67413 – [Chromium]Web Inspector: inspected page with dedicated worker crashes on refresh

Bug 67413 - [Chromium]Web Inspector: inspected page with dedicated worker crashes on refresh

Summary: [Chromium]Web Inspector: inspected page with dedicated worker crashes on refresh

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	Web Inspector (Deprecated) (show other bugs)
Version:	528+ (Nightly build)
Hardware:	All All

Importance:	P2 Normal
Assignee:	Dmitry Lomov

URL:
Keywords:

Depends on:
Blocks:

Reported:	2011-09-01 09:37 PDT by Yury Semikhatsky
Modified:	2011-09-07 00:49 PDT (History)
CC List:	12 users (show)

See Also:

Attachments
This patch enforces lifetime ordering between WorkerInspectorController and WorkerScriptController. (2.63 KB, patch) 2011-09-06 17:34 PDT, Dmitry Lomov	no flags	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Yury Semikhatsky 2011-09-01 09:37:02 PDT

1. Open a page with dedicated worker
2. Inspect the worker
3. Try to reload the page

Result:
Page crashes.

Stack trace:
(gdb) bt
#0  0x00007fffea5bda75 in raise (sig=<value optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1  0x00007fffea5c15c0 in abort () at abort.c:92
#2  0x00007ffff312e09f in v8::internal::OS::Abort () at v8/src/platform-linux.cc:421
#3  0x00007ffff2e329ce in V8_Fatal (file=0x7ffff5dc6bc4 "v8/src/isolate.h", line=444, format=0x7ffff5dc6890 "CHECK(%s) failed")
    at v8/src/checks.cc:58
#4  0x00007ffff2de95a8 in CheckHelper (file=0x7ffff5dc6bc4 "v8/src/isolate.h", line=444, source=0x7ffff5dc6bb2 "isolate != __null", 
    condition=false) at v8/src/checks.h:60
#5  0x00007ffff2e06ab2 in v8::internal::Isolate::Current () at v8/src/isolate.h:444
#6  0x00007ffff2e329c1 in V8_Fatal (file=0x7ffff5dc6bc4 "v8/src/isolate.h", line=444, format=0x7ffff5dc6890 "CHECK(%s) failed")
    at v8/src/checks.cc:55
#7  0x00007ffff2de95a8 in CheckHelper (file=0x7ffff5dc6bc4 "v8/src/isolate.h", line=444, source=0x7ffff5dc6bb2 "isolate != __null", 
    condition=false) at v8/src/checks.h:60
#8  0x00007ffff2e06ab2 in v8::internal::Isolate::Current () at v8/src/isolate.h:444
#9  0x00007ffff2e329c1 in V8_Fatal (file=0x7ffff5dc6bc4 "v8/src/isolate.h", line=444, format=0x7ffff5dc6890 "CHECK(%s) failed")
    at v8/src/checks.cc:55
#10 0x00007ffff2de95a8 in CheckHelper (file=0x7ffff5dc6bc4 "v8/src/isolate.h", line=444, source=0x7ffff5dc6bb2 "isolate != __null", 
    condition=false) at v8/src/checks.h:60
#11 0x00007ffff2e06ab2 in v8::internal::Isolate::Current () at v8/src/isolate.h:444
#12 0x00007ffff2deaa9b in v8::V8::IsGlobalWeak (obj=0x7fffd35702a0) at v8/src/api.cc:622
#13 0x00007ffff393efa5 in v8::Persistent<v8::Object>::IsWeak (this=0x7fffd612e580) at v8/include/v8.h:3865
#14 0x00007ffff393e95a in WebCore::OwnHandle<v8::Object>::clear (this=0x7fffd612e580)
    at third_party/WebKit/Source/WebCore/bindings/v8/OwnHandle.h:53
#15 0x00007ffff393e5a4 in WebCore::OwnHandle<v8::Object>::~OwnHandle (this=0x7fffd612e580, __in_chrg=<value optimized out>)
    at third_party/WebKit/Source/WebCore/bindings/v8/OwnHandle.h:43
#16 0x00007ffff393e3d0 in WebCore::ScriptDebugServer::~ScriptDebugServer (this=0x7fffd612e570, __in_chrg=<value optimized out>)
    at third_party/WebKit/Source/WebCore/bindings/v8/ScriptDebugServer.h:92
