Title: [96819] trunk/Source/WebCore
- Revision
- 96819
- Author
- gav...@chromium.org
- Date
- 2011-10-06 09:40:47 -0700 (Thu, 06 Oct 2011)
Log Message
save resource zeroing stacks in ScriptElement for debugging
https://bugs.webkit.org/show_bug.cgi?id=69453
The state machine tracking how m_cachedScript gets zeroed shows that sometimes we get
two notifyFinished() events in a ScriptElement, which can crash chrome (see chrome bug
75604). This patch will save a stack in the ScriptElement when this happens, so that if
we do later crash, we can see how we did the first zeroing.
See http://code.google.com/p/chromium/issues/detail?id=75604 for the chromium bug that
this change will help track down.
Reviewed by Nate Chapin.
No new tests, this shouldn't affect output at all, and isn't particularly testable.
* dom/ScriptElement.cpp:
(WebCore::ScriptElement::ScriptElement):
(WebCore::ScriptElement::stopLoadRequest):
(WebCore::ScriptElement::notifyFinished):
* dom/ScriptElement.h:
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (96818 => 96819)
--- trunk/Source/WebCore/ChangeLog 2011-10-06 16:37:35 UTC (rev 96818)
+++ trunk/Source/WebCore/ChangeLog 2011-10-06 16:40:47 UTC (rev 96819)
@@ -1,3 +1,26 @@
+2011-10-06 Gavin Peters <gav...@chromium.org>
+
+ save resource zeroing stacks in ScriptElement for debugging
+ https://bugs.webkit.org/show_bug.cgi?id=69453
+
+ The state machine tracking how m_cachedScript gets zeroed shows that sometimes we get
+ two notifyFinished() events in a ScriptElement, which can crash chrome (see chrome bug
+ 75604). This patch will save a stack in the ScriptElement when this happens, so that if
+ we do later crash, we can see how we did the first zeroing.
+
+ See http://code.google.com/p/chromium/issues/detail?id=75604 for the chromium bug that
+ this change will help track down.
+
+ Reviewed by Nate Chapin.
+
+ No new tests, this shouldn't affect output at all, and isn't particularly testable.
+
+ * dom/ScriptElement.cpp:
+ (WebCore::ScriptElement::ScriptElement):
+ (WebCore::ScriptElement::stopLoadRequest):
+ (WebCore::ScriptElement::notifyFinished):
+ * dom/ScriptElement.h:
+
2011-10-06 RĂ©mi Duraffort <remi.duraff...@st.com>
Fix compilation by adding some missing ENABLE(VIDEO|XSLT)
Modified: trunk/Source/WebCore/dom/ScriptElement.cpp (96818 => 96819)
--- trunk/Source/WebCore/dom/ScriptElement.cpp 2011-10-06 16:37:35 UTC (rev 96818)
+++ trunk/Source/WebCore/dom/ScriptElement.cpp 2011-10-06 16:40:47 UTC (rev 96819)
@@ -66,6 +66,7 @@
, m_forceAsync(!parserInserted)
, m_willExecuteInOrder(false)
, m_cachedScriptState(NeverSet)
+ , m_backtraceSize(0)
{
ASSERT(m_element);
}
@@ -302,7 +303,10 @@
if (!m_willBeParserExecuted)
m_cachedScript->removeClient(this);
ASSERT(m_cachedScriptState == Set);
+
m_cachedScriptState = ZeroedInStopLoadRequest;
+ m_backtraceSize = MaxBacktraceSize;
+ WTFGetBacktrace(m_backtrace, &m_backtraceSize);
m_cachedScript = 0;
}
}
@@ -331,6 +335,8 @@
ASSERT(m_cachedScriptState == Set);
m_cachedScriptState = ZeroedInNotifyFinished;
+ m_backtraceSize = MaxBacktraceSize;
+ WTFGetBacktrace(m_backtrace, &m_backtraceSize);
m_cachedScript = 0;
}
Modified: trunk/Source/WebCore/dom/ScriptElement.h (96818 => 96819)
--- trunk/Source/WebCore/dom/ScriptElement.h 2011-10-06 16:37:35 UTC (rev 96818)
+++ trunk/Source/WebCore/dom/ScriptElement.h 2011-10-06 16:40:47 UTC (rev 96819)
@@ -113,6 +113,14 @@
ZeroedInStopLoadRequest,
ZeroedInNotifyFinished,
} m_cachedScriptState;
+
+ // We grab a backtrace when we zero m_cachedScript, so that at later crashes
+ // we'll have a debuggable stack.
+ enum {
+ MaxBacktraceSize = 32
+ };
+ int m_backtraceSize;
+ void* m_backtrace[MaxBacktraceSize];
};
ScriptElement* toScriptElement(Element*);
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes