[webkit-dev] Stability problems involving Javascript GC
Zoltan Herczeg
zherczeg at inf.u-szeged.hu
Mon Dec 6 13:31:18 PST 2010
Crash in WTF::fastMalloc? Such things only happen if something overwrites
memory areas belongs to the memory manager (i.e overwrites some bytes
before or after a block returned by malloc). Try some valgrind equivalent
on mac to detect those writings into "red zones".
Regards,
Zoltan
>>> And here is a common sort of stack trace I'm getting (this one from
>>> 10.6)
>>> Thread 0 Crashed: Dispatch queue: com.apple.main-thread
>>> 0 com.apple.JavaScriptCore 0x9489f766 WTF::fastFree(void*)
>>> + 134
>>> 1 com.apple.WebCore 0x929be825
>>> WebCore::CSSSelectorList::deleteSelectors() + 389
>>> 2 com.apple.WebCore 0x92a38269
>>> WebCore::CSSStyleRule::~CSSStyleRule() + 57
>>> 3 com.apple.WebCore 0x929c3a04
>>> WTF::Vector<WTF::RefPtr<WebCore::StyleBase>, 0ul>::shrink(unsigned
>>> long) + 84
>>> 4 com.apple.WebCore 0x92a38193
>>> WebCore::StyleSheet::~StyleSheet() + 179
>>> 5 com.apple.WebCore 0x92a38066
>>> WebCore::CSSStyleSheet::~CSSStyleSheet() + 102
>>> 6 com.apple.WebCore 0x92a91074
>>> WTF::Vector<WTF::RefPtr<WebCore::StyleSheet>, 0ul>::shrink(unsigned
>>> long) + 84
>>> 7 com.apple.WebCore 0x92a29243
>>> WebCore::StyleSheetList::~StyleSheetList() + 67
>>> 8 com.apple.WebCore 0x92a28cd9
>>> WebCore::Document::~Document() + 3529
>>> 9 com.apple.WebCore 0x92a27f01
>>> WebCore::HTMLDocument::~HTMLDocument() + 129
>>> 10 com.apple.WebCore 0x92a27def
>>> WebCore::Node::~Node() + 431
>>> 11 com.apple.WebCore 0x92c05a21
>>> WebCore::HTMLIFrameElement::~HTMLIFrameElement() + 129
>>> 12 com.apple.WebCore 0x92b356fe
>>> WebCore::JSNode::~JSNode() + 382
>>> 13 com.apple.JavaScriptCore 0x9495a0d2 JSC::Heap::sweep() +
>>> 274
>>>
>>> I find it odd that main isn't seen in the stack, but it never is.
>>
>>> The crash nearly ALWAYS occurs in WTF::fastFree(), very
>>> occasionally occurring instead in some other memory management
>>> function.
>>
>> In the backtrace you've pasted, there's no direct link to JavaScript
>> GC. GC only appears in the backtrace because a JavaScript object
>> held the last reference to the DOM document object.
>>
>> There's a small chance that you've run into this bug, or one of its
>> relations: https://bugs.webkit.org/show_bug.cgi?id=50165.
>>
>> The best way to diagnose this is to provide a sample application
>> that demonstrates the crash in Bugzilla.
>>
>> Thanks,
>> Geoff
>
>
> Thought I'd post two other backtraces that differ from the above but
> are caused in the same way, in case someone here can see something in
> them I cannot.
