[Webkit-unassigned] [Bug 168354] New: ASSERTION FAILED: vm.heap.mutatorState() == MutatorState::Running || vm.apiLock().ownerThread() != std::this_thread::get_id()

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Feb 14 20:39:40 PST 2017 

https://bugs.webkit.org/show_bug.cgi?id=168354

            Bug ID: 168354
           Summary: ASSERTION FAILED: vm.heap.mutatorState() ==
                    MutatorState::Running || vm.apiLock().ownerThread() !=
                    std::this_thread::get_id()
    Classification: Unclassified
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: joepeck at webkit.org
                CC: fpizlo at apple.com

Assert seen while using Web Inspector and debugging code in a Worker.

Steps to Reproduce:
1. Pause in Worker in web-platform-test/foo.worker.html
2. Hover variables and step around the debugger
  => ASSERT

ASSERTION FAILED: vm.heap.mutatorState() == MutatorState::Running || vm.apiLock().ownerThread() != std::this_thread::get_id()
Source/JavaScriptCore/runtime/JSCellInlines.h(283) : const JSC::ClassInfo *JSC::JSCell::classInfo(JSC::VM &) const
1   0x10b6183ed WTFCrash
2   0x10a21d4a8 JSC::JSCell::classInfo(JSC::VM&) const
3   0x10a214581 JSC::JSCell::inherits(JSC::VM&, JSC::ClassInfo const*) const
4   0x10a229fd4 JSC::JSObject* JSC::jsCast<JSC::JSObject*, JSC::JSCell>(JSC::JSCell*)
5   0x10a228d2f JSC::asObject(JSC::JSCell*)
6   0x10a22a700 JSC::asObject(JSC::JSValue)
7   0x10a22dcc2 JSC::Register::object() const
8   0x10a22dc99 JSC::ExecState::jsCallee() const
9   0x10a217ca5 JSC::ExecState::lexicalGlobalObject() const
10  0x10a7bdff7 JSC::ExecState::vmEntryGlobalObject()
11  0x10a8a4e80 JSC::Debugger::detach(JSC::JSGlobalObject*, JSC::Debugger::ReasonForDetach)
12  0x10b0827ae JSC::JSGlobalObject::~JSGlobalObject()
13  0x115b25577 WebCore::JSDOMGlobalObject::~JSDOMGlobalObject()
14  0x115c4ef43 WebCore::JSDOMWindowBase::~JSDOMWindowBase()
15  0x115c4e195 WebCore::JSDOMWindowBase::~JSDOMWindowBase()
16  0x115c4cd55 WebCore::JSDOMWindowBase::destroy(JSC::JSCell*)
17  0x10b11e00a JSC::(anonymous namespace)::DestroyFunc::operator()(JSC::VM&, JSC::JSCell*) const
18  0x10b11fb25 JSC::FreeList JSC::MarkedBlock::Handle::specializedSweep<false, (JSC::MarkedBlock::Handle::EmptyMode)0, (JSC::MarkedBlock::Handle::SweepMode)0, (JSC::MarkedBlock::Handle::SweepDestructionMode)0, (JSC::MarkedBlock::Handle::ScribbleMode)0, (JSC::MarkedBlock::Handle::NewlyAllocatedMode)0, (JSC::MarkedBlock::Handle::MarksMode)0, JSC::(anonymous namespace)::DestroyFunc>(JSC::MarkedBlock::Handle::EmptyMode, JSC::MarkedBlock::Handle::SweepMode, JSC::MarkedBlock::Handle::SweepDestructionMode, JSC::MarkedBlock::Handle::ScribbleMode, JSC::MarkedBlock::Handle::NewlyAllocatedMode, JSC::MarkedBlock::Handle::MarksMode, JSC::(anonymous namespace)::DestroyFunc const&)::'lambda'(unsigned long)::operator()(unsigned long) const
19  0x10b11e615 JSC::FreeList JSC::MarkedBlock::Handle::specializedSweep<false, (JSC::MarkedBlock::Handle::EmptyMode)0, (JSC::MarkedBlock::Handle::SweepMode)0, (JSC::MarkedBlock::Handle::SweepDestructionMode)0, (JSC::MarkedBlock::Handle::ScribbleMode)0, (JSC::MarkedBlock::Handle::NewlyAllocatedMode)0, (JSC::MarkedBlock::Handle::MarksMode)0, JSC::(anonymous namespace)::DestroyFunc>(JSC::MarkedBlock::Handle::EmptyMode, JSC::MarkedBlock::Handle::SweepMode, JSC::MarkedBlock::Handle::SweepDestructionMode, JSC::MarkedBlock::Handle::ScribbleMode, JSC::MarkedBlock::Handle::NewlyAllocatedMode, JSC::MarkedBlock::Handle::MarksMode, JSC::(anonymous namespace)::DestroyFunc const&)
20  0x10b11df8f JSC::FreeList JSC::MarkedBlock::Handle::finishSweepKnowingSubspace<JSC::(anonymous namespace)::DestroyFunc>(JSC::MarkedBlock::Handle::SweepMode, JSC::(anonymous namespace)::DestroyFunc const&)
21  0x10b11de0d JSC::JSSegmentedVariableObjectSubspace::finishSweep(JSC::MarkedBlock::Handle&, JSC::MarkedBlock::Handle::SweepMode)
22  0x10b2014e3 JSC::MarkedBlock::Handle::sweep(JSC::MarkedBlock::Handle::SweepMode)
23  0x10aed781d JSC::IncrementalSweeper::sweepNextBlock()
24  0x10aed7712 JSC::IncrementalSweeper::doSweep(double)
25  0x10aed76e2 JSC::IncrementalSweeper::doWork()
26  0x10aecbfa0 JSC::HeapTimer::timerDidFire(__CFRunLoopTimer*, void*)
27  0x7fff94f87de4 __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__
28  0x7fff94f87a73 __CFRunLoopDoTimer
29  0x7fff94f875ca __CFRunLoopDoTimers
30  0x7fff94f7efa1 __CFRunLoopRun
31  0x7fff94f7e524 CFRunLoopRunSpecific

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20170215/1b5cfd16/attachment.html>

More information about the webkit-unassigned mailing list