RESOLVED FIXED 161632
ASSERTION FAILED: promise.inherits(JSPromise::info())
https://bugs.webkit.org/show_bug.cgi?id=161632
Summary ASSERTION FAILED: promise.inherits(JSPromise::info())
Ryan Haddad
Reported 2016-09-06 10:13:36 PDT
REGRESSION: LayoutTest imported/w3c/web-platform-tests/fetch/api/cors/cors-preflight-status.html is a flaky crash Thread 36 Crashed:: WebCore: Worker 0 com.apple.JavaScriptCore 0x000000010d922007 WTFCrash + 39 1 com.apple.JavaScriptCore 0x000000010d4442de JSC::JSPromiseDeferred::create(JSC::ExecState*, JSC::JSGlobalObject*) + 206 2 com.apple.WebCore 0x00000001139f1e05 WebCore::callPromiseFunction(JSC::ExecState&, long long (*)(JSC::ExecState*, JSC::JSPromiseDeferred*)) + 53 3 com.apple.WebCore 0x0000000114247a5c WebCore::jsWorkerGlobalScopePrototypeFunctionFetchRequest(JSC::ExecState*) + 28 4 ??? 0x0000316c0b050088 0 + 54340111106184 5 ??? 0x0000316c0b0f37e6 0 + 54340111775718 6 com.apple.JavaScriptCore 0x000000010d51bdfb llint_entry + 28055 7 ??? 0x0000316c0b0f82f3 0 + 54340111794931 8 com.apple.JavaScriptCore 0x000000010d514e4e vmEntryToJavaScript + 334 9 com.apple.JavaScriptCore 0x000000010d2e8e4a JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) + 218 10 com.apple.JavaScriptCore 0x000000010d26b33a JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 1226 11 com.apple.JavaScriptCore 0x000000010caf3e7e JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 190 12 com.apple.JavaScriptCore 0x000000010caf400b JSC::profiledCall(JSC::ExecState*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 123 13 com.apple.JavaScriptCore 0x000000010d3e3b0a JSC::JSJobMicrotask::run(JSC::ExecState*) + 410 14 com.apple.WebCore 0x0000000113b1f4e5 WebCore::JSGlobalObjectCallback::call() + 293 15 com.apple.WebCore 0x0000000113b1e761 WebCore::JSGlobalObjectTask::JSGlobalObjectTask(WebCore::JSDOMGlobalObject*, WTF::Ref<JSC::Microtask>&&)::$_0::operator()(WebCore::ScriptExecutionContext&) const + 33 16 com.apple.WebCore 0x0000000113b1e6b7 WTF::Function<void (WebCore::ScriptExecutionContext&)>::CallableWrapper<WebCore::JSGlobalObjectTask::JSGlobalObjectTask(WebCore::JSDOMGlobalObject*, WTF::Ref<JSC::Microtask>&&)::$_0>::call(WebCore::ScriptExecutionContext&) + 55 17 com.apple.WebCore 0x00000001130dcaf7 WTF::Function<void (WebCore::ScriptExecutionContext&)>::operator()(WebCore::ScriptExecutionContext&) const + 119 18 com.apple.WebCore 0x00000001130cd4fd WebCore::ScriptExecutionContext::Task::performTask(WebCore::ScriptExecutionContext&) + 29 19 com.apple.WebCore 0x00000001151ebee9 WebCore::WorkerRunLoop::Task::performTask(WebCore::WorkerRunLoop const&, WebCore::WorkerGlobalScope*) + 105 20 com.apple.WebCore 0x00000001151eb9aa WebCore::WorkerRunLoop::runInMode(WebCore::WorkerGlobalScope*, WebCore::ModePredicate const&, WebCore::WorkerRunLoop::WaitMode) + 1034 21 com.apple.WebCore 0x00000001151eb566 WebCore::WorkerRunLoop::run(WebCore::WorkerGlobalScope*) + 86 22 com.apple.WebCore 0x00000001151f3cf5 WebCore::WorkerThread::runEventLoop() + 53 23 com.apple.WebCore 0x0000000113036229 WebCore::DedicatedWorkerThread::runEventLoop() + 89 24 com.apple.WebCore 0x00000001151f3c17 WebCore::WorkerThread::workerThread() + 