WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
Bug 161083
Assertion hit: ASSERT(!m_parserScheduler) in ~HTMLDocumentParser()
https://bugs.webkit.org/show_bug.cgi?id=161083
Summary
Assertion hit: ASSERT(!m_parserScheduler) in ~HTMLDocumentParser()
Chris Dumez
Reported
2016-08-23 08:58:36 PDT
Assertion hit: ASSERT(!m_parserScheduler) in ~HTMLDocumentParser() when running html/browsers/browsing-the-web/unloading-documents/004.html in Debug (WK1 or WK2): Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.JavaScriptCore 0x000000010fb29a44 WTFCrash + 36 (Assertions.cpp:323) 1 com.apple.WebCore 0x000000011597a9ff WebCore::HTMLDocumentParser::~HTMLDocumentParser() + 175 (HTMLDocumentParser.cpp:81) 2 com.apple.WebCore 0x000000011597b2c5 WebCore::HTMLDocumentParser::~HTMLDocumentParser() + 21 (HTMLDocumentParser.cpp:85) 3 com.apple.WebCore 0x000000011597b329 WebCore::HTMLDocumentParser::~HTMLDocumentParser() + 25 (HTMLDocumentParser.cpp:80) 4 com.apple.WebCore 0x00000001154a212f WTF::RefCounted<WebCore::DocumentParser>::deref() const + 79 (RefCounted.h:145) 5 com.apple.WebCore 0x00000001154a65d5 void WTF::derefIfNotNull<WebCore::DocumentParser>(WebCore::DocumentParser*) + 53 (PassRefPtr.h:41) 6 com.apple.WebCore 0x00000001154a6593 WTF::RefPtr<WebCore::DocumentParser>::~RefPtr() + 83 (RefPtr.h:62) 7 com.apple.WebCore 0x0000000115467805 WTF::RefPtr<WebCore::DocumentParser>::~RefPtr() + 21 (RefPtr.h:62) 8 com.apple.WebCore 0x00000001154761d3 WTF::RefPtr<WebCore::DocumentParser>& WTF::RefPtr<WebCore::DocumentParser>::operator=<WebCore::DocumentParser>(WTF::Ref<WebCore::DocumentParser>&&) + 67 (RefPtr.h:187) 9 com.apple.WebCore 0x0000000115475fcf WebCore::Document::implicitOpen() + 95 (Document.cpp:2622) 10 com.apple.WebCore 0x000000011546d326 WebCore::Document::open(WebCore::Document*) + 406 (Document.cpp:2586) 11 com.apple.WebCore 0x0000000115ffe66d WebCore::JSHTMLDocument::open(JSC::ExecState&) + 477 (JSHTMLDocumentCustom.cpp:176) 12 com.apple.WebCore 0x0000000115ffcac2 WebCore::jsHTMLDocumentPrototypeFunctionOpen(JSC::ExecState*) + 386 (JSHTMLDocument.cpp:382) 13 ??? 0x000040ad6a001028 0 + 71113551908904 14 com.apple.JavaScriptCore 0x000000010f746b85 llint_entry + 28385 (LowLevelInterpreter.asm:772) 15 com.apple.JavaScriptCore 0x000000010f746b0b llint_entry + 28263 (LowLevelInterpreter.asm:772) 16 com.apple.JavaScriptCore 0x000000010f746fcd llint_entry + 29481 (LowLevelInterpreter.asm:772) 17 com.apple.JavaScriptCore 0x000000010f746b85 llint_entry + 28385 (LowLevelInterpreter.asm:772) 18 com.apple.JavaScriptCore 0x000000010f73fa8e vmEntryToJavaScript + 334 (LowLevelInterpreter64.asm:255) 19 com.apple.JavaScriptCore 0x000000010f52eac7 JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) + 215 (JITCode.cpp:80) 20 com.apple.JavaScriptCore 0x000000010f4b5ad7 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 983 (Interpreter.cpp:1019) 21 com.apple.JavaScriptCore 0x000000010ed69438 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 184 (CallData.cpp:40) 22 com.apple.JavaScriptCore 0x000000010ed694d3 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) + 83 (CallData.cpp:45) 23 com.apple.JavaScriptCore 0x000000010ed6973b JSC::profiledCall(JSC::ExecState*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) + 139 (CallData.cpp:64) 24 com.apple.WebCore 0x0000000115db6c1b WebCore::JSMainThreadExecState::profiledCall(JSC::ExecState*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) + 139 (JSMainThreadExecState.h:74) 25 com.apple.WebCore 0x0000000115f79277 WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext*, WebCore::Event*) + 1479 (JSEventListener.cpp:132) 26 com.apple.WebCore 0x0000000115643baa WebCore::EventTarget::fireEventListeners(WebCore::Event&, WTF::Vector<WTF::RefPtr<WebCore::RegisteredEventListener>, 1ul, WTF::CrashOnOverflow, 16ul>) + 778 (EventTarget.cpp:261) 27 com.apple.WebCore 0x0000000115643770 WebCore::EventTarget::fireEventListeners(WebCore::Event&) + 320 (EventTarget.cpp:206) 28 com.apple.WebCore 0x0000000116723991 WebCore::Node::handleLocalEvents(WebCore::Event&) + 177 (Node.cpp:2126) 29 com.apple.WebCore 0x000000011561056b WebCore::EventContext::handleLocalEvents(WebCore::Event&) const + 171 (EventContext.cpp:55) 30 com.apple.WebCore 0x0000000115610850 WebCore::MouseOrFocusEventContext::handleLocalEvents(WebCore::Event&) const + 320 (EventContext.cpp:86) 31 com.apple.WebCore 0x0000000115611675 WebCore::dispatchEventInDOM(WebCore::Event&, WebCore::EventPath const&, WebCore::WindowEventContext&) + 341 (EventDispatcher.cpp:127) 32 com.apple.WebCore 0x0000000115611210 WebCore::EventDispatcher::dispatchEvent(WebCore::Node*, WebCore::Event&) + 672 (EventDispatcher.cpp:184) 33 com.apple.WebCore 0x0000000116e061ee WebCore::simulateMouseEvent(WTF::AtomicString const&, WebCore::Element&, WebCore::Event*, WebCore::SimulatedClickCreationOptions) + 158 (SimulatedClick.cpp:79) 34 com.apple.WebCore 0x0000000116e060d4 WebCore::simulateClick(WebCore::Element&, WebCore::Event*, WebCore::SimulatedClickMouseEventOptions, WebCore::SimulatedClickVisualOptions, WebCore::SimulatedClickCreationOptions) + 436 (SimulatedClick.cpp:101) 35 com.apple.WebCore 0x00000001155da536 WebCore::Element::dispatchSimulatedClickForBindings(WebCore::Event*) + 38 (Element.cpp:342) 36 com.apple.WebCore 0x000000011598c229 WebCore::HTMLElement::click() + 25 (HTMLElement.cpp:695) 37 com.apple.WebCore 0x0000000116007deb WebCore::jsHTMLElementPrototypeFunctionClick(JSC::ExecState*) + 395 (JSHTMLElement.cpp:2973) 38 ??? 0x000040ad6a001028 0 + 71113551908904 39 com.apple.JavaScriptCore 0x000000010f746b85 llint_entry + 28385 (LowLevelInterpreter.asm:772) 40 com.apple.JavaScriptCore 0x000000010f746b0b llint_entry + 28263 (LowLevelInterpreter.asm:772) 41 com.apple.JavaScriptCore 0x000000010f746fcd llint_entry + 29481 (LowLevelInterpreter.asm:772) 42 com.apple.JavaScriptCore 0x000000010f73fa8e vmEntryToJavaScript + 334 (LowLevelInterpreter64.asm:255) 43 com.apple.JavaScriptCore 0x000000010f52eac7 JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) + 215 (JITCode.cpp:80) 44 com.apple.JavaScriptCore 0x000000010f4b5ad7 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 983 (Interpreter.cpp:1019) 45 com.apple.JavaScriptCore 0x000000010ed69438 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 184 (CallData.cpp:40) 46 com.apple.JavaScriptCore 0x000000010ed694d3 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) + 83 (CallData.cpp:45) 47 com.apple.JavaScriptCore 0x000000010ed6973b JSC::profiledCall(JSC::ExecState*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) + 139 (CallData.cpp:64) 48 com.apple.WebCore 0x0000000115db6c1b WebCore::JSMainThreadExecState::profiledCall(JSC::ExecState*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) + 139 (JSMainThreadExecState.h:74) 49 com.apple.WebCore 0x0000000116c9da5a WebCore::ScheduledAction::executeFunctionInContext(JSC::JSGlobalObject*, JSC::JSValue, WebCore::ScriptExecutionContext&) + 554 (ScheduledAction.cpp:104) 50 com.apple.WebCore 0x0000000116c9d65a