RESOLVED WORKSFORME 150342
[Win] Access violation in Release build 64-bit JSC 
https://bugs.webkit.org/show_bug.cgi?id=150342
Summary [Win] Access violation in Release build 64-bit JSC
Brent Fulgham
Reported 2015-10-19 14:41:00 PDT
Running with a Release 64-bit JavaScriptCore build is frequently hitting the following crash when running the 'fast' WebKit test suite: > JavaScriptCore.dll!JSC::MarkedAllocator::reset() Line 215 C++ JavaScriptCore.dll!JSC::MarkedSpace::resetAllocators() Line 109 C++ JavaScriptCore.dll!JSC::Heap::collectImpl(JSC::HeapOperation collectionType, void * stackOrigin, void * stackTop, _SETJMP_FLOAT128[16] & calleeSavedRegisters) Line 1099 C++ JavaScriptCore.dll!JSC::Heap::collect(JSC::HeapOperation collectionType) Line 1026 C++ JavaScriptCore.dll!JSC::MarkedAllocator::allocateSlowCase(unsigned __int64 bytes) Line 159 C++ WebKit.dll!WebCore::JSDOMWindowShell::setWindow(WTF::PassRefPtr<WebCore::DOMWindow> domWindow) Line 86 C++ WebKit.dll!WebCore::JSDOMWindowShell::create(JSC::VM & vm, WTF::PassRefPtr<WebCore::DOMWindow> window, JSC::Structure * structure, WebCore::DOMWrapperWorld & world) Line 57 C++ WebKit.dll!WebCore::ScriptController::createWindowShell(WebCore::DOMWrapperWorld & world) Line 133 C++ WebKit.dll!WebCore::ScriptController::initScript(WebCore::DOMWrapperWorld & world) Line 252 C++ WebKit.dll!WebCore::ScriptController::windowShell(WebCore::DOMWrapperWorld & world) Line 91 C++ WebKit.dll!WebFrame::globalContext() Line 532 C++ DumpRenderTreeLib.dll!resetWebViewToConsistentStateBeforeTesting() Line 917 C++ DumpRenderTreeLib.dll!runTest(const std::basic_string<char,std::char_traits<char>,std::allocator<char> > & inputLine) Line 1175 C++ DumpRenderTreeLib.dll!main(int argc, const char * * argv) Line 1494 C++ DumpRenderTree.exe!main(int argc, const char * * argv) Line 269 C++ [External Code]
Attachments
Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2015-10-19 14:42:48 PDT
<rdar://problem/23172910>
Brent Fulgham
Comment 2 2015-10-19 14:43:59 PDT
This crash is hit hundreds of times when running the LayoutTests/fast suite on 64-bit Windows (Release).
Brent Fulgham
Comment 3 2015-10-19 14:44:39 PDT
Reproducibly crashing on 'LayoutTests/fast/backgrounds/background-opaque-clipped-gradients.html'
Geoffrey Garen
Comment 4 2015-10-19 14:58:12 PDT
Does this crash go away if you disable concurrent GC?
Mark Lam
Comment 5 2015-10-19 15:21:00 PDT
I just took a look at this with Brent. Here are some details: 1. The crash does not go away when we disable the concurrent JIT. 2. The crash does not manifest on a debug build. 3. The crash does not manifest when the test page is loaded in MiniBrowser. 4. The test in question doesn't exercise any JS code at all. At this point, I'm not convinced that this is a JSC issue yet. Brent is going to play with the optimization flags on VS2015 and see if that gives us any additional clues.
peavo
Comment 6 2015-10-21 11:07:09 PDT
I have not been able to reproduce the crash, yet (WinCairo).
peavo
Comment 7 2015-10-22 00:33:31 PDT
(In reply to comment #4) > Does this crash go away if you disable concurrent GC? Have we tried to disable both concurrent GC and concurrent JIT?
Per Arne Vollan
Comment 8 2016-06-10 08:12:12 PDT
I am not able to reproduce this on WebKit revision 201919, when running the test fast/backgrounds/background-opaque-clipped-gradients.html.
Brent Fulgham
Comment 9 2016-06-10 08:25:24 PDT
(In reply to comment #8) > I am not able to reproduce this on WebKit revision 201919, when running the > test fast/backgrounds/background-opaque-clipped-gradients.html. OK! Let's close it, then.
Note You need to log in before you can comment on or make changes to this bug.