RESOLVED FIXED 53853
Assertion failure in ~JSGlobalObject when loading apple.com HTML5 transitions demo page 
https://bugs.webkit.org/show_bug.cgi?id=53853
Summary Assertion failure in ~JSGlobalObject when loading apple.com HTML5 transitions...
Adam Roben (:aroben)
Reported 2011-02-05 07:10:52 PST
I went to these URLs, in this order (I think): http://webkit.org/blog-files/3d-transforms/poster-circle.html http://webkit.org/blog-files/3d-transforms/morphing-cubes.html http://annevankesteren.nl/ http://www.apple.com/html5/showcase/transitions/ When the last one was loading, I hit this assertion in ~JSGlobalObject(): ASSERT(JSLock::currentThreadIsHoldingLock()); Here's the backtrace: > JavaScriptCore.dll!JSC::JSGlobalObject::~JSGlobalObject() Line 97 + 0x2a bytes C++ WebKit.dll!WebCore::JSDOMGlobalObject::~JSDOMGlobalObject() + 0x16 bytes C++ WebKit.dll!WebCore::JSDOMWindowBase::~JSDOMWindowBase() + 0x16 bytes C++ WebKit.dll!WebCore::JSDOMWindow::~JSDOMWindow() Line 1090 + 0x8 bytes C++ WebKit.dll!WebCore::JSDOMWindow::`scalar deleting destructor'() + 0x16 bytes C++ JavaScriptCore.dll!JSC::MarkedSpace::sweep() Line 268 + 0x10 bytes C++ JavaScriptCore.dll!JSC::Heap::reset(JSC::Heap::SweepToggle sweepToggle=DoSweep) Line 386 C++ JavaScriptCore.dll!JSC::Heap::collectAllGarbage() Line 367 C++ JavaScriptCore.dll!JSC::Heap::reportExtraMemoryCostSlowCase(unsigned int cost=209083) Line 96 C++ WebKit.dll!JSC::Heap::reportExtraMemoryCost(unsigned int cost=209083) Line 169 C++ WebKit.dll!WebCore::HTMLImageLoader::notifyFinished(WebCore::CachedResource * __formal=0x0abaf7a0) Line 85 C++ WebKit.dll!WebCore::CachedImage::checkNotify() Line 316 + 0x13 bytes C++ WebKit.dll!WebCore::CachedImage::data(WTF::PassRefPtr<WebCore::SharedBuffer> data={...}, bool allDataReceived=true) Line 296 C++ WebKit.dll!WebCore::CachedResourceRequest::didFinishLoading(WebCore::SubresourceLoader * loader=0x064019f0) Line 161 C++ WebKit.dll!WebCore::SubresourceLoader::didFinishLoading(double finishTime=0.00000000000000000) Line 181 + 0x1f bytes C++ WebKit.dll!WebCore::ResourceLoader::didFinishLoading(WebCore::ResourceHandle * __formal=0x06846960, double finishTime=0.00000000000000000) Line 434 + 0x18 bytes C++ WebKit.dll!WebCore::didFinishLoading(_CFURLConnection * conn=0x0696b1f0, const void * clientInfo=0x06846960) Line 241 + 0x26 bytes C++ CFNetwork.dll!URLConnectionClient::_clientDidFinishLoading() + 0x2b bytes C++ CFNetwork.dll!URLConnectionClient::ClientConnectionEventQueue::processAllEventsAndConsumePayload() C++ CFNetwork.dll!URLConnectionClient::processEvents() + 0x21 bytes C++ CFNetwork.dll!URLConnectionWndProc() C++ user32.dll!_InternalCallWinProc@20() + 0x28 bytes user32.dll!_UserCallWinProcCheckWow@32() + 0xb7 bytes user32.dll!_DispatchMessageWorker@8() + 0xdc bytes user32.dll!_DispatchMessageW@4() + 0xf bytes WebKit.dll!RunLoop::run() Line 73 + 0xc bytes C++ WebKit.dll!WebKit::WebProcessMain(const WebKit::CommandLine & commandLine={...}) Line 82 C++ WebKit.dll!WebKitMain(const WebKit::CommandLine & commandLine={...}) Line 48 + 0x9 bytes C++ WebKit.dll!WebKitMain(HINSTANCE__ * hInstance=0x00400000, HINSTANCE__ * hPrevInstance=0x00000000, wchar_t * lpstrCmdLine=0x0002114c, int nCmdShow=10) Line 172 + 0x9 bytes C++ WebKit2WebProcess.exe!wWinMain(HINSTANCE__ * hInstance=0x00400000, HINSTANCE__ * hPrevInstance=0x00000000, wchar_t * lpstrCmdLine=0x0002114c, int nCmdShow=10) Line 44 + 0x18 bytes C++ WebKit2WebProcess.exe!__tmainCRTStartup() Line 589 + 0x1c bytes C kernel32.dll!_BaseProcessStart@4() + 0x23 bytes