>
> Thread 0 Crashed: Dispatch queue: com.apple.main-thread
> 0 com.apple.JavaScriptCore 0x9489e536
> WTF::TCMalloc_Central_FreeList::RemoveRange(void**, void**, int*) + 198
> 1 com.apple.JavaScriptCore 0x9489d258 WTF::fastMalloc(unsigned
> long) + 488
> 2 com.apple.WebCore 0x929850b2
> WebCore::StringWrapperCFAllocator::allocate(long, unsigned long,
> void*) + 66
> 3 com.apple.CoreFoundation 0x94d99a13 _CFRuntimeCreateInstance
> + 179
> 4 com.apple.CoreFoundation 0x94d9c1f5
> __CFStringCreateImmutableFunnel3 + 789
> 5 com.apple.CoreFoundation 0x94da3bd0
> CFStringCreateWithCharactersNoCopy + 96
> 6 com.apple.WebCore 0x929807bc
> WebCore::StringImpl::createCFString() + 124
> 7 com.apple.WebCore 0x92a0c547
> WebCore::ResourceRequest::doUpdatePlatformRequest() + 1159
> 8 com.apple.WebCore 0x92a0c0ab
> WebCore::ResourceRequestBase::updatePlatformRequest() const + 27
> 9 com.apple.WebCore 0x92a0c05d
> WebCore::ResourceRequest::nsURLRequest() const + 29
> 10 com.apple.WebKit 0x998a22f3
> WebFrameLoaderClient
> ::dispatchWillSendRequest(WebCore::DocumentLoader*, unsigned long,
> WebCore::ResourceRequest&, WebCore::ResourceResponse const&) + 163
> 11 com.apple.WebCore 0x93329151
> WebCore
> ::ResourceLoadNotifier
> ::dispatchWillSendRequest(WebCore::DocumentLoader*, unsigned long,
> WebCore::ResourceRequest&, WebCore::ResourceResponse const&) + 145
> 12 com.apple.WebCore 0x92a10ab2
> WebCore
> ::ResourceLoadNotifier::willSendRequest(WebCore::ResourceLoader*,
> WebCore::ResourceRequest&, WebCore::ResourceResponse const&) + 82
> 13 com.apple.WebCore 0x92a106d2
> WebCore::ResourceLoader::willSendRequest(WebCore::ResourceRequest&,
> WebCore::ResourceResponse const&) + 98
> 14 com.apple.WebCore 0x92abe8e0
> WebCore::SubresourceLoader::willSendRequest(WebCore::ResourceRequest&,
> WebCore::ResourceResponse const&) + 80
> 15 com.apple.WebCore 0x92abe084
> WebCore::ResourceLoader::load(WebCore::ResourceRequest const&) + 580
> 16 com.apple.WebCore 0x9334345e
> WebCore::SubresourceLoader::create(WebCore::Frame*,
> WebCore::SubresourceLoaderClient*, WebCore::ResourceRequest const&,
> WebCore::SecurityCheckPolicy, bool, bool) + 846
> 17 com.apple.WebCore 0x92a742b0
> WebCore
> ::Loader::Host::servePendingRequests(WTF::Deque<WebCore::Request*>&,
> bool&) + 912
> 18 com.apple.WebCore 0x92a73eff
> WebCore::Loader::Host::servePendingRequests(WebCore::Loader::Priority)
> + 79
> 19 com.apple.WebCore 0x92abd37f
> WebCore::Loader::load(WebCore::DocLoader*, WebCore::CachedResource*,
> bool, WebCore::SecurityCheckPolicy, bool) + 399
> 20 com.apple.WebCore 0x92abd1d0
> WebCore::CachedResource::load(WebCore::DocLoader*, bool,
> WebCore::SecurityCheckPolicy, bool) + 96
> 21 com.apple.WebCore 0x92afadf0
> WebCore::CachedResource::load(WebCore::DocLoader*) + 48
> 22 com.apple.WebCore 0x92abcc5f
> WebCore::Cache::requestResource(WebCore::DocLoader*,
> WebCore::CachedResource::Type, WebCore::KURL const&, WebCore::String
> const&, bool) + 191
> 23 com.apple.WebCore 0x92abc507
> WebCore::DocLoader::requestResource(WebCore::CachedResource::Type,
> WebCore::String const&, WebCore::String const&, bool) + 183
> 24 com.apple.WebCore 0x92ba6125
> WebCore::DocLoader::requestPreload(WebCore::CachedResource::Type,
