Bug 194413 - REGRESSION: [ Mac Debug WK2 ] Layout Test storage/indexeddb/key-type-infinity-private.html is a flaky crash
Summary: REGRESSION: [ Mac Debug WK2 ] Layout Test storage/indexeddb/key-type-infinity...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Tools / Tests (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Sihui Liu
URL:
Keywords: InRadar
: 194502 (view as bug list)
Depends on:
Blocks:
 
Reported: 2019-02-07 13:32 PST by Truitt Savell
Modified: 2019-02-13 13:32 PST (History)
10 users (show)

See Also:


Attachments
crash log (93.86 KB, text/plain)
2019-02-07 14:26 PST, Ryan Haddad
no flags Details
Patch (8.91 KB, patch)
2019-02-10 23:09 PST, Sihui Liu
no flags Details | Formatted Diff | Diff
Archive of layout-test-results from ews126 for ios-simulator-wk2 (2.72 MB, application/zip)
2019-02-11 01:12 PST, Build Bot
no flags Details
Patch (8.41 KB, patch)
2019-02-11 09:59 PST, Sihui Liu
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Truitt Savell 2019-02-07 13:32:41 PST
The following layout test is flaky on Mac Debug WK2

storage/indexeddb/key-type-infinity-private.html

Probable cause:

Test began crashing recently. Somewhere around 240555 this test regressed. Crash log blames storage/indexeddb/key-type-binary.html. running these two tests together does reproduce the issue. 

Flakiness Dashboard:

https://webkit-test-results.webkit.org/dashboards/flakiness_dashboard.html#showAllRuns=true&tests=storage%2Findexeddb%2Fkey-type-infinity-private.html

crash log:
https://build.webkit.org/results/Apple%20High%20Sierra%20Debug%20WK2%20(Tests)/r241122%20(6562)/storage/indexeddb/key-type-infinity-private-crash-log.txt

reproduced with:
run-webkit-tests storage/indexeddb/key-type-infinity-private.html blames storage/indexeddb/key-type-binary.html --iterations 500 -f
Comment 1 Truitt Savell 2019-02-07 13:42:51 PST
Typo in my command. proper one:

run-webkit-tests storage/indexeddb/key-type-infinity-private.html storage/indexeddb/key-type-binary.html --iterations 500 -f
Comment 2 Truitt Savell 2019-02-07 14:19:49 PST
I was able to regress this to https://trac.webkit.org/changeset/240358/webkit

Using the above command I bisected down to r240358. This revision reproduces the crashes frequently. Running on 240357 produces no crashes.
Comment 3 Radar WebKit Bug Importer 2019-02-07 14:20:56 PST
<rdar://problem/47897254>
Comment 4 Ryan Haddad 2019-02-07 14:26:35 PST
ASSERTION FAILED: m_transactionOperationsInProgressQueue.first() == &operation
./Modules/indexeddb/IDBTransaction.cpp(1397) : void WebCore::IDBTransaction::operationCompletedOnClient(IDBClient::TransactionOperation &)
1   0x1dfb5a099 WTFCrash
2   0x1cde87c3b WTFCrashWithInfo(int, char const*, char const*, int)
3   0x1cf5dbc88 WebCore::IDBTransaction::operationCompletedOnClient(WebCore::IDBClient::TransactionOperation&)
4   0x1cf5d1e96 WebCore::IDBClient::TransactionOperation::doComplete(WebCore::IDBResultData const&)
5   0x1cf5cf13f WebCore::IDBTransaction::completedOperationTimerFired()
6   0x1cf5f31b7 WTF::Function<void ()>::CallableWrapper<std::__1::__bind<void (WebCore::IDBTransaction::*&)(), WebCore::IDBTransaction*> >::call()
7   0x1cde890ed WTF::Function<void ()>::operator()() const
8   0x1cdee2299 WebCore::Timer::fired()
9   0x1d0e57a57 WebCore::ThreadTimers::sharedTimerFiredInternal()
10  0x1d0e5eeb1 WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0::operator()() const
11  0x1d0e5ee69 WTF::Function<void ()>::CallableWrapper<WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0>::call()
12  0x1cde890ed WTF::Function<void ()>::operator()() const
13  0x1d0e31d37 WebCore::MainThreadSharedTimer::fired()
14  0x1d0eb97e9 WebCore::timerFired(__CFRunLoopTimer*, void*)
15  0x7fff51ab7704 __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__
16  0x7fff51ab7384 __CFRunLoopDoTimer
17  0x7fff51ab6e7a __CFRunLoopDoTimers
18  0x7fff51aae61b __CFRunLoopRun
19  0x7fff51aada07 CFRunLoopRunSpecific
20  0x7fff50d8bd96 RunCurrentEventLoopInMode
21  0x7fff50d8bb06 ReceiveNextEventCommon
22  0x7fff50d8b884 _BlockUntilNextEventMatchingListInModeWithFilter
23  0x7fff4f03ea73 _DPSNextEvent
24  0x7fff4f7d4e34 -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:]
25  0x7fff4f033885 -[NSApplication run]
26  0x7fff4f002a72 NSApplicationMain
27  0x7fff7a1acf57 _xpc_objc_main
28  0x7fff7a1abbaa xpc_main
29  0x1c8565614 WebKit::XPCServiceMain(int, char const**)
30  0x1c83d592b WKXPCServiceMain
31  0x102626f5e main
LEAK: 2 WebPageProxy
Comment 5 Ryan Haddad 2019-02-07 14:26:52 PST
Created attachment 361444 [details]
crash log
Comment 6 Sihui Liu 2019-02-10 23:09:47 PST
Created attachment 361661 [details]
Patch
Comment 7 Build Bot 2019-02-11 01:11:59 PST
Comment on attachment 361661 [details]
Patch

