Bug 129364 - ASSERTION FAILED: m_heap->vm()->currentThreadIsHoldingAPILock() in inspector-protocol/*
Summary: ASSERTION FAILED: m_heap->vm()->currentThreadIsHoldingAPILock() in inspector...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Web Inspector (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Mark Lam
URL:
Keywords: InRadar
: 129360 (view as bug list)
Depends on:
Blocks:
 
Reported: 2014-02-25 22:49 PST by Alexey Proskuryakov
Modified: 2014-02-26 08:36 PST (History)
6 users (show)

See Also:


Attachments
the patch. (1.62 KB, patch)
2014-02-26 00:47 PST, Mark Lam
no flags Details | Formatted Diff | Diff
patch 2: added a comment. (1.70 KB, patch)
2014-02-26 00:52 PST, Mark Lam
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Alexey Proskuryakov 2014-02-25 22:49:53 PST
http://build.webkit.org/results/Apple%20Mavericks%20Debug%20WK2%20(Tests)/r164696%20(2899)/inspector-protocol/page/deny-X-FrameOption-crash-log.txt

ASSERTION FAILED: m_heap->vm()->currentThreadIsHoldingAPILock()
/Volumes/Data/slave/mavericks-debug/build/Source/JavaScriptCore/heap/MarkedAllocator.cpp(149) : void *JSC::MarkedAllocator::allocateSlowCase(size_t)
1   0x1106508d0 WTFCrash
2   0x110474955 JSC::MarkedAllocator::allocateSlowCase(unsigned long)
3   0x11189f7af JSC::MarkedAllocator::allocate(unsigned long)
4   0x11189f649 JSC::MarkedSpace::allocateWithImmortalStructureDestructor(unsigned long)
5   0x11189f5b6 JSC::Heap::allocateWithImmortalStructureDestructor(unsigned long)
6   0x11189f487 void* JSC::allocateCell<JSC::Structure>(JSC::Heap&, unsigned long)
7   0x11189f05f void* JSC::allocateCell<JSC::Structure>(JSC::Heap&)
8   0x11189eddf JSC::Structure::create(JSC::VM&, JSC::JSGlobalObject*, JSC::JSValue, JSC::TypeInfo const&, JSC::ClassInfo const*, unsigned char, unsigned int)
9   0x1124cc810 WebCore::JSCommandLineAPIHostPrototype::createStructure(JSC::VM&, JSC::JSGlobalObject*, JSC::JSValue)
10  0x1124cb769 WebCore::JSCommandLineAPIHost::createPrototype(JSC::VM&, JSC::JSGlobalObject*)
...
Comment 1 Radar WebKit Bug Importer 2014-02-25 22:50:56 PST
<rdar://problem/16170264>
Comment 2 Alexey Proskuryakov 2014-02-25 22:53:52 PST
Actually, there are lots of inspector tests failing with this assertion, probably should file a bug about each one.

Also:

inspector-protocol/debugger/nested-inspectors.html
inspector-protocol/dom-debugger/node-removed.html
Comment 3 Mark Lam 2014-02-25 22:54:49 PST
(In reply to comment #2)
> Actually, there are lots of inspector tests failing with this assertion, probably should file a bug about each one.
> 
> Also:
> 
> inspector-protocol/debugger/nested-inspectors.html
> inspector-protocol/dom-debugger/node-removed.html

They are probably due to the same root cause though.  I'm investigating.
Comment 4 Mark Lam 2014-02-26 00:32:25 PST
*** Bug 129360 has been marked as a duplicate of this bug. ***
Comment 5 Mark Lam 2014-02-26 00:38:42 PST
The test failure is intermittent because it depends on an GC / allocation activity happening at exactly the right moment.  That is why I don't see the failures when I run it on my machine.  However, there is an easy way to get an equivalent reproduction case i.e. by adding the following assertion to JSC::Structure::create():

    ASSERT(vm.currentThreadIsHoldingAPILock());

With that I can get the inspector-protocol tests to fail all the time.

The failure is because InjectedScriptModule::ensureInjected() isn't using an APIEntryShim before it started calling functions that enter the VM.  The fix is to use the shim here.  Patch coming soon.
Comment 6 Mark Lam 2014-02-26 00:47:59 PST
Created attachment 225235 [details]
the patch.
Comment 7 Mark Lam 2014-02-26 00:52:00 PST
Created attachment 225237 [details]
patch 2: added a comment.
Comment 8 WebKit Commit Bot 2014-02-26 08:36:37 PST
Comment on attachment 225237 [details]
patch 2: added a comment.

Clearing flags on attachment: 225237

Committed r164717: <http://trac.webkit.org/changeset/164717>
Comment 9 WebKit Commit Bot 2014-02-26 08:36:40 PST
All reviewed patches have been landed.  Closing bug.