114816 – REGRESSION(r148639): Interpreter entry points should throw the TerminatedExecutionException from the caller frame

Bug 114816 - REGRESSION(r148639): Interpreter entry points should throw the TerminatedExecutionException from the caller frame

Summary: REGRESSION(r148639): Interpreter entry points should throw the TerminatedExec...

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	JavaScriptCore (show other bugs)
Version:	528+ (Nightly build)
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Mark Lam

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2013-04-18 08:44 PDT by Jessie Berlin
Modified:	2013-04-18 15:45 PDT (History)
CC List:	6 users (show)

See Also:

Attachments
the fix 2. (4.68 KB, patch) 2013-04-18 13:24 PDT, Mark Lam	no flags	Details \| Formatted Diff \| Diff
new fix: Oliver convinced me to throw from the caller frame instead (6.79 KB, patch) 2013-04-18 14:47 PDT, Mark Lam	no flags	Details \| Formatted Diff \| Diff
patch 3: svn up'ed (6.60 KB, patch) 2013-04-18 15:02 PDT, Mark Lam	oliver: review+ buildbot: commit-queue-	Details \| Formatted Diff \| Diff
Archive of layout-test-results from webkit-ews-14 for mac-mountainlion-wk2 (897.14 KB, application/zip) 2013-04-18 15:36 PDT, Build Bot	no flags	Details
Show Obsolete (2) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jessie Berlin 2013-04-18 08:44:12 PDT

http://build.webkit.org/results/Apple%20Lion%20Debug%20WK2%20(Tests)/r148641%20(8944)/fast/workers/worker-terminate-crash-log.txt
http://build.webkit.org/results/Apple%20MountainLion%20Debug%20WK2%20(Tests)/r148641%20(8962)/fast/workers/use-machine-stack-crash-log.txt

It appears to be multiple different worker tests in different runs, so it is not clear that we can just skip anything to get the bots green.

According to the bots, this appears to have started happening with http://trac.webkit.org/changeset/148639

    ASSERT(bytecodeOffset < instructions().size());

Thread 13 Crashed:: WebCore: Worker
0   com.apple.JavaScriptCore      	0x000000010fd92e5b JSC::UnlinkedCodeBlock::lineNumberForBytecodeOffset(unsigned int) + 107 (UnlinkedCodeBlock.cpp:238)
1   com.apple.JavaScriptCore      	0x000000010fb7a432 JSC::StackFrame::line() + 82 (Interpreter.cpp:684)
2   com.apple.JavaScriptCore      	0x000000010fb7a62f JSC::StackFrame::toString(JSC::ExecState*) + 191 (Interpreter.cpp:716)
3   com.apple.JavaScriptCore      	0x000000010fb7aece JSC::Interpreter::addStackTraceIfNecessary(JSC::ExecState*, JSC::JSValue) + 558 (Interpreter.cpp:778)
4   com.apple.JavaScriptCore      	0x000000010fb47305 JSC::throwError(JSC::ExecState*, JSC::JSObject*) + 53 (Error.cpp:166)
5   com.apple.JavaScriptCore      	0x000000010fb49484 JSC::throwTerminatedExecutionException(JSC::ExecState*) + 68 (ExceptionHelpers.cpp:147)
6   com.apple.JavaScriptCore      	0x000000010fb7d859 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 1689 (Interpreter.cpp:1119)
7   com.apple.JavaScriptCore      	0x000000010f98c052 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 306 (CallData.cpp:40)
8   com.apple.WebCore             	0x000000011173b8fb WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext*, WebCore::Event*) + 1339 (JSEventListener.cpp:130)
9   com.apple.WebCore             	0x0000000111076c02 WebCore::EventTarget::fireEventListeners(WebCore::Event*, WebCore::EventTargetData*, WTF::Vector<WebCore::RegisteredEventListener, 1ul, WTF::CrashOnOverflow>&) + 498 (EventTarget.cpp:259)
10  com.apple.WebCore             	0x000000011107681c WebCore::EventTarget::fireEventListeners(WebCore::Event*) + 380 (EventTarget.cpp:204)
11  com.apple.WebCore             	0x0000000111076667 WebCore::EventTarget::dispatchEvent(WTF::PassRefPtr<WebCore::Event>) + 135 (EventTarget.cpp:156)
12  com.apple.WebCore             	0x00000001125ba6a2 WebCore::MessageWorkerContextTask::performTask(WebCore::ScriptExecutionContext*) + 386 (WorkerMessagingProxy.cpp:74)
13  com.apple.WebCore             	0x00000001125bbac3 WebCore::WorkerRunLoop::Task::performTask(WebCore::WorkerRunLoop const&, WebCore::ScriptExecutionContext*) + 147 (WorkerRunLoop.cpp:224)
14  com.apple.WebCore             	0x00000001125bb733 WebCore::WorkerRunLoop::runInMode(WebCore::WorkerContext*, WebCore::ModePredicate const&, WebCore::WorkerRunLoop::WaitMode) + 579 (WorkerRunLoop.cpp:168)
15  com.apple.WebCore             	0x00000001125bb4b9 WebCore::WorkerRunLoop::run(WebCore::WorkerContext*) + 89 (WorkerRunLoop.cpp:135)
16  com.apple.WebCore             	0x00000001125c3e25 WebCore::WorkerThread::runEventLoop() + 53 (WorkerThread.cpp:189)
17  com.apple.WebCore             	0x0000000110e5b459 WebCore::DedicatedWorkerThread::runEventLoop() + 89 (DedicatedWorkerThread.cpp:67)
18  com.apple.WebCore             	0x00000001125c3d32 WebCore::WorkerThread::workerThread() + 818 (WorkerThread.cpp:170)
19  com.apple.WebCore             	0x00000001125c39f5 WebCore::WorkerThread::workerThreadStart(void*) + 21 (WorkerThread.cpp:143)
20  com.apple.JavaScriptCore      	0x000000010fe2f700 _ZN3WTFL16threadEntryPointEPv + 144 (Threading.cpp:70)
21  com.apple.JavaScriptCore      	0x000000010fe300f8 _ZN3WTFL19wtfThreadEntryPointEPv + 104 (ThreadingPthreads.cpp:196)
22  libsystem_c.dylib             	0x00007fff8add58bf _pthread_start + 335
23  libsystem_c.dylib             	0x00007fff8add8b75 thread_start + 13

