Bug 87521

<rdar://problem/10189597>

Created attachment 144110 [details]
Add and deply a NonSharedCharacterBreakIterator class

Comment on attachment 144110 [details]
Add and deply a NonSharedCharacterBreakIterator class

Attachment 144110 [details] did not pass gtk-ews (gtk):
Output: http://queues.webkit.org/results/12791590

Created attachment 144118 [details]
Add and deply a NonSharedCharacterBreakIterator class

Comment on attachment 144118 [details]
Add and deply a NonSharedCharacterBreakIterator class

View in context: https://bugs.webkit.org/attachment.cgi?id=144118&action=review

> Source/WebCore/platform/text/TextBreakIterator.h:112
> +    TextBreakIterator* get() const { return m_iterator; }

MIght want to consider the type conversion operator for this instead of an explicit get function.

> Source/WebCore/platform/text/TextBreakIteratorICU.cpp:93
> +    bool createdIterator = m_iterator && weakCompareAndSwap(reinterpret_cast<void**>(&nonSharedCharacterBreakIterator), m_iterator, 0);

The reinterpret_cast<void**> idiom is particularly unpleasant. Might be worth looking into a refactoring to clean that up and put it in one place.

> Source/WebCore/platform/text/wince/TextBreakIteratorWinCE.cpp:247
> +        m_iterator = new CharBreakIterator();

I normally omit the () in lines of code like this.

Fixed in <http://trac.webkit.org/r118568>.

(In reply to comment #6)
> Fixed in <http://trac.webkit.org/r118568>.

I think this caused 19+ crashes to start happening on the Win WK2 Release bots:

http://build.webkit.org/results/Windows%207%20Release%20(WebKit2%20Tests)/r118568%20(18598)/results.html


INVALID_POINTER_WRITE
    Tid    [0x12c4]
    Frame  [0x00]: ntdll!ZwRaiseException


PRIMARY_PROBLEM_CLASS:  INVALID_POINTER_WRITE

BUGCHECK_STR:  APPLICATION_FAULT_INVALID_POINTER_WRITE

STACK_TEXT:  
0031ed6c 6f98ccd5 00019d87 7e1740c0 0031ee44 WebKit!WebCore::NonSharedCharacterBreakIterator::~NonSharedCharacterBreakIterator+0xf [c:\cygwin\home\buildbot\slave\win-release\build\source\webcore\platform\text\textbreakiteratoricu.cpp @ 99]
0031ed84 6f98f25e 7e03c014 003e9388 00010000 WebKit!WebCore::CharacterData::parserAppendData+0x75 [c:\cygwin\home\buildbot\slave\win-release\build\source\webcore\dom\characterdata.cpp @ 80]
0031eda4 6fe5481f 0031ede0 7e190800 0031ee44 WebKit!WebCore::Text::createWithLengthLimit+0xde [c:\cygwin\home\buildbot\slave\win-release\build\source\webcore\dom\text.cpp @ 292]
0031ee00 6fe2de9f 0031ee44 00000002 0031ee98 WebKit!WebCore::HTMLConstructionSite::insertTextNode+0x15f [c:\cygwin\home\buildbot\slave\win-release\build\source\webcore\html\parser\htmlconstructionsite.cpp @ 392]
0031ee50 6fe2e483 0031ee5c 7e038b0e 7e038b0e WebKit!WebCore::HTMLTreeBuilder::processCharacterBuffer+0x38f [c:\cygwin\home\buildbot\slave\win-release\build\source\webcore\html\parser\htmltreebuilder.cpp @ 2384]
0031ee64 6fe30411 0031ee98 0031ee84 6fe30f23 WebKit!WebCore::HTMLTreeBuilder::processCharacter+0x23 [c:\cygwin\home\buildbot\slave\win-release\build\source\webcore\html\parser\htmltreebuilder.cpp @ 2258]
0031ee70 6fe30f23 0031ee98 7e168f20 7e19405c WebKit!WebCore::HTMLTreeBuilder::processToken+0x61 [c:\cygwin\home\buildbot\slave\win-release\build\source\webcore\html\parser\htmltreebuilder.cpp @ 516]
0031ee84 6fe311a0 0031ee98 7e19405c 7e194000 WebKit!WebCore::HTMLTreeBuilder::constructTreeFromAtomicToken+0x23 [c:\cygwin\home\buildbot\slave\win-release\build\source\webcore\html\parser\htmltreebuilder.cpp @ 477]
0031eebc 6fd89119 7e19405c 7e3b13d8 7e194000 WebKit!WebCore::HTMLTreeBuilder::constructTreeFromToken+0x30 [c:\cygwin\home\buildbot\slave\win-release\build\source\webcore\html\parser\htmltreebuilder.cpp @ 461]
0031eefc 6fd89498 00000000 7e194000 0031ef58 WebKit!WebCore::HTMLDocumentParser::pumpTokenizer+0x119 [c:\cygwin\home\buildbot\slave\win-release\build\source\webcore\html\parser\htmldocumentparser.cpp @ 278]
0031ef0c 6f97cb88 0031ef20 7e3b1380 7e3b13d8 WebKit!WebCore::HTMLDocumentParser::append+0xc8 [c:\cygwin\home\buildbot\slave\win-release\build\source\webcore\html\parser\htmldocumentparser.cpp @ 372]
0031ef58 6fd74435 7e3b13d8 05110048 7dfd0000 WebKit!WebCore::DecodedDataDocumentParser::appendBytes+0x58 [c:\cygwin\home\buildbot\slave\win-release\build\source\webcore\dom\decodeddatadocumentparser.cpp @ 50]
0031ef70 6fa8aa8e 05110048 0001a346 7eeb0808 WebKit!WebCore::DocumentWriter::addData+0x55 [c:\cygwin\home\buildbot\slave\win-release\build\source\webcore\loader\documentwriter.cpp @ 218]
0031efbc 6f74435c 05110048 0001a346 7eec4700 WebKit!WebCore::DocumentLoader::commitData+0xee [c:\cygwin\home\buildbot\slave\win-release\build\source\webcore\loader\documentloader.cpp @ 349]
0031eff4 6fa8afd3 7e3b1380 05110048 0001a346 WebKit!WebKit::WebFrameLoaderClient::committedLoad+0x2c [c:\cygwin\home\buildbot\slave\win-release\build\source\webkit2\webprocess\webcoresupport\webframeloaderclient.cpp @ 870]
0031f014 6fa8b06e 05110048 0001a346 0001a346 WebKit!WebCore::DocumentLoader::commitLoad+0x93 [c:\cygwin\home\buildbot\slave\win-release\build\source\webcore\loader\documentloader.cpp @ 322]
0031f02c 6fdaf843 05110048 0001a346 0001a346 WebKit!WebCore::DocumentLoader::receivedData+0x4e [c:\cygwin\home\buildbot\slave\win-release\build\source\webcore\loader\documentloader.cpp @ 360]
0031f048 6fc54e25 05110048 0001a346 00000000 WebKit!WebCore::MainResourceLoader::addData+0x23 [c:\cygwin\home\buildbot\slave\win-release\build\source\webcore\loader\mainresourceloader.cpp @ 192]
0031f068 6fdb0b08 05110048 0001a346 0001a346 WebKit!WebCore::ResourceLoader::didReceiveData+0x25 [c:\cygwin\home\buildbot\slave\win-release\build\source\webcore\loader\resourceloader.cpp @ 276]
0031f184 6fc54d30 05110048 0001a346 0001a346 WebKit!WebCore::MainResourceLoader::didReceiveData+0x188 [c:\cygwin\home\buildbot\slave\win-release\build\source\webcore\loader\mainresourceloader.cpp @ 512]
0031f1b4 6f8e1a73 7e15d2d0 05110048 0001a346 WebKit!WebCore::ResourceLoader::didReceiveData+0x60 [c:\cygwin\home\buildbot\slave\win-release\build\source\webcore\loader\resourceloader.cpp @ 430]
0031f1d8 72d46581 03e03a30 03e03c38 0001a346 WebKit!WebCore::didReceiveData+0x43 [c:\cygwin\home\buildbot\slave\win-release\build\source\webcore\platform\network\cf\resourcehandlecfnet.cpp @ 265]
WARNING: Stack unwind information not available. Following frames may be wrong.
0031f2f4 72d48f20 0040aa20 0031f398 003ce8c8 CFNetwork!CFReadStreamCreateWithFormArray+0x6671
0031f480 72d492e5 0031f53c 00000004 03e98b68 CFNetwork!CFReadStreamCreateWithFormArray+0x9010
0031f60c 72d426e2 03e98b9c 00000004 03e03a30 CFNetwork!CFReadStreamCreateWithFormArray+0x93d5
0031f67c 72d438e4 03e9aa80 000004cf 6f7c3956 CFNetwork!CFReadStreamCreateWithFormArray+0x27d2
0031f6a0 75e362fa 018103d6 000004cf 03e03a30 CFNetwork!CFReadStreamCreateWithFormArray+0x39d4
0031f6cc 75e36d3a 72d43860 018103d6 000004cf USER32!InternalCallWinProc+0x23
0031f744 75e377c4 00000000 72d43860 018103d6 USER32!UserCallWinProcCheckWow+0x109
0031f7a4 75e3788a 72d43860 00000000 0031f7e8 USER32!DispatchMessageWorker+0x3bc
0031f7b4 6f7c3611 0031f7cc 0031f830 00000000 USER32!DispatchMessageW+0xf
0031f7e8 6f760eee 76051222 7ee90488 7ee913c0 WebKit!WebCore::RunLoop::run+0x41 [c:\cygwin\home\buildbot\slave\win-release\build\source\webcore\platform\win\runloopwin.cpp @ 76]
0031f7fc 6f736766 0031f830 00000000 7ee951f0 WebKit!WebKit::WebProcessMain+0xde [c:\cygwin\home\buildbot\slave\win-release\build\source\webkit2\webprocess\win\webprocessmainwin.cpp @ 84]
0031f81c 6f73680c 00000000 00800000 005a14ce WebKit!WebKitMain+0x116 [c:\cygwin\home\buildbot\slave\win-release\build\source\webkit2\webprocess\webkitmain.cpp @ 59]
0031f848 00801098 00800000 00000000 005a14ce WebKit!WebKitMain+0x9c [c:\cygwin\home\buildbot\slave\win-release\build\source\webkit2\webprocess\webkitmain.cpp @ 187]
0031fa78 00801258 00800000 00000000 005a14ce WebKit2WebProcess!wWinMain+0x98 [c:\cygwin\home\buildbot\slave\win-release\build\source\webkit2\win\mainwin.cpp @ 67]
0031fb0c 7605339a 7efde000 0031fb58 77d89ef2 WebKit2WebProcess!__tmainCRTStartup+0x150 [f:\dd\vctools\crt_bld\self_x86\crt\src\crtexe.c @ 589]
0031fb18 77d89ef2 7efde000 0cf64ed5 00000000 kernel32!BaseThreadInitThunk+0xe
0031fb58 77d89ec5 008013c4 7efde000 00000000 ntdll!__RtlUserThreadStart+0x70
0031fb70 00000000 008013c4 7efde000 00000000 ntdll!_RtlUserThreadStart+0x1b

If I don't hear from you or darin soon, I will have to roll it out :(

(In reply to comment #7)
> (In reply to comment #6)
> > Fixed in <http://trac.webkit.org/r118568>.
> 
> I think this caused 19+ crashes to start happening on the Win WK2 Release bots:

This is happening because that build configuration doesn’t enable COMPARE_AND_SWAP.

Since COMPARE_AND_SWAP is an optional feature, we can’t require it for any use of character break iterators. We can either make NonSharedCharacterBreakIterator silently unsafe when COMPARE_AND_SWAP is not enabled, or try to write an alternative, safe implementation that doesn’t rely on COMPARE_AND_SWAP.

Created attachment 144168 [details]
Added a code path for when COMPARE_AND_SWAP is not enabled

Follow-up patch landed in <http://trac.webkit.org/r118587>.