RESOLVED FIXED 166034
Web Inspector: Assertion seen in InspectorDebuggerAgent::refAsyncCallData with Inspector open 
https://bugs.webkit.org/show_bug.cgi?id=166034
Summary Web Inspector: Assertion seen in InspectorDebuggerAgent::refAsyncCallData wit...
Joseph Pecoraro
Reported 2016-12-19 13:51:20 PST
Summary: Assertion seen in InspectorDebuggerAgent::refAsyncCallData with Inspector open Test: <script> interval = setTimeout(() => { clearInterval(interval); setTimeout(() => {}, 0); }, 0); </script> Steps to Reproduce: 1. Inspect test page with Debug build 2. Reload => ASSERT Assert: Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_INVALID_ADDRESS at 0x00000000bbadbeef Exception Note: EXC_CORPSE_NOTIFY Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.JavaScriptCore 0x0000000106c834c4 WTFCrash + 36 (Assertions.cpp:323) 1 com.apple.JavaScriptCore 0x00000001065e0290 Inspector::InspectorDebuggerAgent::refAsyncCallData(std::__1::pair<int, int> const&) + 192 (InspectorDebuggerAgent.cpp:1145) 2 com.apple.JavaScriptCore 0x00000001065e0057 Inspector::InspectorDebuggerAgent::didScheduleAsyncCall(JSC::ExecState*, int, int, bool) + 391 (InspectorDebuggerAgent.cpp:272) 3 com.apple.WebCore 0x000000010b530a8f WebCore::didScheduleAsyncCall(WebCore::InstrumentingAgents&, WebCore::AsyncCallType, int, WebCore::ScriptExecutionContext&, bool) + 111 (InspectorInstrumentation.cpp:106) 4 com.apple.WebCore 0x000000010b530954 WebCore::InspectorInstrumentation::didInstallTimerImpl(WebCore::InstrumentingAgents&, int, std::__1::chrono::duration<long long, std::__1::ratio<1l, 1000l> >, bool, WebCore::ScriptExecutionContext&) + 116 (InspectorInstrumentation.cpp:344) 5 com.apple.WebCore 0x000000010ad20404 WebCore::InspectorInstrumentation::didInstallTimer(WebCore::ScriptExecutionContext&, int, std::__1::chrono::duration<long long, std::__1::ratio<1l, 1000l> >, bool) + 116 (InspectorInstrumentation.h:650) 6 com.apple.WebCore 0x000000010ad20314 WebCore::DOMTimer::install(WebCore::ScriptExecutionContext&, std::__1::unique_ptr<WebCore::ScheduledAction, std::__1::default_delete<WebCore::ScheduledAction> >, std::__1::chrono::duration<long long, std::__1::ratio<1l, 1000l> >, bool) + 788 (DOMTimer.cpp:224) 7 com.apple.WebCore 0x000000010ad36d1f WebCore::DOMWindow::setTimeout(std::__1::unique_ptr<WebCore::ScheduledAction, std::__1::default_delete<WebCore::ScheduledAction> >, int) + 671 (DOMWindow.cpp:1670) 8 com.apple.WebCore 0x000000010b895e5b WebCore::JSDOMWindow::setTimeout(JSC::ExecState&) + 1131 (JSDOMWindowCustom.cpp:501) 9 com.apple.WebCore 0x000000010b88d4a9 WebCore::jsDOMWindowInstanceFunctionSetTimeoutCaller(JSC::ExecState*, WebCore::JSDOMWindow*, JSC::ThrowScope&) + 105 (JSDOMWindow.cpp:30532) 10 com.apple.WebCore 0x000000010b84fd68 long long WebCore::BindingCaller<WebCore::JSDOMWindow>::callOperation<&(WebCore::jsDOMWindowInstanceFunctionSetTimeoutCaller(JSC::ExecState*, WebCore::JSDOMWindow*, JSC::ThrowScope&)), (WebCore::CastedThisErrorBehavior)0>(JSC::ExecState*, char const*) + 632 (JSDOMBinding.h:363) 11 com.apple.WebCore 0x000000010b84fadc WebCore::jsDOMWindowInstanceFunctionSetTimeout(JSC::ExecState*) + 28 (JSDOMWindow.cpp:30523) ... Notes: void InspectorDebuggerAgent::refAsyncCallData(const AsyncCallIdentifier& identifier) { auto iterator = m_asyncCallIdentifierToData.find(identifier); ASSERT(iterator != m_asyncCallIdentifierToData.end()); // <--- if (iterator == m_asyncCallIdentifierToData.end()) return; iterator->value.referenceCount++; }
Attachments
[PATCH] Proposed Fix (1.62 KB, patch)
2016-12-19 13:54 PST, Joseph Pecoraro 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Joseph Pecoraro
Comment 1 2016-12-19 13:51:32 PST
<rdar://problem/29554366>
Joseph Pecoraro
Comment 2 2016-12-19 13:54:59 PST
Created attachment 297475 [details] [PATCH] Proposed Fix
Blaze Burg
Comment 3 2016-12-19 14:20:15 PST
Comment on attachment 297475 [details] [PATCH] Proposed Fix View in context: https://bugs.webkit.org/attachment.cgi?id=297475&action=review rs=me > Source/JavaScriptCore/ChangeLog:13 > + no async data was found for the given identifier. It would be nice to add a reduced test case to LayoutTests so that this doesn't regress for some other reason when we change this code.
Blaze Burg
Comment 4 2016-12-19 14:20:32 PST
Comment on attachment 297475 [details] [PATCH] Proposed Fix View in context: https://bugs.webkit.org/attachment.cgi?id=297475&action=review rs=me >> Source/JavaScriptCore/ChangeLog:13 >> + no async data was found for the given identifier. > > It would be nice to add a reduced test case to LayoutTests so that this doesn't regress for some other reason when we change this code. It would be nice to add a reduced test case to LayoutTests so that this doesn't regress for some other reason when we change this code.
WebKit Commit Bot
Comment 5 2016-12-19 14:45:42 PST
Comment on attachment 297475 [details] [PATCH] Proposed Fix Clearing flags on attachment: 297475 Committed r209998: <http://trac.webkit.org/changeset/209998>
WebKit Commit Bot
Comment 6 2016-12-19 14:45:46 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.