158687 – Stack overflow at RefPtr::release on Windows port since r201782

Bug 158687 - Stack overflow at RefPtr::release on Windows port since r201782

Summary: Stack overflow at RefPtr::release on Windows port since r201782

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	Web Template Framework (show other bugs)
Version:	WebKit Nightly Build
Hardware:	PC Windows 10

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:

Depends on:
Blocks:

Reported:	2016-06-13 02:54 PDT by Fujii Hironori
Modified:	2016-06-13 18:54 PDT (History)
CC List:	15 users (show)

See Also:	157596

Attachments
Patch (1.67 KB, patch) 2016-06-13 04:30 PDT, Fujii Hironori	no flags	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Fujii Hironori 2016-06-13 02:54:49 PDT

[Win] Stack overflow at RefPtr::release

trunk@201986 AppleWin Debug (CMake) build

When starting MiniBrowser, following dialog will be shown:

> Unhandled exception at 0x100694E0 (WebKit.dll) in MiniBrowser.exe: 0xC00000FD: Stack overflow (parameters: 0x00000001, 0x00092FFC).

Callstack:

> 	WebKit.dll!WTF::RefPtr<WTF::StringImpl>::RefPtr<WTF::StringImpl>(WTF::StringImpl * ptr, WTF::RefPtr<WTF::StringImpl>::AdoptTag __formal) Line 108	C++
>  	WebKit.dll!WTF::adoptRef<WTF::StringImpl>(WTF::StringImpl * p) Line 243	C++
>  	WebKit.dll!WTF::RefPtr<WTF::StringImpl>::release() Line 69	C++
>  	WebKit.dll!WTF::RefPtr<WTF::StringImpl>::RefPtr<WTF::StringImpl>(WTF::RefPtr<WTF::StringImpl> && o) Line 52	C++
>  	WebKit.dll!WTF::RefPtr<WTF::StringImpl>::release() Line 69	C++
>  	WebKit.dll!WTF::RefPtr<WTF::StringImpl>::RefPtr<WTF::StringImpl>(WTF::RefPtr<WTF::StringImpl> && o) Line 52	C++
>  	WebKit.dll!WTF::RefPtr<WTF::StringImpl>::release() Line 69	C++
>  	WebKit.dll!WTF::RefPtr<WTF::StringImpl>::RefPtr<WTF::StringImpl>(WTF::RefPtr<WTF::StringImpl> && o) Line 52	C++
>  	WebKit.dll!WTF::RefPtr<WTF::StringImpl>::release() Line 69	C++
>  	WebKit.dll!WTF::RefPtr<WTF::StringImpl>::RefPtr<WTF::StringImpl>(WTF::RefPtr<WTF::StringImpl> && o) Line 52	C++
(...)
>  	WebKit.dll!WTF::RefPtr<WTF::StringImpl>::release() Line 69	C++
>  	WebKit.dll!WTF::RefPtr<WTF::StringImpl>::RefPtr<WTF::StringImpl>(WTF::RefPtr<WTF::StringImpl> && o) Line 52	C++
>  	WebKit.dll!WTF::RefPtr<WTF::StringImpl>::release() Line 69	C++
>  	WebKit.dll!WTF::RefPtr<WTF::StringImpl>::RefPtr<WTF::StringImpl>(WTF::RefPtr<WTF::StringImpl> && o) Line 52	C++
>  	WebKit.dll!WTF::RefPtr<WTF::StringImpl>::release() Line 69	C++
>  	WebKit.dll!WTF::RefPtr<WTF::StringImpl>::RefPtr<WTF::StringImpl>(WTF::RefPtr<WTF::StringImpl> && o) Line 52	C++
>  	WebKit.dll!WTF::RefPtr<WTF::StringImpl>::release() Line 69	C++
>  	WebKit.dll!WTF::RefPtr<WTF::StringImpl>::RefPtr<WTF::StringImpl>(WTF::RefPtr<WTF::StringImpl> && o) Line 52	C++
>  	The maximum number of stack frames supported by Visual Studio has been exceeded.

Comment 1 Fujii Hironori 2016-06-13 02:57:53 PDT

Another callstack by stoping with a breakpoint:

