[Webkit-unassigned] [Bug 73886] New: REGRESSION(r101863-r102042): Assertion hit: m_verifier.isSafeToUse() in RefCountedBase::ref in FunctionCodeBlock

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Dec 5 19:15:27 PST 2011


https://bugs.webkit.org/show_bug.cgi?id=73886

           Summary: REGRESSION(r101863-r102042): Assertion hit:
                    m_verifier.isSafeToUse() in RefCountedBase::ref in
                    FunctionCodeBlock
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Unspecified
        OS/Version: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: rniwa at webkit.org
                CC: ggaren at apple.com, oliver at apple.com, fpizlo at apple.com


I've been browsing on r102042 and I've been repeatedly hitting the following assertion:

class RefCountedBase {
public:
    void ref()
    {
#ifndef NDEBUG
        // Start thread verification as soon as the ref count gets to 2. This
        // heuristic reflects the fact that items are often created on one thread
        // and then given to another thread to be used.
        // FIXME: Make this restriction tigher. Especially as we move to more
        // common methods for sharing items across threads like CrossThreadCopier.h
        // We should be able to add a "detachFromThread" method to make this explicit.
        if (m_refCount == 1)
            m_verifier.setShared(true);
#endif
        // If this assert fires, it either indicates a thread safety issue or
        // that the verification needs to change. See ThreadRestrictionVerifier for
        // the different modes.
        ASSERT(m_verifier.isSafeToUse()); // < this one!

#0    0x1000c940a in WTF::RefCountedBase::ref at RefCounted.h:53
#1    0x1000dd65c in JSC::FunctionCodeBlock::FunctionCodeBlock at CodeBlock.h:1361
#2    0x1000d5a67 in JSC::FunctionExecutable::produceCodeBlockFor at Executable.cpp:475
#3    0x1000d6aea in JSC::FunctionExecutable::compileForCallInternal at Executable.cpp:516
#4    0x1000d6ffd in JSC::FunctionExecutable::compileOptimizedForCall at Executable.cpp:447
#5    0x1000780b3 in JSC::FunctionExecutable::compileOptimizedFor at Executable.h:573
#6    0x1000657cc in JSC::FunctionCodeBlock::compileOptimized at CodeBlock.cpp:2146
#7    0x10011e8b8 in cti_optimize_from_ret at JITStubs.cpp:2059
#8    0x100117386 in ctiOpThrowNotCaught at Instruction.h:81
#9    0x1000f41a0 in JSC::JITCode::execute at JITCode.h:115
#10    0x1000ea0ca in JSC::Interpreter::executeCall at Interpreter.cpp:1075
#11    0x100062787 in JSC::call at CallData.cpp:39
#12    0x10016238e in JSObjectCallAsFunction at JSObjectRef.cpp:443

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.



More information about the webkit-unassigned mailing list