NEW 81574
ASSERTION FAILED: !m_suspended causing "crashes" on Lion Intel Debug WebKit2 testers 
https://bugs.webkit.org/show_bug.cgi?id=81574
Summary ASSERTION FAILED: !m_suspended causing "crashes" on Lion Intel Debug WebKit2 ...
Jessie Berlin
Reported 2012-03-19 15:44:59 PDT
void SuspendableTimer::suspend(ReasonForSuspension) { #if !ASSERT_DISABLED ASSERT(!m_suspended); m_suspended = true; #endif m_active = isActive(); if (m_active) { m_nextFireInterval = nextFireInterval(); m_repeatInterval = repeatInterval(); TimerBase::stop(); } } Unfortunately, I don't know when this started due to the state of our tests. I also cannot reproduce this locally, and it doesn't always show up on the bots (see http://build.webkit.org/results/Lion%20Intel%20Debug%20(WebKit2%20Tests)/r111245%20(5052)/results.html where it didn't happen and http://build.webkit.org/results/Lion%20Intel%20Debug%20(WebKit2%20Tests)/r111254%20(5053)/results.html where it did. NRWT is not good at correctly associating crash logs with the tests that crashed. However, I have a suspicion that it is happening while running fast/loader/stateobjects/document-destroyed-navigate-back.html, since the backtrace is about a JS alert, and fast/loader/stateobjects/document-destroyed-navigate-back.html is the only one of the tests that crashed in http://build.webkit.org/results/Lion%20Intel%20Debug%20(WebKit2%20Tests)/r111233%20(5050)/results.html that uses JS alerts. http://build.webkit.org/results/Lion%20Intel%20Debug%20(WebKit2%20Tests)/r111233%20(5050)/fullscreen/full-screen-twice-crash-log.txt
Attachments
Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2012-03-19 15:45:19 PDT
<rdar://problem/11077302>
Alexey Proskuryakov
Comment 2 2012-03-19 20:22:49 PDT
See also: bug 35220.
Simon Fraser (smfr)
Comment 3 2012-04-18 10:27:24 PDT
This seems to happen often under JS alert() and confirm() dialogs: 0 com.apple.WebCore 0x0000000107a231fd WebCore::SuspendableTimer::resume() + 93 (SuspendableTimer.cpp:76) 1 com.apple.WebCore 0x0000000107a2325c non-virtual thunk to WebCore::SuspendableTimer::resume() + 28 2 com.apple.WebCore 0x000000010791e449 WebCore::ScriptExecutionContext::resumeActiveDOMObjects() + 361 (ScriptExecutionContext.cpp:211) 3 com.apple.WebCore 0x00000001067faaec WebCore::Document::resumeActiveDOMObjects() + 28 (Document.cpp:2048) 4 com.apple.WebCore 0x0000000106806810 WebCore::Document::resumeScheduledTasks() + 176 (Document.cpp:5092) 5 com.apple.WebCore 0x00000001075b8513 WebCore::PageGroupLoadDeferrer::~PageGroupLoadDeferrer() + 163 (PageGroupLoadDeferrer.cpp:70) 6 com.apple.WebCore 0x00000001075b8465 WebCore::PageGroupLoadDeferrer::~PageGroupLoadDeferrer() + 21 (PageGroupLoadDeferrer.cpp:73) 7 com.apple.WebCore 0x000000010654aa4d WebCore::Chrome::runJavaScriptAlert(WebCore::Frame*, WTF::String const&) + 349 (Chrome.cpp:311) 8 com.apple.WebCore 0x000000010699197d WebCore::DOMWindow::alert(WTF::String const&) + 141 (DOMWindow.cpp:967) 9 com.apple.WebCore 0x0000000106fd2a89 WebCore::jsDOMWindowPrototypeFunctionAlert(JSC::ExecState*) + 873 (JSDOMWindow.cpp:11401) 10 ??? 0x00003756dc401258 0 + 60846201901656 11 com.apple.JavaScriptCore 0x0000000105992099 JSC::JITCode::execute(JSC::RegisterFile*, JSC::ExecState*, JSC::JSGlobalData*) + 121 (JITCode.h:127) 12 com.apple.JavaScriptCore 0x000000010598eb58 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 1752 (Interpreter.cpp:1270) 13 com.apple.JavaScriptCore 0x00000001058584db JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 315 (CallData.cpp:39) 14 com.apple.WebCore 0x0000000106ec6ca3 WebCore::JSMainThreadExecState::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 179 (JSMainThreadExecState.h:56) 15 com.apple.WebCore 0x0000000106ec691e WebCore::JSCallbackData::invokeCallback(JSC::JSValue, JSC::MarkedArgumentBuffer&, bool*) + 878 (JSCallbackData.cpp:78) 16 com.apple.WebCore 0x0000000106ec6599 WebCore::JSCallbackData::invokeCallback(JSC::MarkedArgumentBuffer&, bool*) + 169 (JSCallbackData.cpp:48) 17 com.apple.WebCore 0x0000000106f3e2d7 WebCore::JSCustomVoidCallback::handleEvent() + 247 (JSCustomVoidCallback.cpp:68) 18 com.apple.WebCore 0x00000001079d341e WebCore::SQLTransaction::deliverSuccessCallback() + 126 (SQLTransaction.cpp:539) 19 com.apple.WebCore 0x00000001079d3ce0 WebCore::SQLTransaction::performPendingCallback() + 608 (SQLTransaction.cpp:215) 20 com.apple.WebCore 0x000000010678cf3b WebCore::DeliverPendingCallbackTask::performTask(WebCore::ScriptExecutionContext*) + 43 (Database.cpp:347) 21 com.apple.WebCore 0x00000001067f09c8 WebCore::Document::pendingTasksTimerFired(WebCore::Timer<WebCore::Document>*) + 200 (Document.cpp:5071) 22 com.apple.WebCore 0x0000000106837353 WebCore::Timer<WebCore::Document>::fired() + 115 (Timer.h:100) 23 com.apple.WebCore 0x0000000107bd40b7 WebCore::ThreadTimers::sharedTimerFiredInternal() + 311 (ThreadTimers.cpp:118) 0 com.apple.WebCore 0x000000010bded1fd WebCore::SuspendableTimer::resume() + 93 (SuspendableTimer.cpp:76) 1 com.apple.WebCore 0x000000010bded25c non-virtual thunk to WebCore::SuspendableTimer::resume() + 28 2 com.apple.WebCore 0x000000010bce8449 WebCore::ScriptExecutionContext::resumeActiveDOMObjects() + 361 (ScriptExecutionContext.cpp:211) 3 com.apple.WebCore 0x000000010abc4aec WebCore::Document::resumeActiveDOMObjects() + 28 (Document.cpp:2048) 4 com.apple.WebCore 0x000000010abd0810 WebCore::Document::resumeScheduledTasks() + 176 (Document.cpp:5092) 5 com.apple.WebCore 0x000000010b982513 WebCore::PageGroupLoadDeferrer::~PageGroupLoadDeferrer() + 163 (PageGroupLoadDeferrer.cpp:70) 6 com.apple.WebCore 0x000000010b982465 WebCore::PageGroupLoadDeferrer::~PageGroupLoadDeferrer() + 21 (PageGroupLoadDeferrer.cpp:73) 7 com.apple.WebCore 0x000000010a914bdc WebCore::Chrome::runJavaScriptConfirm(WebCore::Frame*, WTF::String const&) + 380 (Chrome.cpp:324) 8 com.apple.WebCore 0x000000010ad5ba25 WebCore::DOMWindow::confirm(WTF::String const&) + 149 (DOMWindow.cpp:980) 9 com.apple.WebCore 0x000000010b39ce39 WebCore::jsDOMWindowPrototypeFunctionConfirm(JSC::ExecState*) + 873 (JSDOMWindow.cpp:11417) 10 ??? 0x0000000110357258 0 + 4566905432 11 com.apple.JavaScriptCore 0x0000000109d5c099 JSC::JITCode::execute(JSC::RegisterFile*, JSC::ExecState*, JSC::JSGlobalData*) + 121 (JITCode.h:127) 12 com.apple.JavaScriptCore 0x0000000109d58b58 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 1752 (Interpreter.cpp:1270) 13 com.apple.JavaScriptCore 0x0000000109c224db JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 315 (CallData.cpp:39) 14 com.apple.WebCore 0x000000010b290ca3 WebCore::JSMainThreadExecState::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 179 (JSMainThreadExecState.h:56) 15 com.apple.WebCore 0x000000010b3dd664 WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext*, WebCore::Event*) + 1412 (JSEventListener.cpp:132) 16 com.apple.WebCore 0x000000010ae02d79 