135352 – ASSERTION FAILED: m_heap->vm()->currentThreadIsHoldingAPILock()

Bug 135352 - ASSERTION FAILED: m_heap->vm()->currentThreadIsHoldingAPILock()

Summary: ASSERTION FAILED: m_heap->vm()->currentThreadIsHoldingAPILock()

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	JavaScriptCore (show other bugs)
Version:	528+ (Nightly build)
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Mark Hahnenberg

URL:
Keywords:

Depends on:
Blocks:

Reported:	2014-07-28 14:17 PDT by Mark Hahnenberg
Modified:	2014-07-28 15:19 PDT (History)
CC List:	1 user (show)

See Also:

Attachments
Patch (1.57 KB, patch) 2014-07-28 14:20 PDT, Mark Hahnenberg	no flags	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Mark Hahnenberg 2014-07-28 14:17:16 PDT

ASSERTION FAILED: m_heap->vm()->currentThreadIsHoldingAPILock()
/Volumes/Data/Development/OSX/webkit/OpenSource/Source/JavaScriptCore/heap/MarkedAllocator.cpp(164) : void *JSC::MarkedAllocator::allocateSlowCase(size_t)
1   0x10fa6b5c0 WTFCrash
2   0x10f83cfe5 JSC::MarkedAllocator::allocateSlowCase(unsigned long)
3   0x10f2406a1 JSC::MarkedAllocator::allocate(unsigned long)
4   0x10f252c19 JSC::MarkedSpace::allocateWithImmortalStructureDestructor(unsigned long)
5   0x10f252be6 JSC::Heap::allocateWithImmortalStructureDestructor(unsigned long)
6   0x10f976a67 void* JSC::allocateCell<JSC::PropertyTable>(JSC::Heap&, unsigned long)
7   0x10f97623f void* JSC::allocateCell<JSC::PropertyTable>(JSC::Heap&)
8   0x10f975723 JSC::PropertyTable::clone(JSC::VM&, JSC::PropertyTable const&)
9   0x10f9e43c2 JSC::PropertyTable::copy(JSC::VM&, unsigned int)
10  0x10f9df720 JSC::Structure::materializePropertyMap(JSC::VM&)
11  0x10f2444c3 JSC::Structure::materializePropertyMapIfNecessary(JSC::VM&, JSC::PropertyTable*&)
12  0x10f241fc3 JSC::Structure::get(JSC::VM&, JSC::PropertyName, unsigned int&, JSC::JSCell*&)
13  0x10f245aee JSC::JSObject::inlineGetOwnPropertySlot(JSC::VM&, JSC::Structure&, JSC::PropertyName, JSC::PropertySlot&)
14  0x10f23e58a JSC::JSObject::getOwnPropertySlot(JSC::JSObject*, JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&)
15  0x10f723749 bool JSC::getStaticFunctionSlot<JSC::JSSegmentedVariableObject>(JSC::ExecState*, JSC::HashTable const&, JSC::JSObject*, JSC::PropertyName, JSC::PropertySlot&)
16  0x10f70fbec JSC::JSGlobalObject::getOwnPropertySlot(JSC::JSObject*, JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&)
17  0x112fcbc9c WebCore::JSDOMWindow::getOwnPropertySlot(JSC::JSObject*, JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&)
18  0x1124c1de7 JSC::JSObject::fastGetOwnPropertySlot(JSC::ExecState*, JSC::VM&, JSC::Structure&, JSC::PropertyName, JSC::PropertySlot&)
19  0x1124c1bc6 JSC::JSObject::getPropertySlot(JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&)
20  0x1124c0e48 JSC::JSObject::get(JSC::ExecState*, JSC::PropertyName) const
21  0x113734350 WebCore::QuickTimePluginReplacement::ensureReplacementScriptInjected()

ensureReplacementScriptInjected should be taking a JSLock like its sibling methods do (e.g. installReplacement).

Comment 1 Mark Hahnenberg 2014-07-28 14:17:42 PDT

<rdar://problem/17833422>

Comment 2 Mark Hahnenberg 2014-07-28 14:20:23 PDT

Created attachment 235616 [details]
Patch

Comment 3 WebKit Commit Bot 2014-07-28 15:19:28 PDT

Comment on attachment 235616 [details]
Patch

Clearing flags on attachment: 235616

Committed r171703: <http://trac.webkit.org/changeset/171703>

Comment 4 WebKit Commit Bot 2014-07-28 15:19:33 PDT

All reviewed patches have been landed.  Closing bug.