RESOLVED FIXED289218
REGRESSION: ASSERTION FAILED: !m_needExceptionCheck: ./runtime/VM.cpp(1450) : void JSC::VM::verifyExceptionCheckNeedIsSatisfied(unsigned int, ExceptionEventLocation &) 
https://bugs.webkit.org/show_bug.cgi?id=289218
Summary REGRESSION: ASSERTION FAILED: !m_needExceptionCheck: ./runtime/VM.cpp(1450) :...
Fujii Hironori
Reported 2025-03-05 20:52:52 PST
Regressions: Unexpected crashes js/dom/missing-exception-check-in-convertNumbers.html [ Crash ] https://build.webkit.org/results/Apple-Sequoia-Debug-WK2-Tests/291650@main%20(990)/js/dom/missing-exception-check-in-convertNumbers-crash-log.txt stderr: ERROR: Unchecked JS exception: This scope can throw a JS exception: deserialize @ /Volumes/Data/worker/Apple-Sequoia-Debug-Build/build/Source/WebCore/bindings/js/SerializedScriptValue.cpp:5397 (ExceptionScope::m_recursionDepth was 1) But the exception was unchecked as of this scope: performMicrotaskCheckpoint @ ./runtime/MicrotaskQueue.cpp:96 (ExceptionScope::m_recursionDepth was 1) Unchecked exception detected at: 1 0x5e54e208f JSC::VM::verifyExceptionCheckNeedIsSatisfied(unsigned int, JSC::ExceptionEventLocation&) 2 0x5e4e366fd JSC::CatchScope::CatchScope(JSC::VM&, JSC::ExceptionEventLocation) 3 0x5e4e364d3 JSC::CatchScope::CatchScope(JSC::VM&, JSC::ExceptionEventLocation) 4 0x5e532cb00 JSC::MicrotaskQueue::performMicrotaskCheckpoint(JSC::VM&) 5 0x5e54e1b2c JSC::VM::drainMicrotasks() 6 0x5e51476e3 JSC::JSLock::willReleaseLock() 7 0x5e5147630 JSC::JSLock::unlock(long) 8 0x5e5146d7a JSC::JSLock::unlock() 9 0x66507fb33 WTF::Locker<JSC::JSLock, void>::unlock() 10 0x66507faf5 WTF::Locker<JSC::JSLock, void>::~Locker() 11 0x66507f7c5 WTF::Locker<JSC::JSLock, void>::~Locker() 12 0x668aa9fe9 WebCore::MessageEvent::create(JSC::JSGlobalObject&, WTF::Ref<WebCore::SerializedScriptValue, WTF::RawPtrTraits<WebCore::SerializedScriptValue>, WTF::DefaultRefDerefTraits<WebCore::SerializedScriptValue>>&&, WTF::String const&, WTF::String const&, std::__1::optional<std::__1::variant<WTF::RefPtr<WebCore::WindowProxy, WTF::RawPtrTraits<WebCore::WindowProxy>, WTF::DefaultRefDerefTraits<WebCore::WindowProxy>>, WTF::RefPtr<WebCore::MessagePort, WTF::RawPtrTraits<WebCore::MessagePort>, WTF::DefaultRefDerefTraits<WebCore::MessagePort>>, WTF::RefPtr<WebCore::ServiceWorker, WTF::RawPtrTraits<WebCore::ServiceWorker>, WTF::DefaultRefDerefTraits<WebCore::ServiceWorker>>>>&&, WTF::Vector<WTF::Ref<WebCore::MessagePort, WTF::RawPtrTraits<WebCore::MessagePort>, WTF::DefaultRefDerefTraits<WebCore::MessagePort>>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&) 13 0x669a89ca6 WebCore::LocalDOMWindow::processPostMessage(JSC::JSGlobalObject&, WTF::String const&, WebCore::MessageWithMessagePorts const&, WTF::RefPtr<WebCore::WindowProxy, WTF::RawPtrTraits<WebCore::WindowProxy>, WTF::DefaultRefDerefTraits<WebCore::WindowProxy>>&&, WTF::RefPtr<WebCore::SecurityOrigin, WTF::RawPtrTraits<WebCore::SecurityOrigin>, WTF::DefaultRefDerefTraits<WebCore::SecurityOrigin>>&&)::$_0::operator()() 14 0x669a89699 WTF::Detail::CallableWrapper<WebCore::LocalDOMWindow::processPostMessage(JSC::JSGlobalObject&, WTF::String const&, WebCore::MessageWithMessagePorts const&, WTF::RefPtr<WebCore::WindowProxy, WTF::RawPtrTraits<WebCore::WindowProxy>, WTF::DefaultRefDerefTraits<WebCore::WindowProxy>>&&, WTF::RefPtr<WebCore::SecurityOrigin, WTF::RawPtrTraits<WebCore::SecurityOrigin>, WTF::DefaultRefDerefTraits<WebCore::SecurityOrigin>>&&)::$_0, void>::call() 