RESOLVED DUPLICATE of bug 110546 112216
Assertion in HTMLDocumentParser::pumpTokenizer 
https://bugs.webkit.org/show_bug.cgi?id=112216
Summary Assertion in HTMLDocumentParser::pumpTokenizer
Simon Fraser (smfr)
Reported 2013-03-12 18:09:41 PDT
Seeing this assertion on debug bots: CRASHING TEST: fast/parser/document-write-fighting-eof.html Exception Codes: KERN_INVALID_ADDRESS at 0x00000000bbadbeef Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.WebCore 0x00000001091beb4a WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode) + 1898 (HTMLDocumentParser.cpp:557) 1 com.apple.WebCore 0x00000001091be1a0 WebCore::HTMLDocumentParser::pumpTokenizerIfPossible(WebCore::HTMLDocumentParser::SynchronousMode) + 192 (HTMLDocumentParser.cpp:235) 2 com.apple.WebCore 0x00000001091bf70c WebCore::HTMLDocumentParser::append(WTF::PassRefPtr<WTF::StringImpl>) + 572 (HTMLDocumentParser.cpp:733) 3 com.apple.WebCore 0x0000000108ccbe79 WebCore::DecodedDataDocumentParser::flush(WebCore::DocumentWriter*) + 137 (DecodedDataDocumentParser.cpp:60) 4 com.apple.WebCore 0x0000000108d9e50c WebCore::DocumentWriter::end() + 300 (DocumentWriter.cpp:246) 5 com.apple.WebCore 0x0000000108d64469 WebCore::DocumentLoader::finishedLoading() + 169 (DocumentLoader.cpp:315) 6 com.apple.WebCore 0x0000000109ab5be5 WebCore::MainResourceLoader::didFinishLoading(double) + 565 (MainResourceLoader.cpp:571) 7 com.apple.WebCore 0x0000000109ab6c0c WebCore::MainResourceLoader::notifyFinished(WebCore::CachedResource*) + 316 (MainResourceLoader.cpp:585) 8 com.apple.WebCore 0x0000000108a16b8d WebCore::CachedResource::checkNotify() + 109 (CachedResource.cpp:379) 9 com.apple.WebCore 0x0000000108a16bf5 WebCore::CachedResource::data(WTF::PassRefPtr<WebCore::ResourceBuffer>, bool) + 69 (CachedResource.cpp:389) 10 com.apple.WebCore 0x0000000108a108f1 WebCore::CachedRawResource::data(WTF::PassRefPtr<WebCore::ResourceBuffer>, bool) + 673 (CachedRawResource.cpp:72) 11 com.apple.WebCore 0x000000010a1bf3db WebCore::SubresourceLoader::didFinishLoading(double) + 539 (SubresourceLoader.cpp:279) 12 com.apple.WebCore 0x0000000109f68b35 WebCore::ResourceLoader::didFinishLoading(WebCore::ResourceHandle*, double) + 53 (ResourceLoader.cpp:475) 13 com.apple.WebCore 0x0000000109f655ca -[WebCoreResourceHandleAsDelegate connectionDidFinishLoading:] + 186 (ResourceHandleMac.mm:794) 14 com.apple.Foundation 0x00007fff94a5ff58 __65-[NSURLConnectionInternal _withConnectionAndDelegate:onlyActive:]_block_invoke_0 + 28
Attachments
Add attachment proposed patch, testcase, etc.
Eric Seidel (no email)
Comment 1 2013-03-12 19:20:25 PDT
I thought I updated the expectations. But clearly not correctly. This is a known bug in the main-thread parser. It's fixed in the threaded parser. The correct resolution is to skip the test (or mark it as Crash in Debug mode) for ports which use the main thread parser.
Alexey Proskuryakov
Comment 2 2013-03-12 22:52:52 PDT
It is strange to treat main thread parser as something deprecated to the degree of introducing new assertion failures on regression tests in it. Is the new parser at the stage when it's known whether it's going to achieve its performance goals? *** This bug has been marked as a duplicate of bug 110546 ***
Eric Seidel (no email)
Comment 3 2013-03-12 23:31:09 PDT
(In reply to comment #2) > It is strange to treat main thread parser as something deprecated to the degree of introducing new assertion failures on regression tests in it. > > Is the new parser at the stage when it's known whether it's going to achieve its performance goals? > > *** This bug has been marked as a duplicate of bug 110546 *** Oh, this isn't a new bug. And the main thread parser certainly isn't deprecated. :) It's just not the default path when you have threaded parsing enabled. We'll always need the main thread path for document.write, srcdoc, data: urls, etc. This is just a bug in the existing main thread parser which we discovered while writing the threaded parser. We happened to fix it in the threaded design, but haven't gone back to figure out why the main thread parser asserts in this strange case yet. :) This test uses <script onbeforeonload="document.write()"> which I believe is an extremely obscure edgecase. :) The threaded parser is faster than the main thread parser on machines with more than one core. There were some updates on bug 106127 regarding the perf results.
Alexey Proskuryakov
Comment 4 2013-03-13 08:38:17 PDT
Thank you Eric, makes good sense.
Note You need to log in before you can comment on or make changes to this bug.