NEW123029
platform/mac/editing/attributed-string tests all flakily assert 
https://bugs.webkit.org/show_bug.cgi?id=123029
Summary platform/mac/editing/attributed-string tests all flakily assert
Alexey Proskuryakov
Reported 2013-10-18 10:56:34 PDT
This is an extremely common assertion on bots. http://webkit-test-results.appspot.com/dashboards/flakiness_dashboard.html#tests=attributed-string Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.JavaScriptCore 0x0000000104ee85ca WTFCrash + 42 (Assertions.cpp:342) 1 com.apple.WebCore 0x0000000106881ca3 JSC::Bindings::Instance::createRuntimeObject(JSC::ExecState*) + 163 (BridgeJSC.cpp:74) 2 com.apple.WebCore 0x000000010795da73 JSC::Bindings::convertObjcValueToValue(JSC::ExecState*, void*, JSC::Bindings::ObjcValueType, JSC::Bindings::RootObject*) + 1571 (objc_utility.mm:202) 3 com.apple.WebCore 0x0000000107959864 JSC::Bindings::ObjcInstance::invokeObjcMethod(JSC::ExecState*, JSC::Bindings::ObjcMethod*) + 2356 (objc_instance.mm:343) 4 com.apple.WebCore 0x0000000107958f08 JSC::Bindings::ObjcInstance::invokeMethod(JSC::ExecState*, JSC::RuntimeMethod*) + 312 (objc_instance.mm:233) 5 com.apple.WebCore 0x0000000107d44e67 JSC::callRuntimeMethod(JSC::ExecState*) + 503 (runtime_method.cpp:100) 6 com.apple.JavaScriptCore 0x0000000104d571c2 JSC::LLInt::handleHostCall(JSC::ExecState*, JSC::Instruction*, JSC::JSValue, JSC::CodeSpecializationKind) + 306 (LLIntSlowPaths.cpp:960) 7 com.apple.JavaScriptCore 0x0000000104d57f9c JSC::LLInt::setUpCall(JSC::ExecState*, JSC::Instruction*, JSC::CodeSpecializationKind, JSC::JSValue, JSC::LLIntCallLinkInfo*) + 92 (LLIntSlowPaths.cpp:1004)
Attachments
Add attachment proposed patch, testcase, etc.
Alexey Proskuryakov
Comment 1 2013-10-19 21:57:12 PDT
<rdar://problem/15196388>
Alexey Proskuryakov
Comment 2 2013-10-19 22:04:25 PDT
It was very difficult for me to reproduce this locally. I managed to hit it once with run-webkit-tests platform/mac/editing/attributed-string/ --iter 1000 -v -gf
Ryosuke Niwa
Comment 3 2013-10-19 22:41:53 PDT
This isn't this the same assertion we're hitting on other layout tests?
Alexey Proskuryakov
Comment 4 2013-10-19 23:01:29 PDT
I don't know which assertion you have in mind, but the answer is likely no. It's only a small subset of tests that have a code path through ObjcInstance::invokeMethod.
Tim Horton
Comment 7 2013-11-14 19:04:17 PST
And still!
Alexey Proskuryakov
Comment 8 2013-12-19 10:01:53 PST
Looks like there are at least two problems here: - Somehow, s_instanceWrapperCache contains an entry with an invalidated root object, which makes no sense. - The cache should not be global, because Objective C instances can be used in multiple pages at once, and they need separate ObjcInstances then. Both are pretty bad bugs I think. This was failing extremely frequently lately - most of the time, multiple bots were red because of this issue alone. Marked as flakily crashing in debug in <http://trac.webkit.org/r160840>.
Ryosuke Niwa
Comment 9 2013-12-19 10:51:37 PST
Looks like this is a bug in Objective-C binding code?
Darin Adler
Comment 10 2013-12-19 11:05:23 PST
This lurked for four years before we noticed!?
Alexey Proskuryakov
Comment 11 2013-12-19 11:19:06 PST
Yes, it appears so. These attributed string tests were added this August, and I guess we didn't cover this aspect of Objective-C bindings in tests before. Also, these crashes became more frequent over the last few months, presumably because of some timing differences in loading, GC, or just different hardware on bots.
Alexey Proskuryakov
Comment 12 2014-04-15 16:09:51 PDT
platform/mac/plugins/jsobjc-simple.html is affected too.
Note You need to log in before you can comment on or make changes to this bug.