> WebCore::String const&, WebCore::String const&) + 69
> 25 com.apple.WebCore 0x92b0a678
> WebCore::DocLoader::checkForPendingPreloads() + 440
> 26 com.apple.WebCore 0x92b09d51
> WebCore::Loader::Host::didFinishLoading(WebCore::SubresourceLoader*) +
> 193
> 27 com.apple.WebCore 0x92b09bfc
> WebCore::SubresourceLoader::didFinishLoading() + 44
> 28 com.apple.Foundation 0x972be56b -
> [NSURLConnection(NSURLConnectionReallyInternal) sendDidFinishLoading]
> + 84
> 29 com.apple.Foundation 0x972be4dc
> _NSURLConnectionDidFinishLoading + 133
> 30 com.apple.CFNetwork 0x9271c44b
> URLConnectionClient
> ::_clientDidFinishLoading
> (URLConnectionClient::ClientConnectionEventQueue*) + 197
> 31 com.apple.CFNetwork 0x92793b88
> URLConnectionClient
> ::ClientConnectionEventQueue
> ::processAllEventsAndConsumePayload(XConnectionEventInfo<XClientEvent,
> XClientEventParams>*, long) + 306
> 32 com.apple.CFNetwork 0x9270eab0
> URLConnectionClient::processEvents() + 94
> 33 com.apple.CFNetwork 0x9270e953
> MultiplexerSource::perform() + 183
> 34 com.apple.CoreFoundation 0x94dd54cb __CFRunLoopDoSources0 +
> 1563
> 35 com.apple.CoreFoundation 0x94dd2f8f __CFRunLoopRun + 1071
> 36 com.apple.CoreFoundation 0x94dd2464 CFRunLoopRunSpecific + 452
> 37 com.apple.CoreFoundation 0x94dd2291 CFRunLoopRunInMode + 97
> 38 com.apple.HIToolbox 0x91e33f58
> RunCurrentEventLoopInMode + 392
> 39 com.apple.HIToolbox 0x91e33d0f ReceiveNextEventCommon +
> 354
> 40 com.apple.HIToolbox 0x91e33b94
> BlockUntilNextEventMatchingListInMode + 81
> 41 com.apple.AppKit 0x9520d78d _DPSNextEvent + 847
> 42 com.apple.AppKit 0x9520cfce -[NSApplication
> nextEventMatchingMask:untilDate:inMode:dequeue:] + 156
> 43 com.apple.AppKit 0x951cf247 -[NSApplication run] + 821
> 44 com.apple.AppKit 0x951c72d9 NSApplicationMain + 574
> 45 net.infoplus.SALServer 0x00001f6c main + 30 (main.m:14)
> 46 net.infoplus.SALServer 0x00001f33 _start + 209
> 47 net.infoplus.SALServer 0x00001e61 start + 41
>
>
> =
> =
> =
> =
> =
> =
> =
> =
> =
> =
> =
> =
> =
> =
> =
> =
> =
> =
> =
> =
> =
> =
> =
> =
> =
> =
> =
> =
> =
> =
> =
> =
> =
> =
> =
> =
> =
> =
> =
> =
> =
> =
> =
> =
> =
> =
> =
> =
> =
> =
> =
> =
> =
> =
> =
> =
> =
> =
> =
> =
> =
> =
> =
> ========================================================================
>
> Thread 0 Crashed: Dispatch queue: com.apple.main-thread
> 0 com.apple.JavaScriptCore 0x9489e536
> WTF::TCMalloc_Central_FreeList::RemoveRange(void**, void**, int*) + 198
> 1 com.apple.JavaScriptCore 0x9489d258 WTF::fastMalloc(unsigned
> long) + 488
> 2 com.apple.JavaScriptCore 0x948a1202
> WebCore::StringImpl::create(unsigned short const*, unsigned int) + 66
> 3 com.apple.WebCore 0x92a3c0d9
> WebCore::CSSParser::parseFontFamily() + 345
> 4 com.apple.WebCore 0x929bbcfe
> WebCore::CSSParser::parseValue(int, bool) + 10126
> 5 com.apple.WebCore 0x929b4b0c cssyyparse(void*) + 10668
> 6 com.apple.WebCore 0x929b1fa0
> WebCore::CSSParser::parseSheet(WebCore::CSSStyleSheet*,
> WebCore::String const&) + 96
> 7 com.apple.WebCore 0x929b1ced
> WebCore::CSSStyleSheet::parseString(WebCore::String const&, bool) + 77
> 8 com.apple.WebCore 0x92b824f1
> WebCore::HTMLLinkElement::setCSSStyleSheet(WebCore::String const&,
