85473 2012-05-03 04:01:30 -0700 IconDatabase thread causes assertion failure: m_verifier.isSafeToUse() 2012-05-24 14:57:16 -0700 1 1 1 Unclassified WebKit WebCore Misc. 528+ (Nightly build) Unspecified Unspecified RESOLVED DUPLICATE 67582 P2 Normal --- 0 dongseong.hwang webkit-unassigned andersca ap beidson darin levin yong.li.webkit oldest_to_newest 615151 0 dongseong.hwang 2012-05-03 04:01:30 -0700 adopted(RefCountedBase*) means new start of ia refCounted instance. RefPtr::release calls WTF::adopted to reset, so RefCounted thread verification code should reset. SharedBuffer used by IconDatabase causes the assertion failure because IconDatabase passes SharedBuffer to main thread. 615153 1 139981 dongseong.hwang 2012-05-03 04:03:36 -0700 Created attachment 139981 patch v.1 615155 2 dongseong.hwang 2012-05-03 04:10:16 -0700 Following code causes assertion failure. In IconDatabase.cpp RefPtr<SharedBuffer> data = dataOriginal ? dataOriginal->copy() : PassRefPtr<SharedBuffer>(0); .... { MutexLocker locker(m_urlAndIconLock); .... // Update the data and set the time stamp icon->setImageData(data.release()); .... } 615261 3 139981 levin 2012-05-03 07:24:14 -0700 Comment on attachment 139981 patch v.1 adopted just means that a refcount that wasn't accounted for now is. This is no reason to reset the verifier. Something is wrong in this code and this change just attempts to hide the problem. 615265 4 levin 2012-05-03 07:30:34 -0700 If you want to understand the assert, figure out what invariant is being violated when the assert goes off and either why that invariant is incorrect or how to fix the code. Note here is a similar bug: https://bugs.webkit.org/show_bug.cgi?id=67582 (Perhaps it is the same issue. It is hard to tell from what is in this bug.) 615945 5 dongseong.hwang 2012-05-03 21:28:13 -0700 Ok, I made mistake that I thought RefPtr::release means passing ownership. I need to study more about this bug, and if it is duplicated with Bug 67582, I will close this bug. 615946 6 levin 2012-05-03 21:29:53 -0700 (In reply to comment #5) > Ok, I made mistake that I thought RefPtr::release means passing ownership. It means passing ownership of that one ref count but other places may have a ref on the object (and they do in this case). > I need to study more about this bug, and if it is duplicated with Bug 67582, I will close this bug. I think the only thing stopping bug 67582 is some wierd windows compile error. I wish we could land it. 633267 7 yong.li.webkit 2012-05-24 14:57:16 -0700 *** This bug has been marked as a duplicate of bug 67582 *** 139981 2012-05-03 04:03:36 -0700 2012-05-03 07:24:13 -0700 patch v.1 0001-IconDatabase-thread-causes-assertion-failure-m_verif.patch text/plain 2016 dongseong.hwang RnJvbSA3ZDQ1ODA4ZDc1OWFlMmIwOGE4ZTNmZjJjNWYyMzBkNGZmZWFmYTdiIE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBIdWFuZyBEb25nc3VuZyA8bHV4dGVsbGFAY29tcGFueTEwMC5u ZXQ+CkRhdGU6IFRodSwgMyBNYXkgMjAxMiAxOTowNTozMyArMDkwMApTdWJqZWN0OiBbUEFUQ0hd IEljb25EYXRhYmFzZSB0aHJlYWQgY2F1c2VzIGFzc2VydGlvbiBmYWlsdXJlOgogbV92ZXJpZmll ci5pc1NhZmVUb1VzZSgpCiBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9 ODU0NzMKCldURjo6YWRvcHRlZChSZWZDb3VudGVkQmFzZSopIG1lYW5zIG5ldyBzdGFydCBvZiBh IHJlZkNvdW50ZWQgaW5zdGFuY2UuClJlZlB0cjo6cmVsZWFzZSBjYWxscyBXVEY6OmFkb3B0ZWQg dG8gcmVzZXQsIHNvIFJlZkNvdW50ZWQgdGhyZWFkIHZlcmlmaWNhdGlvbgpjb2RlIHNob3VsZCBy ZXNldC4KClNoYXJlZEJ1ZmZlciB1c2VkIGJ5IEljb25EYXRhYmFzZSBjYXVzZXMgdGhlIGFzc2Vy dGlvbiBmYWlsdXJlIGJlY2F1c2UKSWNvbkRhdGFiYXNlIHBhc3NlcyBTaGFyZWRCdWZmZXIgdG8g bWFpbiB0aHJlYWQuCi0tLQogU291cmNlL1dURi9DaGFuZ2VMb2cgICAgICAgIHwgICAxNyArKysr KysrKysrKysrKysrKwogU291cmNlL1dURi93dGYvUmVmQ291bnRlZC5oIHwgICAgMSArCiAyIGZp bGVzIGNoYW5nZWQsIDE4IGluc2VydGlvbnMoKykKCmRpZmYgLS1naXQgYS9Tb3VyY2UvV1RGL0No YW5nZUxvZyBiL1NvdXJjZS9XVEYvQ2hhbmdlTG9nCmluZGV4IDM2OGZlOTYuLmUxZmMyNTYgMTAw NjQ0Ci0tLSBhL1NvdXJjZS9XVEYvQ2hhbmdlTG9nCisrKyBiL1NvdXJjZS9XVEYvQ2hhbmdlTG9n CkBAIC0xLDMgKzEsMjAgQEAKKzIwMTItMDUtMDMgIEh1YW5nIERvbmdzdW5nICA8bHV4dGVsbGFA Y29tcGFueTEwMC5uZXQ+CisKKyAgICAgICAgSWNvbkRhdGFiYXNlIHRocmVhZCBjYXVzZXMgYXNz ZXJ0aW9uIGZhaWx1cmU6IG1fdmVyaWZpZXIuaXNTYWZlVG9Vc2UoKQorICAgICAgICBodHRwczov L2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9ODU0NzMKKworICAgICAgICBXVEY6OmFk b3B0ZWQoUmVmQ291bnRlZEJhc2UqKSBtZWFucyBuZXcgc3RhcnQgb2YgYSByZWZDb3VudGVkIGlu c3RhbmNlLgorICAgICAgICBSZWZQdHI6OnJlbGVhc2UgY2FsbHMgV1RGOjphZG9wdGVkIHRvIHJl c2V0LCBzbyBSZWZDb3VudGVkIHRocmVhZCB2ZXJpZmljYXRpb24KKyAgICAgICAgY29kZSBzaG91 bGQgcmVzZXQuCisKKyAgICAgICAgU2hhcmVkQnVmZmVyIHVzZWQgYnkgSWNvbkRhdGFiYXNlIGNh dXNlcyB0aGUgYXNzZXJ0aW9uIGZhaWx1cmUgYmVjYXVzZQorICAgICAgICBJY29uRGF0YWJhc2Ug cGFzc2VzIFNoYXJlZEJ1ZmZlciB0byBtYWluIHRocmVhZC4KKworICAgICAgICBSZXZpZXdlZCBi eSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICAqIHd0Zi9SZWZDb3VudGVkLmg6CisgICAgICAg IChXVEY6OmFkb3B0ZWQpOgorCiAyMDEyLTA1LTAyICBMYXVybyBOZXRvICA8bGF1cm8ubmV0b0Bv cGVuYm9zc2Eub3JnPgogCiAgICAgICAgIFtRdF1yNTcyNDAgYnJva2UgUXQgYnVpbGQgKGdjYyBi dWcpCmRpZmYgLS1naXQgYS9Tb3VyY2UvV1RGL3d0Zi9SZWZDb3VudGVkLmggYi9Tb3VyY2UvV1RG L3d0Zi9SZWZDb3VudGVkLmgKaW5kZXggY2VhMTQzNC4uNGRlMjFkYyAxMDA2NDQKLS0tIGEvU291 cmNlL1dURi93dGYvUmVmQ291bnRlZC5oCisrKyBiL1NvdXJjZS9XVEYvd3RmL1JlZkNvdW50ZWQu aApAQCAtMTc3LDYgKzE3Nyw3IEBAIGlubGluZSB2b2lkIGFkb3B0ZWQoUmVmQ291bnRlZEJhc2Uq IG9iamVjdCkKICAgICAgICAgcmV0dXJuOwogICAgIEFTU0VSVCghb2JqZWN0LT5tX2RlbGV0aW9u SGFzQmVndW4pOwogICAgIG9iamVjdC0+bV9hZG9wdGlvbklzUmVxdWlyZWQgPSBmYWxzZTsKKyAg ICBvYmplY3QtPm1fdmVyaWZpZXIgPSBUaHJlYWRSZXN0cmljdGlvblZlcmlmaWVyKCk7CiB9CiAK ICNlbmRpZgotLSAKMS43LjkuNQoK