WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
119141
REGRESSION(FTL?): Crashes in plugin tests
https://bugs.webkit.org/show_bug.cgi?id=119141
Summary
REGRESSION(FTL?): Crashes in plugin tests
Zan Dobersek
Reported
2013-07-26 04:35:47 PDT
There are assertions appearing in plugin tests on at least the GTK and Qt builders. These started to appear during/after the FTL merging. The assertions occur in ScriptCallStack::at, due to the ScriptCallFrame vector being empty.
http://trac.webkit.org/browser/trunk/Source/WebCore/inspector/ScriptCallStack.cpp#L55
Crash log for DumpRenderTree (pid 15884): [New LWP 15884] [New LWP 15906] [New LWP 15908] [New LWP 15907] [New LWP 15910] [New LWP 15909] [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". Core was generated by `/home/slave/webkitgtk/gtk-linux-64-debug-wk1/build/WebKitBuild/Debug/Programs/D'. Program terminated with signal 11, Segmentation fault. #0 0x00007ff5156a8349 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:339 339 *(int *)(uintptr_t)0xbbadbeef = 0; ... Thread 1 (Thread 0x7ff504fef900 (LWP 15884)): #0 0x00007ff5156a8349 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:339 #1 0x00007ff5115efcc2 in WebCore::ScriptCallStack::at (this=0x25e2980, index=0) at ../../Source/WebCore/inspector/ScriptCallStack.cpp:55 #2 0x00007ff5116fbf83 in WebCore::internalAddMessage (page=0x1edbf00, type=WebCore::LogMessageType, level=WebCore::LogMessageLevel, state=0x7ff4c1a0f060, prpArguments=..., acceptNoArguments=false, printTrace=false) at ../../Source/WebCore/page/Console.cpp:80 #3 0x00007ff5116fc510 in WebCore::Console::log (this=0x1ea2810, state=0x7ff4c1a0f060, arguments=...) at ../../Source/WebCore/page/Console.cpp:131 #4 0x00007ff511b4742a in WebCore::jsConsolePrototypeFunctionLog (exec=0x7ff4c1a0f060) at DerivedSources/WebCore/JSConsole.cpp:208 #5 0x00007ff5154d50b9 in JSC::Interpreter::executeCall (this=0x2560a60, callFrame=0x7ff4c116f8e0, function=0x7ff4c10cedf0, callType=JSC::CallTypeHost, callData=..., thisValue=..., args=...) at ../../Source/JavaScriptCore/interpreter/Interpreter.cpp:934 #6 0x00007ff5155af633 in JSC::call (exec=0x7ff4c116f8e0, functionObject=..., callType=JSC::CallTypeHost, callData=..., thisValue=..., args=...) at ../../Source/JavaScriptCore/runtime/CallData.cpp:39 #7 0x00007ff510ff34e2 in _NPN_Invoke (npp=0x25ddd48, o=0x25e1570, methodName=0x25e0650, args=0x7fff10341f10, argCount=1, result=0x7fff10341ef0) at ../../Source/WebCore/bridge/NP_jsobject.cpp:237 #8 0x00007ff4c3678542 in pluginLogWithWindowObject (windowObject=0x25e1240, instance=0x25ddd48, message=0x7fff10341f90 "PLUGIN: NPP_SetWindow: 800 200") at ../../Tools/DumpRenderTree/TestNetscapePlugIn/PluginObject.cpp:53 #9 0x00007ff4c36786f7 in pluginLogWithArguments (instance=0x25ddd48, format=0x7ff4c3680392 "NPP_SetWindow: %d %d", args=0x7fff103427d8) at ../../Tools/DumpRenderTree/TestNetscapePlugIn/PluginObject.cpp:78 #10 0x00007ff4c36787b9 in pluginLog (instance=0x25ddd48, format=0x7ff4c3680392 "NPP_SetWindow: %d %d") at ../../Tools/DumpRenderTree/TestNetscapePlugIn/PluginObject.cpp:87 #11 0x00007ff4c367d3fd in NPP_SetWindow (instance=0x25ddd48, window=0x25ddd58) at ../../Tools/DumpRenderTree/TestNetscapePlugIn/main.cpp:352 #12 0x00007ff512134f90 in WebCore::PluginView::setNPWindowIfNeeded (this=0x25ddb10) at ../../Source/WebCore/plugins/gtk/PluginViewGtk.cpp:520 #13 0x00007ff512133743 in WebCore::PluginView::updatePluginWidget (this=0x25ddb10) at ../../Source/WebCore/plugins/gtk/PluginViewGtk.cpp:152 #14 0x00007ff5121362bb in WebCore::PluginView::platformStart (this=0x25ddb10) at ../../Source/WebCore/plugins/gtk/PluginViewGtk.cpp:876 #15 0x00007ff5117bd979 in WebCore::PluginView::start (this=0x25ddb10) at ../../Source/WebCore/plugins/PluginView.cpp:274 #16 0x00007ff5117bd59b in WebCore::PluginView::startOrAddToUnstartedList (this=0x25ddb10) at ../../Source/WebCore/plugins/PluginView.cpp:231 #17 0x00007ff5117bd4a9 in WebCore::PluginView::init (this=0x25ddb10) at ../../Source/WebCore/plugins/PluginView.cpp:209 #18 0x00007ff512134c40 in WebCore::PluginView::setParent (this=0x25ddb10, parent=0x1ef6b40) at ../../Source/WebCore/plugins/gtk/PluginViewGtk.cpp:468 #19 0x00007ff511f1a95f in WebCore::ScrollView::addChild (this=0x1ef6b40, prpChild=...) at ../../Source/WebCore/platform/ScrollView.cpp:72 #20 0x00007ff5119c90bf in WebCore::moveWidgetToParentSoon (child=0x25ddb10, parent=0x1ef6b40) at ../../Source/WebCore/rendering/RenderWidget.cpp:81 #21 0x00007ff5119c9a76 in WebCore::RenderWidget::setWidget (this=0x25d22d8, widget=...) at ../../Source/WebCore/rendering/RenderWidget.cpp:213 #22 0x00007ff511966cc8 in WebCore::RenderPart::setWidget (this=0x25d22d8, widget=...) at ../../Source/WebCore/rendering/RenderPart.cpp:57 #23 0x00007ff5116c2fbd in WebCore::SubframeLoader::loadPlugin (this=0x1ee61d8, pluginElement=0x25ae110, url=..., mimeType=..., paramNames=..., paramValues=..., useFallback=false) at ../../Source/WebCore/loader/SubframeLoader.cpp:465 #24 0x00007ff5116c184b in WebCore::SubframeLoader::requestPlugin (this=0x1ee61d8, ownerElement=0x25ae110, url=..., mimeType=..., paramNames=..., paramValues=..., useFallback=false) at ../../Source/WebCore/loader/SubframeLoader.cpp:160 #25 0x00007ff5116c1ed4 in WebCore::SubframeLoader::requestObject (this=0x1ee61d8, ownerElement=0x25ae110, url=..., frameName=..., mimeType=..., paramNames=..., paramValues=...) at ../../Source/WebCore/loader/SubframeLoader.cpp:235 #26 0x00007ff5113f6434 in WebCore::HTMLEmbedElement::updateWidget (this=0x25ae110, pluginCreationOption=WebCore::CreateAnyWidgetType) at ../../Source/WebCore/html/HTMLEmbedElement.cpp:170 #27 0x00007ff511758e3a in WebCore::FrameView::updateWidget (this=0x1ef6b40, object=0x25d22d8) at ../../Source/WebCore/page/FrameView.cpp:2685 #28 0x00007ff511759087 in WebCore::FrameView::updateWidgets (this=0x1ef6b40) at ../../Source/WebCore/page/FrameView.cpp:2725 #29 0x00007ff511759452 in WebCore::FrameView::performPostLayoutTasks (this=0x1ef6b40) at ../../Source/WebCore/page/FrameView.cpp:2800 #30 0x00007ff51175429f in WebCore::FrameView::layout (this=0x1ef6b40, allowSubtree=true) at ../../Source/WebCore/page/FrameView.cpp:1380 #31 0x00007ff5111b8956 in WebCore::Document::implicitClose (this=0x2570340) at ../../Source/WebCore/dom/Document.cpp:2454 #32 0x00007ff511675eb9 in WebCore::FrameLoader::checkCallImplicitClose (this=0x1ee61b0) at ../../Source/WebCore/loader/FrameLoader.cpp:844 #33 0x00007ff511675c24 in WebCore::FrameLoader::checkCompleted (this=0x1ee61b0) at ../../Source/WebCore/loader/FrameLoader.cpp:787 #34 0x00007ff511675962 in WebCore::FrameLoader::finishedParsing (this=0x1ee61b0) at ../../Source/WebCore/loader/FrameLoader.cpp:720 #35 0x00007ff5111bfc2d in WebCore::Document::finishedParsing (this=0x2570340) at ../../Source/WebCore/dom/Document.cpp:4417 #36 0x00007ff511475e35 in WebCore::HTMLConstructionSite::finishedParsing (this=0x254a518) at ../../Source/WebCore/html/parser/HTMLConstructionSite.cpp:348 #37 0x00007ff5114a9f67 in WebCore::HTMLTreeBuilder::finished (this=0x254a500) at ../../Source/WebCore/html/parser/HTMLTreeBuilder.cpp:2926 #38 0x00007ff51147cebe in WebCore::HTMLDocumentParser::end (this=0x25487a0) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:756 #39 0x00007ff51147cfab in WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd (this=0x25487a0) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:767 #40 0x00007ff51147bbe2 in WebCore::HTMLDocumentParser::prepareToStopParsing (this=0x25487a0) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:211 #41 0x00007ff51147cfee in WebCore::HTMLDocumentParser::attemptToEnd (this=0x25487a0) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:779 #42 0x00007ff51147d0a5 in WebCore::HTMLDocumentParser::finish (this=0x25487a0) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:828 #43 0x00007ff51166e321 in WebCore::DocumentWriter::end (this=0x254ac50) at ../../Source/WebCore/loader/DocumentWriter.cpp:248 #44 0x00007ff51165ed18 in WebCore::DocumentLoader::finishedLoading (this=0x254abb0, finishTime=0) at ../../Source/WebCore/loader/DocumentLoader.cpp:402 #45 0x00007ff51165ea86 in WebCore::DocumentLoader::notifyFinished (this=0x254abb0, resource=0x2564ae0) at ../../Source/WebCore/loader/DocumentLoader.cpp:344 #46 0x00007ff511642c7a in WebCore::CachedResource::checkNotify (this=0x2564ae0) at ../../Source/WebCore/loader/cache/CachedResource.cpp:369 #47 0x00007ff511642d50 in WebCore::CachedResource::finishLoading (this=0x2564ae0) at ../../Source/WebCore/loader/cache/CachedResource.cpp:385 #48 0x00007ff51163f85c in WebCore::CachedRawResource::finishLoading (this=0x2564ae0, data=0x256b020) at ../../Source/WebCore/loader/cache/CachedRawResource.cpp:94 #49 0x00007ff5116c44b4 in WebCore::SubresourceLoader::didFinishLoading (this=0x2565050, finishTime=0) at ../../Source/WebCore/loader/SubresourceLoader.cpp:282 #50 0x00007ff5116bab47 in WebCore::ResourceLoader::didFinishLoading (this=0x2565050, finishTime=0) at ../../Source/WebCore/loader/ResourceLoader.cpp:488 #51 0x00007ff511f0fe52 in WebCore::readCallback (asyncResult=0x256a9f0, data=0x254c6e0) at ../../Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp:1331 #52 0x00007ff50fcd0eb8 in async_ready_callback_wrapper () from /home/slave/webkitgtk/gtk-linux-64-debug-wk1/build/WebKitBuild/Dependencies/Root/lib64/libgio-2.0.so.0 #53 0x00007ff50fcfd22e in g_task_return_now () from /home/slave/webkitgtk/gtk-linux-64-debug-wk1/build/WebKitBuild/Dependencies/Root/lib64/libgio-2.0.so.0 #54 0x00007ff50fcfd258 in complete_in_idle_cb () from /home/slave/webkitgtk/gtk-linux-64-debug-wk1/build/WebKitBuild/Dependencies/Root/lib64/libgio-2.0.so.0 #55 0x00007ff50fb1f70c in g_idle_dispatch () from /home/slave/webkitgtk/gtk-linux-64-debug-wk1/build/WebKitBuild/Dependencies/Root/lib64/libglib-2.0.so.0 #56 0x00007ff50fb1cfb1 in g_main_dispatch () from /home/slave/webkitgtk/gtk-linux-64-debug-wk1/build/WebKitBuild/Dependencies/Root/lib64/libglib-2.0.so.0 #57 0x00007ff50fb1dd08 in g_main_context_dispatch () from /home/slave/webkitgtk/gtk-linux-64-debug-wk1/build/WebKitBuild/Dependencies/Root/lib64/libglib-2.0.so.0 #58 0x00007ff50fb1defa in g_main_context_iterate () from /home/slave/webkitgtk/gtk-linux-64-debug-wk1/build/WebKitBuild/Dependencies/Root/lib64/libglib-2.0.so.0 #59 0x00007ff50fb1e323 in g_main_loop_run () from /home/slave/webkitgtk/gtk-linux-64-debug-wk1/build/WebKitBuild/Dependencies/Root/lib64/libglib-2.0.so.0 #60 0x00007ff510447fcf in gtk_main () from /home/slave/webkitgtk/gtk-linux-64-debug-wk1/build/WebKitBuild/Dependencies/Root/lib64/libgtk-3.so.0 #61 0x00000000004a1e4f in runTest (inputLine=...) at ../../Tools/DumpRenderTree/gtk/DumpRenderTree.cpp:769 #62 0x00000000004a151e in runTestingServerLoop () at ../../Tools/DumpRenderTree/gtk/DumpRenderTree.cpp:552 #63 0x00000000004a4855 in main (argc=2, argv=0x7fff10344558) at ../../Tools/DumpRenderTree/gtk/DumpRenderTree.cpp:1519
Attachments
Patch
(16.01 KB, patch)
2013-07-26 14:00 PDT
,
Oliver Hunt
msaboff
: review+
Details
Formatted Diff
Diff
View All
Add attachment
proposed patch, testcase, etc.
Csaba Osztrogonác
Comment 1
2013-07-26 04:44:47 PDT
https://trac.webkit.org/changeset/153218
touched the ScriptCallStack code, so maybe
r153218
caused this regression.
Csaba Osztrogonác
Comment 2
2013-07-26 05:19:11 PDT
Maybe it would be same crashes on Mac and EFL too ... but plugins tests are skipped on these platforms: - Mac:
https://bugs.webkit.org/show_bug.cgi?id=113915
Oh, I see that only EFL-WK1 skip plugin tests, they crashes on EFL-WK2 too:
http://build.webkit.org/results/EFL%20Linux%2064-bit%20Release%20WK2/r153370%20%289733%29/results.html
Geoffrey Garen
Comment 3
2013-07-26 12:17:42 PDT
Until we figure out
Bug 113915
, I think the right fix is to disable those tests.
Geoffrey Garen
Comment 4
2013-07-26 12:22:01 PDT
Actually, Oliver pointed out that this crash is distinct from the crashes caused by linking LLVM. We just didn't see it before because the plug-in tests were disabled.
Geoffrey Garen
Comment 5
2013-07-26 12:22:16 PDT
<
rdar://problem/14562843
>
Zan Dobersek
Comment 6
2013-07-26 12:32:33 PDT
Was actually just debugging this. In WebCore::createScriptCallStack(JSC::ExecState*s, size_t), the call frame stack consists only of the console.log frame (i.e. 'log@[native code]'). However, this frame is stepped over in the for loop initialization[1], causing the returned call frame vector to be empty. [1]
http://trac.webkit.org/browser/trunk/Source/WebCore/bindings/js/ScriptCallStackFactory.cpp#L83
Oliver Hunt
Comment 7
2013-07-26 13:05:21 PDT
Working through this one right now
Oliver Hunt
Comment 8
2013-07-26 14:00:27 PDT
Created
attachment 207552
[details]
Patch
Oliver Hunt
Comment 9
2013-07-26 14:20:09 PDT
Committed
r153383
: <
http://trac.webkit.org/changeset/153383
>
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug