274732 – REGRESSION(279321@main): js/dom/missing-exception-check-in-convertVariadicArguments.html is crashing : Unchecked exception detected at JSC::VM::verifyExceptionCheckNeedIsSatisfied : ASSERTION FAILED: !m_needExceptionCheck

Bug 274732 - REGRESSION(279321@main): js/dom/missing-exception-check-in-convertVariadicArguments.html is crashing : Unchecked exception detected at JSC::VM::verifyExceptionCheckNeedIsSatisfied : ASSERTION FAILED: !m_needExceptionCheck

Summary: REGRESSION(279321@main): js/dom/missing-exception-check-in-convertVariadicArg...

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	JavaScriptCore (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Sam Weinig

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2024-05-26 13:30 PDT by Fujii Hironori
Modified:	2024-06-01 13:38 PDT (History)
CC List:	4 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Fujii Hironori 2024-05-26 13:30:33 PDT

After 279321@main, debug builds are crashing for js/dom/missing-exception-check-in-convertVariadicArguments.html.

History:
  https://results.webkit.org/?suite=layout-tests&test=js%2Fdom%2Fmissing-exception-check-in-convertVariadicArguments.html

Buildbot: builder Apple-Sonoma-Debug-AppleSilicon-WK2-Tests build 2838 : 279321@main
https://build.webkit.org/#/builders/934/builds/2838

ERROR: Unchecked JS exception:
    This scope can throw a JS exception: convert @ /Volumes/Data/worker/Apple-Sonoma-Debug-Build/build/Source/WebCore/bindings/js/JSDOMConvertAny.h:74
        (ExceptionScope::m_recursionDepth was 5)
    But the exception was unchecked as of this scope: convert @ /Volumes/Data/worker/Apple-Sonoma-Debug-Build/build/Source/WebCore/bindings/js/JSDOMConvertAny.h:74
        (ExceptionScope::m_recursionDepth was 5)

Unchecked exception detected at:
    1   0x127eb222c JSC::VM::verifyExceptionCheckNeedIsSatisfied(unsigned int, JSC::ExceptionEventLocation&)
    2   0x127e8e3a4 JSC::ThrowScope::ThrowScope(JSC::VM&, JSC::ExceptionEventLocation)
    3   0x127e8e3e0 JSC::ThrowScope::ThrowScope(JSC::VM&, JSC::ExceptionEventLocation)
    4   0x355ceb074 WebCore::VariadicConverter<WebCore::IDLAny>::convert(JSC::JSGlobalObject&, JSC::JSValue)
    5   0x355ceaf34 WTF::FixedVector<WebCore::VariadicConverter<WebCore::IDLAny>::Item> WebCore::convertVariadicArguments<WebCore::IDLAny>(JSC::JSGlobalObject&, JSC::CallFrame&, unsigned long)::'lambda'(unsigned long)::operator()(unsigned long) const
    6   0x355ceae30 WTF::TrailingArray<WTF::EmbeddedFixedVector<JSC::Strong<JSC::Unknown, (JSC::ShouldStrongDestructorGrabLock)0>>, JSC::Strong<JSC::Unknown, (JSC::ShouldStrongDestructorGrabLock)0>>::TrailingArray<WTF::FixedVector<WebCore::VariadicConverter<WebCore::IDLAny>::Item> WebCore::convertVariadicArguments<WebCore::IDLAny>(JSC::JSGlobalObject&, JSC::CallFrame&, unsigned long)::'lambda'(unsigned long)>(WTF::TrailingArray<WTF::EmbeddedFixedVector<JSC::Strong<JSC::Unknown, (JSC::ShouldStrongDestructorGrabLock)0>>, JSC::Strong<JSC::Unknown, (JSC::ShouldStrongDestructorGrabLock)0>>::Failable, unsigned int, WebCore::IDLAny&&)
    7   0x355ceadb8 WTF::EmbeddedFixedVector<JSC::Strong<JSC::Unknown, (JSC::ShouldStrongDestructorGrabLock)0>>::EmbeddedFixedVector<WTF::FixedVector<WebCore::VariadicConverter<WebCore::IDLAny>::Item> WebCore::convertVariadicArguments<WebCore::IDLAny>(JSC::JSGlobalObject&, JSC::CallFrame&, unsigned long)::'lambda'(unsigned long)>(WTF::TrailingArray<WTF::EmbeddedFixedVector<JSC::Strong<JSC::Unknown, (JSC::ShouldStrongDestructorGrabLock)0>>, JSC::Strong<JSC::Unknown, (JSC::ShouldStrongDestructorGrabLock)0>>::Failable, unsigned int, WebCore::IDLAny&&)
    8   0x355cead14 WTF::EmbeddedFixedVector<JSC::Strong<JSC::Unknown, (JSC::ShouldStrongDestructorGrabLock)0>>::EmbeddedFixedVector<WTF::FixedVector<WebCore::VariadicConverter<WebCore::IDLAny>::Item> WebCore::convertVariadicArguments<WebCore::IDLAny>(JSC::JSGlobalObject&, JSC::CallFrame&, unsigned long)::'lambda'(unsigned long)>(WTF::TrailingArray<WTF::EmbeddedFixedVector<JSC::Strong<JSC::Unknown, (JSC::ShouldStrongDestructorGrabLock)0>>, JSC::Strong<JSC::Unknown, (JSC::ShouldStrongDestructorGrabLock)0>>::Failable, unsigned int, WebCore::IDLAny&&)
    9   0x355ceab60 std::__1::unique_ptr<WTF::EmbeddedFixedVector<JSC::Strong<JSC::Unknown, (JSC::ShouldStrongDestructorGrabLock)0>>, std::__1::default_delete<WTF::EmbeddedFixedVector<JSC::Strong<JSC::Unknown, (JSC::ShouldStrongDestructorGrabLock)0>>>> WTF::EmbeddedFixedVector<JSC::Strong<JSC::Unknown, (JSC::ShouldStrongDestructorGrabLock)0>>::createWithSizeFromGenerator<WTF::FixedVector<WebCore::VariadicConverter<WebCore::IDLAny>::Item> WebCore::convertVariadicArguments<WebCore::IDLAny>(JSC::JSGlobalObject&, JSC::CallFrame&, unsigned long)::'lambda'(unsigned long)>(unsigned int, WebCore::IDLAny&&)
    10  0x355ceaa5c WTF::FixedVector<JSC::Strong<JSC::Unknown, (JSC::ShouldStrongDestructorGrabLock)0>> WTF::FixedVector<JSC::Strong<JSC::Unknown, (JSC::ShouldStrongDestructorGrabLock)0>>::createWithSizeFromGenerator<WTF::FixedVector<WebCore::VariadicConverter<WebCore::IDLAny>::Item> WebCore::convertVariadicArguments<WebCore::IDLAny>(JSC::JSGlobalObject&, JSC::CallFrame&, unsigned long)::'lambda'(unsigned long)>(unsigned long, WebCore::IDLAny&&)
    11  0x355ce9800 WTF::FixedVector<WebCore::VariadicConverter<WebCore::IDLAny>::Item> WebCore::convertVariadicArguments<WebCore::IDLAny>(JSC::JSGlobalObject&, JSC::CallFrame&, unsigned long)
    12  0x355ce93b8 WebCore::jsDOMWindowInstanceFunction_setTimeoutBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSDOMWindow*)
    13  0x355ce90e4 long long WebCore::IDLOperation<WebCore::JSDOMWindow>::call<&WebCore::jsDOMWindowInstanceFunction_setTimeoutBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSDOMWindow*), (WebCore::CastedThisErrorBehavior)0>(JSC::JSGlobalObject&, JSC::CallFrame&, char const*)
    14  0x355ccf7fc WebCore::jsDOMWindowInstanceFunction_setTimeout(JSC::JSGlobalObject*, JSC::CallFrame*)
    15  0x30001003c 14  ???                                 0x000000030001003c 0x0 + 12884967484
    16  0x12860322c llint_entry
    17  0x1285dc9b4 vmEntryToJavaScript
    18  0x1276423a8 JSC::Interpreter::executeProgram(JSC::SourceCode const&, JSC::JSGlobalObject*, JSC::JSObject*)
    19  0x12798bbc0 JSC::evaluate(JSC::JSGlobalObject*, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&)
    20  0x12798bd0c JSC::profiledEvaluate(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&)
    21  0x358808238 WebCore::JSExecState::profiledEvaluate(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&)
    22  0x358807cd0 WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld&)
    23  0x358807b04 WebCore::ScriptController::evaluateInWorldIgnoringException(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld&)
    24  0x3588084dc WebCore::ScriptController::evaluateIgnoringException(WebCore::ScriptSourceCode const&)
    25  0x3593f9ddc WebCore::ScriptElement::executeClassicScript(WebCore::ScriptSourceCode const&)
    26  0x3593f7a44 WebCore::ScriptElement::prepareScript(WTF::TextPosition const&)
    27  0x359a64ab0 WebCore::HTMLScriptRunner::runScript(WebCore::ScriptElement&, WTF::TextPosition const&)
    28  0x359a648e0 WebCore::HTMLScriptRunner::execute(WTF::Ref<WebCore::ScriptElement, WTF::RawPtrTraits<WebCore::ScriptElement>, WTF::DefaultRefDerefTraits<WebCore::ScriptElement>>&&, WTF::TextPosition const&)
    29  0x359a234f0 WebCore::HTMLDocumentParser::runScriptsForPausedTreeBuilder()
    30  0x359a23a00 WebCore::HTMLDocumentParser::pumpTokenizerLoop(WebCore::HTMLDocumentParser::SynchronousMode, bool, WebCore::PumpSession&)
    31  0x359a22d6c WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode)
    32  0x359a22504 WebCore::HTMLDocumentParser::pumpTokenizerIfPossible(WebCore::HTMLDocumentParser::SynchronousMode)
    33  0x359a24548 WebCore::HTMLDocumentParser::append(WTF::RefPtr<WTF::StringImpl, WTF::RawPtrTraits<WTF::StringImpl>, WTF::DefaultRefDerefTraits<WTF::StringImpl>>&&, WebCore::HTMLDocumentParser::SynchronousMode)
    34  0x359a243a4 WebCore::HTMLDocumentParser::append(WTF::RefPtr<WTF::StringImpl, WTF::RawPtrTraits<WTF::StringImpl>, WTF::DefaultRefDerefTraits<WTF::StringImpl>>&&)
    35  0x35916f09c WebCore::DecodedDataDocumentParser::flush(WebCore::DocumentWriter&)
    36  0x359ef3310 WebCore::DocumentWriter::end()
    37  0x359ef23f8 WebCore::DocumentLoader::finishedLoading()
    38  0x359ef1fa8 WebCore::DocumentLoader::notifyFinished(WebCore::CachedResource&, WebCore::NetworkLoadMetrics const&, WebCore::LoadWillContinueInAnotherProcess)
    39  0x35a0a1ed4 WebCore::CachedResource::checkNotify(WebCore::NetworkLoadMetrics const&, WebCore::LoadWillContinueInAnotherProcess)
    40  0x35a09d9e4 WebCore::CachedResource::finishLoading(WebCore::FragmentedSharedBuffer const*, WebCore::NetworkLoadMetrics const&)
    41  0x35a09efe0 WebCore::CachedRawResource::finishLoading(WebCore::FragmentedSharedBuffer const*, WebCore::NetworkLoadMetrics const&)
    42  0x35a019808 WebCore::SubresourceLoader::didFinishLoading(WebCore::NetworkLoadMetrics const&)
    43  0x13ea21bb8 WebKit::WebResourceLoader::didFinishResourceLoad(WebCore::NetworkLoadMetrics&&)
    44  0x13f7c7c10 auto void IPC::callMemberFunction<WebKit::WebResourceLoader, WebKit::WebResourceLoader, void (WebCore::NetworkLoadMetrics&&), std::__1::tuple<WebCore::NetworkLoadMetrics>>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics&&), std::__1::tuple<WebCore::NetworkLoadMetrics>&&)::'lambda'(auto&&...)::operator()<WebCore::NetworkLoadMetrics>(auto&&...) const
    45  0x13f7c7b64 decltype(std::declval<WebKit::WebResourceLoader>()(std::declval<WebCore::NetworkLoadMetrics>())) std::__1::__invoke[abi:sn170006]<void IPC::callMemberFunction<WebKit::WebResourceLoader, WebKit::WebResourceLoader, void (WebCore::NetworkLoadMetrics&&), std::__1::tuple<WebCore::NetworkLoadMetrics>>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics&&), std::__1::tuple<WebCore::NetworkLoadMetrics>&&)::'lambda'(auto&&...), WebCore::NetworkLoadMetrics>(WebKit::WebResourceLoader&&, WebCore::NetworkLoadMetrics&&)
    46  0x13f7c7b38 decltype(auto) std::__1::__apply_tuple_impl[abi:sn170006]<void IPC::callMemberFunction<WebKit::WebResourceLoader, WebKit::WebResourceLoader, void (WebCore::NetworkLoadMetrics&&), std::__1::tuple<WebCore::NetworkLoadMetrics>>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics&&), std::__1::tuple<WebCore::NetworkLoadMetrics>&&)::'lambda'(auto&&...), std::__1::tuple<WebCore::NetworkLoadMetrics>, 0ul>(WebKit::WebResourceLoader&&, WebKit::WebResourceLoader&&, std::__1::__tuple_indices<0ul>)
    47  0x13f7c7afc decltype(auto) std::__1::apply[abi:sn170006]<void IPC::callMemberFunction<WebKit::WebResourceLoader, WebKit::WebResourceLoader, void (WebCore::NetworkLoadMetrics&&), std::__1::tuple<WebCore::NetworkLoadMetrics>>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics&&), std::__1::tuple<WebCore::NetworkLoadMetrics>&&)::'lambda'(auto&&...), std::__1::tuple<WebCore::NetworkLoadMetrics>>(WebKit::WebResourceLoader&&, WebKit::WebResourceLoader&&)
    48  0x13f7c75b4 void IPC::callMemberFunction<WebKit::WebResourceLoader, WebKit::WebResourceLoader, void (WebCore::NetworkLoadMetrics&&), std::__1::tuple<WebCore::NetworkLoadMetrics>>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics&&), std::__1::tuple<WebCore::NetworkLoadMetrics>&&)
    49  0x13f7c0c44 void IPC::handleMessage<Messages::WebResourceLoader::DidFinishResourceLoad, WebKit::WebResourceLoader, WebKit::WebResourceLoader, void (WebCore::NetworkLoadMetrics&&)>(IPC::Connection&, IPC::Decoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics&&))
    50  0x13f7c029c WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::Decoder&)
    51  0x13e9fd6bc WebKit::NetworkProcessConnection::didReceiveMessage(IPC::Connection&, IPC::Decoder&)
    52  0x13f94c9ac IPC::Connection::dispatchMessage(IPC::Decoder&)
    53  0x13f94cde4 IPC::Connection::dispatchMessage(WTF::UniqueRef<IPC::Decoder>)
    54  0x13f94d10c IPC::Connection::dispatchOneIncomingMessage()
    55  0x13f96a768 IPC::Connection::enqueueIncomingMessage(WTF::UniqueRef<IPC::Decoder>)::$_14::operator()() const
    56  0x13f96a6c4 WTF::Detail::CallableWrapper<IPC::Connection::enqueueIncomingMessage(WTF::UniqueRef<IPC::Decoder>)::$_14, void>::call()
    57  0x127c195d4 WTF::Function<void ()>::operator()() const
    58  0x125e76754 WTF::RunLoop::performWork()
    59  0x125e7ad48 WTF::RunLoop::performWork(void*)
    60  0x18a03e4d8 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__
    61  0x18a03e46c __CFRunLoopDoSource0
    62  0x18a03e1dc __CFRunLoopDoSources0
    63  0x18a03cdc8 __CFRunLoopRun
    64  0x18a03c434 CFRunLoopRunSpecific
    65  0x18b170a88 -[NSRunLoop(NSRunLoop) runMode:beforeDate:]
    66  0x18b1ea6c4 -[NSRunLoop(NSRunLoop) run]
    67  0x189c77468 _xpc_objc_main
    68  0x189c86e58 _xpc_main
    69  0x189c77014 _xpc_copy_xpcservice_dictionary
    70  0x13d202af4 WebKit::XPCServiceMain(int, char const**)
    71  0x13f8cb59c WKXPCServiceMain
    72  0x100c37f90 main
    73  0x189bd60e0 start

ASSERTION FAILED: !m_needExceptionCheck
./runtime/VM.cpp(1441) : void JSC::VM::verifyExceptionCheckNeedIsSatisfied(unsigned int, ExceptionEventLocation &)
com.apple.WebKit.WebContent.Development terminated (pid 22917) for reason: crash
LEAK: 4 WebPageProxy

Comment 1 Radar WebKit Bug Importer 2024-05-28 15:13:04 PDT

<rdar://problem/128901317>

Comment 2 EWS 2024-05-28 15:41:50 PDT

Test gardening commit 279407@main (c922e71a44e3): <https://commits.webkit.org/279407@main>

Reviewed commits have been landed. Closing PR #29195 and removing active labels.

Comment 3 Sam Weinig 2024-05-31 11:39:24 PDT

Pull request: https://github.com/WebKit/WebKit/pull/29386

Comment 4 EWS 2024-06-01 13:38:32 PDT

Committed 279617@main (dc54b6a653e3): <https://commits.webkit.org/279617@main>

Reviewed commits have been landed. Closing PR #29386 and removing active labels.