Comment 1 Radar WebKit Bug Importer 2013-04-18 08:44:53 PDT

<rdar://problem/13684234>

Comment 2 Mark Lam 2013-04-18 13:24:45 PDT

Created attachment 198756 [details]
the fix 2.

This fixes the assertion failure crash.  I’m still seeing some "FAIL: Timed out waiting for notifyDone to be called” that seems to be failing consistently in fast/workers/dedicated-worker-lifecycle.html and causing stderr output in:

fast/workers/worker-document-leak.html
fast/workers/worker-lifecycle.html
fast/workers/worker-close-more.html

That is a separate issue which I’ll investigate in a separate bug.

Comment 3 Mark Lam 2013-04-18 14:47:04 PDT

Created attachment 198765 [details]
new fix: Oliver convinced me to throw from the caller frame instead

Comment 4 Mark Lam 2013-04-18 15:02:13 PDT

Created attachment 198768 [details]
patch 3: svn up'ed

Comment 5 Build Bot 2013-04-18 15:36:47 PDT

Comment on attachment 198768 [details]
patch 3: svn up'ed

Attachment 198768 [details] did not pass mac-wk2-ews (mac-wk2):
Output: http://webkit-queues.appspot.com/results/158041

New failing tests:
fast/repaint/japanese-rl-selection-repaint-in-regions.html

Comment 6 Build Bot 2013-04-18 15:36:49 PDT

Created attachment 198775 [details]
Archive of layout-test-results from webkit-ews-14 for mac-mountainlion-wk2

The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews.
Bot: webkit-ews-14  Port: mac-mountainlion-wk2  Platform: Mac OS X 10.8.2

Comment 7 Oliver Hunt 2013-04-18 15:37:08 PDT

Comment on attachment 198768 [details]
patch 3: svn up'ed

nice!

Comment 8 Mark Lam 2013-04-18 15:39:27 PDT

(In reply to comment #6)
> Created an attachment (id=198775) [details]
> Archive of layout-test-results from webkit-ews-14 for mac-mountainlion-wk2
> 
> The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews.
> Bot: webkit-ews-14  Port: mac-mountainlion-wk2  Platform: Mac OS X 10.8.2

This is totally unrelated.  Will ignore.

Comment 9 Mark Lam 2013-04-18 15:45:01 PDT

Thanks for the review.  Landed in r148709: <http://trac.webkit.org/changeset/148709>.