WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
167322
ObjCCallbackFunction::destroy() should not use jsCast().
https://bugs.webkit.org/show_bug.cgi?id=167322
Summary
ObjCCallbackFunction::destroy() should not use jsCast().
Mark Lam
Reported
2017-01-23 13:51:24 PST
testapi is failing on this assertion (with a debug build, of course) on every run for me, and on almost every run on the bots. The assertion was added recently by Fil on Jan 17, 2017 for
r210829
. The assertion stack trace: 2017-01-23 13:45:03.013196-0800 testapi[93369:25981002] /Volumes/Data/ws3/OpenSource/Source/JavaScriptCore/runtime/JSCellInlines.h(287) : const JSC::ClassInfo *JSC::JSCell::classInfo() const /Volumes/Data/ws3/OpenSource/Source/JavaScriptCore/runtime/JSCellInlines.h(287) : const JSC::ClassInfo *JSC::JSCell::classInfo() const 2017-01-23 13:45:03.014399-0800 testapi[93369:25981002] 1 0x1014d93bd WTFCrash 1 0x1014d93bd WTFCrash 2017-01-23 13:45:03.015235-0800 testapi[93369:25981002] 2 0x100100936 JSC::JSCell::classInfo() const 2 0x100100936 JSC::JSCell::classInfo() const 2017-01-23 13:45:03.015992-0800 testapi[93369:25981002] 3 0x1000f7a09 JSC::JSCell::inherits(JSC::ClassInfo const*) const 3 0x1000f7a09 JSC::JSCell::inherits(JSC::ClassInfo const*) const 2017-01-23 13:45:03.016879-0800 testapi[93369:25981002] 4 0x101127c30 JSC::ObjCCallbackFunction* JSC::jsCast<JSC::ObjCCallbackFunction*, JSC::JSCell>(JSC::JSCell*) 4 0x101127c30 JSC::ObjCCallbackFunction* JSC::jsCast<JSC::ObjCCallbackFunction*, JSC::JSCell>(JSC::JSCell*) 2017-01-23 13:45:03.017770-0800 testapi[93369:25981002] 5 0x101126d15 JSC::ObjCCallbackFunction::destroy(JSC::JSCell*) 5 0x101126d15 JSC::ObjCCallbackFunction::destroy(JSC::JSCell*) 2017-01-23 13:45:03.018760-0800 testapi[93369:25981002] 6 0x100bc3f0a JSC::(anonymous namespace)::DestroyFunc::operator()(JSC::VM&, JSC::JSCell*) const 6 0x100bc3f0a JSC::(anonymous namespace)::DestroyFunc::operator()(JSC::VM&, JSC::JSCell*) const 2017-01-23 13:45:03.019615-0800 testapi[93369:25981002] 7 0x100bc5a25 JSC::FreeList JSC::MarkedBlock::Handle::specializedSweep<false, (JSC::MarkedBlock::Handle::EmptyMode)0, (JSC::MarkedBlock::Handle::SweepMode)0, (JSC::MarkedBlock::Handle::SweepDestructionMode)0, (JSC::MarkedBlock::Handle::ScribbleMode)0, (JSC::MarkedBlock::Handle::NewlyAllocatedMode)0, (JSC::MarkedBlock::Handle::MarksMode)0, JSC::(anonymous namespace)::DestroyFunc>(JSC::MarkedBlock::Handle::EmptyMode, JSC::MarkedBlock::Handle::SweepMode, JSC::MarkedBlock::Handle::SweepDestructionMode, JSC::MarkedBlock::Handle::ScribbleMode, JSC::MarkedBlock::Handle::NewlyAllocatedMode, JSC::MarkedBlock::Handle::MarksMode, JSC::(anonymous namespace)::DestroyFunc const&)::'lambda'(unsigned long)::operator()(unsigned long) const 7 0x100bc5a25 JSC::FreeList JSC::MarkedBlock::Handle::specializedSweep<false, (JSC::MarkedBlock::Handle::EmptyMode)0, (JSC::MarkedBlock::Handle::SweepMode)0, (JSC::MarkedBlock::Handle::SweepDestructionMode)0, (JSC::MarkedBlock::Handle::ScribbleMode)0, (JSC::MarkedBlock::Handle::NewlyAllocatedMode)0, (JSC::MarkedBlock::Handle::MarksMode)0, JSC::(anonymous namespace)::DestroyFunc>(JSC::MarkedBlock::Handle::EmptyMode, JSC::MarkedBlock::Handle::SweepMode, JSC::MarkedBlock::Handle::SweepDestructionMode, JSC::MarkedBlock::Handle::ScribbleMode, JSC::MarkedBlock::Handle::NewlyAllocatedMode, JSC::MarkedBlock::Handle::MarksMode, JSC::(anonymous namespace)::DestroyFunc const&)::'lambda'(unsigned long)::operator()(unsigned long) const 2017-01-23 13:45:03.020479-0800 testapi[93369:25981002] 8 0x100bc4515 JSC::FreeList JSC::MarkedBlock::Handle::specializedSweep<false, (JSC::MarkedBlock::Handle::EmptyMode)0, (JSC::MarkedBlock::Handle::SweepMode)0, (JSC::MarkedBlock::Handle::SweepDestructionMode)0, (JSC::MarkedBlock::Handle::ScribbleMode)0, (JSC::MarkedBlock::Handle::NewlyAllocatedMode)0, (JSC::MarkedBlock::Handle::MarksMode)0, JSC::(anonymous namespace)::DestroyFunc>(JSC::MarkedBlock::Handle::EmptyMode, JSC::MarkedBlock::Handle::SweepMode, JSC::MarkedBlock::Handle::SweepDestructionMode, JSC::MarkedBlock::Handle::ScribbleMode, JSC::MarkedBlock::Handle::NewlyAllocatedMode, JSC::MarkedBlock::Handle::MarksMode, JSC::(anonymous namespace)::DestroyFunc const&) 8 0x100bc4515 JSC::FreeList JSC::MarkedBlock::Handle::specializedSweep<false, (JSC::MarkedBlock::Handle::EmptyMode)0, (JSC::MarkedBlock::Handle::SweepMode)0, (JSC::MarkedBlock::Handle::SweepDestructionMode)0, (JSC::MarkedBlock::Handle::ScribbleMode)0, (JSC::MarkedBlock::Handle::NewlyAllocatedMode)0, (JSC::MarkedBlock::Handle::MarksMode)0, JSC::(anonymous namespace)::DestroyFunc>(JSC::MarkedBlock::Handle::EmptyMode, JSC::MarkedBlock::Handle::SweepMode, JSC::MarkedBlock::Handle::SweepDestructionMode, JSC::MarkedBlock::Handle::ScribbleMode, JSC::MarkedBlock::Handle::NewlyAllocatedMode, JSC::MarkedBlock::Handle::MarksMode, JSC::(anonymous namespace)::DestroyFunc const&) 2017-01-23 13:45:03.021301-0800 testapi[93369:25981002] 9 0x100bc3e8f JSC::FreeList JSC::MarkedBlock::Handle::finishSweepKnowingSubspace<JSC::(anonymous namespace)::DestroyFunc>(JSC::MarkedBlock::Handle::SweepMode, JSC::(anonymous namespace)::DestroyFunc const&) 9 0x100bc3e8f JSC::FreeList JSC::MarkedBlock::Handle::finishSweepKnowingSubspace<JSC::(anonymous namespace)::DestroyFunc>(JSC::MarkedBlock::Handle::SweepMode, JSC::(anonymous namespace)::DestroyFunc const&) 2017-01-23 13:45:03.022104-0800 testapi[93369:25981002] 10 0x100bc3d0d JSC::JSDestructibleObjectSubspace::finishSweep(JSC::MarkedBlock::Handle&, JSC::MarkedBlock::Handle::SweepMode) 10 0x100bc3d0d