No subject


Fri Mar 7 15:32:22 PST 2014 

This crash becomes much easier to trigger when setting JSC_slowPathAllocsBetweenGCs to a low number.

I've attached an Instruments trace leading up to the crash, which I believe verifies that the app is not accessing the UIWebView on any non-main thread.

-- 
You are receiving this mail because:
You are the assignee for the bug.
--1418683426.fF0B60.8901
Date: Mon, 15 Dec 2014 14:43:46 -0800
MIME-Version: 1.0
Content-Type: text/html

<html>
    <head>
      <base href="https://bugs.webkit.org/" />
    </head>
    <body><table border="1" cellspacing="0" cellpadding="8">
        <tr>
          <th>Bug ID</th>
          <td><a class="bz_bug_link 
          bz_status_NEW "
   title="NEW - DropAllLocks assertion on iOS"
   href="https://bugs.webkit.org/show_bug.cgi?id=139654">139654</a>
          </td>
        </tr>

        <tr>
          <th>Summary</th>
          <td>DropAllLocks assertion on iOS
          </td>
        </tr>

        <tr>
          <th>Classification</th>
          <td>Unclassified
          </td>
        </tr>

        <tr>
          <th>Product</th>
          <td>WebKit
          </td>
        </tr>

        <tr>
          <th>Version</th>
          <td>528+ (Nightly build)
          </td>
        </tr>

        <tr>
          <th>Hardware</th>
          <td>iOS
          </td>
        </tr>

        <tr>
          <th>OS</th>
          <td>iOS 8.1
          </td>
        </tr>

        <tr>
          <th>Status</th>
          <td>NEW
          </td>
        </tr>

        <tr>
          <th>Severity</th>
          <td>Normal
          </td>
        </tr>

        <tr>
          <th>Priority</th>
          <td>P2
          </td>
        </tr>

        <tr>
          <th>Component</th>
          <td>JavaScriptCore
          </td>
        </tr>

        <tr>
          <th>Assignee</th>
          <td>webkit-unassigned&#64;lists.webkit.org
          </td>
        </tr>

        <tr>
          <th>Reporter</th>
          <td>ian.ragsdale&#64;gmail.com
          </td>
        </tr></table>
      <p>
        <div>
        <pre>Created <span class=""><a href="attachment.cgi?id=243311" name="attach_243311" title="Instruments trace leading up to the crash.">attachment 243311</a> <a href="attachment.cgi?id=243311&amp;action=edit" title="Instruments trace leading up to the crash.">[details]</a></span>
Instruments trace leading up to the crash.

I'm using WebKit in an iOS app (via UIWebView), and we're seeing a semi-frequent crash that I'm trying to track down. From the backtraces, I _think_ it appears to be a WebKit bug, and so I'd like to try to find a workaround, and/or submit a useful bug or patch.

A full thread dump is available here: <a href="http://crashes.to/s/cf0cdb52701">http://crashes.to/s/cf0cdb52701</a>

The assertion appears to be happening when the WebThread tries to call my delegate to decide whether to load a URL:

Thread : Crashed: WebThread
0  JavaScriptCore                 0x27e864aa WTFCrash + 53
1  JavaScriptCore                 0x27e86457 WTFPrintBacktrace + 130
2  JavaScriptCore                 0x27dc92e1 JSC::JSLock::DropAllLocks::DropAllLocks(JSC::VM*)
3  WebCore                        0x31cd3061 SendDelegateMessage(NSInvocation*) + 184
4  WebKitLegacy                   0x327be1f5 -[_WebSafeForwarder forwardInvocation:] + 116
5  CoreFoundation                 0x269d766f ___forwarding___ + 354
6  CoreFoundation                 0x26909058 _CF_forwarding_prep_0 + 24
7  WebKitLegacy                   0x327ffb01 WebFrameLoaderClient::dispatchDecidePolicyForNavigationAction(WebCore::NavigationAction const&amp;, WebCore::ResourceRequest const&amp;, WTF::PassRefPtr&lt;WebCore::FormState&gt;, std::__1::function&lt;void (WebCore::PolicyAction)&gt;) + 344

More information about the webkit-unassigned mailing list