Bug 91068

Summary: [EFL] [WK2] regression(r122411) Crashes in Ewk_View
Product: WebKit Reporter: Sudarsana Nagineni (babu) <naginenis>
Component: WebKit EFLAssignee: Chris Dumez <cdumez>
Status: RESOLVED FIXED    
Severity: Normal CC: cdumez, gustavo, gyuyoung.kim, haraken, kenneth, lucas.de.marchi, tmpsantos, tonikitoo, webkit.review.bot
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch
none
Patch none

Description Sudarsana Nagineni (babu) 2012-07-12 03:19:02 PDT 
(gdb) bt
#0  0x00007f1008dd1c6e in WTF::OwnPtr<WTF::Mutex>::operator* (this=0x16f98d8) at WebKit/Source/WTF/wtf/OwnPtr.h:63
#1  0x00007f1008f72823 in WTF::addIterator<unsigned long, std::pair<unsigned long, _Ewk_Web_Resource*>, WTF::PairFirstExtractor<std::pair<unsigned long, _Ewk_Web_Resource*> >, WTF::IntHash<unsigned long>, WTF::HashMapValueTraits<WTF::HashTraits<unsigned long>, WTF::HashTraits<_Ewk_Web_Resource*> >, WTF::HashTraits<unsigned long> > (table=0x16f98b8, it=0x7fff602b7ce0)
    at WebKit/Source/WTF/wtf/HashTable.h:1136
#2  0x00007f1008f73af2 in WTF::HashTableConstIterator<unsigned long, std::pair<unsigned long, _Ewk_Web_Resource*>, WTF::PairFirstExtractor<std::pair<unsigned long, _Ewk_Web_Resource*> >, WTF::IntHash<unsigned long>, WTF::HashMapValueTraits<WTF::HashTraits<unsigned long>, WTF::HashTraits<_Ewk_Web_Resource*> >, WTF::HashTraits<unsigned long> >::HashTableConstIterator (this=0x7fff602b7ce0, table=0x16f98b8, 
    position=0x0, endPosition=0x0) at WebKit/Source/WTF/wtf/HashTable.h:132
#3  0x00007f1008f736e6 in WTF::HashTableIterator<unsigned long, std::pair<unsigned long, _Ewk_Web_Resource*>, WTF::PairFirstExtractor<std::pair<unsigned long, _Ewk_Web_Resource*> >, WTF::IntHash<unsigned long>, WTF::HashMapValueTraits<WTF::HashTraits<unsigned long>, WTF::HashTraits<_Ewk_Web_Resource*> >, WTF::HashTraits<unsigned long> >::HashTableIterator (this=0x7fff602b7ce0, table=0x16f98b8, pos=0x0, 
    end=0x0, tag=WTF::HashItemKnownGood) at WebKit/Source/WTF/wtf/HashTable.h:252
#4  0x00007f1008f7306a in WTF::HashTable<unsigned long, std::pair<unsigned long, _Ewk_Web_Resource*>, WTF::PairFirstExtractor<std::pair<unsigned long, _Ewk_Web_Resource*> >, WTF::IntHash<unsigned long>, WTF::HashMapValueTraits<WTF::HashTraits<unsigned long>, WTF::HashTraits<_Ewk_Web_Resource*> >, WTF::HashTraits<unsigned long> >::makeKnownGoodIterator (this=0x16f98b8, pos=0x0)
    at WebKit/Source/WTF/wtf/HashTable.h:425
#5  0x00007f1008f7294c in WTF::HashTable<unsigned long, std::pair<unsigned long, _Ewk_Web_Resource*>, WTF::PairFirstExtractor<std::pair<unsigned long, _Ewk_Web_Resource*> >, WTF::IntHash<unsigned long>, WTF::HashMapValueTraits<WTF::HashTraits<unsigned long>, WTF::HashTraits<_Ewk_Web_Resource*> >, WTF::HashTraits<unsigned long> >::end (this=0x16f98b8) at WebKit/Source/WTF/wtf/HashTable.h:341
#6  0x00007f1008f7278b in WTF::HashTable<unsigned long, std::pair<unsigned long, _Ewk_Web_Resource*>, WTF::PairFirstExtractor<std::pair<unsigned long, _Ewk_Web_Resource*> >, WTF::IntHash<unsigned long>, WTF::HashMapValueTraits<WTF::HashTraits<unsigned long>, WTF::HashTraits<_Ewk_Web_Resource*> >, WTF::HashTraits<unsigned long> >::begin (this=0x16f98b8) at WebKit/Source/WTF/wtf/HashTable.h:340
#7  0x00007f1008f72145 in WTF::HashMap<unsigned long, _Ewk_Web_Resource*, WTF::IntHash<unsigned long>, WTF::HashTraits<unsigned long>, WTF::HashTraits<_Ewk_Web_Resource*> >::begin (this=0x16f98b8)
    at WebKit/Source/WTF/wtf/HashMap.h:268
#8  0x00007f1008f71397 in ewk_view_load_provisional_started (ewkView=0x16cc1d0) at WebKit/Source/WebKit2/UIProcess/API/efl/ewk_view.cpp:871
#9  0x00007f1008f7423f in didStartProvisionalLoadForFrame (page=0x16fbd60, frame=0x1727a20, userData=0x0, clientInfo=0x16cc1d0)
    at WebKit/Source/WebKit2/UIProcess/API/efl/ewk_view_loader_client.cpp:103
#10 0x00007f1008e5a043 in WebKit::WebLoaderClient::didStartProvisionalLoadForFrame (this=0x16fbd88, page=0x16fbd60, frame=0x1727a20, userData=0x0)
    at WebKit/Source/WebKit2/UIProcess/WebLoaderClient.cpp:48
#11 0x00007f1008e6924b in WebKit::WebPageProxy::didStartProvisionalLoadForFrame (this=0x16fbd60, frameID=1, url="http://www.google.com/", unreachableURL="(null)", arguments=0x7f0fa4000b30)
    at WebKit/Source/WebKit2/UIProcess/WebPageProxy.cpp:1923
#12 0x00007f1008f904eb in CoreIPC::callMemberFunction<WebKit::WebPageProxy, void (WebKit::WebPageProxy::*)(unsigned long, WTF::String const&, WTF::String const&, CoreIPC::ArgumentDecoder*), unsigned long, WTF::String, WTF::String> (args=..., argumentDecoder=0x7f0fa4000b30, object=0x16fbd60, function=
    (void (WebKit::WebPageProxy::*)(WebKit::WebPageProxy * const, unsigned long, const WTF::String &, const WTF::String &, CoreIPC::ArgumentDecoder *)) 0x7f1008e6903a <WebKit::WebPageProxy::didStartProvisionalLoadForFrame(unsigned long, WTF::String const&, WTF::String const&, CoreIPC::ArgumentDecoder*)>) at WebKit/Source/WebKit2/Platform/CoreIPC/HandleMessage.h:247
#13 0x00007f1008f8caf0 in CoreIPC::handleMessageVariadic<Messages::WebPageProxy::DidStartProvisionalLoadForFrame, WebKit::WebPageProxy, void (WebKit::WebPageProxy::*)(unsigned long, WTF::String const&, WTF::String const&, CoreIPC::ArgumentDecoder*)> (argumentDecoder=0x7f0fa4000b30, object=0x16fbd60, function=
    (void (WebKit::WebPageProxy::*)(WebKit::WebPageProxy * const, unsigned long, const WTF::String &, const WTF::String &, CoreIPC::ArgumentDecoder *)) 0x7f1008e6903a <WebKit::WebPageProxy::didStartProvisionalLoadForFrame(unsigned long, WTF::String const&, WTF::String const&, CoreIPC::ArgumentDecoder*)>) at WebKit/Source/WebKit2/Platform/CoreIPC/HandleMessage.h:332
#14 0x00007f1008f89c44 in WebKit::WebPageProxy::didReceiveWebPageProxyMessage (this=0x16fbd60, messageID=..., arguments=0x7f0fa4000b30)
    at WebKit/WebKitBuild/Debug/DerivedSources/WebKit2/WebPageProxyMessageReceiver.cpp:301
#15 0x00007f1008e6821b in WebKit::WebPageProxy::didReceiveMessage (this=0x16fbd60, connection=0x16d2ff0, messageID=..., arguments=0x7f0fa4000b30)
    at WebKit/Source/WebKit2/UIProcess/WebPageProxy.cpp:1771
#16 0x00007f1008e9f0ae in WebKit::WebProcessProxy::didReceiveMessage (this=0x16fb340, connection=0x16d2ff0, messageID=..., arguments=0x7f0fa4000b30)
    at WebKit/Source/WebKit2/UIProcess/WebProcessProxy.cpp:336
#17 0x00007f1008e2caff in WebKit::WebConnectionToWebProcess::didReceiveMessage (this=0x16fe6f0, connection=0x16d2ff0, messageID=..., arguments=0x7f0fa4000b30)
    at WebKit/Source/WebKit2/UIProcess/WebConnectionToWebProcess.cpp:92
#18 0x00007f1008dd83db in CoreIPC::Connection::dispatchMessage (this=0x16d2ff0, message=...) at WebKit/Source/WebKit2/Platform/CoreIPC/Connection.cpp:691
#19 0x00007f1008dd8579 in CoreIPC::Connection::dispatchOneMessage (this=0x16d2ff0) at WebKit/Source/WebKit2/Platform/CoreIPC/Connection.cpp:717
#20 0x00007f1008de246c in WTF::FunctionWrapper<void (CoreIPC::Connection::*)()>::operator() (this=0x7f0fa4000c00, c=0x16d2ff0) at WebKit/Source/WTF/wtf/Functional.h:173
#21 0x00007f1008de2272 in WTF::BoundFunctionImpl<WTF::FunctionWrapper<void (CoreIPC::Connection::*)()>, void (CoreIPC::Connection*)>::operator()() (this=0x7f0fa4000bf0)
    at WebKit/Source/WTF/wtf/Functional.h:405
#22 0x00007f1008f329f2 in WTF::Function<void ()>::operator()() const (this=0x7fff602b8840) at WebKit/Source/WTF/wtf/Functional.h:613
#23 0x00007f1003ea578e in WebCore::RunLoop::performWork (this=0x16da100) at WebKit/Source/WebCore/platform/RunLoop.cpp:102
#24 0x00007f1004893dd7 in WebCore::RunLoop::wakeUpEvent (data=0x16da100) at WebKit/Source/WebCore/platform/efl/RunLoopEfl.cpp:100
#25 0x00007f1009364061 in _ecore_pipe_read (data=0x168b750, fd_handler=<optimized out>) at ecore_pipe.c:625
#26 0x00007f1009363131 in _ecore_call_fd_cb (data=<optimized out>, func=<optimized out>, fd_handler=0x168be50) at ecore_private.h:343
#27 _ecore_main_fd_handlers_call () at ecore_main.c:1562
#28 _ecore_main_loop_iterate_internal (once_only=0) at ecore_main.c:1809
#29 0x00007f1009363677 in ecore_main_loop_begin () at ecore_main.c:931
#30 0x0000000000401db3 in main (argc=1, argv=0x7fff602b8a88) at WebKit/Tools/MiniBrowser/efl/main.c:201
Comment 1 Chris Dumez 2012-07-12 03:22:42 PDT 
I cannot reproduce in release. I'll try a debug build.
Comment 2 Chris Dumez 2012-07-12 04:10:24 PDT 
This happens in debug mode only because CHECK_HASHTABLE_ITERATORS flag is turned on. For some reason, the m_mutex property of the WTF::HashTable is null, which seems impossible since it is properly initialized in the HashTable constructor.

