[webkit-dev] Crashing Workers Code?

Dmitry Titov dimich at chromium.org
Mon Mar 29 17:14:23 PDT 2010


I believe thee is more then one underlying issue.

For example, tests that fail with "CONSOLE MESSAGE: line 3: JavaScript
execution exceeded timeout." - seems this is legit since JSC workers are
terminated by setting a 1-ms timeout. V8 workers terminate by throwing
exception of a special kind and then checking for it in C++ code. In JCS
case, we likely should disable the message once WorkerThread::stop() was
invoked.

I'm trying to catch one elusive crash for some time now. It's in Chromium
but perhaps it's the same thing. It manifests like this:

ASSERTION FAILED: !m_sharedBuffer
(/b/slave/mac/build/src/third_party/WebKit/WebCore/WebCore.gyp/../platform/text/StringImpl.cpp:59
WebCore::StringImpl::~StringImpl())

or like this:

Test: worker-cloneport.html
Chromium Helper(1774,0xb00a1000) malloc: *** error for object 0x241e260:
double free
*** set a breakpoint in malloc_error_break to debug
Chromium Helper(1774,0xb00a1000) malloc: *** error for object 0x241e280:
incorrect checksum for freed object - object was probably modified after
being freed.

There is some race going on... But not frequent enough to easily find it :-(

Dmitry

On Mon, Mar 29, 2010 at 4:54 PM, Eric Seidel <eric at webkit.org> wrote:

> It seems Workers makes for a disproportionate number of crashes and
> flaky tests on the bots:
>
> https://bugs.webkit.org/show_bug.cgi?id=36646 (timeout)
> https://bugs.webkit.org/show_bug.cgi?id=36633 (crash)
> https://bugs.webkit.org/show_bug.cgi?id=36585 (timeout)
> https://bugs.webkit.org/show_bug.cgi?id=29926 (crash)
> https://bugs.webkit.org/show_bug.cgi?id=29090 (timeout)
> https://bugs.webkit.org/show_bug.cgi?id=34281 (timeout)
> https://bugs.webkit.org/show_bug.cgi?id=33653 (crash)
> https://bugs.webkit.org/show_bug.cgi?id=33437 (crash)
> https://bugs.webkit.org/show_bug.cgi?id=33008 (crash)
>
> I have not tried running a full run-webkit-tests with --guard, but I
> suspect there may be some sort of memory smasher or other corruption
> problem which has been flying under our radar for a long while.
>
> Unfortunately I don't know more than that yet...
>
> -eric
> _______________________________________________
> webkit-dev mailing list
> webkit-dev at lists.webkit.org
> http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-dev/attachments/20100329/adb5ecb6/attachment.html>


More information about the webkit-dev mailing list