#17 0x00007ffff3dd044a in WebCore::WorkerScriptDebugServer::~WorkerScriptDebugServer (this=0x7fffd612e570, __in_chrg=<value optimized out>)
    at third_party/WebKit/Source/WebCore/bindings/v8/WorkerScriptDebugServer.h:46
#18 0x00007ffff3dd0326 in WebCore::WorkerDebuggerAgent::~WorkerDebuggerAgent (this=0x7fffd612e480, __in_chrg=<value optimized out>)
    at third_party/WebKit/Source/WebCore/inspector/WorkerDebuggerAgent.cpp:53
#19 0x00007ffff3af9a5c in WTF::deleteOwnedPtr<WebCore::InspectorDebuggerAgent> (ptr=0x7fffd612e480)
    at third_party/WebKit/Source/JavaScriptCore/wtf/OwnPtrCommon.h:65
#20 0x00007ffff3af8765 in WTF::OwnPtr<WebCore::InspectorDebuggerAgent>::~OwnPtr (this=0x7fffd356c070, __in_chrg=<value optimized out>)
    at third_party/WebKit/Source/JavaScriptCore/wtf/OwnPtr.h:54
#21 0x00007ffff3b5586e in WebCore::WorkerInspectorController::~WorkerInspectorController (this=0x7fffd356c050, __in_chrg=<value optimized out>)
    at third_party/WebKit/Source/WebCore/inspector/WorkerInspectorController.cpp:119
#22 0x00007ffff3cc8a43 in WTF::deleteOwnedPtr<WebCore::WorkerInspectorController> (ptr=0x7fffd356c050)
    at third_party/WebKit/Source/JavaScriptCore/wtf/OwnPtrCommon.h:65
#23 0x00007ffff3cc7d05 in WTF::OwnPtr<WebCore::WorkerInspectorController>::~OwnPtr (this=0x7fffd542e6b0, __in_chrg=<value optimized out>)
    at third_party/WebKit/Source/JavaScriptCore/wtf/OwnPtr.h:54
#24 0x00007ffff3cc4ee4 in WebCore::WorkerContext::~WorkerContext (this=0x7fffd542e400, __in_chrg=<value optimized out>)
    at third_party/WebKit/Source/WebCore/workers/WorkerContext.cpp:131
#25 0x00007ffff3e25a0c in WebCore::DedicatedWorkerContext::~DedicatedWorkerContext (this=0x7fffd542e400, __in_chrg=<value optimized out>)
    at third_party/WebKit/Source/WebCore/workers/DedicatedWorkerContext.h:43
#26 0x00007ffff3cc3bcf in WTF::RefCounted<WebCore::WorkerContext>::deref (this=0x7fffd542e5f0)
    at third_party/WebKit/Source/JavaScriptCore/wtf/RefCounted.h:184
#27 0x00007ffff3cd3d76 in WTF::derefIfNotNull<WebCore::WorkerContext> (ptr=0x7fffd542e400)
    at third_party/WebKit/Source/JavaScriptCore/wtf/PassRefPtr.h:59
#28 0x00007ffff3cd3b8e in WTF::RefPtr<WebCore::WorkerContext>::operator= (this=0x7fffd611ec20, optr=0x0)
    at third_party/WebKit/Source/JavaScriptCore/wtf/RefPtr.h:135
#29 0x00007ffff3cd334c in WebCore::WorkerThread::workerThread (this=0x7fffd611eb40)
    at third_party/WebKit/Source/WebCore/workers/WorkerThread.cpp:149
#30 0x00007ffff3cd30ea in WebCore::WorkerThread::workerThreadStart (thread=0x7fffd611eb40)
    at third_party/WebKit/Source/WebCore/workers/WorkerThread.cpp:118
#31 0x00007ffff4f0c6e1 in WTF::threadEntryPoint (contextData=0x7fffd33d2c00) at third_party/WebKit/Source/JavaScriptCore/wtf/Threading.cpp:67
#32 0x00007fffed0a49ca in start_thread (arg=<value optimized out>) at pthread_create.c:300
#33 0x00007fffea67070d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#34 0x0000000000000000 in ?? ()

Comment 1 Yury Semikhatsky 2011-09-01 10:07:26 PDT

The problem is that the worker isolate is destroyed before the ScriptDebugServer which holds OwnHandle on an object from the isolate. Dmitry, could you take a look at this?


(gdb) bt
#0  v8::Isolate::Dispose (this=0x7fffd35da000) at v8/src/api.cc:5052
#1  0x00007ffff397eb59 in WebCore::WorkerScriptController::~WorkerScriptController (this=0x7fffd35d9a00, __in_chrg=<value optimized out>)
    at third_party/WebKit/Source/WebCore/bindings/v8/WorkerScriptController.cpp:70
#2  0x00007ffff3cc76e1 in WTF::deleteOwnedPtr<WebCore::WorkerScriptController> (ptr=0x7fffd35d9a00)
    at third_party/WebKit/Source/JavaScriptCore/wtf/OwnPtrCommon.h:65
#3  0x00007ffff3cd29a0 in WTF::OwnPtr<WebCore::WorkerScriptController>::clear (this=0x7fffd9a2b290)
    at third_party/WebKit/Source/JavaScriptCore/wtf/OwnPtr.h:99
#4  0x00007ffff3cd2528 in WebCore::WorkerContext::clearScript (this=0x7fffd9a2b000)
    at third_party/WebKit/Source/WebCore/workers/WorkerContext.h:81
#5  0x00007ffff3cd26dc in WebCore::WorkerThreadShutdownFinishTask::performTask (this=0x7fffd37cef10, context=0x7fffd9a2b000)
    at third_party/WebKit/Source/WebCore/workers/WorkerThread.cpp:178
#6  0x00007ffff3cce7e0 in WebCore::WorkerRunLoop::Task::performTask (this=0x7fffd353a540, context=0x7fffd9a2b000)
    at third_party/WebKit/Source/WebCore/workers/WorkerRunLoop.cpp:200
#7  0x00007ffff3cce598 in WebCore::WorkerRunLoop::runInMode (this=0x7fffdf367a30, context=0x7fffd9a2b000, predicate=...)
    at third_party/WebKit/Source/WebCore/workers/WorkerRunLoop.cpp:164
#8  0x00007ffff3cce32d in WebCore::WorkerRunLoop::run (this=0x7fffdf367a30, context=0x7fffd9a2b000)
    at third_party/WebKit/Source/WebCore/workers/WorkerRunLoop.cpp:135
#9  0x00007ffff3cd23eb in WebCore::WorkerThread::runEventLoop (this=0x7fffdf367a00)
    at third_party/WebKit/Source/WebCore/workers/WorkerThread.cpp:163
#10 0x00007ffff3cc2b29 in WebCore::DedicatedWorkerThread::runEventLoop (this=0x7fffdf367a00)
    at third_party/WebKit/Source/WebCore/workers/DedicatedWorkerThread.cpp:66
#11 0x00007ffff3cd2309 in WebCore::WorkerThread::workerThread (this=0x7fffdf367a00)
    at third_party/WebKit/Source/WebCore/workers/WorkerThread.cpp:141
#12 0x00007ffff3cd212e in WebCore::WorkerThread::workerThreadStart (thread=0x7fffdf367a00)
    at third_party/WebKit/Source/WebCore/workers/WorkerThread.cpp:118
#13 0x00007ffff4f0b721 in WTF::threadEntryPoint (contextData=0x7fffe004d8c0) at third_party/WebKit/Source/JavaScriptCore/wtf/Threading.cpp:67
#14 0x00007fffed0a39ca in start_thread (arg=<value optimized out>) at pthread_create.c:300
#15 0x00007fffea66f70d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#16 0x0000000000000000 in ?? ()

Comment 2 Dmitry Lomov 2011-09-06 17:34:30 PDT

Created attachment 106524 [details]
This patch enforces lifetime ordering between WorkerInspectorController and WorkerScriptController.

Comment 3 Dmitry Lomov 2011-09-06 20:57:12 PDT

Comment on attachment 106524 [details]
This patch enforces lifetime ordering between WorkerInspectorController and WorkerScriptController. 

chromium trybots are happy

Comment 4 WebKit Review Bot 2011-09-07 00:49:31 PDT

Comment on attachment 106524 [details]
This patch enforces lifetime ordering between WorkerInspectorController and WorkerScriptController. 

Clearing flags on attachment: 106524

Committed r94647: <http://trac.webkit.org/changeset/94647>

Comment 5 WebKit Review Bot 2011-09-07 00:49:37 PDT

All reviewed patches have been landed.  Closing bug.