> WebKit.dll!WTF::RefPtr<WTF::StringImpl>::RefPtr<WTF::StringImpl>(WTF::RefPtr<WTF::StringImpl> && o) Line 52	C++
> WebKit.dll!WTF::RefPtr<WTF::StringImpl>::release() Line 69	C++
> WebKit.dll!WTF::RefPtr<WTF::StringImpl>::RefPtr<WTF::StringImpl>(WTF::RefPtr<WTF::StringImpl> && o) Line 52	C++
> WebKit.dll!WTF::RefPtr<WTF::StringImpl>::release() Line 69	C++
> WebKit.dll!WTF::RefPtr<WTF::StringImpl>::RefPtr<WTF::StringImpl>(WTF::RefPtr<WTF::StringImpl> && o) Line 52	C++
> WebKit.dll!WTF::RefPtr<WTF::StringImpl>::release() Line 69	C++
> WebKit.dll!WTF::RefPtr<WTF::StringImpl>::RefPtr<WTF::StringImpl>(WTF::RefPtr<WTF::StringImpl> && o) Line 52	C++
> WebKit.dll!WTF::RefPtr<WTF::StringImpl>::release() Line 69	C++
> WebKit.dll!WTF::RefPtr<WTF::StringImpl>::RefPtr<WTF::StringImpl>(WTF::RefPtr<WTF::StringImpl> && o) Line 52	C++
> WebKit.dll!WTF::RefPtr<WTF::StringImpl>::release() Line 69	C++
> WebKit.dll!WTF::RefPtr<WTF::StringImpl>::RefPtr<WTF::StringImpl>(WTF::RefPtr<WTF::StringImpl> && o) Line 52	C++
> WebKit.dll!WTF::RefPtr<WTF::StringImpl>::operator=(WTF::RefPtr<WTF::StringImpl> && o) Line 173	C++
> WebKit.dll!WTF::String::operator=(WTF::String && other) Line 134	C++
> WebKit.dll!WTF::HashMapTranslator<WTF::HashMap<WTF::String,unsigned int,WTF::StringHash,WTF::HashTraits<WTF::String>,WTF::HashTraits<unsigned int> >::KeyValuePairTraits,WTF::StringHash>::translate<WTF::KeyValuePair<WTF::String,unsigned int>,WTF::String,int>(WTF::KeyValuePair<WTF::String,unsigned int> & location, WTF::String && key, int && mapped) Line 185	C++
> WebKit.dll!WTF::HashTable<WTF::String,WTF::KeyValuePair<WTF::String,unsigned int>,WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<WTF::String,unsigned int> >,WTF::StringHash,WTF::HashMap<WTF::String,unsigned int,WTF::StringHash,WTF::HashTraits<WTF::String>,WTF::HashTraits<unsigned int> >::KeyValuePairTraits,WTF::HashTraits<WTF::String> >::add<WTF::HashMapTranslator<WTF::HashMap<WTF::String,unsigned int,WTF::StringHash,WTF::HashTraits<WTF::String>,WTF::HashTraits<unsigned int> >::KeyValuePairTraits,WTF::StringHash>,WTF::String,int>(WTF::String && key, int && extra) Line 932	C++
> WebKit.dll!WTF::HashMap<WTF::String,unsigned int,WTF::StringHash,WTF::HashTraits<WTF::String>,WTF::HashTraits<unsigned int> >::inlineAdd<WTF::String,int>(WTF::String && key, int && value) Line 316	C++
> WebKit.dll!WTF::HashMap<WTF::String,unsigned int,WTF::StringHash,WTF::HashTraits<WTF::String>,WTF::HashTraits<unsigned int> >::add<int>(WTF::String && key, int && mapped) Line 358	C++
> WebKit.dll!WTF::HashCountedSet<WTF::String,WTF::StringHash,WTF::HashTraits<WTF::String> >::add(WTF::String && value) Line 194	C++
> WebKit.dll!WebKitClassFactory::WebKitClassFactory(_GUID targetClass) Line 71	C++
> WebKit.dll!DllGetClassObject(const _GUID & rclsid, const _GUID & riid, void * * ppv) Line 105	C++
> WebKit.dll!classFactory(const _GUID & clsid) Line 61	C++
> WebKit.dll!WebKitCreateInstance(const _GUID & rclsid, IUnknown * pUnkOuter, const _GUID & riid, void * * ppvObject) Line 72	C++
> MiniBrowserLib.dll!MiniBrowser::seedInitialDefaultPreferences() Line 171	C++
> MiniBrowserLib.dll!wWinMain(HINSTANCE__ * hInstance, HINSTANCE__ * hPrevInstance, wchar_t * lpstrCmdLine, int nCmdShow) Line 117	C++
> MiniBrowserLib.dll!dllLauncherEntryPoint(HINSTANCE__ * hInstance, HINSTANCE__ * hPrevInstance, wchar_t * lpstrCmdLine, int nCmdShow) Line 857	C++
> MiniBrowser.exe!wWinMain(HINSTANCE__ * hInstance, HINSTANCE__ * hPrevInstance, wchar_t * lpstrCmdLine, int nCmdShow) Line 249	C++
> [External Code]	
> [Frames below may be incorrect and/or missing, no symbols loaded for kernel32.dll]

Comment 2 Fujii Hironori 2016-06-13 04:30:08 PDT

Created attachment 281165 [details]
Patch

Comment 3 Brent Fulgham 2016-06-13 08:29:56 PDT

This seems like it should be affecting all ports, not just Windows. I wonder why we don't see it elsewhere?

Comment 4 Keith Rollin 2016-06-13 08:45:13 PDT

Yeah, I wondered that, too. It may have to do with how the compiler handles optimizing the assigning of the result of adoptRef() to "tmp" in release(). If it uses the move constructor, then we have the recursion problem. If it uses the "construct the result in the caller-provided variable" optimization, then we won't.

So I can see how different compilers could have different results. What I'm wondering is why we're only seeing it in MiniBrowser and not all over the place on Windows.

Comment 5 Chris Dumez 2016-06-13 09:02:48 PDT

Comment on attachment 281165 [details]
Patch

R=me

Comment 6 WebKit Commit Bot 2016-06-13 09:26:14 PDT

Comment on attachment 281165 [details]
Patch

Clearing flags on attachment: 281165

Committed r201991: <http://trac.webkit.org/changeset/201991>

Comment 7 WebKit Commit Bot 2016-06-13 09:26:21 PDT

All reviewed patches have been landed.  Closing bug.

Comment 8 Fujii Hironori 2016-06-13 18:54:18 PDT

Release build has no problem.

All programs (MiniBrowser DumpRenderTree, TestWTF, TestWebKit, jsc, testapi, testRegExp) of Debug build have the problem.