Attachments
Patch (3.11 KB, patch)
2011-02-07 14:38 PST, Geoffrey Garen 		no flags
DetailsFormatted DiffDiff
Patch (3.59 KB, patch)
2011-02-07 14:48 PST, Geoffrey Garen 		no flags
DetailsFormatted DiffDiff
Patch (3.60 KB, patch)
2011-02-07 15:02 PST, Geoffrey Garen 		no flags
DetailsFormatted DiffDiff
Patch (3.62 KB, patch)
2011-02-07 15:20 PST, Geoffrey Garen 		darin: review+
DetailsFormatted DiffDiff
Show Obsolete (3) View All Add attachment proposed patch, testcase, etc.
Adam Roben (:aroben)
Comment 1 2011-02-06 08:01:59 PST
<rdar://problem/8964321>
Alexey Proskuryakov
Comment 2 2011-02-07 01:26:56 PST
I think that we're just trivially needing a JSLock(SilenceAssertionsOnly) in HTMLImageLoader::notifyFinished(). Same problem exists elsewhere, e.g. in XMLHttpRequest::dropProtection().
Geoffrey Garen
Comment 3 2011-02-07 14:38:29 PST
Created attachment 81521 [details] Patch
Geoffrey Garen
Comment 4 2011-02-07 14:40:07 PST
Comment on attachment 81521 [details] Patch Marking cq+ so the bot can land this.
Collabora GTK+ EWS bot
Comment 5 2011-02-07 14:42:03 PST
Attachment 81521 [details] did not build on gtk: Build output: http://queues.webkit.org/results/7705806
Geoffrey Garen
Comment 6 2011-02-07 14:48:57 PST
Created attachment 81526 [details] Patch
Geoffrey Garen
Comment 7 2011-02-07 14:49:19 PST
Comment on attachment 81526 [details] Patch One more time, with the build (hopefully) fixed.
Collabora GTK+ EWS bot
Comment 8 2011-02-07 14:51:38 PST
Attachment 81526 [details] did not build on gtk: Build output: http://queues.webkit.org/results/7711042
Early Warning System Bot
Comment 9 2011-02-07 14:52:34 PST
Attachment 81521 [details] did not build on qt: Build output: http://queues.webkit.org/results/7711043
Build Bot
Comment 10 2011-02-07 15:00:19 PST
Attachment 81521 [details] did not build on win: Build output: http://queues.webkit.org/results/7711047
Geoffrey Garen
Comment 11 2011-02-07 15:02:53 PST
Created attachment 81534 [details] Patch
Geoffrey Garen
Comment 12 2011-02-07 15:04:43 PST
Comment on attachment 81534 [details] Patch This time for all the bananas.
Collabora GTK+ EWS bot
Comment 13 2011-02-07 15:12:49 PST
Attachment 81534 [details] did not build on gtk: Build output: http://queues.webkit.org/results/7708523
Darin Adler
Comment 14 2011-02-07 15:19:44 PST
Comment on attachment 81534 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=81534&action=review r=me, except I think you need to get the namespace stuff right so it doesn’t break the GTK build > Source/WebCore/html/HTMLCanvasElement.cpp:416 > + JSC::JSLock lock(SilenceAssertionsOnly); If it’s JSC::JSLock, then it should also be JSC::SilenceAssertionsOnly, right?
Geoffrey Garen
Comment 15 2011-02-07 15:20:57 PST
Created attachment 81540 [details] Patch
Geoffrey Garen
Comment 16 2011-02-07 15:37:30 PST
Committed r77853: <http://trac.webkit.org/changeset/77853>
Note You need to log in before you can comment on or make changes to this bug.