Attachment 361661 [details] did not pass ios-sim-ews (ios-simulator-wk2):
Output: https://webkit-queues.webkit.org/results/11106377

New failing tests:
storage/indexeddb/modern/transactions-stop-on-navigation.html
Comment 8 Build Bot 2019-02-11 01:12:00 PST
Created attachment 361667 [details]
Archive of layout-test-results from ews126 for ios-simulator-wk2

The attached test failures were seen while running run-webkit-tests on the ios-sim-ews.
Bot: ews126  Port: ios-simulator-wk2  Platform: Mac OS X 10.13.6
Comment 9 Sihui Liu 2019-02-11 09:59:57 PST
Created attachment 361690 [details]
Patch
Comment 10 Sihui Liu 2019-02-12 15:25:52 PST
*** Bug 194502 has been marked as a duplicate of this bug. ***
Comment 11 Brady Eidson 2019-02-13 09:09:49 PST
Comment on attachment 361690 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=361690&action=review

Great find!

> Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabase.cpp:1852
> +    while (!m_callbackQueue.isEmpty()) {
> +        auto identifier = m_callbackQueue.first();
> +        if (m_errorCallbacks.contains(identifier))
> +            performErrorCallback(identifier, error);
> +        else if (m_keyDataCallbacks.contains(identifier))
> +            performKeyDataCallback(identifier, error, keyData);
> +        else if (m_getResultCallbacks.contains(identifier))
> +            performGetResultCallback(identifier, error, getResult);
> +        else if (m_countCallbacks.contains(identifier))
> +            performCountCallback(identifier, error, 0);
> +        else if (m_getAllResultsCallbacks.contains(identifier))
> +            performGetAllResultsCallback(identifier, error, getAllResult);
> +        else
> +            ASSERT_NOT_REACHED();
> +    }

This feels so gross and fragile. I wonder if we can find a better way.
Comment 12 Brady Eidson 2019-02-13 09:12:40 PST
Comment on attachment 361690 [details]
Patch

Yah I guess callbacks are just Function<> typedefs and don't all exist in one big set.

We should change that which could greatly simplify all of this code.

But that's a refactor task that is greater than this patch.
Comment 13 WebKit Commit Bot 2019-02-13 13:32:49 PST
Comment on attachment 361690 [details]
Patch

Clearing flags on attachment: 361690

Committed r241468: <https://trac.webkit.org/changeset/241468>
Comment 14 WebKit Commit Bot 2019-02-13 13:32:51 PST
All reviewed patches have been landed.  Closing bug.