<rdar://problem/82834470>

ASSERTION FAILED: isMainThread() /Users/mmaxfield/Build/Products/Debug/usr/local/include/wtf/NeverDestroyed.h(55) : static void WTF::MainThreadAccessTraits::assertAccess() 1 0x65ba9c049 WTFCrash 2 0x66d05472b WTFCrashWithInfo(int, char const*, char const*, int) 3 0x66d0ce95c WTF::MainThreadAccessTraits::assertAccess() 4 0x66fb9dcc9 WTF::NeverDestroyed<WebCore::CSSValuePool, WTF::MainThreadAccessTraits>::storagePointer() const 5 0x66fb8fd25 WTF::NeverDestroyed<WebCore::CSSValuePool, WTF::MainThreadAccessTraits>::operator WebCore::CSSValuePool&() 6 0x66fb8fce0 WebCore::CSSValuePool::singleton() 7 0x66fcabb48 WebCore::CSSPropertyParserHelpers::consumeNumberRawWithKnownTokenTypeFunction(WebCore::CSSParserTokenRange&, WebCore::CSSCalcSymbolTable const&, WebCore::ValueRange) 8 0x66fcaea5b WebCore::CSSPropertyParserHelpers::consumeFontWeightNumberRaw(WebCore::CSSParserTokenRange&) 9 0x66fcb2841 WebCore::CSSPropertyParserHelpers::consumeFontWeightRaw(WebCore::CSSParserTokenRange&) 10 0x66fcb37a0 WebCore::CSSPropertyParserHelpers::consumeFontRaw(WebCore::CSSParserTokenRange&, WebCore::CSSParserMode) 11 0x66fcb4173 WebCore::CSSPropertyParserWorkerSafe::parseFont(WTF::String const&, WebCore::CSSParserMode) 12 0x66fade34c WebCore::CSSFontFaceSet::matchingFacesExcludingPreinstalledFonts(WTF::String const&, WTF::String const&) 13 0x66fbdf9b1 WebCore::FontFaceSet::load(WTF::String const&, WTF::String const&, WebCore::DOMPromiseDeferred<WebCore::IDLSequence<WebCore::IDLInterface<WebCore::FontFace> > >&&) 14 0x66dbec33d WebCore::jsFontFaceSetPrototypeFunction_loadBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSFontFaceSet*, WTF::Ref<WebCore::DeferredPromise, WTF::RawPtrTraits<WebCore::DeferredPromise> >&&)::'lambda'()::operator()() const 15 0x66dbec2b1 JSC::JSValue WebCore::toJS<WebCore::IDLPromise<WebCore::IDLSequence<WebCore::IDLInterface<WebCore::FontFace> > >, WebCore::jsFontFaceSetPrototypeFunction_loadBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSFontFaceSet*, WTF::Ref<WebCore::DeferredPromise, WTF::RawPtrTraits<WebCore::DeferredPromise> >&&)::'lambda'()>(JSC::JSGlobalObject&, WebCore::JSDOMGlobalObject&, JSC::ThrowScope&, WebCore::jsFontFaceSetPrototypeFunction_loadBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSFontFaceSet*, WTF::Ref<WebCore::DeferredPromise, WTF::RawPtrTraits<WebCore::DeferredPromise> >&&)::'lambda'()&&) 16 0x66dbebf2f WebCore::jsFontFaceSetPrototypeFunction_loadBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSFontFaceSet*, WTF::Ref<WebCore::DeferredPromise, WTF::RawPtrTraits<WebCore::DeferredPromise> >&&) 17 0x66dbec624 long long WebCore::IDLOperationReturningPromise<WebCore::JSFontFaceSet>::call<&(WebCore::jsFontFaceSetPrototypeFunction_loadBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSFontFaceSet*, WTF::Ref<WebCore::DeferredPromise, WTF::RawPtrTraits<WebCore::DeferredPromise> >&&)), (WebCore::CastedThisErrorBehavior)2>(JSC::JSGlobalObject&, JSC::CallFrame&, char const*)::'lambda'(JSC::JSGlobalObject&, JSC::CallFrame&, WTF::Ref<WebCore::DeferredPromise, WTF::RawPtrTraits<WebCore::DeferredPromise> >&&)::operator()(JSC::JSGlobalObject&, JSC::CallFrame&, WTF::Ref<WebCore::DeferredPromise, WTF::RawPtrTraits<WebCore::DeferredPromise> >&&) const 18 0x66dbec115 JSC::JSValue WebCore::callPromiseFunction<long long WebCore::IDLOperationReturningPromise<WebCore::JSFontFaceSet>::call<&(WebCore::jsFontFaceSetPrototypeFunction_loadBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSFontFaceSet*, WTF::Ref<WebCore::DeferredPromise, WTF::RawPtrTraits<WebCore::DeferredPromise> >&&)), (WebCore::CastedThisErrorBehavior)2>(JSC::JSGlobalObject&, JSC::CallFrame&, char const*)::'lambda'(JSC::JSGlobalObject&, JSC::CallFrame&, WTF::Ref<WebCore::DeferredPromise, WTF::RawPtrTraits<WebCore::DeferredPromise> >&&)>(JSC::JSGlobalObject&, JSC::CallFrame&, &(WebCore::jsFontFaceSetPrototypeFunction_loadBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSFontFaceSet*, WTF::Ref<WebCore::DeferredPromise, WTF::RawPtrTraits<WebCore::DeferredPromise> >&&))) 19 0x66dbeba4d long long WebCore::IDLOperationReturningPromise<WebCore::JSFontFaceSet>::call<&(WebCore::jsFontFaceSetPrototypeFunction_loadBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSFontFaceSet*, WTF::Ref<WebCore::DeferredPromise, WTF::RawPtrTraits<WebCore::DeferredPromise> >&&)), (WebCore::CastedThisErrorBehavior)2>(JSC::JSGlobalObject&, JSC::CallFrame&, char const*) 20 0x66dbe9714 WebCore::jsFontFaceSetPrototypeFunction_load(JSC::JSGlobalObject*, JSC::CallFrame*) 21 0x2c7799203e78 22 0x65c0dbfab llint_entry 23 0x65c0b8cd0 vmEntryToJavaScript 24 0x65cf78b45 JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) 25 0x65cf78172 JSC::Interpreter::executeProgram(JSC::SourceCode const&, JSC::JSGlobalObject*, JSC::JSObject*) 26 0x65d38e875 JSC::evaluate(JSC::JSGlobalObject*, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) 27 0x65d38e9bc JSC::profiledEvaluate(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) 28 0x66f869b5e WebCore::JSExecState::profiledEvaluate(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) 29 0x671d20fba WebCore::WorkerOrWorkletScriptController::evaluate(WebCore::ScriptSourceCode const&, WTF::NakedPtr<JSC::Exception>&, WTF::String*) 30 0x671d2866e WebCore::WorkerOrWorkletScriptController::evaluate(WebCore::ScriptSourceCode const&, WTF::String*) 31 0x671d58d90 WebCore::WorkerThread::evaluateScriptIfNecessary(WTF::String&)

It looks like we're parsing the argument to `FontFaceSet.load(...)` in a worker, but the parser requires being run on the main thread, not in a worker.

Looking into this now, hopefully just a missing call to get the worker's CSSValuePool.

The cause of this is that whenever FunctionToken was added to CSS parsing, CalcParser was used without specifying a CSSValuePool in the raw parser functions. The whole point of the raw parsers, however, is that they don't use CSSValue, so I think there was a misunderstanding somewhere (it's a shame that whenever this was done, tests weren't comprehensive enough to catch this). I'm fixing this now, but likely won't finish until tomorrow.

Created attachment 438148 [details] Patch

Possible fix, not 100% sure it's correct but I've got to sign off for the day, so let's get some EWS results and I'll think about this some more tomorrow :)

Created attachment 438332 [details] Patch

Created attachment 438334 [details] Patch

Created attachment 438346 [details] Patch

Comment on attachment 438346 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=438346&action=review > Source/WebCore/css/parser/CSSPropertyParserHelpers.cpp:223 > + const CSSParserToken& token = range.peek(); Consider auto&? > Source/WebCore/css/parser/CSSPropertyParserHelpers.cpp:370 > + const CSSParserToken& token = sourceRange.peek(); Ditto.

Created attachment 438794 [details] Patch

Committed r282809 (241941@main): <https://commits.webkit.org/241941@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 438794 [details].