1127 25 com.apple.WebCore 0x00000001151f37a5 WebCore::WorkerThread::workerThreadStart(void*) + 21 26 com.apple.JavaScriptCore 0x000000010d993979 WTF::createThread(void (*)(void*), void*, char const*)::$_0::operator()() const + 25 27 com.apple.JavaScriptCore 0x000000010d99394d void std::__1::__invoke_void_return_wrapper<void>::__call<WTF::createThread(void (*)(void*), void*, char const*)::$_0&>(WTF::createThread(void (*)(void*), void*, char const*)::$_0&&&) + 45 28 com.apple.JavaScriptCore 0x000000010d9938ec std::__1::__function::__func<WTF::createThread(void (*)(void*), void*, char const*)::$_0, std::__1::allocator<WTF::createThread(void (*)(void*), void*, char const*)::$_0>, void ()>::operator()() + 44 29 com.apple.JavaScriptCore 0x000000010cf6199a std::__1::function<void ()>::operator()() const + 26 30 com.apple.JavaScriptCore 0x000000010d99254e WTF::threadEntryPoint(void*) + 158 31 com.apple.JavaScriptCore 0x000000010d993ff1 WTF::wtfThreadEntryPoint(void*) + 289 32 libsystem_pthread.dylib 0x00007fff902fd05a _pthread_body + 131 33 libsystem_pthread.dylib 0x00007fff902fcfd7 _pthread_start + 176 34 libsystem_pthread.dylib 0x00007fff902fa3ed thread_start + 13 https://webkit-test-results.webkit.org/dashboards/flakiness_dashboard.html#showAllRuns=true&tests=imported%2Fw3c%2Fweb-platform-tests%2Ffetch%2Fapi%2Fcors%2Fcors-preflight-status.html
Attachments
Patch (22.16 KB, patch)
2016-09-08 05:20 PDT, youenn fablet
no flags
Using DECLARE_THROW_SCOPE and improving test (22.33 KB, patch)
2016-09-08 12:18 PDT, youenn fablet
no flags
Patch for landing (22.44 KB, patch)
2016-09-09 02:17 PDT, youenn fablet
no flags
Ryan Haddad
Comment 1 2016-09-06 10:16:58 PDT
ASSERTION FAILED: promise.inherits(JSPromise::info())
Ryan Haddad
Comment 2 2016-09-06 10:23:27 PDT
First instance on the flakiness dashboard ~r205286. A few other fetch API tests were unskipped before that in r205284. Link to full crashlog: https://build.webkit.org/results/Apple%20Yosemite%20Debug%20WK1%20(Tests)/r205479%20(15 858)/imported/w3c/web-platform-tests/fetch/api/cors/cors-preflight-status-crash-log.txt
Ryan Haddad
Comment 3 2016-09-06 11:03:05 PDT
imported/w3c/web-platform-tests/fetch/api/cors/cors-preflight-status.html
Ryan Haddad
Comment 4 2016-09-06 11:04:47 PDT
(In reply to comment #3) > imported/w3c/web-platform-tests/fetch/api/cors/cors-preflight-status.html Saved a bit too soon. This assertion can be seen with: mported/w3c/web-platform-tests/fetch/api/redirect/redirect-count.html imported/w3c/web-platform-tests/fetch/api/cors/cors-preflight-status.html imported/w3c/web-platform-tests/fetch/api/cors/cors-preflight-status-worker.html
youenn fablet
Comment 5 2016-09-06 11:41:23 PDT
(In reply to comment #4) > (In reply to comment #3) > > imported/w3c/web-platform-tests/fetch/api/cors/cors-preflight-status.html > > Saved a bit too soon. This assertion can be seen with: > > mported/w3c/web-platform-tests/fetch/api/redirect/redirect-count.html > imported/w3c/web-platform-tests/fetch/api/cors/cors-preflight-status.html > imported/w3c/web-platform-tests/fetch/api/cors/cors-preflight-status-worker. > html Given the stack trace, it might be related to promises on worker.