JSC::JSDestructibleObjectSubspace::finishSweep(JSC::MarkedBlock::Handle&, JSC::MarkedBlock::Handle::SweepMode) 2017-01-23 13:45:03.022961-0800 testapi[93369:25981002] 11 0x1010d6863 JSC::MarkedBlock::Handle::sweep(JSC::MarkedBlock::Handle::SweepMode) 11 0x1010d6863 JSC::MarkedBlock::Handle::sweep(JSC::MarkedBlock::Handle::SweepMode) 2017-01-23 13:45:03.023811-0800 testapi[93369:25981002] 12 0x1010d6592 JSC::MarkedBlock::Handle::lastChanceToFinalize() 12 0x1010d6592 JSC::MarkedBlock::Handle::lastChanceToFinalize() 2017-01-23 13:45:03.024680-0800 testapi[93369:25981002] 13 0x1010d5049 JSC::MarkedAllocator::lastChanceToFinalize()::$_4::operator()(JSC::MarkedBlock::Handle*) const 13 0x1010d5049 JSC::MarkedAllocator::lastChanceToFinalize()::$_4::operator()(JSC::MarkedBlock::Handle*) const 2017-01-23 13:45:03.025525-0800 testapi[93369:25981002] 14 0x1010d501b void JSC::MarkedAllocator::forEachBlock<JSC::MarkedAllocator::lastChanceToFinalize()::$_4>(JSC::MarkedAllocator::lastChanceToFinalize()::$_4 const&)::'lambda'(unsigned long)::operator()(unsigned long) const 14 0x1010d501b void JSC::MarkedAllocator::forEachBlock<JSC::MarkedAllocator::lastChanceToFinalize()::$_4>(JSC::MarkedAllocator::lastChanceToFinalize()::$_4 const&)::'lambda'(unsigned long)::operator()(unsigned long) const 2017-01-23 13:45:03.026398-0800 testapi[93369:25981002] 15 0x1010d4f9c void WTF::FastBitVectorImpl<WTF::FastBitVectorWordOwner>::forEachSetBit<void JSC::MarkedAllocator::forEachBlock<JSC::MarkedAllocator::lastChanceToFinalize()::$_4>(JSC::MarkedAllocator::lastChanceToFinalize()::$_4 const&)::'lambda'(unsigned long)>(JSC::MarkedAllocator::lastChanceToFinalize()::$_4 const&) const 15 0x1010d4f9c void WTF::FastBitVectorImpl<WTF::FastBitVectorWordOwner>::forEachSetBit<void JSC::MarkedAllocator::forEachBlock<JSC::MarkedAllocator::lastChanceToFinalize()::$_4>(JSC::MarkedAllocator::lastChanceToFinalize()::$_4 const&)::'lambda'(unsigned long)>(JSC::MarkedAllocator::lastChanceToFinalize()::$_4 const&) const 2017-01-23 13:45:03.027271-0800 testapi[93369:25981002] 16 0x1010d32c3 void JSC::MarkedAllocator::forEachBlock<JSC::MarkedAllocator::lastChanceToFinalize()::$_4>(JSC::MarkedAllocator::lastChanceToFinalize()::$_4 const&) 16 0x1010d32c3 void JSC::MarkedAllocator::forEachBlock<JSC::MarkedAllocator::lastChanceToFinalize()::$_4>(JSC::MarkedAllocator::lastChanceToFinalize()::$_4 const&) 2017-01-23 13:45:03.028136-0800 testapi[93369:25981002] 17 0x1010d3289 JSC::MarkedAllocator::lastChanceToFinalize() 17 0x1010d3289 JSC::MarkedAllocator::lastChanceToFinalize() 2017-01-23 13:45:03.029007-0800 testapi[93369:25981002] 18 0x1010e1389 JSC::MarkedSpace::lastChanceToFinalize()::$_2::operator()(JSC::MarkedAllocator&) const 18 0x1010e1389 JSC::MarkedSpace::lastChanceToFinalize()::$_2::operator()(JSC::MarkedAllocator&) const 