RESOLVED FIXED 129364
ASSERTION FAILED: m_heap->vm()->currentThreadIsHoldingAPILock() in inspector-protocol/* 
https://bugs.webkit.org/show_bug.cgi?id=129364
Summary ASSERTION FAILED: m_heap->vm()->currentThreadIsHoldingAPILock() in inspector...
Alexey Proskuryakov
Reported 2014-02-25 22:49:53 PST
http://build.webkit.org/results/Apple%20Mavericks%20Debug%20WK2%20(Tests)/r164696%20(2899)/inspector-protocol/page/deny-X-FrameOption-crash-log.txt ASSERTION FAILED: m_heap->vm()->currentThreadIsHoldingAPILock() /Volumes/Data/slave/mavericks-debug/build/Source/JavaScriptCore/heap/MarkedAllocator.cpp(149) : void *JSC::MarkedAllocator::allocateSlowCase(size_t) 1 0x1106508d0 WTFCrash 2 0x110474955 JSC::MarkedAllocator::allocateSlowCase(unsigned long) 3 0x11189f7af JSC::MarkedAllocator::allocate(unsigned long) 4 0x11189f649 JSC::MarkedSpace::allocateWithImmortalStructureDestructor(unsigned long) 5 0x11189f5b6 JSC::Heap::allocateWithImmortalStructureDestructor(unsigned long) 6 0x11189f487 void* JSC::allocateCell<JSC::Structure>(JSC::Heap&, unsigned long) 7 0x11189f05f void* JSC::allocateCell<JSC::Structure>(JSC::Heap&) 8 0x11189eddf JSC::Structure::create(JSC::VM&, JSC::JSGlobalObject*, JSC::JSValue, JSC::TypeInfo const&, JSC::ClassInfo const*, unsigned char, unsigned int) 9 0x1124cc810 WebCore::JSCommandLineAPIHostPrototype::createStructure(JSC::VM&, JSC::JSGlobalObject*, JSC::JSValue) 10 0x1124cb769 WebCore::JSCommandLineAPIHost::createPrototype(JSC::VM&, JSC::JSGlobalObject*) ...
Attachments
the patch. (1.62 KB, patch)
2014-02-26 00:47 PST, Mark Lam 		no flags
DetailsFormatted DiffDiff
patch 2: added a comment. (1.70 KB, patch)
2014-02-26 00:52 PST, Mark Lam 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2014-02-25 22:50:56 PST
<rdar://problem/16170264>
Alexey Proskuryakov
Comment 2 2014-02-25 22:53:52 PST
Actually, there are lots of inspector tests failing with this assertion, probably should file a bug about each one. Also: inspector-protocol/debugger/nested-inspectors.html inspector-protocol/dom-debugger/node-removed.html
Mark Lam
Comment 3 2014-02-25 22:54:49 PST
(In reply to comment #2) > Actually, there are lots of inspector tests failing with this assertion, probably should file a bug about each one. > > Also: > > inspector-protocol/debugger/nested-inspectors.html > inspector-protocol/dom-debugger/node-removed.html They are probably due to the same root cause though. I'm investigating.
Mark Lam
Comment 4 2014-02-26 00:32:25 PST
*** Bug 129360 has been marked as a duplicate of this bug. ***
Mark Lam
Comment 5 2014-02-26 00:38:42 PST
The test failure is intermittent because it depends on an GC / allocation activity happening at exactly the right moment. That is why I don't see the failures when I run it on my machine. However, there is an easy way to get an equivalent reproduction case i.e. by adding the following assertion to JSC::Structure::create(): ASSERT(vm.currentThreadIsHoldingAPILock()); With that I can get the inspector-protocol tests to fail all the time. The failure is because InjectedScriptModule::ensureInjected() isn't using an APIEntryShim before it started calling functions that enter the VM. The fix is to use the shim here. Patch coming soon.
Mark Lam
Comment 6 2014-02-26 00:47:59 PST
Created attachment 225235 [details] the patch.
Mark Lam
Comment 7 2014-02-26 00:52:00 PST
Created attachment 225237 [details] patch 2: added a comment.
WebKit Commit Bot
Comment 8 2014-02-26 08:36:37 PST
Comment on attachment 225237 [details] patch 2: added a comment. Clearing flags on attachment: 225237 Committed r164717: <http://trac.webkit.org/changeset/164717>
WebKit Commit Bot
Comment 9 2014-02-26 08:36:40 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.