Ryan Haddad
Comment 6 2016-09-06 14:00:47 PDT
(In reply to comment #4) > Saved a bit too soon. This assertion can be seen with: > > mported/w3c/web-platform-tests/fetch/api/redirect/redirect-count.html > imported/w3c/web-platform-tests/fetch/api/cors/cors-preflight-status.html > imported/w3c/web-platform-tests/fetch/api/cors/cors-preflight-status-worker. > html Skipped these tests in debug to get bots to green and stop EWS false positives. http://trac.webkit.org/projects/webkit/changeset/205503
Radar WebKit Bug Importer
Comment 7 2016-09-06 22:26:30 PDT
Alexey Proskuryakov
Comment 8 2016-09-06 22:26:31 PDT
youenn fablet
Comment 10 2016-09-07 09:25:38 PDT
(In reply to comment #9) > This happens on other tests too: > > https://build.webkit.org/results/Apple%20Yosemite%20Debug%20WK2%20(Tests)/ > r205544%20(14846)/imported/w3c/web-platform-tests/fetch/api/cors/cors- > preflight-redirect-crash-log.txt I think it only happens on worker tests. To remove all potential side effects, we should skip all fetch/api/**/*-worker.html tests :( I'll have a look.
Ryan Haddad
Comment 11 2016-09-07 09:27:07 PDT
(In reply to comment #9) > This happens on other tests too: > > https://build.webkit.org/results/Apple%20Yosemite%20Debug%20WK2%20(Tests)/ > r205544%20(14846)/imported/w3c/web-platform-tests/fetch/api/cors/cors- > preflight-redirect-crash-log.txt I actually just skipped that one too in http://trac.webkit.org/projects/webkit/changeset/205548
youenn fablet
Comment 12 2016-09-08 05:20:19 PDT
youenn fablet
Comment 13 2016-09-08 05:21:36 PDT
(In reply to comment #2) > First instance on the flakiness dashboard ~r205286. A few other fetch API > tests were unskipped before that in r205284. > > Link to full crashlog: > https://build.webkit.org/results/Apple%20Yosemite%20Debug%20WK1%20(Tests)/ > r205479%20(15 > 858)/imported/w3c/web-platform-tests/fetch/api/cors/cors-preflight-status- > crash-log.txt Looking at the crash log, the actual failing test is cors-preflight-status-worker.html not cors-preflight-status.html.
Mark Lam
Comment 14 2016-09-08 09:45:20 PDT
Comment on attachment 288260 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=288260&action=review > Source/JavaScriptCore/runtime/JSPromiseDeferred.cpp:61 > + if (promise.isUndefined()) Is this synonymous with an exception being thrown? If so, can you please add an ASSERT like so: // At the top of the function ... VM& vm = exec->vm(); auto scope = DECLARE_THROW_SCOPE(vm); ... // Right before the if (promise.isUndefined()) ... ASSERT(!!scope.exception() == promise.isUndefined()); if (promise.isUndefined() ... Or is the only way that promise can be undefined here due to an abrupt worker termination (and therefore not associated with any exception)?
youenn fablet
Comment 15 2016-09-08 12:18:23 PDT
Created attachment 288302 [details] Using DECLARE_THROW_SCOPE and improving test
Mark Lam
Comment 16 2016-09-08 12:21:33 PDT
Comment on attachment 288302 [details] Using DECLARE_THROW_SCOPE and improving test View in context: https://bugs.webkit.org/attachment.cgi?id=288302&action=review r=me > Source/JavaScriptCore/runtime/JSPromiseDeferred.cpp:60 > + if (scope.exception()) nit: I recommend using if (UNLIKELY(scope.exception()) > Source/WebCore/bindings/js/JSDOMPromise.h:101 > + // FIXME: We should pass references here, not pointers FIXMEs should be accompanied by a bug url so that someone can follow up. Please file the bug and add the url here.
Ryosuke Niwa
Comment 17 2016-09-08 23:42:43 PDT
Comment on attachment 288302 [details] Using DECLARE_THROW_SCOPE and improving test Looks okay to me.
youenn fablet
Comment 18 2016-09-09 02:17:36 PDT
Created attachment 288394 [details] Patch for landing
WebKit Commit Bot
Comment 19 2016-09-09 02:49:57 PDT
Comment on attachment 288394 [details] Patch for landing Clearing flags on attachment: 288394 Committed r205729: <http://trac.webkit.org/changeset/205729>
WebKit Commit Bot
Comment 20 2016-09-09 02:50:05 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.