::SourceCode::~SourceCode (this=0x7f607cbfeed8, __in_chrg=<optimized out>) at ../../Source/JavaScriptCore/parser/SourceCode.h:37
#11 0x00007f60daee01c6 in JSC::ScriptExecutable::~ScriptExecutable (this=0x7f607cbfee80, __in_chrg=<optimized out>) at ../../Source/JavaScriptCore/runtime/Executable.h:267
#12 0x00007f60daee02c2 in JSC::FunctionExecutable::~FunctionExecutable (this=0x7f607cbfee80, __in_chrg=<optimized out>) at ../../Source/JavaScriptCore/runtime/Executable.h:466
#13 0x00007f60daedb5a6 in JSC::FunctionExecutable::destroy (cell=0x7f607cbfee80) at ../../Source/JavaScriptCore/runtime/Executable.cpp:169
#14 0x00007f60dae04f54 in JSC::MarkedBlock::callDestructor (this=0x7f607cbf0000, cell=0x7f607cbfee80) at ../../Source/JavaScriptCore/heap/MarkedBlock.cpp:74
#15 0x00007f60dae055ec in JSC::MarkedBlock::specializedSweep<(JSC::MarkedBlock::BlockState)3, (JSC::MarkedBlock::SweepMode)0, true> (this=0x7f607cbf0000) at ../../Source/JavaScriptCore/heap/MarkedBlock.cpp:99
#16 0x00007f60dae05133 in JSC::MarkedBlock::sweepHelper<true> (this=0x7f607cbf0000, sweepMode=JSC::MarkedBlock::SweepOnly) at ../../Source/JavaScriptCore/heap/MarkedBlock.cpp:142
#17 0x00007f60dae04cfd in JSC::MarkedBlock::sweep (this=0x7f607cbf0000, sweepMode=JSC::MarkedBlock::SweepOnly) at ../../Source/JavaScriptCore/heap/MarkedBlock.cpp:121
#18 0x00007f60dadf4e65 in JSC::(anonymous namespace)::Sweep::operator() (this=0x7fff9187b3af, block=0x7f607cbf0000) at ../../Source/JavaScriptCore/heap/Heap.cpp:222
#19 0x00007f60dadf7f5d in JSC::MarkedAllocator::forEachBlock<JSC::<unnamed>::Sweep>(JSC::(anonymous namespace)::Sweep &) (this=0xc1aea8, functor=...) at ../../Source/JavaScriptCore/heap/MarkedAllocator.h:102
#20 0x00007f60dadf76f1 in JSC::MarkedSpace::forEachBlock<JSC::<unnamed>::Sweep>(JSC::(anonymous namespace)::Sweep &) (this=0xc1acf8, functor=...) at ../../Source/JavaScriptCore/heap/MarkedSpace.h:164
#21 0x00007f60dadf734f in JSC::MarkedSpace::forEachBlock<JSC::<unnamed>::Sweep>(void) (this=0xc1acf8) at ../../Source/JavaScriptCore/heap/MarkedSpace.h:178
#22 0x00007f60dadf6b42 in JSC::Heap::sweep (this=0xc1acc8) at ../../Source/JavaScriptCore/heap/Heap.cpp:744
#23 0x00007f60dadf6f11 in JSC::Heap::collect (this=0xc1acc8, sweepToggle=JSC::Heap::DoSweep) at ../../Source/JavaScriptCore/heap/Heap.cpp:865
#24 0x00007f60dadf6d2b in JSC::Heap::collectAllGarbage (this=0xc1acc8) at ../../Source/JavaScriptCore/heap/Heap.cpp:803
#25 0x00007f60d69bb550 in WebCore::collect () at ../../Source/WebCore/bindings/js/GCController.cpp:42
#26 0x00007f60d69bb696 in WebCore::GCController::gcTimerFired (this=0x132b5d0) at ../../Source/WebCore/bindings/js/GCController.cpp:77
#27 0x00007f60d69bb910 in WebCore::Timer<WebCore::GCController>::fired (this=0x132b5d0) at ../../Source/WebCore/platform/Timer.h:100
#28 0x00007f60d729a168 in WebCore::ThreadTimers::sharedTimerFiredInternal (this=0xc089a0) at ../../Source/WebCore/platform/ThreadTimers.cpp:115
#29 0x00007f60d729a09f in WebCore::ThreadTimers::sharedTimerFired () at ../../Source/WebCore/platform/ThreadTimers.cpp:93
#30 0x00007f60d7c3eb72 in WebCore::timeout_cb () at ../../Source/WebCore/platform/gtk/SharedTimerGtk.cpp:49
#31 0x00007f60d48cd058 in g_timeout_dispatch () from /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Dependencies/Root/lib64/libglib-2.0.so.0
#32 0x00007f60d48cb290 in g_main_dispatch () from /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Dependencies/Root/lib64/libglib-2.0.so.0
#33 0x00007f60d48cbf56 in g_main_context_dispatch () from /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Dependencies/Root/lib64/libglib-2.0.so.0
#34 0x00007f60d48cc140 in g_main_context_iterate () from /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Dependencies/Root/lib64/libglib-2.0.so.0
#35 0x00007f60d48cc576 in g_main_loop_run () from /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Dependencies/Root/lib64/libglib-2.0.so.0
#36 0x00007f60d51b062b in gtk_main () from /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Dependencies/Root/lib64/libgtk-3.so.0
#37 0x000000000045c63f in runTest (testPathOrURL=...) at ../../Tools/DumpRenderTree/gtk/DumpRenderTree.cpp:695
#38 0x000000000045bcb7 in runTestingServerLoop () at ../../Tools/DumpRenderTree/gtk/DumpRenderTree.cpp:482
#39 0x000000000045ecd3 in main (argc=2, argv=0x7fff9187c0e8) at ../../Tools/DumpRenderTree/gtk/DumpRenderTree.cpp:1377
I couldn't reproduce this issue in my Debug build but it seems quite consistent on the 3 bots. Will flag it in test_expectations for now.
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Philippe Normand
Looks like http://trac.webkit.org/changeset/115383 triggered this issue. Indeed the crash happens during garbage collection. Maybe it's simply the new GC behavior just unveiled this (previously hidden) bug.
Zan Dobersek
This test was consistently passing on all the builders so their expectations were removed in r116553[1]:
http/tests/inspector-enabled/console-clear-arguments-on-frame-remove.html
http/tests/inspector-enabled/console-log-before-frame-navigation.html
Closing the bug.
1: http://trac.webkit.org/changeset/116553