2017-01-23 13:45:03.029892-0800 testapi[93369:25981002] 19 0x1010dba67 void JSC::MarkedSpace::forEachAllocator<JSC::MarkedSpace::lastChanceToFinalize()::$_2>(JSC::MarkedSpace::lastChanceToFinalize()::$_2 const&) 19 0x1010dba67 void JSC::MarkedSpace::forEachAllocator<JSC::MarkedSpace::lastChanceToFinalize()::$_2>(JSC::MarkedSpace::lastChanceToFinalize()::$_2 const&) 2017-01-23 13:45:03.030768-0800 testapi[93369:25981002] 20 0x1010db9cd JSC::MarkedSpace::lastChanceToFinalize() 20 0x1010db9cd JSC::MarkedSpace::lastChanceToFinalize() 2017-01-23 13:45:03.031612-0800 testapi[93369:25981002] 21 0x100d6b278 JSC::Heap::lastChanceToFinalize() 21 0x100d6b278 JSC::Heap::lastChanceToFinalize() 2017-01-23 13:45:03.032489-0800 testapi[93369:25981002] 22 0x1013b0d52 JSC::VM::~VM() 22 0x1013b0d52 JSC::VM::~VM() 2017-01-23 13:45:03.033342-0800 testapi[93369:25981002] 23 0x1013b2a65 JSC::VM::~VM() 23 0x1013b2a65 JSC::VM::~VM() 2017-01-23 13:45:03.034215-0800 testapi[93369:25981002] 24 0x100da5fd7 WTF::ThreadSafeRefCounted<JSC::VM>::deref() const 24 0x100da5fd7 WTF::ThreadSafeRefCounted<JSC::VM>::deref() const 2017-01-23 13:45:03.035012-0800 testapi[93369:25981002] 25 0x100da5f81 void WTF::derefIfNotNull<JSC::VM>(JSC::VM*) 25 0x100da5f81 void WTF::derefIfNotNull<JSC::VM>(JSC::VM*) 2017-01-23 13:45:03.035845-0800 testapi[93369:25981002] 26 0x100fa145b WTF::RefPtr<JSC::VM>::operator=(std::nullptr_t) 26 0x100fa145b WTF::RefPtr<JSC::VM>::operator=(std::nullptr_t) 2017-01-23 13:45:03.036692-0800 testapi[93369:25981002] 27 0x100fb1d5a JSC::JSLockHolder::~JSLockHolder() 27 0x100fb1d5a JSC::JSLockHolder::~JSLockHolder() 2017-01-23 13:45:03.037527-0800 testapi[93369:25981002] 28 0x100fb1dd5 JSC::JSLockHolder::~JSLockHolder() 28 0x100fb1dd5 JSC::JSLockHolder::~JSLockHolder() 2017-01-23 13:45:03.038356-0800 testapi[93369:25981002] 29 0x100f43d2b JSContextGroupRelease 29 0x100f43d2b JSContextGroupRelease 2017-01-23 13:45:03.039223-0800 testapi[93369:25981002] 30 0x101056584 -[JSVirtualMachine dealloc] 30 0x101056584 -[JSVirtualMachine dealloc] 2017-01-23 13:45:03.040088-0800 testapi[93369:25981002] 31 0x100f42456 -[JSContext dealloc] 31 0x100f42456 -[JSContext dealloc]
Attachments
proposed patch.
(1.42 KB, patch)
2017-01-23 14:44 PST
,
Mark Lam
fpizlo
: review+
Details
Formatted Diff
Diff
View All
Add attachment
proposed patch, testcase, etc.
Filip Pizlo
Comment 1
2017-01-23 13:59:01 PST
Looks like another jsCast that should be a static_cast.
Mark Lam
Comment 2
2017-01-23 14:44:14 PST
Created
attachment 299541
[details]
proposed patch.
Mark Lam
Comment 3
2017-01-23 14:51:26 PST
Thanks for the review. Landed in
r211063
: <
http://trac.webkit.org/r211063
>.
Mark Lam
Comment 4
2017-05-16 16:51:06 PDT
<
rdar://problem/32228083
>
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug