121944 – [EFL] ASSERTION FAILED: !callFrame->hadException() in JSC::Interpreter::executeCall

RESOLVED WONTFIX 121944

[EFL] ASSERTION FAILED: !callFrame->hadException() in JSC::Interpreter::executeCall

https://bugs.webkit.org/show_bug.cgi?id=121944

Summary [EFL] ASSERTION FAILED: !callFrame->hadException() in JSC::Interpreter::execu...

Renata Hodovan

Reported 2013-09-26 01:49:09 PDT

The failing test case: <html> <body onload="parent.runTest()"> <script> var observer = new MutationObserver(function(mutations, observer) { window.mutations = mutations; }); observer.observe(document.body, {childList: true, subtree:true}); </script> </body> </html> The backtrace: Program received signal SIGSEGV, Segmentation fault. 0x00007ffff560a08a in WTFCrash () at /home/reni/Data/REPOS/webkit_sec/Source/WTF/wtf/Assertions.cpp:342 342 *(int *)(uintptr_t)0xbbadbeef = 0; (gdb) bt #0 0x00007ffff560a08a in WTFCrash () at /home/reni/Data/REPOS/webkit_sec/Source/WTF/wtf/Assertions.cpp:342 #1 0x00007ffff5425e45 in JSC::Interpreter::executeCall (this=0x7fb3a0, callFrame=0x7fff9c14f9b0, function=0x7fff9c0ae4b0, callType=JSC::CallTypeJS, callData=..., thisValue=..., args=...) at /home/reni/Data/REPOS/webkit_sec/Source/JavaScriptCore/interpreter/Interpreter.cpp:909 #2 0x00007ffff54fbfaa in JSC::call (exec=0x7fff9c14f9b0, functionObject=..., callType=JSC::CallTypeJS, callData=..., thisValue=..., args=...) at /home/reni/Data/REPOS/webkit_sec/Source/JavaScriptCore/runtime/CallData.cpp:39 #3 0x00007ffff3e3b61e in WebCore::JSMainThreadExecState::call (exec=0x7fff9c14f9b0, functionObject=..., callType=JSC::CallTypeJS, callData=..., thisValue=..., args=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/bindings/js/JSMainThreadExecState.h:53 #4 0x00007ffff3e7eb25 in WebCore::JSMutationCallback::call (this=0x8cce30, mutations=..., observer=0x8de280) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/bindings/js/JSMutationCallback.cpp:90 #5 0x00007ffff4139bec in WebCore::MutationObserver::deliver (this=0x8de280) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/MutationObserver.cpp:207 #6 0x00007ffff4139e1e in WebCore::MutationObserver::deliverAllMutations () at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/MutationObserver.cpp:237 #7 0x00007ffff3e7bce7 in WebCore::JSMainThreadExecState::didLeaveScriptContext () at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/bindings/js/JSMainThreadExecState.cpp:46 #8 0x00007ffff3e3b71c in WebCore::JSMainThreadExecState::~JSMainThreadExecState (this=0x7fffffffc450, __in_chrg=<optimized out>) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/bindings/js/JSMainThreadExecState.h:81 #9 0x00007ffff3e3b62d in WebCore::JSMainThreadExecState::call (exec=0x7fff9c14f9b0, functionObject=..., callType=JSC::CallTypeJS, callData=..., thisValue=..., args=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/bindings/js/JSMainThreadExecState.h:53 #10 0x00007ffff3e6a88d in WebCore::JSEventListener::handleEvent (this=0x8c31f0, scriptExecutionContext=0x8b9070, event=0x8f84d0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/bindings/js/JSEventListener.cpp:133 #11 0x00007ffff41270ac in WebCore::EventTarget::fireEventListeners (this=0x7dff10, event=0x8f84d0, d=0x7e0000, entry=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/EventTarget.cpp:277 #12 0x00007ffff4126dc9 in WebCore::EventTarget::fireEventListeners (this=0x7dff10, event=0x8f84d0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/EventTarget.cpp:233 #13 0x00007ffff45441e6 in WebCore::DOMWindow::dispatchEvent (this=0x7dff10, prpEvent=..., prpTarget=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/page/DOMWindow.cpp:1717 #14 0x00007ffff4543f88 in WebCore::DOMWindow::dispatchLoadEvent (this=0x7dff10) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/page/DOMWindow.cpp:1691 #15 0x00007ffff40b897f in WebCore::Document::dispatchWindowLoadEvent (this=0x8b8fc0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/Document.cpp:3649 #16 0x00007ffff40b3ffb in WebCore::Document::implicitClose (this=0x8b8fc0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/Document.cpp:2442 #17 0x00007ffff44ba161 in WebCore::FrameLoader::checkCallImplicitClose (this=0x7c0810) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/FrameLoader.cpp:850 #18 0x00007ffff44b9ed2 in WebCore::FrameLoader::checkCompleted (this=0x7c0810) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/FrameLoader.cpp:793 #19 0x00007ffff44b9c07 in WebCore::FrameLoader::finishedParsing (this=0x7c0810) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/FrameLoader.cpp:726 #20 0x00007ffff40bb203 in WebCore::Document::finishedParsing (this=0x8b8fc0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/Document.cpp:4441 #21 0x00007ffff4314817 in WebCore::HTMLConstructionSite::finishedParsing (this=0x80aa88) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLConstructionSite.cpp:352 #22 0x00007ffff4349ead in WebCore::HTMLTreeBuilder::finished (this=0x80aa70) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLTreeBuilder.cpp:2908 #23 0x00007ffff431c0aa in WebCore::HTMLDocumentParser::end (this=0x7f7b10) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:758 #24 0x00007ffff431c195 in WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd (this=0x7f7b10) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:769 #25 0x00007ffff431ad82 in WebCore::HTMLDocumentParser::prepareToStopParsing (this=0x7f7b10) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:212 #26 0x00007ffff431c1da in WebCore::HTMLDocumentParser::attemptToEnd (this=0x7f7b10) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:781 #27 0x00007ffff431c293 in WebCore::HTMLDocumentParser::finish (this=0x7f7b10) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:830 #28 0x00007ffff44b18fb in WebCore::DocumentWriter::end (this=0x786190) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/DocumentWriter.cpp:245 #29 0x00007ffff44a3d2d in WebCore::DocumentLoader::finishedLoading (this=0x7860f0, finishTime=0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/DocumentLoader.cpp:408 #30 0x00007ffff44a3a96 in WebCore::DocumentLoader::notifyFinished (this=0x7860f0, resource=0x7ec680) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/DocumentLoader.cpp:345 #31 0x00007ffff448af8a in WebCore::CachedResource::checkNotify (this=0x7ec680) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/cache/CachedResource.cpp:369 ---Type <return> to continue, or q <return> to quit--- #32 0x00007ffff448b060 in WebCore::CachedResource::finishLoading (this=0x7ec680) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/cache/CachedResource.cpp:385 #33 0x00007ffff44876d4 in WebCore::CachedRawResource::finishLoading (this=0x7ec680, data=0x7d8460) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/cache/CachedRawResource.cpp:94 #34 0x00007ffff44eedcf in WebCore::SubresourceLoader::didFinishLoading (this=0x7ed0d0, finishTime=0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/SubresourceLoader.cpp:283 #35 0x00007ffff44e56d7 in WebCore::ResourceLoader::didFinishLoading (this=0x7ed0d0, finishTime=0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/ResourceLoader.cpp:489 #36 0x00007ffff49a6e1b in WebCore::QNetworkReplyHandler::finish (this=0x7ccba0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:516 #37 0x00007ffff49a5b3a in WebCore::QNetworkReplyHandlerCallQueue::flush (this=0x7ccbd8) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:250 #38 0x00007ffff49a5837 in WebCore::QNetworkReplyHandlerCallQueue::push (this=0x7ccbd8, method=(void (WebCore::QNetworkReplyHandler::*)(WebCore::QNetworkReplyHandler * const)) 0x7ffff49a6c60 <WebCore::QNetworkReplyHandler::finish()>) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:216 #39 0x00007ffff49a6784 in WebCore::QNetworkReplyWrapper::didReceiveFinished (this=0x7d8810) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:409 #40 0x00007ffff49a9116 in WebCore::QNetworkReplyWrapper::qt_static_metacall (_o=0x7d8810, _c=QMetaObject::InvokeMetaMethod, _id=1, _a=0x7fffffffce60) at .moc/release-shared/moc_QNetworkReplyHandler.cpp:175 #41 0x00007ffff208722b in QMetaObject::activate(QObject*, int, int, void**) () from /usr/local/Trolltech/Qt5/Qt-5.1.1/lib/libQt5Core.so.5 #42 0x00007ffff208847e in QObject::event(QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.1.1/lib/libQt5Core.so.5 #43 0x00007ffff2f3286c in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.1.1/lib/libQt5Widgets.so.5 #44 0x00007ffff2f34ad0 in QApplication::notify(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.1.1/lib/libQt5Widgets.so.5 #45 0x00007ffff2060f7e in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.1.1/lib/libQt5Core.so.5 #46 0x00007ffff2063b3e in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) () from /usr/local/Trolltech/Qt5/Qt-5.1.1/lib/libQt5Core.so.5 #47 0x00007ffff20aa603 in ?? () from /usr/local/Trolltech/Qt5/Qt-5.1.1/lib/libQt5Core.so.5 #48 0x00007fffeefa3446 in g_main_dispatch (context=0x6a0960) at /build/buildd/glib2.0-2.37.93/./glib/gmain.c:3065 #49 g_main_context_dispatch (context=context@entry=0x6a0960) at /build/buildd/glib2.0-2.37.93/./glib/gmain.c:3641 #50 0x00007fffeefa3798 in g_main_context_iterate (context=context@entry=0x6a0960, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at /build/buildd/glib2.0-2.37.93/./glib/gmain.c:3712 #51 0x00007fffeefa383c in g_main_context_iteration (context=0x6a0960, may_block=1) at /build/buildd/glib2.0-2.37.93/./glib/gmain.c:3773 #52 0x00007ffff20aa67c in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/local/Trolltech/Qt5/Qt-5.1.1/lib/libQt5Core.so.5 #53 0x00007ffff205ffab in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/local/Trolltech/Qt5/Qt-5.1.1/lib/libQt5Core.so.5 #54 0x00007ffff20667ce in QCoreApplication::exec() () from /usr/local/Trolltech/Qt5/Qt-5.1.1/lib/libQt5Core.so.5 #55 0x0000000000420da0 in launcherMain (app=...) at /home/reni/Data/REPOS/webkit_sec/Tools/QtTestBrowser/qttestbrowser.cpp:50 #56 0x0000000000422880 in main (argc=2, argv=0x7fffffffdb18) at /home/reni/Data/REPOS/webkit_sec/Tools/QtTestBrowser/qttestbrowser.cpp:319

Attachments
Test case (321 bytes, text/html) 2013-09-26 03:54 PDT, Renata Hodovan	no flags	Details
View All Add attachment proposed patch, testcase, etc.

Renata Hodovan

Comment 1 2013-09-26 03:54:56 PDT

Created attachment 212691 [details] Test case

Radar WebKit Bug Importer

Comment 2 2013-09-26 08:27:20 PDT

<rdar://problem/15087494>

Geoffrey Garen

Comment 3 2014-01-27 14:58:52 PST

Does not reproduce as of r162850.

Csaba Osztrogonác

Comment 4 2014-01-28 07:49:42 PST

Reopen, because the bug is still valid on WebKitEFL on r162930 in debug mode. I got the following crash log on the attached test case. $ WebKitBuild/Debug/bin/MiniBrowser 1.html HTML5 local storage is enabled for this view. ASSERTION FAILED: !callFrame->hadException() /home/ossy/WebKit/Source/JavaScriptCore/interpreter/Interpreter.cpp(918) : JSC::JSValue JSC::Interpreter::executeCall(JSC::CallFrame*, JSC::JSObject*, JSC::CallType, const JSC::CallData&, JSC::JSValue, const JSC::ArgList&) 1 0x7ff55d8aa709 WTFCrash 2 0x7ff55d63df5a JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) 3 0x7ff55d744361 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) 4 0x7ff559362a9e WebCore::JSMainThreadExecState::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) 5 0x7ff55939dd69 WebCore::JSMutationCallback::call(WTF::Vector<WTF::RefPtr<WebCore::MutationRecord>, 0ul, WTF::CrashOnOverflow> const&, WebCore::MutationObserver*) 6 0x7ff5586b4c44 WebCore::MutationObserver::deliver() 7 0x7ff5586b4eb6 WebCore::MutationObserver::deliverAllMutations() 8 0x7ff55939b6aa WebCore::JSMainThreadExecState::didLeaveScriptContext() 9 0x7ff559362b9c WebCore::JSMainThreadExecState::~JSMainThreadExecState() 10 0x7ff559362aad WebCore::JSMainThreadExecState::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) 11 0x7ff55938bed2 WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext*, WebCore::Event*) 12 0x7ff5586a1781 WebCore::EventTarget::fireEventListeners(WebCore::Event*, WebCore::EventTargetData*, WTF::Vector<WebCore::RegisteredEventListener, 1ul, WTF::CrashOnOverflow>&) 13 0x7ff5586a1401 WebCore::EventTarget::fireEventListeners(WebCore::Event*) 14 0x7ff558b8bc45 WebCore::DOMWindow::dispatchEvent(WTF::PassRefPtr<WebCore::Event>, WTF::PassRefPtr<WebCore::EventTarget>) 15 0x7ff558b8b910 WebCore::DOMWindow::dispatchLoadEvent() 16 0x7ff55863211b WebCore::Document::dispatchWindowLoadEvent() 17 0x7ff55862d305 WebCore::Document::implicitClose() 18 0x7ff558aa8889 WebCore::FrameLoader::checkCallImplicitClose() 19 0x7ff558aa862a WebCore::FrameLoader::checkCompleted() 20 0x7ff558aa838f WebCore::FrameLoader::finishedParsing() 21 0x7ff558634a29 WebCore::Document::finishedParsing() 22 0x7ff55892b71d WebCore::HTMLConstructionSite::finishedParsing() 23 0x7ff558964c5e WebCore::HTMLTreeBuilder::finished() 24 0x7ff5589329e8 WebCore::HTMLDocumentParser::end() 25 0x7ff558932ad1 WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd() 26 0x7ff558931719 WebCore::HTMLDocumentParser::prepareToStopParsing() 27 0x7ff558932b88 WebCore::HTMLDocumentParser::endIfDelayed() 28 0x7ff5589318d2 WebCore::HTMLDocumentParser::resumeParsingAfterYield() 29 0x7ff558944d9e WebCore::HTMLParserScheduler::continueNextChunkTimerFired(WebCore::Timer<WebCore::HTMLParserScheduler>&) 30 0x7ff558945d63 std::_Mem_fn<void (WebCore::HTMLParserScheduler::*)(WebCore::Timer<WebCore::HTMLParserScheduler>&)>::operator()(WebCore::HTMLParserScheduler*, WebCore::Timer<WebCore::HTMLParserScheduler>&) const 31 0x7ff558945c91 void std::_Bind<std::_Mem_fn<void (WebCore::HTMLParserScheduler::*)(WebCore::Timer<WebCore::HTMLParserScheduler>&)> (WebCore::HTMLParserScheduler*, std::reference_wrapper<WebCore::Timer<WebCore::HTMLParserScheduler> >)>::__call<void, , 0ul, 1ul>(std::tuple<>&&, std::_Index_tuple<0ul, 1ul>) ERR<22636>:elementary els_tooltip.c:906 elm_object_tooltip_unset() Object does not have tooltip: obj ERR<22636>:efreet_cache efreet_cache.c:232 efreet_cache_shutdown() This application has not properly closed all its desktop references!

Brent Fulgham

Comment 5 2016-08-03 12:51:30 PDT

Still unable to reproduce under GuardMalloc or ASAN in r204037. Seems like this is port-specific.

Michael Catanzaro

Comment 6 2017-03-11 10:32:05 PST

Closing this bug because the EFL port has been removed from trunk. If you feel this bug applies to a different upstream WebKit port and was closed in error, please either update the title and reopen the bug, or leave a comment to request this.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution WONTFIX

Priority P2

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware PC

OS Linux

Product WebKit

Component JavaScriptCore

Assignee

Nobody

Reported

2013-09-26 01:49 PDT

Modified

2017-03-11 10:32 PST History

CC List

12 users Show

URL

Keywords InRadar

Depends on

Blocks

116980

Dependencies

tree graph