No subject
Fri Mar 7 15:32:22 PST 2014
This crash becomes much easier to trigger when setting JSC_slowPathAllocsBetweenGCs to a low number.
I've attached an Instruments trace leading up to the crash, which I believe verifies that the app is not accessing the UIWebView on any non-main thread.
--
You are receiving this mail because:
You are the assignee for the bug.
--1418683426.fF0B60.8901
Date: Mon, 15 Dec 2014 14:43:46 -0800
MIME-Version: 1.0
Content-Type: text/html
<html>
<head>
<base href="https://bugs.webkit.org/" />
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - DropAllLocks assertion on iOS"
href="https://bugs.webkit.org/show_bug.cgi?id=139654">139654</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>DropAllLocks assertion on iOS
</td>
</tr>
<tr>
<th>Classification</th>
<td>Unclassified
</td>
</tr>
<tr>
<th>Product</th>
<td>WebKit
</td>
</tr>
<tr>
<th>Version</th>
<td>528+ (Nightly build)
</td>
</tr>
<tr>
<th>Hardware</th>
<td>iOS
</td>
</tr>
<tr>
<th>OS</th>
<td>iOS 8.1
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>Normal
</td>
</tr>
<tr>
<th>Priority</th>
<td>P2
</td>
</tr>
<tr>
<th>Component</th>
<td>JavaScriptCore
</td>
</tr>
<tr>
<th>Assignee</th>
<td>webkit-unassigned@lists.webkit.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>ian.ragsdale@gmail.com
</td>
</tr></table>
<p>
<div>
<pre>Created <span class=""><a href="attachment.cgi?id=243311" name="attach_243311" title="Instruments trace leading up to the crash.">attachment 243311</a> <a href="attachment.cgi?id=243311&action=edit" title="Instruments trace leading up to the crash.">[details]</a></span>
Instruments trace leading up to the crash.
I'm using WebKit in an iOS app (via UIWebView), and we're seeing a semi-frequent crash that I'm trying to track down. From the backtraces, I _think_ it appears to be a WebKit bug, and so I'd like to try to find a workaround, and/or submit a useful bug or patch.
A full thread dump is available here: <a href="http://crashes.to/s/cf0cdb52701">http://crashes.to/s/cf0cdb52701</a>
The assertion appears to be happening when the WebThread tries to call my delegate to decide whether to load a URL:
Thread : Crashed: WebThread
0 JavaScriptCore 0x27e864aa WTFCrash + 53
1 JavaScriptCore 0x27e86457 WTFPrintBacktrace + 130
2 JavaScriptCore 0x27dc92e1 JSC::JSLock::DropAllLocks::DropAllLocks(JSC::VM*)
3 WebCore 0x31cd3061 SendDelegateMessage(NSInvocation*) + 184
4 WebKitLegacy 0x327be1f5 -[_WebSafeForwarder forwardInvocation:] + 116
5 CoreFoundation 0x269d766f ___forwarding___ + 354
6 CoreFoundation 0x26909058 _CF_forwarding_prep_0 + 24
7 WebKitLegacy 0x327ffb01 WebFrameLoaderClient::dispatchDecidePolicyForNavigationAction(WebCore::NavigationAction const&, WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, std::__1::function<void (WebCore::PolicyAction)>) + 344
More information about the webkit-unassigned
mailing list