> WebCore::KURL const&, WebCore::String const&,
> WebCore::CachedCSSStyleSheet const*) + 241
> 9 com.apple.WebCore 0x92b82368
> WebCore::CachedCSSStyleSheet::checkNotify() + 200
> 10 com.apple.WebCore 0x92b82030
> WebCore
> ::CachedCSSStyleSheet::data(WTF::PassRefPtr<WebCore::SharedBuffer>,
> bool) + 304
> 11 com.apple.WebCore 0x92b09dd4
> WebCore::Loader::Host::didFinishLoading(WebCore::SubresourceLoader*) +
> 324
> 12 com.apple.WebCore 0x92b09bfc
> WebCore::SubresourceLoader::didFinishLoading() + 44
> 13 com.apple.Foundation 0x972be56b -
> [NSURLConnection(NSURLConnectionReallyInternal) sendDidFinishLoading]
> + 84
> 14 com.apple.Foundation 0x972be4dc
> _NSURLConnectionDidFinishLoading + 133
> 15 com.apple.CFNetwork 0x9271c44b
> URLConnectionClient
> ::_clientDidFinishLoading
> (URLConnectionClient::ClientConnectionEventQueue*) + 197
> 16 com.apple.CFNetwork 0x92793b88
> URLConnectionClient
> ::ClientConnectionEventQueue
> ::processAllEventsAndConsumePayload(XConnectionEventInfo<XClientEvent,
> XClientEventParams>*, long) + 306
> 17 com.apple.CFNetwork 0x9270eab0
> URLConnectionClient::processEvents() + 94
> 18 com.apple.CFNetwork 0x9270e953
> MultiplexerSource::perform() + 183
> 19 com.apple.CoreFoundation 0x94dd54cb __CFRunLoopDoSources0 +
> 1563
> 20 com.apple.CoreFoundation 0x94dd2f8f __CFRunLoopRun + 1071
> 21 com.apple.CoreFoundation 0x94dd2464 CFRunLoopRunSpecific + 452
> 22 com.apple.CoreFoundation 0x94dd2291 CFRunLoopRunInMode + 97
> 23 com.apple.HIToolbox 0x91e33f58
> RunCurrentEventLoopInMode + 392
> 24 com.apple.HIToolbox 0x91e33d0f ReceiveNextEventCommon +
> 354
> 25 com.apple.HIToolbox 0x91e33b94
> BlockUntilNextEventMatchingListInMode + 81
> 26 com.apple.AppKit 0x9520d78d _DPSNextEvent + 847
> 27 com.apple.AppKit 0x9520cfce -[NSApplication
> nextEventMatchingMask:untilDate:inMode:dequeue:] + 156
> 28 com.apple.AppKit 0x951cf247 -[NSApplication run] + 821
> 29 com.apple.AppKit 0x951c72d9 NSApplicationMain + 574
> 30 net.infoplus.SALServer 0x00001f6c main + 30 (main.m:14)
> 31 net.infoplus.SALServer 0x00001f33 _start + 209
> 32 net.infoplus.SALServer 0x00001e61 start + 41
>
>
>
> CONFIDENTIALITY NOTICE: This email (and any related attachments) contains
> information from InfoPlus (a service of Bristol Capital, Inc.). It is
> intended only for the addressee and may contain information that is
> confidential and/or otherwise exempt from disclosure under applicable law.
> If you are not the intended recipient or are acting as agent for the
> intended recipient, any use or disclosure of this communication is
> prohibited. If you have received this communication in error, please
> notify me immediately to arrange for the appropriate method of returning
> or disposing of the communication. If our respective Companies have
> confidentiality provisions in effect, this email and the materials
> contained herein are deemed CONFIDENTIAL and should be treated accordingly
> unless expressly provided otherwise.
>
> _______________________________________________
> webkit-dev mailing list
> webkit-dev at lists.webkit.org
> http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev
>
More information about the webkit-dev
mailing list