Bug 171380 - REGRESSION (r215843): ASSERTION FAILED: !m_completionTasks[0].first in JSC::Wasm::Plan::tryRemoveVMAndCancelIfLast(JSC::VM &)
Summary: REGRESSION (r215843): ASSERTION FAILED: !m_completionTasks[0].first in JSC::...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Keith Miller
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2017-04-27 09:48 PDT by Ryan Haddad
Modified: 2017-04-27 15:37 PDT (History)
8 users (show)

See Also:

Attachments
Patch (21.29 KB, patch)
2017-04-27 14:39 PDT, Keith Miller 		no flags Details | Formatted Diff | Diff
Patch for landing (21.28 KB, patch)
2017-04-27 14:52 PDT, Keith Miller 		no flags Details | Formatted Diff | Diff
Patch for landing (21.37 KB, patch)
2017-04-27 14:55 PDT, Keith Miller 		no flags Details | Formatted Diff | Diff
Show Obsolete (2) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Ryan Haddad 2017-04-27 09:48:20 PDT 
ASSERTION FAILED: !m_completionTasks[0].first
/Volumes/Data/slave/elcapitan-debug/build/Source/JavaScriptCore/wasm/WasmPlan.cpp(116) : bool JSC::Wasm::Plan::tryRemoveVMAndCancelIfLast(JSC::VM &)
1   0x106aefce0 WTFCrash
2   0x106a05673 JSC::Wasm::Plan::tryRemoveVMAndCancelIfLast(JSC::VM&)
3   0x1059baf44 JSC::Wasm::Worklist::stopAllPlansForVM(JSC::VM&)
4   0x106966183 JSC::VM::~VM()
5   0x106967e65 JSC::VM::~VM()
6   0x1061434e9 WTF::ThreadSafeRefCounted<JSC::VM>::deref() const
7   0x106143494 void WTF::derefIfNotNull<JSC::VM>(JSC::VM*)
8   0x1064eb66b WTF::RefPtr<JSC::VM>::operator=(std::nullptr_t)
9   0x1064fbafa JSC::JSLockHolder::~JSLockHolder()
10  0x1064fbb75 JSC::JSLockHolder::~JSLockHolder()
11  0x1110c345d WebCore::WorkerScriptController::~WorkerScriptController()
12  0x1110c3565 WebCore::WorkerScriptController::~WorkerScriptController()
13  0x1110cc058 WebCore::WorkerGlobalScope::clearScript()
14  0x1110c91d6 WebCore::WorkerThread::stop()::$_0::operator()(WebCore::ScriptExecutionContext&) const::'lambda'(WebCore::ScriptExecutionContext&)::operator()(WebCore::ScriptExecutionContext&) const
15  0x1110c9187 WTF::Function<void (WebCore::ScriptExecutionContext&)>::CallableWrapper<WebCore::WorkerThread::stop()::$_0::operator()(WebCore::ScriptExecutionContext&) const::'lambda'(WebCore::ScriptExecutionContext&)>::call(WebCore::ScriptExecutionContext&)
16  0x10e9acc47 WTF::Function<void (WebCore::ScriptExecutionContext&)>::operator()(WebCore::ScriptExecutionContext&) const
17  0x10e99c52d WebCore::ScriptExecutionContext::Task::performTask(WebCore::ScriptExecutionContext&)
18  0x1110be6d9 WebCore::WorkerRunLoop::Task::performTask(WebCore::WorkerRunLoop const&, WebCore::WorkerGlobalScope*)
19  0x1110be488 WebCore::WorkerRunLoop::runCleanupTasks(WebCore::WorkerGlobalScope*)
20  0x1110bdb43 WebCore::WorkerRunLoop::run(WebCore::WorkerGlobalScope*)
21  0x1110c81b5 WebCore::WorkerThread::runEventLoop()
22  0x10e905a59 WebCore::DedicatedWorkerThread::runEventLoop()
23  0x1110c7fbd WebCore::WorkerThread::workerThread()
24  0x1110c7a25 WebCore::WorkerThread::workerThreadStart(void*)
25  0x106b74579 WTF::Thread::create(void (*)(void*), void*, char const*)::$_0::operator()() const
26  0x106b7454d void std::__1::__invoke_void_return_wrapper<void>::__call<WTF::Thread::create(void (*)(void*), void*, char const*)::$_0&>(WTF::Thread::create(void (*)(void*), void*, char const*)::$_0&&&)
27  0x106b744ec std::__1::__function::__func<WTF::Thread::create(void (*)(void*), void*, char const*)::$_0, std::__1::allocator<WTF::Thread::create(void (*)(void*), void*, char const*)::$_0>, void ()>::operator()()
28  0x1060168aa std::__1::function<void ()>::operator()() const
29  0x106b72e3e WTF::threadEntryPoint(void*)
30  0x106b74fc6 WTF::wtfThreadEntryPoint(void*)
31  0x7fff8d92099d _pthread_body

https://build.webkit.org/results/Apple%20El%20Capitan%20Debug%20WK1%20(Tests)/r215860%20(824)/workers/wasm-long-compile-many-crash-log.txt

https://webkit-test-results.webkit.org/dashboards/flakiness_dashboard.html#showAllRuns=true&tests=workers%2Fwasm-long-compile-many.html
Comment 1 Ryan Haddad 2017-04-27 09:48:31 PDT 
This is a flaky assertion failure seen with LayoutTest workers/wasm-long-compile-many.html
Comment 2 Radar WebKit Bug Importer 2017-04-27 09:48:58 PDT 
<rdar://problem/31865427>
Comment 3 Ryan Haddad 2017-04-27 09:53:40 PDT 
The first instance of this test crash on the flakiness dashboard is 4/26/2017 10:32:35 PM @ r215853
Comment 4 Ryan Haddad 2017-04-27 09:54:50 PDT 
I think this may be related to https://trac.webkit.org/changeset/215843/webkit
Comment 5 Ryan Haddad 2017-04-27 12:05:03 PDT 
(In reply to Ryan Haddad from comment #3)
> The first instance of this test crash on the flakiness dashboard is
> 4/26/2017 10:32:35 PM @ r215853

This change was a follow up to r215843.
Comment 6 Ryan Haddad 2017-04-27 12:20:05 PDT 
Keith, do you have time to look at this or should we roll out the change?
Comment 7 Keith Miller 2017-04-27 12:25:45 PDT 
(In reply to Ryan Haddad from comment #6)
> Keith, do you have time to look at this or should we roll out the change?

I can look at it.
Comment 8 Keith Miller 2017-04-27 14:39:13 PDT 
Created attachment 308449 [details]
Patch
Comment 9 Build Bot 2017-04-27 14:41:12 PDT 
Attachment 308449 [details] did not pass style-queue:


ERROR: Source/JavaScriptCore/wasm/WasmModule.h:61:  'compileSync' is incorrectly named. It should be named 'protector' or 'protectedMemoryMode'.  [readability/naming/protected] [4]
ERROR: Source/JavaScriptCore/wasm/WasmModule.h:68:  'getOrCreateCodeBlock' is incorrectly named. It should be named 'protector' or 'protectedMemoryMode'.  [readability/naming/protected] [4]
Total errors found: 2 in 14 files


If any of these errors are false positives, please file a bug against check-webkit-style.
Comment 10 Keith Miller 2017-04-27 14:42:39 PDT 
(In reply to Build Bot from comment #9)
> Attachment 308449 [details] did not pass style-queue:
> 
> 
> ERROR: Source/JavaScriptCore/wasm/WasmModule.h:61:  'compileSync' is
> incorrectly named. It should be named 'protector' or 'protectedMemoryMode'. 
> [readability/naming/protected] [4]
> ERROR: Source/JavaScriptCore/wasm/WasmModule.h:68:  'getOrCreateCodeBlock'
> is incorrectly named. It should be named 'protector' or
> 'protectedMemoryMode'.  [readability/naming/protected] [4]
> Total errors found: 2 in 14 files
> 
> 
> If any of these errors are false positives, please file a bug against
> check-webkit-style.

Wat?
Comment 11 JF Bastien 2017-04-27 14:43:33 PDT 
Comment on attachment 308449 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=308449&action=review

r=me

> Source/JavaScriptCore/ChangeLog:10
> +        we want the main task to not be associated with any VM.

Can you clarify what "some" and "others" cases are?
Comment 12 Keith Miller 2017-04-27 14:52:33 PDT 
Created attachment 308452 [details]
Patch for landing
Comment 13 Saam Barati 2017-04-27 14:53:30 PDT 
Comment on attachment 308449 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=308449&action=review

> Source/JavaScriptCore/wasm/WasmPlan.cpp:104
> +    if (!ASSERT_DISABLED) {
> +        // We allow the first completion task to not have a vm.
> +        for (unsigned i = 1; i < m_completionTasks.size(); ++i)
> +            ASSERT(m_completionTasks[i].first);
> +    }

Please add your FIXME here w/ the cleanup bug to make index 0 not magical.
Comment 14 Keith Miller 2017-04-27 14:53:49 PDT 
Comment on attachment 308449 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=308449&action=review

>> Source/JavaScriptCore/ChangeLog:10
>> +        we want the main task to not be associated with any VM.
> 
> Can you clarify what "some" and "others" cases are?

Validation and BBQ, respectively. I changed the changelog (that sounds deep).
Comment 15 Keith Miller 2017-04-27 14:55:29 PDT 
Created attachment 308454 [details]
Patch for landing
Comment 16 WebKit Commit Bot 2017-04-27 15:37:17 PDT 
Comment on attachment 308454 [details]
Patch for landing

Clearing flags on attachment: 308454

Committed r215896: <http://trac.webkit.org/changeset/215896>
Comment 17 WebKit Commit Bot 2017-04-27 15:37:19 PDT 
All reviewed patches have been landed.  Closing bug.