[Webkit-unassigned] [Bug 137887] New: Lookup of "self" sometimes fail in a worker, making http/tests/security/cross-origin-shared-worker-allowed.html flaky

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Oct 20 11:32:19 PDT 2014 

https://bugs.webkit.org/show_bug.cgi?id=137887

            Bug ID: 137887
           Summary: Lookup of "self" sometimes fail in a worker, making
                    http/tests/security/cross-origin-shared-worker-allowed
                    .html flaky
    Classification: Unclassified
           Product: WebKit
           Version: 528+ (Nightly build)
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Keywords: MakingBotsRed
          Severity: Normal
          Priority: P2
         Component: WebCore JavaScript
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: ap at webkit.org
                CC: ggaren at apple.com

http/tests/security/cross-origin-shared-worker-allowed.html is flaky:

+CONSOLE MESSAGE: line 1: ReferenceError: Can't find variable: self

This test is trivially simple, so it's a pretty big correctness issue.

In debug builds, it asserts:

Thread 28 Crashed:: WebCore: Worker
0   com.apple.JavaScriptCore          0x000000010b20bdea WTFCrash + 42 (Assertions.cpp:321)
1   com.apple.JavaScriptCore          0x000000010afe9776 JSC::HashTable::createTable() const + 70 (Lookup.cpp:31)
2   com.apple.WebCore                 0x00000001106dafeb JSC::HashTable::initializeIfNeeded() const + 43 (Lookup.h:91)
3   com.apple.WebCore                 0x00000001106dad70 JSC::HashTable::entry(JSC::PropertyName) const + 32 (Lookup.h:98)
4   com.apple.WebCore                 0x000000011077d864 bool JSC::getStaticFunctionSlot<JSC::JSObject>(JSC::ExecState*, JSC::HashTable const&, JSC::JSObject*, JSC::PropertyName, JSC::PropertySlot&) + 100 (Lookup.h:229)
5   com.apple.WebCore                 0x0000000110c5d179 WebCore::JSWorkerGlobalScopePrototype::getOwnPropertySlot(JSC::JSObject*, JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&) + 89 (JSWorkerGlobalScope.cpp:634)
6   com.apple.JavaScriptCore          0x000000010a948b47 JSC::JSObject::fastGetOwnPropertySlot(JSC::ExecState*, JSC::VM&, JSC::Structure&, JSC::PropertyName, JSC::PropertySlot&) + 167 (JSObject.h:1261)
7   com.apple.JavaScriptCore          0x000000010a948926 JSC::JSObject::getPropertySlot(JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&) + 150 (JSObject.h:1273)
8   com.apple.JavaScriptCore          0x000000010a96c811 JSC::JSValue::get(JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&) const + 257 (JSCJSValueInlines.h:695)
9   com.apple.JavaScriptCore          0x000000010afdea21 llint_slow_path_get_by_id + 241 (LLIntSlowPaths.cpp:578)

This is ASSERT(!keys).

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20141020/f622b359/attachment-0002.html>

More information about the webkit-unassigned mailing list