15 0x663c4c357 WTF::Function<void ()>::operator()() const 16 0x668a4ec19 WebCore::EventLoopFunctionDispatchTask::execute() 17 0x668a4170d WebCore::EventLoop::run(std::__1::optional<WTF::ApproximateTime>) 18 0x668c18353 WebCore::WindowEventLoop::didReachTimeToRun() 19 0x668c1b7b6 WebCore::Timer::Timer<WebCore::WindowEventLoop, WebCore::WindowEventLoop>(WebCore::WindowEventLoop&, void (WebCore::WindowEventLoop::*)())::'lambda'()::operator()() const 20 0x668c1b719 WTF::Detail::CallableWrapper<WebCore::Timer::Timer<WebCore::WindowEventLoop, WebCore::WindowEventLoop>(WebCore::WindowEventLoop&, void (WebCore::WindowEventLoop::*)())::'lambda'(), void>::call() 21 0x663c4c357 WTF::Function<void ()>::operator()() const 22 0x663d971a9 WebCore::Timer::fired() 23 0x669e10228 WebCore::ThreadTimers::sharedTimerFiredInternal() 24 0x669e19fb1 WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0::operator()() const 25 0x669e19f69 WTF::Detail::CallableWrapper<WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0, void>::call() 26 0x663c4c357 WTF::Function<void ()>::operator()() const 27 0x669dbd576 WebCore::MainThreadSharedTimer::fired() 28 0x669f253b6 WebCore::timerFired(__CFRunLoopTimer*, void*) 29 0x7ff81738670e __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ 30 0x7ff8173862bc __CFRunLoopDoTimer 31 0x7ff817385ee8 __CFRunLoopDoTimers 32 0x7ff81736cb73 __CFRunLoopRun 33 0x7ff81736bc6e CFRunLoopRunSpecific 34 0x7ff8183a46d9 -[NSRunLoop(NSRunLoop) runMode:beforeDate:] 35 0x7ff818424967 -[NSRunLoop(NSRunLoop) run] 36 0x7ff816f97a1d _xpc_objc_main 37 0x7ff816fa4b69 _xpc_main 38 0x7ff816f9762c _xpc_copy_xpcservice_dictionary 39 0x60d0e5710 WebKit::XPCServiceMain(int, char const**) 40 0x60fecea4b WKXPCServiceMain 41 0x108970f72 main 42 0x7ff816ef82cd start ASSERTION FAILED: !m_needExceptionCheck ./runtime/VM.cpp(1450) : void JSC::VM::verifyExceptionCheckNeedIsSatisfied(unsigned int, ExceptionEventLocation &) 1 0x5e54e21a5 JSC::VM::verifyExceptionCheckNeedIsSatisfied(unsigned int, JSC::ExceptionEventLocation&) 2 0x5e4e366fd JSC::CatchScope::CatchScope(JSC::VM&, JSC::ExceptionEventLocation) 3 0x5e4e364d3 JSC::CatchScope::CatchScope(JSC::VM&, JSC::ExceptionEventLocation) 4 0x5e532cb00 JSC::MicrotaskQueue::performMicrotaskCheckpoint(JSC::VM&) 5 0x5e54e1b2c JSC::VM::drainMicrotasks() 6 0x5e51476e3 JSC::JSLock::willReleaseLock() 7 0x5e5147630 JSC::JSLock::unlock(long) 8 0x5e5146d7a JSC::JSLock::unlock() 9 0x66507fb33 WTF::Locker<JSC::JSLock, void>::unlock() 10 0x66507faf5 WTF::Locker<JSC::JSLock, void>::~Locker() 11 0x66507f7c5 WTF::Locker<JSC::JSLock, void>::~Locker() 12 0x668aa9fe9 WebCore::MessageEvent::create(JSC::JSGlobalObject&, WTF::Ref<WebCore::SerializedScriptValue, WTF::RawPtrTraits<WebCore::SerializedScriptValue>, WTF::DefaultRefDerefTraits<WebCore::SerializedScriptValue>>&&, WTF::String const&, WTF::String const&, std::__1::optional<std::__1::variant<WTF::RefPtr<WebCore::WindowProxy, WTF::RawPtrTraits<WebCore::WindowProxy>, WTF::DefaultRefDerefTraits<WebCore::WindowProxy>>, WTF::RefPtr<WebCore::MessagePort, WTF::RawPtrTraits<WebCore::MessagePort>, WTF::DefaultRefDerefTraits<WebCore::MessagePort>>, WTF::RefPtr<WebCore::ServiceWorker, WTF::RawPtrTraits<WebCore::ServiceWorker>, WTF::DefaultRefDerefTraits<WebCore::ServiceWorker>>>>&&, WTF::Vector<WTF::Ref<WebCore::MessagePort, WTF::RawPtrTraits<WebCore::MessagePort>, WTF::DefaultRefDerefTraits<WebCore::MessagePort>>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&) 