WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
274732
REGRESSION(
279321@main
): js/dom/missing-exception-check-in-convertVariadicArguments.html is crashing : Unchecked exception detected at JSC::VM::verifyExceptionCheckNeedIsSatisfied : ASSERTION FAILED: !m_needExceptionCheck
https://bugs.webkit.org/show_bug.cgi?id=274732
Summary
REGRESSION(279321@main): js/dom/missing-exception-check-in-convertVariadicArg...
Fujii Hironori
Reported
2024-05-26 13:30:33 PDT
After
279321@main
, debug builds are crashing for js/dom/missing-exception-check-in-convertVariadicArguments.html. History:
https://results.webkit.org/?suite=layout-tests&test=js%2Fdom%2Fmissing-exception-check-in-convertVariadicArguments.html
Buildbot: builder Apple-Sonoma-Debug-AppleSilicon-WK2-Tests build 2838 :
279321@main
https://build.webkit.org/#/builders/934/builds/2838
ERROR: Unchecked JS exception: This scope can throw a JS exception: convert @ /Volumes/Data/worker/Apple-Sonoma-Debug-Build/build/Source/WebCore/bindings/js/JSDOMConvertAny.h:74 (ExceptionScope::m_recursionDepth was 5) But the exception was unchecked as of this scope: convert @ /Volumes/Data/worker/Apple-Sonoma-Debug-Build/build/Source/WebCore/bindings/js/JSDOMConvertAny.h:74 (ExceptionScope::m_recursionDepth was 5) Unchecked exception detected at: 1 0x127eb222c JSC::VM::verifyExceptionCheckNeedIsSatisfied(unsigned int, JSC::ExceptionEventLocation&) 2 0x127e8e3a4 JSC::ThrowScope::ThrowScope(JSC::VM&, JSC::ExceptionEventLocation) 3 0x127e8e3e0 JSC::ThrowScope::ThrowScope(JSC::VM&, JSC::ExceptionEventLocation) 4 0x355ceb074 WebCore::VariadicConverter<WebCore::IDLAny>::convert(JSC::JSGlobalObject&, JSC::JSValue) 5 0x355ceaf34 WTF::FixedVector<WebCore::VariadicConverter<WebCore::IDLAny>::Item> WebCore::convertVariadicArguments<WebCore::IDLAny>(JSC::JSGlobalObject&, JSC::CallFrame&, unsigned long)::'lambda'(unsigned long)::operator()(unsigned long) const 6 0x355ceae30 WTF::TrailingArray<WTF::EmbeddedFixedVector<JSC::Strong<JSC::Unknown, (JSC::ShouldStrongDestructorGrabLock)0>>, JSC::Strong<JSC::Unknown, (JSC::ShouldStrongDestructorGrabLock)0>>::TrailingArray<WTF::FixedVector<WebCore::VariadicConverter<WebCore::IDLAny>::Item> WebCore::convertVariadicArguments<WebCore::IDLAny>(JSC::JSGlobalObject&, JSC::CallFrame&, unsigned long)::'lambda'(unsigned long)>(WTF::TrailingArray<WTF::EmbeddedFixedVector<JSC::Strong<JSC::Unknown, (JSC::ShouldStrongDestructorGrabLock)0>>, JSC::Strong<JSC::Unknown, (JSC::ShouldStrongDestructorGrabLock)0>>::Failable, unsigned int, WebCore::IDLAny&&) 7 0x355ceadb8 WTF::EmbeddedFixedVector<JSC::Strong<JSC::Unknown, (JSC::ShouldStrongDestructorGrabLock)0>>::EmbeddedFixedVector<WTF::FixedVector<WebCore::VariadicConverter<WebCore::IDLAny>::Item> WebCore::convertVariadicArguments<WebCore::IDLAny>(JSC::JSGlobalObject&, JSC::CallFrame&, unsigned long)::'lambda'(unsigned long)>(WTF::TrailingArray<WTF::EmbeddedFixedVector<JSC::Strong<JSC::Unknown, (JSC::ShouldStrongDestructorGrabLock)0>>, JSC::Strong<JSC::Unknown, (JSC::ShouldStrongDestructorGrabLock)0>>::Failable, unsigned int, WebCore::IDLAny&&) 8 0x355cead14 WTF::EmbeddedFixedVector<JSC::Strong<JSC::Unknown, (JSC::ShouldStrongDestructorGrabLock)0>>::EmbeddedFixedVector<WTF::FixedVector<WebCore::VariadicConverter<WebCore::IDLAny>::Item> WebCore::convertVariadicArguments<WebCore::IDLAny>(JSC::JSGlobalObject&, JSC::CallFrame&, unsigned long)::'lambda'(unsigned long)>(WTF::TrailingArray<WTF::EmbeddedFixedVector<JSC::Strong<JSC::Unknown, (JSC::ShouldStrongDestructorGrabLock)0>>, JSC::Strong<JSC::Unknown, (JSC::ShouldStrongDestructorGrabLock)0>>::Failable, unsigned int, WebCore::IDLAny&&) 9 0x355ceab60 std::__1::unique_ptr<WTF::EmbeddedFixedVector<JSC::Strong<JSC::Unknown, (JSC::ShouldStrongDestructorGrabLock)0>>, std::__1::default_delete<WTF::EmbeddedFixedVector<JSC::Strong<JSC::Unknown, (JSC::ShouldStrongDestructorGrabLock)0>>>> WTF::EmbeddedFixedVector<JSC::Strong<JSC::Unknown, (JSC::ShouldStrongDestructorGrabLock)0>>::createWithSizeFromGenerator<WTF::FixedVector<WebCore::VariadicConverter<WebCore::IDLAny>::Item> WebCore::convertVariadicArguments<WebCore::IDLAny>(JSC::JSGlobalObject&, JSC::CallFrame&, unsigned long)::'lambda'(unsigned long)>(unsigned int, WebCore::IDLAny&&) 10 0x355ceaa5c WTF::FixedVector<JSC::Strong<JSC::Unknown, (JSC::ShouldStrongDestructorGrabLock)0>> WTF::FixedVector<JSC::Strong<JSC::Unknown, (JSC::ShouldStrongDestructorGrabLock)0>>::createWithSizeFromGenerator<WTF::FixedVector<WebCore::VariadicConverter<WebCore::IDLAny>::Item> WebCore::convertVariadicArguments<WebCore::IDLAny>(JSC::JSGlobalObject&, JSC::CallFrame&, unsigned long)::'lambda'(unsigned long)>(unsigned long, WebCore::IDLAny&&) 11 0x355ce9800 WTF::FixedVector<WebCore::VariadicConverter<WebCore::IDLAny>::Item> WebCore::convertVariadicArguments<WebCore::IDLAny>(JSC::JSGlobalObject&, JSC::CallFrame&, unsigned long) 12 0x355ce93b8 WebCore::jsDOMWindowInstanceFunction_setTimeoutBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSDOMWindow*) 13 0x355ce90e4 long long WebCore::IDLOperation<WebCore::JSDOMWindow>::call<&WebCore::jsDOMWindowInstanceFunction_setTimeoutBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSDOMWindow*), (WebCore::CastedThisErrorBehavior)0>(JSC::JSGlobalObject&, JSC::CallFrame&, char const*) 14 0x355ccf7fc WebCore::jsDOMWindowInstanceFunction_setTimeout(JSC::JSGlobalObject*, JSC::CallFrame*) 15 0x30001003c 14 ??? 0x000000030001003c 0x0 + 12884967484 16 0x12860322c llint_entry 17 0x1285dc9b4 vmEntryToJavaScript 18 0x1276423a8 JSC::Interpreter::executeProgram(JSC::SourceCode const&, JSC::JSGlobalObject*, JSC::JSObject*) 19 0x12798bbc0 JSC::evaluate(JSC::JSGlobalObject*, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) 20 0x12798bd0c JSC::profiledEvaluate(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) 21 0x358808238 WebCore::JSExecState::profiledEvaluate(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) 22 0x358807cd0 WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld&) 23 0x358807b04 WebCore::ScriptController::evaluateInWorldIgnoringException(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld&) 24 0x3588084dc WebCore::ScriptController::evaluateIgnoringException(WebCore::ScriptSourceCode const&) 25 0x3593f9ddc WebCore::ScriptElement::executeClassicScript(WebCore::ScriptSourceCode const&) 26 0x3593f7a44 WebCore::ScriptElement::prepareScript(WTF::TextPosition const&) 27 0x359a64ab0 WebCore::HTMLScriptRunner::runScript(WebCore::ScriptElement&, WTF::TextPosition const&) 28 0x359a648e0 WebCore::HTMLScriptRunner::execute(WTF::Ref<WebCore::ScriptElement, WTF::RawPtrTraits<WebCore::ScriptElement>, WTF::DefaultRefDerefTraits<WebCore::ScriptElement>>&&, WTF::TextPosition const&) 29 0x359a234f0 WebCore::HTMLDocumentParser::runScriptsForPausedTreeBuilder() 30 0x359a23a00 WebCore::HTMLDocumentParser::pumpTokenizerLoop(WebCore::HTMLDocumentParser::SynchronousMode, bool, WebCore::PumpSession&) 31 0x359a22d6c WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode) 32 0x359a22504 WebCore::HTMLDocumentParser::pumpTokenizerIfPossible(WebCore::HTMLDocumentParser::SynchronousMode) 33 0x359a24548 WebCore::HTMLDocumentParser::append(WTF::RefPtr<WTF::StringImpl, WTF::RawPtrTraits<WTF::StringImpl>, WTF::DefaultRefDerefTraits<WTF::StringImpl>>&&, WebCore::HTMLDocumentParser::SynchronousMode) 34 0x359a243a4 WebCore::HTMLDocumentParser::append(WTF::RefPtr<WTF::StringImpl, WTF::RawPtrTraits<WTF::StringImpl>, WTF::DefaultRefDerefTraits<WTF::StringImpl>>&&) 35 0x35916f09c WebCore::DecodedDataDocumentParser::flush(WebCore::DocumentWriter&) 36 0x359ef3310 WebCore::DocumentWriter::end() 37 0x359ef23f8 WebCore::DocumentLoader::finishedLoading() 38 0x359ef1fa8 WebCore::DocumentLoader::notifyFinished(WebCore::CachedResource&, WebCore::NetworkLoadMetrics const&, WebCore::LoadWillContinueInAnotherProcess) 39 0x35a0a1ed4 WebCore::CachedResource::checkNotify(WebCore::NetworkLoadMetrics const&, WebCore::LoadWillContinueInAnotherProcess) 40 0x35a09d9e4 WebCore::CachedResource::finishLoading(WebCore::FragmentedSharedBuffer const*, WebCore::NetworkLoadMetrics const&) 41 0x35a09efe0 WebCore::CachedRawResource::finishLoading(WebCore::FragmentedSharedBuffer const*, WebCore::NetworkLoadMetrics const&) 42 0x35a019808 WebCore::SubresourceLoader::didFinishLoading(WebCore::NetworkLoadMetrics const&) 43 0x13ea21bb8 WebKit::WebResourceLoader::didFinishResourceLoad(WebCore::NetworkLoadMetrics&&) 44 0x13f7c7c10 auto void IPC::callMemberFunction<WebKit::WebResourceLoader, WebKit::WebResourceLoader, void (WebCore::NetworkLoadMetrics&&), std::__1::tuple<WebCore::NetworkLoadMetrics>>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics&&), std::__1::tuple<WebCore::NetworkLoadMetrics>&&)::'lambda'(auto&&...)::operator()<WebCore::NetworkLoadMetrics>(auto&&...) const 45 0x13f7c7b64 decltype(std::declval<WebKit::WebResourceLoader>()(std::declval<WebCore::NetworkLoadMetrics>())) std::__1::__invoke[abi:sn170006]<void IPC::callMemberFunction<WebKit::WebResourceLoader, WebKit::WebResourceLoader, void (WebCore::NetworkLoadMetrics&&), std::__1::tuple<WebCore::NetworkLoadMetrics>>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics&&), std::__1::tuple<WebCore::NetworkLoadMetrics>&&)::'lambda'(auto&&...), WebCore::NetworkLoadMetrics>(WebKit::WebResourceLoader&&, WebCore::NetworkLoadMetrics&&) 46 0x13f7c7b38 decltype(auto) std::__1::__apply_tuple_impl[abi:sn170006]<void IPC::callMemberFunction<WebKit::WebResourceLoader, WebKit::WebResourceLoader, void (WebCore::NetworkLoadMetrics&&), std::__1::tuple<WebCore::NetworkLoadMetrics>>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics&&), std::__1::tuple<WebCore::NetworkLoadMetrics>&&)::'lambda'(auto&&...), std::__1::tuple<WebCore::NetworkLoadMetrics>, 0ul>(WebKit::WebResourceLoader&&, WebKit::WebResourceLoader&&, std::__1::__tuple_indices<0ul>) 47 0x13f7c7afc decltype(auto) std::__1::apply[abi:sn170006]<void IPC::callMemberFunction<WebKit::WebResourceLoader, WebKit::WebResourceLoader, void (WebCore::NetworkLoadMetrics&&), std::__1::tuple<WebCore::NetworkLoadMetrics>>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics&&), std::__1::tuple<WebCore::NetworkLoadMetrics>&&)::'lambda'(auto&&...), std::__1::tuple<WebCore::NetworkLoadMetrics>>(WebKit::WebResourceLoader&&, WebKit::WebResourceLoader&&) 48 0x13f7c75b4 void IPC::callMemberFunction<WebKit::WebResourceLoader, WebKit::WebResourceLoader, void (WebCore::NetworkLoadMetrics&&), std::__1::tuple<WebCore::NetworkLoadMetrics>>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics&&), std::__1::tuple<WebCore::NetworkLoadMetrics>&&) 49 0x13f7c0c44 void IPC::handleMessage<Messages::WebResourceLoader::DidFinishResourceLoad, WebKit::WebResourceLoader, WebKit::WebResourceLoader, void (WebCore::NetworkLoadMetrics&&)>(IPC::Connection&, IPC::Decoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics&&)) 50 0x13f7c029c WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::Decoder&) 51 0x13e9fd6bc WebKit::NetworkProcessConnection::didReceiveMessage(IPC::Connection&, IPC::Decoder&) 52 0x13f94c9ac IPC::Connection::dispatchMessage(IPC::Decoder&) 53 0x13f94cde4 IPC::Connection::dispatchMessage(WTF::UniqueRef<IPC::Decoder>) 54 0x13f94d10c IPC::Connection::dispatchOneIncomingMessage() 55 0x13f96a768 IPC::Connection::enqueueIncomingMessage(WTF::UniqueRef<IPC::Decoder>)::$_14::operator()() const 56 0x13f96a6c4 WTF::Detail::CallableWrapper<IPC::Connection::enqueueIncomingMessage(WTF::UniqueRef<IPC::Decoder>)::$_14, void>::call() 57 0x127c195d4 WTF::Function<void ()>::operator()() const 58 0x125e76754 WTF::RunLoop::performWork() 59 0x125e7ad48 WTF::RunLoop::performWork(void*) 60 0x18a03e4d8 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ 61 0x18a03e46c __CFRunLoopDoSource0 62 0x18a03e1dc __CFRunLoopDoSources0 63 0x18a03cdc8 __CFRunLoopRun 64 0x18a03c434 CFRunLoopRunSpecific 65 0x18b170a88 -[NSRunLoop(NSRunLoop) runMode:beforeDate:] 66 0x18b1ea6c4 -[NSRunLoop(NSRunLoop) run] 67 0x189c77468 _xpc_objc_main 68 0x189c86e58 _xpc_main 69 0x189c77014 _xpc_copy_xpcservice_dictionary 70 0x13d202af4 WebKit::XPCServiceMain(int, char const**) 71 0x13f8cb59c WKXPCServiceMain 72 0x100c37f90 main 73 0x189bd60e0 start ASSERTION FAILED: !m_needExceptionCheck ./runtime/VM.cpp(1441) : void JSC::VM::verifyExceptionCheckNeedIsSatisfied(unsigned int, ExceptionEventLocation &) com.apple.WebKit.WebContent.Development terminated (pid 22917) for reason: crash LEAK: 4 WebPageProxy
Attachments
Add attachment
proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1
2024-05-28 15:13:04 PDT
<
rdar://problem/128901317
>
EWS
Comment 2
2024-05-28 15:41:50 PDT
Test gardening commit
279407@main
(c922e71a44e3): <
https://commits.webkit.org/279407@main
> Reviewed commits have been landed. Closing PR #29195 and removing active labels.
Sam Weinig
Comment 3
2024-05-31 11:39:24 PDT
Pull request:
https://github.com/WebKit/WebKit/pull/29386
EWS
Comment 4
2024-06-01 13:38:32 PDT
Committed
279617@main
(dc54b6a653e3): <
https://commits.webkit.org/279617@main
> Reviewed commits have been landed. Closing PR #29386 and removing active labels.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug