Bug 161632 - ASSERTION FAILED: promise.inherits(JSPromise::info())
Summary: ASSERTION FAILED: promise.inherits(JSPromise::info())
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebCore JavaScript (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: youenn fablet
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2016-09-06 10:13 PDT by Ryan Haddad
Modified: 2016-09-09 02:50 PDT (History)
14 users (show)

See Also:

Attachments
Patch (22.16 KB, patch)
2016-09-08 05:20 PDT, youenn fablet 		no flags Details | Formatted Diff | Diff
Using DECLARE_THROW_SCOPE and improving test (22.33 KB, patch)
2016-09-08 12:18 PDT, youenn fablet 		no flags Details | Formatted Diff | Diff
Patch for landing (22.44 KB, patch)
2016-09-09 02:17 PDT, youenn fablet 		no flags Details | Formatted Diff | Diff
Show Obsolete (2) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Ryan Haddad 2016-09-06 10:13:36 PDT 
REGRESSION: LayoutTest imported/w3c/web-platform-tests/fetch/api/cors/cors-preflight-status.html is a flaky crash

Thread 36 Crashed:: WebCore: Worker
0   com.apple.JavaScriptCore      	0x000000010d922007 WTFCrash + 39
1   com.apple.JavaScriptCore      	0x000000010d4442de JSC::JSPromiseDeferred::create(JSC::ExecState*, JSC::JSGlobalObject*) + 206
2   com.apple.WebCore             	0x00000001139f1e05 WebCore::callPromiseFunction(JSC::ExecState&, long long (*)(JSC::ExecState*, JSC::JSPromiseDeferred*)) + 53
3   com.apple.WebCore             	0x0000000114247a5c WebCore::jsWorkerGlobalScopePrototypeFunctionFetchRequest(JSC::ExecState*) + 28
4   ???                           	0x0000316c0b050088 0 + 54340111106184
5   ???                           	0x0000316c0b0f37e6 0 + 54340111775718
6   com.apple.JavaScriptCore      	0x000000010d51bdfb llint_entry + 28055
7   ???                           	0x0000316c0b0f82f3 0 + 54340111794931
8   com.apple.JavaScriptCore      	0x000000010d514e4e vmEntryToJavaScript + 334
9   com.apple.JavaScriptCore      	0x000000010d2e8e4a JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) + 218
10  com.apple.JavaScriptCore      	0x000000010d26b33a JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 1226
11  com.apple.JavaScriptCore      	0x000000010caf3e7e JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 190
12  com.apple.JavaScriptCore      	0x000000010caf400b JSC::profiledCall(JSC::ExecState*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 123
13  com.apple.JavaScriptCore      	0x000000010d3e3b0a JSC::JSJobMicrotask::run(JSC::ExecState*) + 410
14  com.apple.WebCore             	0x0000000113b1f4e5 WebCore::JSGlobalObjectCallback::call() + 293
15  com.apple.WebCore             	0x0000000113b1e761 WebCore::JSGlobalObjectTask::JSGlobalObjectTask(WebCore::JSDOMGlobalObject*, WTF::Ref<JSC::Microtask>&&)::$_0::operator()(WebCore::ScriptExecutionContext&) const + 33
16  com.apple.WebCore             	0x0000000113b1e6b7 WTF::Function<void (WebCore::ScriptExecutionContext&)>::CallableWrapper<WebCore::JSGlobalObjectTask::JSGlobalObjectTask(WebCore::JSDOMGlobalObject*, WTF::Ref<JSC::Microtask>&&)::$_0>::call(WebCore::ScriptExecutionContext&) + 55
17  com.apple.WebCore             	0x00000001130dcaf7 WTF::Function<void (WebCore::ScriptExecutionContext&)>::operator()(WebCore::ScriptExecutionContext&) const + 119
18  com.apple.WebCore             	0x00000001130cd4fd WebCore::ScriptExecutionContext::Task::performTask(WebCore::ScriptExecutionContext&) + 29
19  com.apple.WebCore             	0x00000001151ebee9 WebCore::WorkerRunLoop::Task::performTask(WebCore::WorkerRunLoop const&, WebCore::WorkerGlobalScope*) + 105
20  com.apple.WebCore             	0x00000001151eb9aa WebCore::WorkerRunLoop::runInMode(WebCore::WorkerGlobalScope*, WebCore::ModePredicate const&, WebCore::WorkerRunLoop::WaitMode) + 1034
21  com.apple.WebCore             	0x00000001151eb566 WebCore::WorkerRunLoop::run(WebCore::WorkerGlobalScope*) + 86
22  com.apple.WebCore             	0x00000001151f3cf5 WebCore::WorkerThread::runEventLoop() + 53
23  com.apple.WebCore             	0x0000000113036229 WebCore::DedicatedWorkerThread::runEventLoop() + 89
24  com.apple.WebCore             	0x00000001151f3c17 WebCore::WorkerThread::workerThread() + 1127
25  com.apple.WebCore             	0x00000001151f37a5 WebCore::WorkerThread::workerThreadStart(void*) + 21
26  com.apple.JavaScriptCore      	0x000000010d993979 WTF::createThread(void (*)(void*), void*, char const*)::$_0::operator()() const + 25
27  com.apple.JavaScriptCore      	0x000000010d99394d void std::__1::__invoke_void_return_wrapper<void>::__call<WTF::createThread(void (*)(void*), void*, char const*)::$_0&>(WTF::createThread(void (*)(void*), void*, char const*)::$_0&&&) + 45
28  com.apple.JavaScriptCore      	0x000000010d9938ec std::__1::__function::__func<WTF::createThread(void (*)(void*), void*, char const*)::$_0, std::__1::allocator<WTF::createThread(void (*)(void*), void*, char const*)::$_0>, void ()>::operator()() + 44
29  com.apple.JavaScriptCore      	0x000000010cf6199a std::__1::function<void ()>::operator()() const + 26
30  com.apple.JavaScriptCore      	0x000000010d99254e WTF::threadEntryPoint(void*) + 158
31  com.apple.JavaScriptCore      	0x000000010d993ff1 WTF::wtfThreadEntryPoint(void*) + 289
32  libsystem_pthread.dylib       	0x00007fff902fd05a _pthread_body + 131
33  libsystem_pthread.dylib       	0x00007fff902fcfd7 _pthread_start + 176
34  libsystem_pthread.dylib       	0x00007fff902fa3ed thread_start + 13

https://webkit-test-results.webkit.org/dashboards/flakiness_dashboard.html#showAllRuns=true&tests=imported%2Fw3c%2Fweb-platform-tests%2Ffetch%2Fapi%2Fcors%2Fcors-preflight-status.html
Comment 1 Ryan Haddad 2016-09-06 10:16:58 PDT 
ASSERTION FAILED: promise.inherits(JSPromise::info())
Comment 2 Ryan Haddad 2016-09-06 10:23:27 PDT 
First instance on the flakiness dashboard ~r205286. A few other fetch API tests were unskipped before that in r205284.

Link to full crashlog: https://build.webkit.org/results/Apple%20Yosemite%20Debug%20WK1%20(Tests)/r205479%20(15
858)/imported/w3c/web-platform-tests/fetch/api/cors/cors-preflight-status-crash-log.txt
Comment 3 Ryan Haddad 2016-09-06 11:03:05 PDT 
imported/w3c/web-platform-tests/fetch/api/cors/cors-preflight-status.html
Comment 4 Ryan Haddad 2016-09-06 11:04:47 PDT 
(In reply to comment #3)
> imported/w3c/web-platform-tests/fetch/api/cors/cors-preflight-status.html

Saved a bit too soon. This assertion can be seen with:

mported/w3c/web-platform-tests/fetch/api/redirect/redirect-count.html
imported/w3c/web-platform-tests/fetch/api/cors/cors-preflight-status.html
imported/w3c/web-platform-tests/fetch/api/cors/cors-preflight-status-worker.html
Comment 5 youenn fablet 2016-09-06 11:41:23 PDT 
(In reply to comment #4)
> (In reply to comment #3)
> > imported/w3c/web-platform-tests/fetch/api/cors/cors-preflight-status.html
> 
> Saved a bit too soon. This assertion can be seen with:
> 
> mported/w3c/web-platform-tests/fetch/api/redirect/redirect-count.html
> imported/w3c/web-platform-tests/fetch/api/cors/cors-preflight-status.html
> imported/w3c/web-platform-tests/fetch/api/cors/cors-preflight-status-worker.
> html

Given the stack trace, it might be related to promises on worker.
Comment 6 Ryan Haddad 2016-09-06 14:00:47 PDT 
(In reply to comment #4)
> Saved a bit too soon. This assertion can be seen with:
> 
> mported/w3c/web-platform-tests/fetch/api/redirect/redirect-count.html
> imported/w3c/web-platform-tests/fetch/api/cors/cors-preflight-status.html
> imported/w3c/web-platform-tests/fetch/api/cors/cors-preflight-status-worker.
> html

Skipped these tests in debug to get bots to green and stop EWS false positives.
http://trac.webkit.org/projects/webkit/changeset/205503
Comment 7 Radar WebKit Bug Importer 2016-09-06 22:26:30 PDT 
<rdar://problem/28184743>
Comment 8 Alexey Proskuryakov 2016-09-06 22:26:31 PDT 
<rdar://problem/28184742>
Comment 10 youenn fablet 2016-09-07 09:25:38 PDT 
(In reply to comment #9)
> This happens on other tests too:
> 
> https://build.webkit.org/results/Apple%20Yosemite%20Debug%20WK2%20(Tests)/
> r205544%20(14846)/imported/w3c/web-platform-tests/fetch/api/cors/cors-
> preflight-redirect-crash-log.txt

I think it only happens on worker tests.
To remove all potential side effects, we should skip all fetch/api/**/*-worker.html tests :(

I'll have a look.
Comment 11 Ryan Haddad 2016-09-07 09:27:07 PDT 
(In reply to comment #9)
> This happens on other tests too:
> 
> https://build.webkit.org/results/Apple%20Yosemite%20Debug%20WK2%20(Tests)/
> r205544%20(14846)/imported/w3c/web-platform-tests/fetch/api/cors/cors-
> preflight-redirect-crash-log.txt

I actually just skipped that one too in http://trac.webkit.org/projects/webkit/changeset/205548
Comment 12 youenn fablet 2016-09-08 05:20:19 PDT 
Created attachment 288260 [details]
Patch
Comment 13 youenn fablet 2016-09-08 05:21:36 PDT 
(In reply to comment #2)
> First instance on the flakiness dashboard ~r205286. A few other fetch API
> tests were unskipped before that in r205284.
> 
> Link to full crashlog:
> https://build.webkit.org/results/Apple%20Yosemite%20Debug%20WK1%20(Tests)/
> r205479%20(15
> 858)/imported/w3c/web-platform-tests/fetch/api/cors/cors-preflight-status-
> crash-log.txt

Looking at the crash log, the actual failing test is cors-preflight-status-worker.html not cors-preflight-status.html.
Comment 14 Mark Lam 2016-09-08 09:45:20 PDT 
Comment on attachment 288260 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=288260&action=review

> Source/JavaScriptCore/runtime/JSPromiseDeferred.cpp:61
> +    if (promise.isUndefined())

Is this synonymous with an exception being thrown?  If so, can you please add an ASSERT like so:

    // At the top of the function ...
    VM& vm = exec->vm();
    auto scope = DECLARE_THROW_SCOPE(vm);

    ...
    // Right before the if (promise.isUndefined()) ...
    ASSERT(!!scope.exception() == promise.isUndefined());
    if (promise.isUndefined() ...

Or is the only way that promise can be undefined here due to an abrupt worker termination (and therefore not associated with any exception)?
Comment 15 youenn fablet 2016-09-08 12:18:23 PDT 
Created attachment 288302 [details]
Using DECLARE_THROW_SCOPE and improving test
Comment 16 Mark Lam 2016-09-08 12:21:33 PDT 
Comment on attachment 288302 [details]
Using DECLARE_THROW_SCOPE and improving test

View in context: https://bugs.webkit.org/attachment.cgi?id=288302&action=review

r=me

> Source/JavaScriptCore/runtime/JSPromiseDeferred.cpp:60
> +    if (scope.exception())

nit: I recommend using 
    if (UNLIKELY(scope.exception())

> Source/WebCore/bindings/js/JSDOMPromise.h:101
> +    // FIXME: We should pass references here, not pointers

FIXMEs should be accompanied by a bug url so that someone can follow up.  Please file the bug and add the url here.
Comment 17 Ryosuke Niwa 2016-09-08 23:42:43 PDT 
Comment on attachment 288302 [details]
Using DECLARE_THROW_SCOPE and improving test

Looks okay to me.
Comment 18 youenn fablet 2016-09-09 02:17:36 PDT 
Created attachment 288394 [details]
Patch for landing
Comment 19 WebKit Commit Bot 2016-09-09 02:49:57 PDT 
Comment on attachment 288394 [details]
Patch for landing

Clearing flags on attachment: 288394

Committed r205729: <http://trac.webkit.org/changeset/205729>
Comment 20 WebKit Commit Bot 2016-09-09 02:50:05 PDT 
All reviewed patches have been landed.  Closing bug.