Bug 91068

Summary: [EFL] [WK2] regression(r122411) Crashes in Ewk_View
Product: WebKit Reporter: Sudarsana Nagineni (babu) <naginenis>
Component: WebKit EFLAssignee: Chris Dumez <cdumez>
Status: RESOLVED FIXED    
Severity: Normal CC: cdumez, gustavo, gyuyoung.kim, haraken, kenneth, lucas.de.marchi, tmpsantos, tonikitoo, webkit.review.bot
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch
none
Patch none

Sudarsana Nagineni (babu)
Reported 2012-07-12 03:19:02 PDT
(gdb) bt #0 0x00007f1008dd1c6e in WTF::OwnPtr<WTF::Mutex>::operator* (this=0x16f98d8) at WebKit/Source/WTF/wtf/OwnPtr.h:63 #1 0x00007f1008f72823 in WTF::addIterator<unsigned long, std::pair<unsigned long, _Ewk_Web_Resource*>, WTF::PairFirstExtractor<std::pair<unsigned long, _Ewk_Web_Resource*> >, WTF::IntHash<unsigned long>, WTF::HashMapValueTraits<WTF::HashTraits<unsigned long>, WTF::HashTraits<_Ewk_Web_Resource*> >, WTF::HashTraits<unsigned long> > (table=0x16f98b8, it=0x7fff602b7ce0) at WebKit/Source/WTF/wtf/HashTable.h:1136 #2 0x00007f1008f73af2 in WTF::HashTableConstIterator<unsigned long, std::pair<unsigned long, _Ewk_Web_Resource*>, WTF::PairFirstExtractor<std::pair<unsigned long, _Ewk_Web_Resource*> >, WTF::IntHash<unsigned long>, WTF::HashMapValueTraits<WTF::HashTraits<unsigned long>, WTF::HashTraits<_Ewk_Web_Resource*> >, WTF::HashTraits<unsigned long> >::HashTableConstIterator (this=0x7fff602b7ce0, table=0x16f98b8, position=0x0, endPosition=0x0) at WebKit/Source/WTF/wtf/HashTable.h:132 #3 0x00007f1008f736e6 in WTF::HashTableIterator<unsigned long, std::pair<unsigned long, _Ewk_Web_Resource*>, WTF::PairFirstExtractor<std::pair<unsigned long, _Ewk_Web_Resource*> >, WTF::IntHash<unsigned long>, WTF::HashMapValueTraits<WTF::HashTraits<unsigned long>, WTF::HashTraits<_Ewk_Web_Resource*> >, WTF::HashTraits<unsigned long> >::HashTableIterator (this=0x7fff602b7ce0, table=0x16f98b8, pos=0x0, end=0x0, tag=WTF::HashItemKnownGood) at WebKit/Source/WTF/wtf/HashTable.h:252 #4 0x00007f1008f7306a in WTF::HashTable<unsigned long, std::pair<unsigned long, _Ewk_Web_Resource*>, WTF::PairFirstExtractor<std::pair<unsigned long, _Ewk_Web_Resource*> >, WTF::IntHash<unsigned long>, WTF::HashMapValueTraits<WTF::HashTraits<unsigned long>, WTF::HashTraits<_Ewk_Web_Resource*> >, WTF::HashTraits<unsigned long> >::makeKnownGoodIterator (this=0x16f98b8, pos=0x0) at WebKit/Source/WTF/wtf/HashTable.h:425 #5 0x00007f1008f7294c in WTF::HashTable<unsigned long, std::pair<unsigned long, _Ewk_Web_Resource*>, WTF::PairFirstExtractor<std::pair<unsigned long, _Ewk_Web_Resource*> >, WTF::IntHash<unsigned long>, WTF::HashMapValueTraits<WTF::HashTraits<unsigned long>, WTF::HashTraits<_Ewk_Web_Resource*> >, WTF::HashTraits<unsigned long> >::end (this=0x16f98b8) at WebKit/Source/WTF/wtf/HashTable.h:341 #6 0x00007f1008f7278b in WTF::HashTable<unsigned long, std::pair<unsigned long, _Ewk_Web_Resource*>, WTF::PairFirstExtractor<std::pair<unsigned long, _Ewk_Web_Resource*> >, WTF::IntHash<unsigned long>, WTF::HashMapValueTraits<WTF::HashTraits<unsigned long>, WTF::HashTraits<_Ewk_Web_Resource*> >, WTF::HashTraits<unsigned long> >::begin (this=0x16f98b8) at WebKit/Source/WTF/wtf/HashTable.h:340 #7 0x00007f1008f72145 in WTF::HashMap<unsigned long, _Ewk_Web_Resource*, WTF::IntHash<unsigned long>, WTF::HashTraits<unsigned long>, WTF::HashTraits<_Ewk_Web_Resource*> >::begin (this=0x16f98b8) at WebKit/Source/WTF/wtf/HashMap.h:268 #8 0x00007f1008f71397 in ewk_view_load_provisional_started (ewkView=0x16cc1d0) at WebKit/Source/WebKit2/UIProcess/API/efl/ewk_view.cpp:871 #9 0x00007f1008f7423f in didStartProvisionalLoadForFrame (page=0x16fbd60, frame=0x1727a20, userData=0x0, clientInfo=0x16cc1d0) at WebKit/Source/WebKit2/UIProcess/API/efl/ewk_view_loader_client.cpp:103 #10 0x00007f1008e5a043 in WebKit::WebLoaderClient::didStartProvisionalLoadForFrame (this=0x16fbd88, page=0x16fbd60, frame=0x1727a20, userData=0x0) at WebKit/Source/WebKit2/UIProcess/WebLoaderClient.cpp:48 #11 0x00007f1008e6924b in WebKit::WebPageProxy::didStartProvisionalLoadForFrame (this=0x16fbd60, frameID=1, url="http://www.google.com/", unreachableURL="(null)", arguments=0x7f0fa4000b30) at WebKit/Source/WebKit2/UIProcess/WebPageProxy.cpp:1923 #12 0x00007f1008f904eb in CoreIPC::callMemberFunction<WebKit::WebPageProxy, void (WebKit::WebPageProxy::*)(unsigned long, WTF::String const&, WTF::String const&, CoreIPC::ArgumentDecoder*), unsigned long, WTF::String, WTF::String> (args=..., argumentDecoder=0x7f0fa4000b30, object=0x16fbd60, function= (void (WebKit::WebPageProxy::*)(WebKit::WebPageProxy * const, unsigned long, const WTF::String &, const WTF::String &, CoreIPC::ArgumentDecoder *)) 0x7f1008e6903a <WebKit::WebPageProxy::didStartProvisionalLoadForFrame(unsigned long, WTF::String const&, WTF::String const&, CoreIPC::ArgumentDecoder*)>) at WebKit/Source/WebKit2/Platform/CoreIPC/HandleMessage.h:247 #13 0x00007f1008f8caf0 in CoreIPC::handleMessageVariadic<Messages::WebPageProxy::DidStartProvisionalLoadForFrame, WebKit::WebPageProxy, void (WebKit::WebPageProxy::*)(unsigned long, WTF::String const&, WTF::String const&, CoreIPC::ArgumentDecoder*)> (argumentDecoder=0x7f0fa4000b30, object=0x16fbd60, function= (void (WebKit::WebPageProxy::*)(WebKit::WebPageProxy * const, unsigned long, const WTF::String &, const WTF::String &, CoreIPC::ArgumentDecoder *)) 0x7f1008e6903a <WebKit::WebPageProxy::didStartProvisionalLoadForFrame(unsigned long, WTF::String const&, WTF::String const&, CoreIPC::ArgumentDecoder*)>) at WebKit/Source/WebKit2/Platform/CoreIPC/HandleMessage.h:332 #14 0x00007f1008f89c44 in WebKit::WebPageProxy::didReceiveWebPageProxyMessage (this=0x16fbd60, messageID=..., arguments=0x7f0fa4000b30) at WebKit/WebKitBuild/Debug/DerivedSources/WebKit2/WebPageProxyMessageReceiver.cpp:301 #15 0x00007f1008e6821b in WebKit::WebPageProxy::didReceiveMessage (this=0x16fbd60, connection=0x16d2ff0, messageID=..., arguments=0x7f0fa4000b30) at WebKit/Source/WebKit2/UIProcess/WebPageProxy.cpp:1771 #16 0x00007f1008e9f0ae in WebKit::WebProcessProxy::didReceiveMessage (this=0x16fb340, connection=0x16d2ff0, messageID=..., arguments=0x7f0fa4000b30) at WebKit/Source/WebKit2/UIProcess/WebProcessProxy.cpp:336 #17 0x00007f1008e2caff in WebKit::WebConnectionToWebProcess::didReceiveMessage (this=0x16fe6f0, connection=0x16d2ff0, messageID=..., arguments=0x7f0fa4000b30) at WebKit/Source/WebKit2/UIProcess/WebConnectionToWebProcess.cpp:92 #18 0x00007f1008dd83db in CoreIPC::Connection::dispatchMessage (this=0x16d2ff0, message=...) at WebKit/Source/WebKit2/Platform/CoreIPC/Connection.cpp:691 #19 0x00007f1008dd8579 in CoreIPC::Connection::dispatchOneMessage (this=0x16d2ff0) at WebKit/Source/WebKit2/Platform/CoreIPC/Connection.cpp:717 #20 0x00007f1008de246c in WTF::FunctionWrapper<void (CoreIPC::Connection::*)()>::operator() (this=0x7f0fa4000c00, c=0x16d2ff0) at WebKit/Source/WTF/wtf/Functional.h:173 #21 0x00007f1008de2272 in WTF::BoundFunctionImpl<WTF::FunctionWrapper<void (CoreIPC::Connection::*)()>, void (CoreIPC::Connection*)>::operator()() (this=0x7f0fa4000bf0) at WebKit/Source/WTF/wtf/Functional.h:405 #22 0x00007f1008f329f2 in WTF::Function<void ()>::operator()() const (this=0x7fff602b8840) at WebKit/Source/WTF/wtf/Functional.h:613 #23 0x00007f1003ea578e in WebCore::RunLoop::performWork (this=0x16da100) at WebKit/Source/WebCore/platform/RunLoop.cpp:102 #24 0x00007f1004893dd7 in WebCore::RunLoop::wakeUpEvent (data=0x16da100) at WebKit/Source/WebCore/platform/efl/RunLoopEfl.cpp:100 #25 0x00007f1009364061 in _ecore_pipe_read (data=0x168b750, fd_handler=<optimized out>) at ecore_pipe.c:625 #26 0x00007f1009363131 in _ecore_call_fd_cb (data=<optimized out>, func=<optimized out>, fd_handler=0x168be50) at ecore_private.h:343 #27 _ecore_main_fd_handlers_call () at ecore_main.c:1562 #28 _ecore_main_loop_iterate_internal (once_only=0) at ecore_main.c:1809 #29 0x00007f1009363677 in ecore_main_loop_begin () at ecore_main.c:931 #30 0x0000000000401db3 in main (argc=1, argv=0x7fff602b8a88) at WebKit/Tools/MiniBrowser/efl/main.c:201
Attachments
Patch (10.37 KB, patch)
2012-07-12 05:00 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Patch (14.92 KB, patch)
2012-07-12 05:54 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Chris Dumez
Comment 1 2012-07-12 03:22:42 PDT
I cannot reproduce in release. I'll try a debug build.
Chris Dumez
Comment 2 2012-07-12 04:10:24 PDT
This happens in debug mode only because CHECK_HASHTABLE_ITERATORS flag is turned on. For some reason, the m_mutex property of the WTF::HashTable is null, which seems impossible since it is properly initialized in the HashTable constructor. This happens when requesting the begin() iterator of an empty HashTable.
Chris Dumez
Comment 3 2012-07-12 05:00:50 PDT
Created attachment 151912 [details] Patch Turns out this was caused by calloc() overwriting with zeros structure members that are not pointers (e.g. HashMap members). This patch removes usage of calloc() and uses the new operator instead since it is too bug prone when extending structures.
Sudarsana Nagineni (babu)
Comment 4 2012-07-12 05:26:04 PDT
LGTM. Thanks for fixing the crash.
Thiago Marcos P. Santos
Comment 5 2012-07-12 05:48:01 PDT
LGTM. The difference between calloc and new is basically that [c|m]alloc doesn't call the constructor.
Chris Dumez
Comment 6 2012-07-12 05:54:07 PDT
Created attachment 151927 [details] Patch Use constructors instead of post initialization, as advised by Haraken.
Kentaro Hara
Comment 7 2012-07-12 05:56:14 PDT
Comment on attachment 151927 [details] Patch LGTM
WebKit Review Bot
Comment 8 2012-07-12 06:39:37 PDT
Comment on attachment 151927 [details] Patch Clearing flags on attachment: 151927 Committed r122452: <http://trac.webkit.org/changeset/122452>
WebKit Review Bot
Comment 9 2012-07-12 06:39:43 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.