Bug 36336 - [v8] Crash if the worker is terminated before its initial script is executed.
Summary: [v8] Crash if the worker is terminated before its initial script is executed.
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebCore JavaScript (show other bugs)
Version: 528+ (Nightly build)
Hardware: All All
: P2 Normal
Assignee: Dmitry Titov
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2010-03-18 16:43 PDT by Dmitry Titov
Modified: 2010-03-22 19:22 PDT (History)
2 users (show)

See Also:

Attachments
Patch. (6.97 KB, patch)
2010-03-18 16:53 PDT, Dmitry Titov 		japhet: review+
dimich: commit-queue-
Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Dmitry Titov 2010-03-18 16:43:49 PDT 
TerminateExecution() which happens during v8 initialization will terminate init and return NULL context. Need a check.
Comment 1 Dmitry Titov 2010-03-18 16:53:19 PDT 
Created attachment 51111 [details]
Patch.

I figured out a test for this, but it is a flakey test (because of timing involved). Thankfully, when it hits unfortunate timing, it is a false positive. When it fails, it's a failure.
Comment 2 Nate Chapin 2010-03-19 14:53:34 PDT 
Comment on attachment 51111 [details]
Patch.

Ok.

My only concern is with the (admittedly unavoidable) inherently flaky test. Do you happen to know what the false positive rate is?
Comment 3 Dmitry Titov 2010-03-22 18:11:04 PDT 
> My only concern is with the (admittedly unavoidable) inherently flaky test. Do
> you happen to know what the false positive rate is?

It's fairly 'stable'. The v8 initialization takes ~50ms on a 2.6GHz machine, debug build. The termination request comes right about in the middle of that range at the moment, so I have 100% repro rate on my local Mac.
Comment 4 Dmitry Titov 2010-03-22 19:22:09 PDT 
Landed: http://trac.webkit.org/changeset/56375