13 0x669a89ca6 WebCore::LocalDOMWindow::processPostMessage(JSC::JSGlobalObject&, WTF::String const&, WebCore::MessageWithMessagePorts const&, WTF::RefPtr<WebCore::WindowProxy, WTF::RawPtrTraits<WebCore::WindowProxy>, WTF::DefaultRefDerefTraits<WebCore::WindowProxy>>&&, WTF::RefPtr<WebCore::SecurityOrigin, WTF::RawPtrTraits<WebCore::SecurityOrigin>, WTF::DefaultRefDerefTraits<WebCore::SecurityOrigin>>&&)::$_0::operator()() 14 0x669a89699 WTF::Detail::CallableWrapper<WebCore::LocalDOMWindow::processPostMessage(JSC::JSGlobalObject&, WTF::String const&, WebCore::MessageWithMessagePorts const&, WTF::RefPtr<WebCore::WindowProxy, WTF::RawPtrTraits<WebCore::WindowProxy>, WTF::DefaultRefDerefTraits<WebCore::WindowProxy>>&&, WTF::RefPtr<WebCore::SecurityOrigin, WTF::RawPtrTraits<WebCore::SecurityOrigin>, WTF::DefaultRefDerefTraits<WebCore::SecurityOrigin>>&&)::$_0, void>::call() 15 0x663c4c357 WTF::Function<void ()>::operator()() const 16 0x668a4ec19 WebCore::EventLoopFunctionDispatchTask::execute() 17 0x668a4170d WebCore::EventLoop::run(std::__1::optional<WTF::ApproximateTime>) 18 0x668c18353 WebCore::WindowEventLoop::didReachTimeToRun() 19 0x668c1b7b6 WebCore::Timer::Timer<WebCore::WindowEventLoop, WebCore::WindowEventLoop>(WebCore::WindowEventLoop&, void (WebCore::WindowEventLoop::*)())::'lambda'()::operator()() const 20 0x668c1b719 WTF::Detail::CallableWrapper<WebCore::Timer::Timer<WebCore::WindowEventLoop, WebCore::WindowEventLoop>(WebCore::WindowEventLoop&, void (WebCore::WindowEventLoop::*)())::'lambda'(), void>::call() 21 0x663c4c357 WTF::Function<void ()>::operator()() const 22 0x663d971a9 WebCore::Timer::fired() 23 0x669e10228 WebCore::ThreadTimers::sharedTimerFiredInternal() 24 0x669e19fb1 WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0::operator()() const 25 0x669e19f69 WTF::Detail::CallableWrapper<WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0, void>::call() 26 0x663c4c357 WTF::Function<void ()>::operator()() const 27 0x669dbd576 WebCore::MainThreadSharedTimer::fired() 28 0x669f253b6 WebCore::timerFired(__CFRunLoopTimer*, void*) 29 0x7ff81738670e __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ 30 0x7ff8173862bc __CFRunLoopDoTimer 31 0x7ff817385ee8 __CFRunLoopDoTimers com.apple.WebKit.WebContent.Development terminated (pid 39137) for reason: crash LEAK: 1 WebPageProxy
Attachments
Add attachment proposed patch, testcase, etc.
Fujii Hironori
Comment 1 2025-03-05 20:53:42 PST
This is reproducible with Windows Debug build. > python ./Tools/Scripts/run-webkit-tests --debug --iter=2 js/dom/missing-exception-check-in-clone-serializer-serialize.html
Radar WebKit Bug Importer
Comment 3 2025-03-05 23:48:50 PST
<rdar://problem/146364641>
Yusuke Suzuki
Comment 4 2025-03-05 23:49:41 PST
Pull request: https://github.com/WebKit/WebKit/pull/41987
EWS
Comment 5 2025-03-06 02:08:53 PST
Committed 291689@main (151ef788a55c): <https://commits.webkit.org/291689@main> Reviewed commits have been landed. Closing PR #41987 and removing active labels.
Robert Jenner
Comment 6 2025-04-02 11:26:17 PDT
<rdar://problem/148446813>
EWS
Comment 7 2025-04-02 15:51:20 PDT
Committed 289651.394@safari-7621-branch (17307e3a0d8a): <https://commits.webkit.org/289651.394@safari-7621-branch> Reviewed commits have been landed. Closing PR #2944 and removing active labels.
Note You need to log in before you can comment on or make changes to this bug.