This happens when requesting the begin() iterator of an empty HashTable.
Comment 3 Chris Dumez 2012-07-12 05:00:50 PDT 
Created attachment 151912 [details]
Patch

Turns out this was caused by calloc() overwriting with zeros structure members that are not pointers (e.g. HashMap members). This patch removes usage of calloc() and uses the new operator instead since it is too bug prone when extending structures.
Comment 4 Sudarsana Nagineni (babu) 2012-07-12 05:26:04 PDT 
LGTM. Thanks for fixing the crash.
Comment 5 Thiago Marcos P. Santos 2012-07-12 05:48:01 PDT 
LGTM.

The difference between calloc and new is basically that [c|m]alloc doesn't call the constructor.
Comment 6 Chris Dumez 2012-07-12 05:54:07 PDT 
Created attachment 151927 [details]
Patch

Use constructors instead of post initialization, as advised by Haraken.
Comment 7 Kentaro Hara 2012-07-12 05:56:14 PDT 
Comment on attachment 151927 [details]
Patch

LGTM
Comment 8 WebKit Review Bot 2012-07-12 06:39:37 PDT 
Comment on attachment 151927 [details]
Patch

Clearing flags on attachment: 151927

Committed r122452: <http://trac.webkit.org/changeset/122452>
Comment 9 WebKit Review Bot 2012-07-12 06:39:43 PDT 
All reviewed patches have been landed.  Closing bug.