[Webkit-unassigned] [Bug 155411] REGRESSION: ASSERTION FAILED: !m_lastActiveBlock on js/function-apply.html

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Mar 14 16:04:13 PDT 2016


https://bugs.webkit.org/show_bug.cgi?id=155411

--- Comment #4 from Joseph Pecoraro <joepeck at webkit.org> ---
(In reply to comment #2)
> Joe, is this you?

Seems likely!

> Are you sure it's OK for removeDeadHeapSnapshotNodes to iterate the heap
> during GC? Maybe you can move this to after GC instead?

Yes, I think the problem is that both Heap::gatherExtraHeapSnapshotData and Heap::removeDeadHeapSnapshotNodes take a HeapIterationScope (which does a stopAllocating/resumeAllocating) but Heap::collectImpl has already done a stopAllocating and will do a resetAllocators. Duplicate stopAllocating calls looks like it would cause this ASSERT. 

I will see if it makes sense to just drop the HeapIterationScopes here given the Heap is already stopped. It looks like it would be perfectly fine to move these snapshot operations after resetAllocators where they won't mess with the state of the allocator between the normal stop/reset of collection.

Given this test is encountering the removeDeadHeapSnapshotNodes path at all, it means imply that this VM had previously run a test that created a HeapProfiler. So that would mean the bot ran an LayoutTests/inspector/heap test and then ran this LayoutTests/js/function-apply.html, so I'll try to reproduce locally with this in mind. While the HeapProfiler will still exist for the VM, the HeapSnapshots should have been cleared when the page changed so there should essentially be no work.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160314/1361eb3a/attachment.html>


More information about the webkit-unassigned mailing list