[Webkit-unassigned] [Bug 47873] New: iOS: ASSERT failure in Cache::adjustSize running layout tests

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Oct 18 19:37:51 PDT 2010 

https://bugs.webkit.org/show_bug.cgi?id=47873

           Summary: iOS: ASSERT failure in Cache::adjustSize running
                    layout tests
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: PC
        OS/Version: Mac OS X 10.5
            Status: NEW
          Keywords: InRadar
          Severity: Normal
          Priority: P2
         Component: WebKit Misc.
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: joepeck at webkit.org
                CC: ddkilzer at webkit.org


<rdar://problem/8470328> ASSERTION FAILED: delta >= 0 || ((int)m_deadSize + delta >= 0) in WebCore/loader/Cache.cpp:686 void WebCore::Cache::adjustSize(bool, int)

iOS has Cache::shouldMakeResourcePurgeableOnEviction returning true, and is seeing
the following ASSERT running LayoutTests:

    Thread 0 Crashed:  Dispatch queue: com.apple.main-thread
    0   WebCore    0x01122c09 WebCore::Cache::adjustSize(bool, int) + 201 (Cache.cpp:686)
    1   WebCore    0x01123c1a WebCore::Cache::makeResourcePurgeable(WebCore::CachedResource*) + 168 (Cache.cpp:436)
    2   WebCore    0x01123fc4 WebCore::Cache::pruneDeadResources() + 922 (Cache.cpp:384)
    3   WebCore    0x0112961b WebCore::Cache::prune() + 85 (Cache.h:142)

The ASSERT is:

    ASSERT(delta >= 0 || ((int)m_deadSize + delta >= 0));

It appears as though resources are removing themselves (via adjustSize) multiple times
when pruning dead resources. The "makeResourcePurgeable" performs an adjustSize
on an already purgeable resource.

   (gdb) b WebCore::Cache::adjustSize
   Breakpoint 1 at 0x1336717: file WebCore/loader/Cache.cpp, line 684.

   (gdb) commands
   Type commands for when breakpoint 1 is hit, one per line.
   End with a line saying just "end".
   > bt 10
   > c
   > end

   Breakpoint 1, WebCore::Cache::adjustSize (this=0x881a000, live=false, delta=-45470) at WebCore/loader/Cache.cpp:684
   684        if (live) {
   #0  WebCore::Cache::adjustSize (this=0x881a000, live=false, delta=-45470) at WebCore/loader/Cache.cpp:684
   #1  0x013377f6 in WebCore::Cache::makeResourcePurgeable (this=0x881a000, resource=0x103bd800) at WebCore/loader/Cache.cpp:435
   #2  0x01337ba0 in WebCore::Cache::pruneDeadResources (this=0x881a000) at WebCore/loader/Cache.cpp:385
   #3  0x0133d207 in WebCore::Cache::prune (this=0x881a000) at Cache.h:141
   #4  0x01338092 in WebCore::Cache::setCapacities (this=0x881a000, minDeadBytes=0, maxDeadBytes=0, totalBytes=4194304) at WebCore/loader/Cache.cpp:418
   #5  0x0573b754 in +[WebView(WebFileInternal) _setCacheModel:] (self=0x57ea814, _cmd=0x57582e0, cacheModel=0) at WebKit/mac/WebView/WebView.mm:6537
   #6  0x0573ae23 in +[WebView(WebFileInternal) _preferencesChangedNotification:] (self=0x57ea814, _cmd=0x57904cb, notification=0x11852240) at WebKit/mac/WebView/WebView.mm:6584
   #7  0x007286c1 in _nsnote_callback ()
   #8  0x00302f99 in __CFXNotificationPost_old ()
   #9  0x0028233a in _CFXNotificationPostNotification ()

   ... a little later ... without it showing up in between ...

   Breakpoint 1, WebCore::Cache::adjustSize (this=0x881a000, live=false, delta=-45470) at WebCore/loader/Cache.cpp:684
   684        if (live) {
   #0  WebCore::Cache::adjustSize (this=0x881a000, live=false, delta=-45470) at WebCore/loader/Cache.cpp:684
   #1  0x013377f6 in WebCore::Cache::makeResourcePurgeable (this=0x881a000, resource=0x103bd800) at WebCore/loader/Cache.cpp:435
   #2  0x01337ba0 in WebCore::Cache::pruneDeadResources (this=0x881a000) at WebCore/loader/Cache.cpp:385
   #3  0x0133d207 in WebCore::Cache::prune (this=0x881a000) at Cache.h:141
   #4  0x01345c0f in WebCore::CachedResource::removeClient (this=0x118710b0, client=0x11872bf4) at WebCore/loader/CachedResource.cpp:210
   #5  0x01d142a5 in WebCore::ScriptElementData::execute (this=0x11872bf4, cachedScript=0x118710b0) at WebCore/dom/ScriptElement.cpp:207
   #6  0x014d7505 in WebCore::Document::executeScriptSoonTimerFired (this=0x834ec00, timer=0x834f21c) at WebCore/dom/Document.cpp:4966
   #7  0x014f72e9 in WebCore::Timer<WebCore::Document>::fired (this=0x834f21c) at Timer.h:102
   #8  0x01e988c6 in WebCore::ThreadTimers::sharedTimerFiredInternal (this=0x902ea50) at WebCore/platform/ThreadTimers.cpp:126
   #9  0x01e9897d in WebCore::ThreadTimers::sharedTimerFired () at WebCore/platform/ThreadTimers.cpp:101

   Program received signal EXC_BAD_ACCESS, Could not access memory.
   Reason: KERN_INVALID_ADDRESS at address: 0xbbadbeef
   0x013367cd in WebCore::Cache::adjustSize (this=0x881a000, live=false, delta=-45470) at WebCore/loader/Cache.cpp:688
   688            ASSERT(delta >= 0 || ((int)m_deadSize + delta >= 0));

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list