WebCore::EventTarget::fireEventListeners(WebCore::Event*, WebCore::EventTargetData*, WTF::Vector<WebCore::RegisteredEventListener, 1ul>&) + 393 (EventTarget.cpp:232) 17 com.apple.WebCore 0x000000010ae02bbb WebCore::EventTarget::fireEventListeners(WebCore::Event*) + 331 (EventTarget.cpp:200) 18 com.apple.WebCore 0x000000010ad56f07 WebCore::DOMWindow::dispatchEvent(WTF::PassRefPtr<WebCore::Event>, WTF::PassRefPtr<WebCore::EventTarget>) + 359 (DOMWindow.cpp:1596) 19 com.apple.WebCore 0x000000010ad5e11b WebCore::DOMWindow::dispatchLoadEvent() + 395 (DOMWindow.cpp:1570) 20 com.apple.WebCore 0x000000010abc54b2 WebCore::Document::dispatchWindowLoadEvent() + 146 (Document.cpp:3862) 21 com.apple.WebCore 0x000000010abc28f4 WebCore::Document::implicitClose() + 516 (Document.cpp:2356) 22 com.apple.WebCore 0x000000010ae9519b WebCore::FrameLoader::checkCallImplicitClose() + 155 (FrameLoader.cpp:779) 23 com.apple.WebCore 0x000000010ae94e55 WebCore::FrameLoader::checkCompleted() + 341 (FrameLoader.cpp:726) 24 com.apple.WebCore 0x000000010ae93c13 WebCore::FrameLoader::finishedParsing() + 179 (FrameLoader.cpp:659) 25 com.apple.WebCore 0x000000010abceaff WebCore::Document::finishedParsing() + 591 (Document.cpp:4606) 26 com.apple.WebCore 0x000000010b08aad4 WebCore::HTMLTreeBuilder::finished() + 148 (HTMLTreeBuilder.cpp:2819) 27 com.apple.WebCore 0x000000010afb3c43 WebCore::HTMLDocumentParser::end() + 227 (HTMLDocumentParser.cpp:382) 28 com.apple.WebCore 0x000000010afb2b66 WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd() + 278 (HTMLDocumentParser.cpp:391) 29 com.apple.WebCore 0x000000010afb293c WebCore::HTMLDocumentParser::prepareToStopParsing() + 268 (HTMLDocumentParser.cpp:154) 30 com.apple.WebCore 0x000000010afb3c93 WebCore::HTMLDocumentParser::attemptToEnd() + 67 (HTMLDocumentParser.cpp:403) 31 com.apple.WebCore 0x000000010afb3ce8 WebCore::HTMLDocumentParser::finish() + 72 (HTMLDocumentParser.cpp:430) 32 com.apple.WebCore 0x000000010ac2d247 WebCore::DocumentWriter::end() + 391 (DocumentWriter.cpp:242) 33 com.apple.WebCore 0x000000010ac0b7ec WebCore::DocumentLoader::finishedLoading() + 172 (DocumentLoader.cpp:294) 34 com.apple.WebCore 0x000000010b884cbe WebCore::MainResourceLoader::didFinishLoading(double) + 318 (MainResourceLoader.cpp:481) 35 com.apple.WebCore 0x000000010bc8b295 WebCore::ResourceLoader::didFinishLoading(WebCore::ResourceHandle*, double) + 53 (ResourceLoader.cpp:433) 36 com.apple.WebCore 0x000000010bc87e15 -[WebCoreResourceHandleAsDelegate connectionDidFinishLoading:] + 197 (ResourceHandleMac.mm:861) 37 com.apple.Foundation 0x00007fff8c997662 ___NSURLConnectionDidFinishLoading_block_invoke_1 + 122 38 com.apple.Foundation 0x00007fff8c9975e2 _NSURLConnectionDidFinishLoading + 81 39 com.apple.CFNetwork 0x00007fff873cb4fe URLConnectionClient::_clientDidFinishLoading(URLConnectionClient::ClientConnectionEventQueue*) + 296 40 com.apple.CFNetwork 0x00007fff8747b91e URLConnectionClient::ClientConnectionEventQueue::processAllEventsAndConsumePayload(XConnectionEventInfo<XClientEvent, XClientEventParams>*, long) + 862 41 com.apple.CFNetwork 0x00007fff873a6389 URLConnectionClient::processEvents() + 185
Simon Fraser (smfr)
Comment 4 2012-04-18 10:32:19 PDT
Tests where this crash has been seen: svg/W3C-SVG-1.1-SE/color-prop-05-t.svg
Alexey Proskuryakov
Comment 5 2012-04-18 10:36:35 PDT
Failing during test runs is particularly mysterious - modal dialogs are no-ops, so all this does it suspend and immediately resume everything.
