RESOLVED FIXED218448
Crash under ProcessThrottler::setAssertionType() 
https://bugs.webkit.org/show_bug.cgi?id=218448
Summary Crash under ProcessThrottler::setAssertionType()
Chris Dumez
Reported 2020-11-02 08:56:52 PST
Crash under ProcessThrottler::setAssertionType(): Thread[0] EXC_BAD_ACCESS (SIGSEGV) (KERN_INVALID_ADDRESS at 0x0000000000000028) [ 0] 0x00000001b458201c WebKit`WebKit::ProcessThrottler::setAssertionType(WebKit::ProcessAssertionType) [inlined] std::__1::unique_ptr<WTF::Detail::CallableWrapperBase<void>, std::__1::default_delete<WTF::Detail::CallableWrapperBase<void> > >::reset(WTF::Detail::CallableWrapperBase<void>*) at memory:2620:28 0x00000001b458200c: add x16, x16, #0xb48 ; =0xb48 0x00000001b4582010: add x16, x16, #0x10 ; =0x10 0x00000001b4582014: pacdza x16 0x00000001b4582018: stp x16, x20, [x0] -> 0x00000001b458201c: ldr x0, [x21, #0x28] 0x00000001b4582020: str x8, [x21, #0x28] 0x00000001b4582024: cbz x0, 0x2e1038 ; <+572> at ProcessThrottler.cpp:142:5 0x00000001b4582028: ldr x8, [x0] 0x00000001b458202c: ldraa x9, [x8, #0x8]! [ 0] 0x00000001b458201c WebKit`WebKit::ProcessThrottler::setAssertionType(WebKit::ProcessAssertionType) [inlined] std::__1::unique_ptr<WTF::Detail::CallableWrapperBase<void>, std::__1::default_delete<WTF::Detail::CallableWrapperBase<void> > >::operator=(std::__1::unique_ptr<WTF::Detail::CallableWrapperBase<void>, std::__1::default_delete<WTF::Detail::CallableWrapperBase<void> > >&&) at memory:2542 [ 0] 0x00000001b458201c WebKit`WebKit::ProcessThrottler::setAssertionType(WebKit::ProcessAssertionType) [inlined] WTF::Function<void ()>::operator=(WTF::Function<void ()>&&) at Function.h:59 [ 0] 0x00000001b458201c WebKit`WebKit::ProcessThrottler::setAssertionType(WebKit::ProcessAssertionType) [inlined] WebKit::ProcessAssertion::setInvalidationHandler(WTF::Function<void ()>&&) at ProcessAssertion.h:64 60 public: 61 ProcessAssertion(ProcessID, const String& reason, ProcessAssertionType); 62 virtual ~ProcessAssertion(); 63 -> 64 void setInvalidationHandler(Function<void()>&& handler) { m_invalidationHandler = WTFMove(handler); } 65 66 ProcessAssertionType type() const { return m_assertionType; } 67 ProcessID pid() const { return m_pid; } 68 [ 0] 0x00000001b458201c WebKit`WebKit::ProcessThrottler::setAssertionType(WebKit::ProcessAssertionType) + 544 at ProcessThrottler.cpp:139 135 m_assertion = WTFMove(assertion); 136 } else 137 m_assertion = makeUnique<ProcessAssertion>(m_processIdentifier, assertionName(newType), newType); 138 -> 139 m_assertion->setInvalidationHandler([this] { 140 assertionWasInvalidated(); 141 }); 142 m_process.didSetAssertionType(newType); 143 } [ 1] 0x00000001b4582003 WebKit`WebKit::ProcessThrottler::setAssertionType(WebKit::ProcessAssertionType) [inlined] WTF::Detail::CallableWrapperBase<void>::operator new(unsigned long) + 7 at Function.h:37:5 [ 1] 0x00000001b4581ffc WebKit`WebKit::ProcessThrottler::setAssertionType(WebKit::ProcessAssertionType) [inlined] std::__1::__unique_if<WTF::Detail::CallableWrapper<WebKit::ProcessThrottler::setAssertionType(WebKit::ProcessAssertionType)::$_2, void> >::__unique_single std::__1::make_unique<WTF::Detail::CallableWrapper<WebKit::ProcessThrottler::setAssertionType(WebKit::ProcessAssertionType)::$_2, void>, WebKit::ProcessThrottler::setAssertionType(WebKit::ProcessAssertionType)::$_2>(WebKit::ProcessThrottler::setAssertionType(WebKit::ProcessAssertionType)::$_2&&) at memory:3033 [ 1] 0x00000001b4581ffc WebKit`WebKit::ProcessThrottler::setAssertionType(WebKit::ProcessAssertionType) [inlined] decltype(auto) WTF::makeUnique<WTF::Detail::CallableWrapper<WebKit::ProcessThrottler::setAssertionType(WebKit::ProcessAssertionType)::$_2, void>, WebKit::ProcessThrottler::setAssertionType(WebKit::ProcessAssertionType)::$_2>(WebKit::ProcessThrottler::setAssertionType(WebKit::ProcessAssertionType)::$_2&&) at StdLibExtras.h:510 [ 1] 0x00000001b4581ffc WebKit`WebKit::ProcessThrottler::setAssertionType(WebKit::ProcessAssertionType) [inlined] WTF::Function<void ()>::Function<WebKit::ProcessThrottler::setAssertionType(WebKit::ProcessAssertionType)::$_2, void>(WebKit::ProcessThrottler::setAssertionType(WebKit::ProcessAssertionType)::$_2&&) at Function.h:74 [ 1] 0x00000001b4581ffc WebKit`WebKit::ProcessThrottler::setAssertionType(WebKit::ProcessAssertionType) [inlined] WTF::Function<void ()>::Function<WebKit::ProcessThrottler::setAssertionType(WebKit::ProcessAssertionType)::$_2, void>(WebKit::ProcessThrottler::setAssertionType(WebKit::ProcessAssertionType)::$_2&&) at Function.h:74 [ 1] 0x00000001b4581ffc WebKit`WebKit::ProcessThrottler::setAssertionType(WebKit::ProcessAssertionType) + 512 at ProcessThrottler.cpp:139 [ 2] 0x00000001b4587903 WebKit`WTF::Detail::CallableWrapper<WebKit::ProcessThrottler::sendPrepareToSuspendIPC(WebKit::IsSuspensionImminent)::$_3, void>::call() [inlined] WebKit::ProcessThrottler::processReadyToSuspend() + 131 at ProcessThrottler.cpp:198:9 [ 2] 0x00000001b4587880 WebKit`WTF::Detail::CallableWrapper<WebKit::ProcessThrottler::sendPrepareToSuspendIPC(WebKit::IsSuspensionImminent)::$_3, void>::call() [inlined] WebKit::ProcessThrottler::sendPrepareToSuspendIPC(WebKit::IsSuspensionImminent)::$_3::operator()() + 44 at ProcessThrottler.cpp:219 [ 2] 0x00000001b4587854 WebKit`WTF::Detail::CallableWrapper<WebKit::ProcessThrottler::sendPrepareToSuspendIPC(WebKit::IsSuspensionImminent)::$_3, void>::call() + 36 at Function.h:52
Attachments
Patch (3.80 KB, patch)
2020-11-02 09:08 PST, Chris Dumez 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Chris Dumez
Comment 1 2020-11-02 08:57:03 PST
<rdar://problem/67419221>
Chris Dumez
Comment 2 2020-11-02 09:08:51 PST
Created attachment 412929 [details] Patch
Geoffrey Garen
Comment 3 2020-11-02 10:18:17 PST
Comment on attachment 412929 [details] Patch r=me I see that some unrelated improvements are possible in this file: (1) rename computesEmpty to computeIsEmpty; (2) Use RunLoop::dispatch() instead of libdispatch.
EWS
Comment 4 2020-11-02 11:02:00 PST
Committed r269256: <https://trac.webkit.org/changeset/269256> All reviewed patches have been landed. Closing bug and clearing flags on attachment 412929 [details].
Note You need to log in before you can comment on or make changes to this bug.