RESOLVED DUPLICATE of bug 94458 181017
ASSERT in MessagePort shutdown code 
https://bugs.webkit.org/show_bug.cgi?id=181017
Summary ASSERT in MessagePort shutdown code
Brady Eidson
Reported 2017-12-19 20:56:18 PST
ASSERT in MessagePort shutdown code Ran across this while working on MessagePorts for Service Workers. The following command in a debug build: run-webkit-tests fast/events/message-port-constructor-for-deleted-document.html fast/events/message-port-context-destroyed.html Results in the following: ASSERTION FAILED: m_closed /Users/bradeeoh/git/OpenSource/Source/WebCore/dom/MessagePort.cpp(138) : void WebCore::MessagePort::contextDestroyed() 1 0x112a3d72d WTFCrash 2 0x11b260cf3 WebCore::MessagePort::contextDestroyed() 3 0x11b2d9a3a WebCore::ScriptExecutionContext::~ScriptExecutionContext() 4 0x11b16e1bd WebCore::Document::~Document() 5 0x11b4ac775 WebCore::HTMLDocument::~HTMLDocument() 6 0x11b4ac795 WebCore::HTMLDocument::~HTMLDocument() 7 0x11b4ac879 WebCore::HTMLDocument::~HTMLDocument() 8 0x11b16f570 WebCore::Document::decrementReferencingNodeCount() 9 0x11b16f2c4 WebCore::Document::removedLastRef() 10 0x11b293eb7 WebCore::Node::removedLastRef() 11 0x119496db3 WebCore::Node::deref() 12 0x11b28a1d5 WebCore::Node::derefEventTarget() 13 0x1197b3bc6 WebCore::EventTarget::deref() 14 0x1197b3b9f WTF::Ref<WebCore::EventTarget, WTF::DumbPtrTraits<WebCore::EventTarget> >::~Ref() 15 0x1197a18a5 WTF::Ref<WebCore::EventTarget, WTF::DumbPtrTraits<WebCore::EventTarget> >::~Ref() 16 0x119c52219 WebCore::JSDOMWrapper<WebCore::EventTarget>::~JSDOMWrapper() 17 0x119c521f5 WebCore::JSEventTarget::~JSEventTarget() 18 0x119c49fd5 WebCore::JSEventTarget::~JSEventTarget() 19 0x119c46c1d WebCore::JSEventTarget::destroy(JSC::JSCell*) .... So the ScriptExecutionContext is being destroyed but hasn't told its MessagePorts to close. It normally tells its MessagePorts to close inside stopActiveDOMObjects. This test is arranged such that stopActiveDOMObjects is called, *then* a MessagePort is added later, and therefore that MessagePort is never told to close. Of course the real problem is that MessagePorts are added after stopActiveDOMObjects is called - "Active DOM Objects" and similar objects should not be added then. Indeed if I add an ASSERT inside ScriptExecutionContext::createdMessagePort: ASSERT(!m_activeDOMObjectsAreStopped); It fires. So that's the bug.
Attachments
Add attachment proposed patch, testcase, etc.
Brady Eidson
Comment 1 2017-12-19 22:29:06 PST
This can easily be fixed by making MessagePort an ActiveDOMObject, as some comments allude.
Brady Eidson
Comment 2 2017-12-19 22:30:27 PST
Annoyingly, this required interactions between multiple tests that - apparently - weren't happening in normal run-webkit-test runs. I'm going to try to reproduce standalone first.
Brady Eidson
Comment 3 2017-12-19 22:36:03 PST
(Maybe this test was skipped? 272 out of 791 in fast/events are skipped!!!)
Brady Eidson
Comment 4 2017-12-19 23:01:39 PST
*** This bug has been marked as a duplicate of bug 94458 ***
Note You need to log in before you can comment on or make changes to this bug.