Yong Li
Comment 6 2012-04-18 11:45:43 PDT
Welcome to this tricky area! This means JS had been executed when the modal dialog was open. It could be some event listener. We probably need a universal solution to prevent JS reentrancy, but have to keep JS debugger working.
Brady Eidson
Comment 7 2012-04-18 11:57:02 PDT
(In reply to comment #6) > Welcome to this tricky area! This means JS had been executed when the modal dialog was open. It could be some event listener. We probably need a universal solution to prevent JS reentrancy, but have to keep JS debugger working. Except this is in DRT and as Alexey stated: >Failing during test runs is particularly mysterious - modal dialogs are no-ops, so all this does it suspend and immediately resume everything. Unless something has drastically changed about DRT that both Alexey and I are unaware of where DRT executes JS during modal dialog calls?
Yong Li
Comment 8 2012-04-18 12:13:32 PDT
(In reply to comment #7) > (In reply to comment #6) > > Welcome to this tricky area! This means JS had been executed when the modal dialog was open. It could be some event listener. We probably need a universal solution to prevent JS reentrancy, but have to keep JS debugger working. > > Except this is in DRT and as Alexey stated: > > >Failing during test runs is particularly mysterious - modal dialogs are no-ops, so all this does it suspend and immediately resume everything. > > Unless something has drastically changed about DRT that both Alexey and I are unaware of where DRT executes JS during modal dialog calls? I am unaware, too. This is what needs to be dig out.
Jessie Berlin
Comment 9 2012-08-30 16:38:49 PDT
This is one of the number 1 "crashers" on the ML Debug WK2 bots, especially when running the inspector tests: http://build.webkit.org/results/Apple%20MountainLion%20Debug%20WK2%20(Tests)/r127193%20(457)/inspector/console/console-assert-crash-log.txt http://build.webkit.org/results/Apple%20MountainLion%20Debug%20WK2%20(Tests)/r127193%20(457)/inspector/debugger/function-details-crash-log.txt http://build.webkit.org/results/Apple%20MountainLion%20Debug%20WK2%20(Tests)/r127193%20(457)/inspector/debugger/debugger-suspend-active-dom-objects-crash-log.txt http://build.webkit.org/results/Apple%20MountainLion%20Debug%20WK2%20(Tests)/r127193%20(457)/inspector/debugger/debugger-reload-on-pause-crash-log.txt http://build.webkit.org/results/Apple%20MountainLion%20Debug%20WK2%20(Tests)/r127193%20(457)/inspector/debugger/debugger-step-in-crash-log.txt http://build.webkit.org/results/Apple%20MountainLion%20Debug%20WK2%20(Tests)/r127193%20(457)/inspector/debugger/debugger-activation-crash-crash-log.txt http://build.webkit.org/results/Apple%20MountainLion%20Debug%20WK2%20(Tests)/r127193%20(457)/inspector/debugger/debugger-eval-on-call-frame-crash-log.txt http://build.webkit.org/results/Apple%20MountainLion%20Debug%20WK2%20(Tests)/r127193%20(457)/inspector/debugger/script-extract-outline-crash-log.txt http://build.webkit.org/results/Apple%20MountainLion%20Debug%20WK2%20(Tests)/r127193%20(457)/inspector/debugger/debugger-pause-on-exception-crash-log.txt
Alexey Proskuryakov
Comment 10 2013-03-20 10:01:16 PDT
See also: bug 97124.
Blaze Burg
Comment 11 2016-08-03 11:02:18 PDT
Has this reproduced recently on Yosemite+ ?
Note You need to log in before you can comment on or make changes to this bug.