WebCore::ScheduledAction::execute(WebCore::Document&) + 266 (ScheduledAction.cpp:125) 51 com.apple.WebCore 0x0000000116c9d523 WebCore::ScheduledAction::execute(WebCore::ScriptExecutionContext&) + 67 (ScheduledAction.cpp:78) 52 com.apple.WebCore 0x00000001155584d8 WebCore::DOMTimer::fired() + 968 (DOMTimer.cpp:355) 53 com.apple.WebCore 0x000000011716b07a WebCore::ThreadTimers::sharedTimerFiredInternal() + 394 (ThreadTimers.cpp:124) 54 com.apple.WebCore 0x000000011716c2a1 WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0::operator()() const + 33 (ThreadTimers.cpp:73) 55 com.apple.WebCore 0x000000011716c26d void std::__1::__invoke_void_return_wrapper<void>::__call<WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0&>(WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0&&&) + 45 (__functional_base:469) 56 com.apple.WebCore 0x000000011716c219 std::__1::__function::__func<WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0, std::__1::allocator<WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0>, void ()>::operator()() + 41 (functional:1437) 57 com.apple.WebCore 0x0000000114de48aa std::__1::function<void ()>::operator()() const + 26 (functional:1817) 58 com.apple.WebCore 0x000000011650c568 WebCore::MainThreadSharedTimer::fired() + 104 (MainThreadSharedTimer.cpp:53) 59 com.apple.WebCore 0x000000011650c8e9 WebCore::timerFired(__CFRunLoopTimer*, void*) + 41 (MainThreadSharedTimerCF.cpp:74) 60 com.apple.CoreFoundation 0x00007fff9465bec4 __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 20 61 com.apple.CoreFoundation 0x00007fff9465bb4f __CFRunLoopDoTimer + 1071 62 com.apple.CoreFoundation 0x00007fff9465b6aa __CFRunLoopDoTimers + 298 63 com.apple.CoreFoundation 0x00007fff946530d1 __CFRunLoopRun + 2065 64 com.apple.CoreFoundation 0x00007fff94652664 CFRunLoopRunSpecific + 420 65 DumpRenderTree 0x000000010baecd49 runTest(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&) + 6201 (DumpRenderTree.mm:2053) 66 DumpRenderTree 0x000000010baeb46d runTestingServerLoop() + 349 (DumpRenderTree.mm:1199) 67 DumpRenderTree 0x000000010baea9ba dumpRenderTree(int, char const**) + 442 (DumpRenderTree.mm:1313) 68 DumpRenderTree 0x000000010baed68d DumpRenderTreeMain(int, char const**) + 125 (DumpRenderTree.mm:1430) 69 DumpRenderTree 0x000000010bb454d2 main + 34 (DumpRenderTreeMain.mm:34) 70 libdyld.dylib 0x00007fffa9684255 start + 1
Attachments
Patch
(3.34 KB, patch)
2016-08-24 13:37 PDT
,
Chris Dumez
no flags
Details
Formatted Diff
Diff
View All
Add attachment
proposed patch, testcase, etc.
Chris Dumez
Comment 1
2016-08-24 11:08:22 PDT
<
rdar://problem/27986937
>
Chris Dumez
Comment 2
2016-08-24 12:37:57 PDT
In Document::implicitOpen(), we call in this order: 1. cancelParsing(); // Clears out m_parser 2. removeChildren(); // May cause JS execution and therefore re-populate m_parser 3. m_parser = createParser(); // Expects m_parser to be null. Looking at the spec:
https://html.spec.whatwg.org/#dom-document-open
It says: Remove all child nodes of the document, without firing any mutation events. (step 15) So we should probably not fire mutation events.
Chris Dumez
Comment 3
2016-08-24 13:37:04 PDT
Created
attachment 286886
[details]
Patch
Chris Dumez
Comment 4
2016-08-24 15:00:18 PDT
Comment on
attachment 286886
[details]
Patch Clearing flags on attachment: 286886 Committed
r204936
: <
http://trac.webkit.org/changeset/204936
>
Chris Dumez
Comment 5
2016-08-24 15:00:24 PDT
All reviewed patches have been landed. Closing bug.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug