|
|
Created:
9 years, 9 months ago by Mihai Parparita -not on Chrome Modified:
9 years, 6 months ago Reviewers:
tonyg CC:
chromium-reviews, Paweł Hajdan Jr. Base URL:
svn://svn.chromium.org/chrome/trunk/src/ Visibility:
Public. |
DescriptionRemove all known crashes in constructors or destructors that have not recurred
since http://trac.webkit.org/changeset/80686 was rolled. They were probably
manifestations of the same memory corruption.
TEST=none
BUG=75455, 75447, 75373, 72337, 74462, 74545, 74609, 74796, 75318, 75361
Committed: http://src.chromium.org/viewvc/chrome?view=rev&revision=78709
Patch Set 1 #
Messages
Total messages: 3 (0 generated)
I'll probably wait till Monday to land this (and check again then to make sure that none of the crashes have happened over the weekend). Mihai On Fri, Mar 11, 2011 at 3:29 PM, <mihaip@chromium.org> wrote: > Reviewers: tonyg, > > Description: > Remove all known crashes in constructors or destructors that have not > recurred > since http://trac.webkit.org/changeset/80686 was rolled. They were > probably > manifestations of the same memory corruption. > > TEST=none > BUG=75455,75447,75373,72337,74462,74545,74609,74796,75318,75361 > > Please review this at http://codereview.chromium.org/6681015/ > > SVN Base: svn://svn.chromium.org/chrome/trunk/src/ > > Affected files: > M chrome/test/data/reliability/known_crashes.txt > > > Index: chrome/test/data/reliability/known_crashes.txt > =================================================================== > --- chrome/test/data/reliability/known_crashes.txt (revision 77880) > +++ chrome/test/data/reliability/known_crashes.txt (working copy) > @@ -131,9 +131,6 @@ > PREFIX : > webkit_glue::resourcefetcher::didfail___webkit_glue::weburlloaderimpl::context::oncompletedrequest___resourcedispatcher::onrequestcomplete___ipc::messagewithtuple<tuple4<int,urlrequeststatus,std::basic_string<char,std::char_traits<char>,std::allocator<char> > > >> ,base::time> >::dispatch<resourcedispatcher,void (__thiscall >> > resourcedispatcher::*)(int,urlrequeststatus const > &,std::basic_string<char,std::char_traits<char>,std::allocator<char> > const > &,base::time const > &)>___resourcedispatcher::dispatchmessagew___resourcedispatcher::onmessagereceived___childthread::onmessagereceived___runnablemethod<selectfiledialogimpl,void > (__thiscall > selectfiledialogimpl::*)(selectfiledialogimpl::executeselectparams const > &),tuple1<selectfiledialogimpl::executeselectparams> > >> >> ::run___messageloop::runtask___messageloop::dowork___base::messagepumpdefault::run___messageloop::runinternal___messageloop::run___renderermain >> > PREFIX : > webkit_glue::resourcefetcher::didfail___webkit_glue::weburlloaderimpl::context::oncompletedrequest___resourcedispatcher::onrequestcomplete___ipc::messagewithtuple<tuple4<int,urlrequeststatus,std::basic_string<char,std::char_traits<char>,std::allocator<char> > > >> ,base::time> >::dispatch<resourcedispatcher,resourcedispatcher,void >> > (__thiscall resourcedispatcher::*)(int,urlrequeststatus const > &,std::basic_string<char,std::char_traits<char>,std::allocator<char> > const > &,base::time const > &)>___resourcedispatcher::dispatchmessagew___resourcedispatcher::onmessagereceived___childthread::onmessagereceived___runnablemethod<profilewriter,void > (__thiscall profilewriter::*)(gurl const &),tuple1<gurl> > >> >> ::run___messageloop::runtask___messageloop::dowork___base::messagepumpdefault::run___messageloop::runinternal___messageloop::run___renderermain >> > > -# 72337 > -PREFIX : > webcore::qualifiedname::~qualifiedname___webcore::cssmappedattributedeclaration::setmappedstate___webcore::htmltableelement::addsharedcellpaddingdecl___webcore::htmltableelement::addsharedcelldecls___webcore::cssstyleselector::styleforelement___webcore::node::styleforrenderer___webcore::node::createrendererifneeded___webcore::element::attach___webcore::htmlconstructionsite::attach<webcore::element>___webcore::htmlconstructionsite::inserthtmlelement___webcore::htmltreebuilder::processstarttag___webcore::htmltreebuilder::constructtreefromatomictoken___webcore::htmltreebuilder::constructtreefromtoken___webcore::htmldocumentparser::pumptokenizer___webcore::htmldocumentparser::append___webcore::decodeddatadocumentparser::appendbytes___webcore::documentwriter::adddata___webcore::documentloader::commitdata___webkit::frameloaderclientimpl::committedload___webcore::documentloader::commitload___webcore::documentloader::receiveddata___webcore::mainresourceloader::adddata___webcore::resourceloader::didreceivedata___webcore::mainresourceloader::didreceivedata___webcore::resourceloader::didreceivedata___webcore::resourcehandleinternal::didreceivedata___webkit_glue::weburlloaderimpl::context::onreceiveddata___resourcedispatcher::onreceiveddata___ipc::messagewithtuple<tuple3<int,void > *,int> >::dispatch<resourcedispatcher,resourcedispatcher,int,void > *,int>___resourcedispatcher::dispatchmessagew___resourcedispatcher::onmessagereceived___childthread::onmessagereceived___runnablemethod<browsingdataappcachehelper,void > (__thiscall browsingdataappcachehelper::*)(gurl const &),tuple1<gurl> > >> ::run___messageloop::runtask___messageloop::dowork___base::messagepumpdefault::run___messageloop::runinternal___messageloop::run___renderermain___`anonymous >> >> > > namespace'::runnamedprocesstypemain___chromemain___maindllloader::launch___wwinmain_____tmaincrtstartup > - > # 72796 > PREFIX : > webcore::timerbase::timerbase___webcore::suspendabletimer::suspendabletimer___webcore::domtimer::domtimer___webcore::domtimer::install___webcore::windowsettimeoutimpl___webcore::v8domwindow::settimeoutcallback___v8::internal::handleapicallhelper<0>___v8::internal::builtin_handleapicall___v8::internal::invoke___v8::internal::execution::call___v8::function::call___webcore::v8proxy::callfunction___webcore::scheduledaction::execute___webcore::scheduledaction::execute___webcore::domtimer::fired___webcore::threadtimers::sharedtimerfiredinternal___messageloop::runtask___messageloop::dowork___base::messagepumpdefault::run___messageloop::runinternal___messageloop::run___renderermain___`anonymous > namespace'::runnamedprocesstypemain___chromemain___maindllloader::launch___wwinmain_____tmaincrtstartup > > @@ -143,48 +140,21 @@ > # 73575 > PREFIX: > webkit::webnode::document___autofill::formmanager::resetframe___renderview::willclose___webkit::frameloaderclientimpl::dispatchwillclose___webcore::frameloader::closeolddatasources___webcore::frameloader::commitprovisionalload___webcore::documentloader::commitload___webcore::documentloader::receiveddata___webcore::mainresourceloader::adddata___webcore::resourceloader::didreceivedata___webcore::mainresourceloader::didreceivedata___webcore::resourceloader::didreceivedata___webcore::resourcehandleinternal::didreceivedata___webkit_glue::weburlloaderimpl::context::onreceiveddata___resourcedispatcher::onreceiveddata___ipc::messagewithtuple<tuple3<int,void > *,int> >::dispatch<resourcedispatcher,resourcedispatcher,int,void > *,int>___resourcedispatcher::dispatchmessagew___resourcedispatcher::onmessagereceived___childthread::onmessagereceived___runnablemethod<spellcheckhost,void > (__thiscall > spellcheckhost::*)(std::basic_string<char,std::char_traits<char>,std::allocator<char> > > >> const >> > &),tuple1<std::basic_string<char,std::char_traits<char>,std::allocator<char> > > >> > >> ::run___messageloop::runtask___messageloop::dowork___base::messagepumpdefault::run___messageloop::runinternal___messageloop::run___renderermain___`anonymous >> >> > > namespace'::runnamedprocesstypemain___chromemain___maindllloader::launch___wwinmain_____tmaincrtstartup > > -# 74462 > -PREFIX: > webcore::shadowdata::shadowdata___webcore::stylerareinheriteddata::stylerareinheriteddata___webcore::dataref<webcore::stylerareinheriteddata>::access___webcore::renderstyle::clearcursorlist___webcore::cssstyleselector::applyproperty___webcore::cssstyleselector::applydeclarations<0>___webcore::cssstyleselector::styleforelement___webcore::node::styleforrenderer___webcore::node::createrendererifneeded___webcore::element::attach___webcore::htmlconstructionsite::attach<webcore::documenttype>___webcore::htmlconstructionsite::inserthtmlelement___webcore::htmlconstructionsite::insertformattingelement___webcore::htmltreebuilder::processstarttagforinbody___webcore::htmltreebuilder::processstarttag___webcore::htmltreebuilder::constructtreefromatomictoken___webcore::htmltreebuilder::constructtreefromtoken___webcore::htmldocumentparser::pumptokenizer___webcore::htmldocumentparser::append___webcore::decodeddatadocumentparser::appendbytes___webcore::documentwriter::adddata___webcore::documentloader::commitdata___webkit::frameloaderclientimpl::committedload___webcore::documentloader::commitload___webcore::documentloader::receiveddata___webcore::mainresourceloader::adddata___webcore::resourceloader::didreceivedata___webcore::mainresourceloader::didreceivedata___webcore::resourceloader::didreceivedata___webcore::resourcehandleinternal::didreceivedata___webkit_glue::weburlloaderimpl::context::onreceiveddata___resourcedispatcher::onreceiveddata___ipc::messagewithtuple<tuple3<int,void > *,int> >::dispatch<resourcedispatcher,resourcedispatcher,int,void > *,int>___resourcedispatcher::dispatchmessagew___resourcedispatcher::onmessagereceived___childthread::onmessagereceived___runnablemethod<notifier::pushnotificationsthread,void > (__thiscall > notifier::pushnotificationsthread::*)(std::vector<std::basic_string<char,std::char_traits<char>,std::allocator<char> > > >> ,std::allocator<std::basic_string<char,std::char_traits<char>,std::allocator<char> >> > > const >> > &),tuple1<std::vector<std::basic_string<char,std::char_traits<char>,std::allocator<char> > > >> ,std::allocator<std::basic_string<char,std::char_traits<char>,std::allocator<char> >> > > > >> ::run___messageloop::runtask___messageloop::dowork___base::messagepumpdefault::run___messageloop::runinternal___messageloop::run___renderermain___`anonymous >> >> > > namespace'::runnamedprocesstypemain___chromemain___maindllloader::launch___wwinmain_____tmaincrtstartup > - > -# 74545 > -PREFIX: > webcore::containernode::containernode___webcore::htmlformcontrolelement::htmlformcontrolelement___webcore::htmlformcontrolelementwithstate::htmlformcontrolelementwithstate___webcore::htmltextformcontrolelement::htmltextformcontrolelement___webcore::htmlinputelement::htmlinputelement___webcore::htmlinputelement::create___webcore::inputconstructor___webcore::htmlelementfactory::createhtmlelement___webcore::htmldocument::createelement___webcore::documentinternal::createelementcallback___v8::internal::invoke___v8::internal::execution::call___v8::script::run___webcore::v8proxy::runscript___webcore::v8proxy::evaluate___webcore::scriptcontroller::evaluate___webcore::scriptelement::executescript___webcore::scriptelement::execute___webcore::asyncscriptrunner::timerfired > - > -# 74609 > -PREFIX: > webcore::filllayer::filllayer___webcore::filllayer::filllayer___webcore::stylebackgrounddata::stylebackgrounddata___webcore::dataref<webcore::stylebackgrounddata>::access___webcore::cssstyleselector::adjustrenderstyle___webcore::cssstyleselector::styleforelement___webcore::element::recalcstyle___webcore::element::recalcstyle___webcore::element::recalcstyle___webcore::document::recalcstyle___webcore::document::updatestyleifneeded___webcore::document::updatestyleforalldocuments___webcore::scheduledaction::execute___webcore::scheduledaction::execute___webcore::domtimer::fired___webcore::threadtimers::sharedtimerfiredinternal___messageloop::runtask___messageloop::dowork___base::messagepumpdefault::run___messageloop::runinternal___messageloop::run___renderermain___`anonymous > namespace'::runnamedprocesstypemain___chromemain___maindllloader::launch___wwinmain_____tmaincrtstartup > - > # 74607 > PREFIX: > webcore::renderstyle::getshadowverticalextent___webcore::inlineflowbox::addtextboxvisualoverflow___webcore::inlineflowbox::computeoverflow___webcore::renderblock::layoutinlinechildren___webcore::renderblock::layoutblock___webcore::renderblock::layout___webcore::renderblock::layoutblockchild___webcore::renderblock::layoutblockchildren___webcore::renderblock::layoutblock___webcore::renderblock::layout___webcore::renderblock::layoutblockchild___webcore::renderblock::layoutblockchildren___webcore::renderblock::layoutblock___webcore::renderblock::layout___webcore::renderblock::layoutblockchild___webcore::renderblock::layoutblockchildren___webcore::renderblock::layoutblock___webcore::renderblock::layout___webcore::renderblock::layoutpositionedobjects___webcore::renderblock::layoutblock___webcore::renderblock::layout___webcore::renderblock::layoutblockchild___webcore::renderblock::layoutblockchildren___webcore::renderblock::layoutblock___webcore::renderblock::layout___webcore::renderblock::layoutblockchild___webcore::renderblock::layoutblockchildren___webcore::renderblock::layoutblock___webcore::renderblock::layout___webcore::renderblock::layoutblockchild___webcore::renderblock::layoutblockchildren___webcore::renderblock::layoutblock___webcore::renderblock::layout___webcore::renderblock::layoutblockchild___webcore::renderblock::layoutblockchildren___webcore::renderblock::layoutblock___webcore::rendertablecell::layout___webcore::rendertablerow::layout___webcore::rendertablesection::layout___webcore::rendertable::layout___webcore::renderblock::layoutblockchild___webcore::renderblock::layoutblockchildren___webcore::renderblock::layoutblock___webcore::renderblock::layout___webcore::renderblock::layoutblockchild___webcore::renderblock::layoutblockchildren___webcore::renderblock::layoutblock___webcore::renderblock::layout___webcore::renderblock::layoutblockchild___webcore::renderblock::layoutblockchildren___webcore::renderblock::layoutblock___webcore::renderblock::layout___webcore::renderview::layout___webcore::frameview::layout___webcore::frameview::updatelayoutandstyleifneededrecursive___renderwidget::dodeferredupdate___renderwidget::onupdaterectack___ipc::message::dispatch<renderview,renderview>___renderwidget::onmessagereceived___renderview::onmessagereceived___messagerouter::routemessage___messagerouter::onmessagereceived___childthread::onmessagereceived___runnablemethod<cancelablerequest<callbackrunner<tuple3<int,scoped_refptr<history::mostvisitedthumbnails>,bool> > > >> >,void (__thiscall >> > cancelablerequest<callbackrunner<tuple3<int,scoped_refptr<history::mostvisitedthumbnails>,bool> > > >> >::*)(tuple3<int,scoped_refptr<history::mostvisitedthumbnails>,bool> >> > const > &),tuple1<tuple3<int,scoped_refptr<history::mostvisitedthumbnails>,bool> > > >> ::run___messageloop::runtask___messageloop::dowork___base::messagepumpdefault::run___messageloop::runinternal___messageloop::run___renderermain___`anonymous >> >> > > namespace'::runnamedprocesstypemain___chromemain___maindllloader::launch___wwinmain_____tmaincrtstartup > > -# 74796 > -PREFIX: > wtf::stringimpl::createuninitialized___wtf::stringimpl::create___wtf::stringimpl::create___wtf::string::string___webcore::htmldocument::setcompatibilitymodefromdoctype___webcore::htmlconstructionsite::insertdoctype___webcore::htmltreebuilder::processdoctypetoken___webcore::htmltreebuilder::constructtreefromatomictoken___webcore::htmltreebuilder::constructtreefromtoken___webcore::htmldocumentparser::pumptokenizer___webcore::htmldocumentparser::append___webcore::decodeddatadocumentparser::appendbytes___webcore::documentwriter::adddata___webcore::documentloader::commitdata___webkit::frameloaderclientimpl::committedload___webcore::documentloader::commitload___webcore::documentloader::receiveddata___webcore::mainresourceloader::adddata___webcore::resourceloader::didreceivedata___webcore::mainresourceloader::didreceivedata___webcore::resourceloader::didreceivedata___webcore::resourcehandleinternal::didreceivedata___webkit_glue::weburlloaderimpl::context::onreceiveddata___resourcedispatcher::onreceiveddata___ipc::messagewithtuple<tuple3<int,void > *,int> >::dispatch<resourcedispatcher,resourcedispatcher,int,void > *,int>___resourcedispatcher::dispatchmessagew___resourcedispatcher::onmessagereceived___childthread::onmessagereceived___runnablemethod<history::historybackend,void > (__thiscall history::historybackend::*)(gurl const &),tuple1<gurl> > >> ::run___messageloop::runtask___messageloop::dowork___base::messagepumpdefault::run___messageloop::runinternal___messageloop::run___renderermain___`anonymous >> >> > > namespace'::runnamedprocesstypemain___chromemain___maindllloader::launch___wwinmain_____tmaincrtstartup > - > # 74926 > PREFIX: > webcore::htmltreebuilder::constructtreefromatomictoken___webcore::htmltreebuilder::constructtreefromtoken___webcore::htmldocumentparser::pumptokenizer___webcore::htmldocumentparser::insert___webcore::htmldocumentparser::parsedocumentfragment___webcore::documentfragment::parsehtml___webcore::createfragmentfromsource___webcore::htmlelement::setinnerhtml___webcore::htmlelementinternal::innerhtmlattrsetter___v8::internal::jsobject::setpropertywithcallback___v8::internal::jsobject::setproperty___v8::internal::jsobject::setproperty___v8::internal::storeic::store___v8::internal::storeic_miss > > # 75296 > PREFIX: > std::_tree<std::_tmap_traits<int,webkit_glue::passwordform,std::less<int>,std::allocator<std::pair<int > const ,webkit_glue::passwordform> >,0> > > > -# 75318 > -PREFIX: > wtf::deleteallpairseconds<wtf::vector<webcore::registeredeventlistener,1> > *,wtf::hashmap<wtf::atomicstring,wtf::vector<webcore::registeredeventlistener,1> > *,wtf::atomicstringhash,wtf::hashtraits<wtf::atomicstring>,wtf::hashtraits<wtf::vector<webcore::registeredeventlistener,1> > *> > const > >> >> ___webcore::eventtarget::removealleventlisteners___webcore::document::removealleventlisteners___webcore::frameloader::stoploading___webcore::frameloader::closeurl___webcore::frameloader::transitiontocommitted___webcore::frameloader::commitprovisionalload___webcore::documentloader::commitload >> > - > # 75352 > PREFIX: > webcore::reportfatalerrorinv8___v8::internal::v8::fatalprocessoutofmemory___v8::internal::setelement___v8::internal::runtime::setobjectproperty___v8::internal::runtime_setproperty___v8::internal::invoke___v8::internal::execution::call___v8::script::run___webcore::v8proxy::runscript___webcore::v8proxy::evaluate___webcore::scriptcontroller::evaluate___webcore::scriptelement::executescript___webcore::scriptelement::preparescript___webcore::htmlscriptrunner::runscript___webcore::htmlscriptrunner::execute___webcore::htmldocumentparser::runscriptsforpausedtreebuilder___webcore::htmldocumentparser::cantakenexttoken___webcore::htmldocumentparser::pumptokenizer___webcore::htmldocumentparser::resumeparsingafterscriptexecution___webcore::htmldocumentparser::notifyfinished___webcore::cachedscript::checknotify___webcore::cachedscript::data___webcore::cachedresourcerequest::didfinishloading___webcore::subresourceloader::didfinishloading___webcore::resourceloader::didfinishloading___webcore::resourcehandleinternal::didfinishloading___webkit_glue::weburlloaderimpl::context::oncompletedrequest___resourcedispatcher::onrequestcomplete___ipc::messagewithtuple<tuple4<int,net::urlrequeststatus,std::basic_string<char,std::char_traits<char>,std::allocator<char> > > >> ,base::time> >::dispatch<resourcedispatcher,resourcedispatcher,void >> > (__thiscall resourcedispatcher::*)(int,net::urlrequeststatus const > &,std::basic_string<char,std::char_traits<char>,std::allocator<char> > const > &,base::time const > &)>___resourcedispatcher::dispatchmessagew___resourcedispatcher::onmessagereceived___childthread::onmessagereceived___runnablemethod<cancelablerequest<callbackrunner<tuple2<int,std::vector<history::mostvisitedurl,std::allocator<history::mostvisitedurl> > > >> > > >,void (__thiscall >> > cancelablerequest<callbackrunner<tuple2<int,std::vector<history::mostvisitedurl,std::allocator<history::mostvisitedurl> > > >> > > >> ::*)(tuple2<int,std::vector<history::mostvisitedurl,std::allocator<history::mostvisitedurl> >> > const >> > &),tuple1<tuple2<int,std::vector<history::mostvisitedurl,std::allocator<history::mostvisitedurl> > > >> > > >> ::run___messageloop::runtask___messageloop::dowork___base::messagepumpdefault::run___messageloop::runinternal___messageloop::run___renderermain___`anonymous >> >> > > namespace'::runnamedprocesstypemain___chromemain___maindllloader::launch___wwinmain_____tmaincrtstartup > > -# 75361 > -PREFIX: > webcore::cssparser::createfloatingvaluelist___cssyyparse___webcore::cssparser::parsesheet___webcore::cssstylesheet::parsestringatline___webcore::styleelement::createsheet___webcore::styleelement::process___webcore::styleelement::finishparsingchildren > - > # 75368 > PREFIX: > skpixelref::unlockpixels___skbitmap::freepixels___webcore::framedata::clear___wtf::vector<webcore::framedata,0>::shrink___webcore::bitmapimage::~bitmapimage___webcore::bitmapimage::`scalar > deleting > destructor'___webcore::cachedimage::~cachedimage___webcore::cachedimage::`scalar > deleting destructor' > > -# 75373 > -PREFIX: > webcore::scriptexecutioncontext::~scriptexecutioncontext___webcore::document::~document___webcore::imagedocument::`scalar > deleting > destructor'___webcore::node::~node___webcore::htmlparagraphelement::`scalar > deleting > destructor'___themeinstalledinfobardelegate::infobarclosed___webcore::domdatastore::weaknodecallback___v8::internal::globalhandles::node::postgarbagecollectionprocessing___v8::internal::globalhandles::postgarbagecollectionprocessing > - > -# 75447 > -PREFIX: > tcmalloc::threadcache::freelist::poprange___tcmalloc::threadcache::releasetocentralcache___tcmalloc::threadcache::listtoolong___tcmalloc::threadcache::deallocate___`anonymous > namespace'::do_free_with_callback___free___pickle::~pickle___ppapihostmsg_ppbtesting_runmessageloop::`scalar > deleting destructor'___ipc::channel::channelimpl::processoutgoingmessages > - > -# 75455 > -PREFIX: > webcore::cssselector::~cssselector___webcore::cssselectorlist::deleteselectors___webcore::cssstylerule::~cssstylerule___webcore::cssstylerule::`scalar > deleting > destructor'___wtf::vectordestructor<1,wtf::refptr<webcore::cssvalue> > >> ::destruct___webcore::stylesheet::~stylesheet___webcore::cssstylesheet::`scalar >> >> > deleting > destructor'___wtf::vectordestructor<1,wtf::refptr<webcore::cssvalue> > >> ::destruct___webcore::stylesheetlist::~stylesheetlist___webcore::document::~document___webcore::ftpdirectorydocument::`scalar >> >> > deleting > destructor'___webcore::node::~node___webcore::deletebutton::`scalar deleting > destructor'___v8::string::externalstringresourcebase::dispose___webcore::domdatastore::weaknodecallback___v8::internal::globalhandles::node::postgarbagecollectionprocessing > - > # 75459 > PREFIX: > webcore::inlinebox::logicalheight___webcore::inlineflowbox::maxyvisualoverflow___webcore::renderlineboxlist::anylineintersectsrect___webcore::renderlineboxlist::paint___webcore::renderblock::paintcontents___webcore::renderblock::paintobject > > > >
LGTM Yay! On Fri, Mar 11, 2011 at 3:30 PM, Mihai Parparita <mihaip@chromium.org> wrote: > I'll probably wait till Monday to land this (and check again then to make > sure that none of the crashes have happened over the weekend). > Mihai > > On Fri, Mar 11, 2011 at 3:29 PM, <mihaip@chromium.org> wrote: >> >> Reviewers: tonyg, >> >> Description: >> Remove all known crashes in constructors or destructors that have not >> recurred >> since http://trac.webkit.org/changeset/80686 was rolled. They were >> probably >> manifestations of the same memory corruption. >> >> TEST=none >> BUG=75455,75447,75373,72337,74462,74545,74609,74796,75318,75361 >> >> Please review this at http://codereview.chromium.org/6681015/ >> >> SVN Base: svn://svn.chromium.org/chrome/trunk/src/ >> >> Affected files: >> M chrome/test/data/reliability/known_crashes.txt >> >> >> Index: chrome/test/data/reliability/known_crashes.txt >> =================================================================== >> --- chrome/test/data/reliability/known_crashes.txt (revision 77880) >> +++ chrome/test/data/reliability/known_crashes.txt (working copy) >> @@ -131,9 +131,6 @@ >> PREFIX : >> webkit_glue::resourcefetcher::didfail___webkit_glue::weburlloaderimpl::context::oncompletedrequest___resourcedispatcher::onrequestcomplete___ipc::messagewithtuple<tuple4<int,urlrequeststatus,std::basic_string<char,std::char_traits<char>,std::allocator<char> >>> >>> ,base::time> >::dispatch<resourcedispatcher,void (__thiscall >> >> resourcedispatcher::*)(int,urlrequeststatus const >> &,std::basic_string<char,std::char_traits<char>,std::allocator<char> > const >> &,base::time const >> &)>___resourcedispatcher::dispatchmessagew___resourcedispatcher::onmessagereceived___childthread::onmessagereceived___runnablemethod<selectfiledialogimpl,void >> (__thiscall >> selectfiledialogimpl::*)(selectfiledialogimpl::executeselectparams const >> &),tuple1<selectfiledialogimpl::executeselectparams> >>> >>> >>> ::run___messageloop::runtask___messageloop::dowork___base::messagepumpdefault::run___messageloop::runinternal___messageloop::run___renderermain >> >> PREFIX : >> webkit_glue::resourcefetcher::didfail___webkit_glue::weburlloaderimpl::context::oncompletedrequest___resourcedispatcher::onrequestcomplete___ipc::messagewithtuple<tuple4<int,urlrequeststatus,std::basic_string<char,std::char_traits<char>,std::allocator<char> >>> >>> ,base::time> >::dispatch<resourcedispatcher,resourcedispatcher,void >> >> (__thiscall resourcedispatcher::*)(int,urlrequeststatus const >> &,std::basic_string<char,std::char_traits<char>,std::allocator<char> > const >> &,base::time const >> &)>___resourcedispatcher::dispatchmessagew___resourcedispatcher::onmessagereceived___childthread::onmessagereceived___runnablemethod<profilewriter,void >> (__thiscall profilewriter::*)(gurl const &),tuple1<gurl> >>> >>> >>> ::run___messageloop::runtask___messageloop::dowork___base::messagepumpdefault::run___messageloop::runinternal___messageloop::run___renderermain >> >> -# 72337 >> -PREFIX : >> webcore::qualifiedname::~qualifiedname___webcore::cssmappedattributedeclaration::setmappedstate___webcore::htmltableelement::addsharedcellpaddingdecl___webcore::htmltableelement::addsharedcelldecls___webcore::cssstyleselector::styleforelement___webcore::node::styleforrenderer___webcore::node::createrendererifneeded___webcore::element::attach___webcore::htmlconstructionsite::attach<webcore::element>___webcore::htmlconstructionsite::inserthtmlelement___webcore::htmltreebuilder::processstarttag___webcore::htmltreebuilder::constructtreefromatomictoken___webcore::htmltreebuilder::constructtreefromtoken___webcore::htmldocumentparser::pumptokenizer___webcore::htmldocumentparser::append___webcore::decodeddatadocumentparser::appendbytes___webcore::documentwriter::adddata___webcore::documentloader::commitdata___webkit::frameloaderclientimpl::committedload___webcore::documentloader::commitload___webcore::documentloader::receiveddata___webcore::mainresourceloader::adddata___webcore::resourceloader::didreceivedata___webcore::mainresourceloader::didreceivedata___webcore::resourceloader::didreceivedata___webcore::resourcehandleinternal::didreceivedata___webkit_glue::weburlloaderimpl::context::onreceiveddata___resourcedispatcher::onreceiveddata___ipc::messagewithtuple<tuple3<int,void >> *,int> >::dispatch<resourcedispatcher,resourcedispatcher,int,void >> *,int>___resourcedispatcher::dispatchmessagew___resourcedispatcher::onmessagereceived___childthread::onmessagereceived___runnablemethod<browsingdataappcachehelper,void >> (__thiscall browsingdataappcachehelper::*)(gurl const &),tuple1<gurl> >>> >>> >>> ::run___messageloop::runtask___messageloop::dowork___base::messagepumpdefault::run___messageloop::runinternal___messageloop::run___renderermain___`anonymous >> >> >> namespace'::runnamedprocesstypemain___chromemain___maindllloader::launch___wwinmain_____tmaincrtstartup >> - >> # 72796 >> PREFIX : >> webcore::timerbase::timerbase___webcore::suspendabletimer::suspendabletimer___webcore::domtimer::domtimer___webcore::domtimer::install___webcore::windowsettimeoutimpl___webcore::v8domwindow::settimeoutcallback___v8::internal::handleapicallhelper<0>___v8::internal::builtin_handleapicall___v8::internal::invoke___v8::internal::execution::call___v8::function::call___webcore::v8proxy::callfunction___webcore::scheduledaction::execute___webcore::scheduledaction::execute___webcore::domtimer::fired___webcore::threadtimers::sharedtimerfiredinternal___messageloop::runtask___messageloop::dowork___base::messagepumpdefault::run___messageloop::runinternal___messageloop::run___renderermain___`anonymous >> namespace'::runnamedprocesstypemain___chromemain___maindllloader::launch___wwinmain_____tmaincrtstartup >> >> @@ -143,48 +140,21 @@ >> # 73575 >> PREFIX: >> webkit::webnode::document___autofill::formmanager::resetframe___renderview::willclose___webkit::frameloaderclientimpl::dispatchwillclose___webcore::frameloader::closeolddatasources___webcore::frameloader::commitprovisionalload___webcore::documentloader::commitload___webcore::documentloader::receiveddata___webcore::mainresourceloader::adddata___webcore::resourceloader::didreceivedata___webcore::mainresourceloader::didreceivedata___webcore::resourceloader::didreceivedata___webcore::resourcehandleinternal::didreceivedata___webkit_glue::weburlloaderimpl::context::onreceiveddata___resourcedispatcher::onreceiveddata___ipc::messagewithtuple<tuple3<int,void >> *,int> >::dispatch<resourcedispatcher,resourcedispatcher,int,void >> *,int>___resourcedispatcher::dispatchmessagew___resourcedispatcher::onmessagereceived___childthread::onmessagereceived___runnablemethod<spellcheckhost,void >> (__thiscall >> spellcheckhost::*)(std::basic_string<char,std::char_traits<char>,std::allocator<char> >>> >>> const >> >> >> &),tuple1<std::basic_string<char,std::char_traits<char>,std::allocator<char> >>> >>> > >>> > ::run___messageloop::runtask___messageloop::dowork___base::messagepumpdefault::run___messageloop::runinternal___messageloop::run___renderermain___`anonymous >> >> >> namespace'::runnamedprocesstypemain___chromemain___maindllloader::launch___wwinmain_____tmaincrtstartup >> >> -# 74462 >> -PREFIX: >> webcore::shadowdata::shadowdata___webcore::stylerareinheriteddata::stylerareinheriteddata___webcore::dataref<webcore::stylerareinheriteddata>::access___webcore::renderstyle::clearcursorlist___webcore::cssstyleselector::applyproperty___webcore::cssstyleselector::applydeclarations<0>___webcore::cssstyleselector::styleforelement___webcore::node::styleforrenderer___webcore::node::createrendererifneeded___webcore::element::attach___webcore::htmlconstructionsite::attach<webcore::documenttype>___webcore::htmlconstructionsite::inserthtmlelement___webcore::htmlconstructionsite::insertformattingelement___webcore::htmltreebuilder::processstarttagforinbody___webcore::htmltreebuilder::processstarttag___webcore::htmltreebuilder::constructtreefromatomictoken___webcore::htmltreebuilder::constructtreefromtoken___webcore::htmldocumentparser::pumptokenizer___webcore::htmldocumentparser::append___webcore::decodeddatadocumentparser::appendbytes___webcore::documentwriter::adddata___webcore::documentloader::commitdata___webkit::frameloaderclientimpl::committedload___webcore::documentloader::commitload___webcore::documentloader::receiveddata___webcore::mainresourceloader::adddata___webcore::resourceloader::didreceivedata___webcore::mainresourceloader::didreceivedata___webcore::resourceloader::didreceivedata___webcore::resourcehandleinternal::didreceivedata___webkit_glue::weburlloaderimpl::context::onreceiveddata___resourcedispatcher::onreceiveddata___ipc::messagewithtuple<tuple3<int,void >> *,int> >::dispatch<resourcedispatcher,resourcedispatcher,int,void >> *,int>___resourcedispatcher::dispatchmessagew___resourcedispatcher::onmessagereceived___childthread::onmessagereceived___runnablemethod<notifier::pushnotificationsthread,void >> (__thiscall >> notifier::pushnotificationsthread::*)(std::vector<std::basic_string<char,std::char_traits<char>,std::allocator<char> >>> >>> >>> ,std::allocator<std::basic_string<char,std::char_traits<char>,std::allocator<char> >>> > > const >> >> >> &),tuple1<std::vector<std::basic_string<char,std::char_traits<char>,std::allocator<char> >>> >>> >>> ,std::allocator<std::basic_string<char,std::char_traits<char>,std::allocator<char> >>> > > > >>> ::run___messageloop::runtask___messageloop::dowork___base::messagepumpdefault::run___messageloop::runinternal___messageloop::run___renderermain___`anonymous >> >> >> namespace'::runnamedprocesstypemain___chromemain___maindllloader::launch___wwinmain_____tmaincrtstartup >> - >> -# 74545 >> -PREFIX: >> webcore::containernode::containernode___webcore::htmlformcontrolelement::htmlformcontrolelement___webcore::htmlformcontrolelementwithstate::htmlformcontrolelementwithstate___webcore::htmltextformcontrolelement::htmltextformcontrolelement___webcore::htmlinputelement::htmlinputelement___webcore::htmlinputelement::create___webcore::inputconstructor___webcore::htmlelementfactory::createhtmlelement___webcore::htmldocument::createelement___webcore::documentinternal::createelementcallback___v8::internal::invoke___v8::internal::execution::call___v8::script::run___webcore::v8proxy::runscript___webcore::v8proxy::evaluate___webcore::scriptcontroller::evaluate___webcore::scriptelement::executescript___webcore::scriptelement::execute___webcore::asyncscriptrunner::timerfired >> - >> -# 74609 >> -PREFIX: >> webcore::filllayer::filllayer___webcore::filllayer::filllayer___webcore::stylebackgrounddata::stylebackgrounddata___webcore::dataref<webcore::stylebackgrounddata>::access___webcore::cssstyleselector::adjustrenderstyle___webcore::cssstyleselector::styleforelement___webcore::element::recalcstyle___webcore::element::recalcstyle___webcore::element::recalcstyle___webcore::document::recalcstyle___webcore::document::updatestyleifneeded___webcore::document::updatestyleforalldocuments___webcore::scheduledaction::execute___webcore::scheduledaction::execute___webcore::domtimer::fired___webcore::threadtimers::sharedtimerfiredinternal___messageloop::runtask___messageloop::dowork___base::messagepumpdefault::run___messageloop::runinternal___messageloop::run___renderermain___`anonymous >> namespace'::runnamedprocesstypemain___chromemain___maindllloader::launch___wwinmain_____tmaincrtstartup >> - >> # 74607 >> PREFIX: >> webcore::renderstyle::getshadowverticalextent___webcore::inlineflowbox::addtextboxvisualoverflow___webcore::inlineflowbox::computeoverflow___webcore::renderblock::layoutinlinechildren___webcore::renderblock::layoutblock___webcore::renderblock::layout___webcore::renderblock::layoutblockchild___webcore::renderblock::layoutblockchildren___webcore::renderblock::layoutblock___webcore::renderblock::layout___webcore::renderblock::layoutblockchild___webcore::renderblock::layoutblockchildren___webcore::renderblock::layoutblock___webcore::renderblock::layout___webcore::renderblock::layoutblockchild___webcore::renderblock::layoutblockchildren___webcore::renderblock::layoutblock___webcore::renderblock::layout___webcore::renderblock::layoutpositionedobjects___webcore::renderblock::layoutblock___webcore::renderblock::layout___webcore::renderblock::layoutblockchild___webcore::renderblock::layoutblockchildren___webcore::renderblock::layoutblock___webcore::renderblock::layout___webcore::renderblock::layoutblockchild___webcore::renderblock::layoutblockchildren___webcore::renderblock::layoutblock___webcore::renderblock::layout___webcore::renderblock::layoutblockchild___webcore::renderblock::layoutblockchildren___webcore::renderblock::layoutblock___webcore::renderblock::layout___webcore::renderblock::layoutblockchild___webcore::renderblock::layoutblockchildren___webcore::renderblock::layoutblock___webcore::rendertablecell::layout___webcore::rendertablerow::layout___webcore::rendertablesection::layout___webcore::rendertable::layout___webcore::renderblock::layoutblockchild___webcore::renderblock::layoutblockchildren___webcore::renderblock::layoutblock___webcore::renderblock::layout___webcore::renderblock::layoutblockchild___webcore::renderblock::layoutblockchildren___webcore::renderblock::layoutblock___webcore::renderblock::layout___webcore::renderblock::layoutblockchild___webcore::renderblock::layoutblockchildren___webcore::renderblock::layoutblock___webcore::renderblock::layout___webcore::renderview::layout___webcore::frameview::layout___webcore::frameview::updatelayoutandstyleifneededrecursive___renderwidget::dodeferredupdate___renderwidget::onupdaterectack___ipc::message::dispatch<renderview,renderview>___renderwidget::onmessagereceived___renderview::onmessagereceived___messagerouter::routemessage___messagerouter::onmessagereceived___childthread::onmessagereceived___runnablemethod<cancelablerequest<callbackrunner<tuple3<int,scoped_refptr<history::mostvisitedthumbnails>,bool> >>> >>> >,void (__thiscall >> >> >> cancelablerequest<callbackrunner<tuple3<int,scoped_refptr<history::mostvisitedthumbnails>,bool> >>> >>> >::*)(tuple3<int,scoped_refptr<history::mostvisitedthumbnails>,bool> >> >> const >> &),tuple1<tuple3<int,scoped_refptr<history::mostvisitedthumbnails>,bool> > >>> >>> >>> ::run___messageloop::runtask___messageloop::dowork___base::messagepumpdefault::run___messageloop::runinternal___messageloop::run___renderermain___`anonymous >> >> >> namespace'::runnamedprocesstypemain___chromemain___maindllloader::launch___wwinmain_____tmaincrtstartup >> >> -# 74796 >> -PREFIX: >> wtf::stringimpl::createuninitialized___wtf::stringimpl::create___wtf::stringimpl::create___wtf::string::string___webcore::htmldocument::setcompatibilitymodefromdoctype___webcore::htmlconstructionsite::insertdoctype___webcore::htmltreebuilder::processdoctypetoken___webcore::htmltreebuilder::constructtreefromatomictoken___webcore::htmltreebuilder::constructtreefromtoken___webcore::htmldocumentparser::pumptokenizer___webcore::htmldocumentparser::append___webcore::decodeddatadocumentparser::appendbytes___webcore::documentwriter::adddata___webcore::documentloader::commitdata___webkit::frameloaderclientimpl::committedload___webcore::documentloader::commitload___webcore::documentloader::receiveddata___webcore::mainresourceloader::adddata___webcore::resourceloader::didreceivedata___webcore::mainresourceloader::didreceivedata___webcore::resourceloader::didreceivedata___webcore::resourcehandleinternal::didreceivedata___webkit_glue::weburlloaderimpl::context::onreceiveddata___resourcedispatcher::onreceiveddata___ipc::messagewithtuple<tuple3<int,void >> *,int> >::dispatch<resourcedispatcher,resourcedispatcher,int,void >> *,int>___resourcedispatcher::dispatchmessagew___resourcedispatcher::onmessagereceived___childthread::onmessagereceived___runnablemethod<history::historybackend,void >> (__thiscall history::historybackend::*)(gurl const &),tuple1<gurl> >>> >>> >>> ::run___messageloop::runtask___messageloop::dowork___base::messagepumpdefault::run___messageloop::runinternal___messageloop::run___renderermain___`anonymous >> >> >> namespace'::runnamedprocesstypemain___chromemain___maindllloader::launch___wwinmain_____tmaincrtstartup >> - >> # 74926 >> PREFIX: >> webcore::htmltreebuilder::constructtreefromatomictoken___webcore::htmltreebuilder::constructtreefromtoken___webcore::htmldocumentparser::pumptokenizer___webcore::htmldocumentparser::insert___webcore::htmldocumentparser::parsedocumentfragment___webcore::documentfragment::parsehtml___webcore::createfragmentfromsource___webcore::htmlelement::setinnerhtml___webcore::htmlelementinternal::innerhtmlattrsetter___v8::internal::jsobject::setpropertywithcallback___v8::internal::jsobject::setproperty___v8::internal::jsobject::setproperty___v8::internal::storeic::store___v8::internal::storeic_miss >> >> # 75296 >> PREFIX: >> std::_tree<std::_tmap_traits<int,webkit_glue::passwordform,std::less<int>,std::allocator<std::pair<int >> const ,webkit_glue::passwordform> >,0> > >> >> -# 75318 >> -PREFIX: >> wtf::deleteallpairseconds<wtf::vector<webcore::registeredeventlistener,1> >> *,wtf::hashmap<wtf::atomicstring,wtf::vector<webcore::registeredeventlistener,1> >> *,wtf::atomicstringhash,wtf::hashtraits<wtf::atomicstring>,wtf::hashtraits<wtf::vector<webcore::registeredeventlistener,1> >> *> > const >>> >>> >>> ___webcore::eventtarget::removealleventlisteners___webcore::document::removealleventlisteners___webcore::frameloader::stoploading___webcore::frameloader::closeurl___webcore::frameloader::transitiontocommitted___webcore::frameloader::commitprovisionalload___webcore::documentloader::commitload >> >> - >> # 75352 >> PREFIX: >> webcore::reportfatalerrorinv8___v8::internal::v8::fatalprocessoutofmemory___v8::internal::setelement___v8::internal::runtime::setobjectproperty___v8::internal::runtime_setproperty___v8::internal::invoke___v8::internal::execution::call___v8::script::run___webcore::v8proxy::runscript___webcore::v8proxy::evaluate___webcore::scriptcontroller::evaluate___webcore::scriptelement::executescript___webcore::scriptelement::preparescript___webcore::htmlscriptrunner::runscript___webcore::htmlscriptrunner::execute___webcore::htmldocumentparser::runscriptsforpausedtreebuilder___webcore::htmldocumentparser::cantakenexttoken___webcore::htmldocumentparser::pumptokenizer___webcore::htmldocumentparser::resumeparsingafterscriptexecution___webcore::htmldocumentparser::notifyfinished___webcore::cachedscript::checknotify___webcore::cachedscript::data___webcore::cachedresourcerequest::didfinishloading___webcore::subresourceloader::didfinishloading___webcore::resourceloader::didfinishloading___webcore::resourcehandleinternal::didfinishloading___webkit_glue::weburlloaderimpl::context::oncompletedrequest___resourcedispatcher::onrequestcomplete___ipc::messagewithtuple<tuple4<int,net::urlrequeststatus,std::basic_string<char,std::char_traits<char>,std::allocator<char> >>> >>> ,base::time> >::dispatch<resourcedispatcher,resourcedispatcher,void >> >> (__thiscall resourcedispatcher::*)(int,net::urlrequeststatus const >> &,std::basic_string<char,std::char_traits<char>,std::allocator<char> > const >> &,base::time const >> &)>___resourcedispatcher::dispatchmessagew___resourcedispatcher::onmessagereceived___childthread::onmessagereceived___runnablemethod<cancelablerequest<callbackrunner<tuple2<int,std::vector<history::mostvisitedurl,std::allocator<history::mostvisitedurl> >>> >>> > > >,void (__thiscall >> >> >> cancelablerequest<callbackrunner<tuple2<int,std::vector<history::mostvisitedurl,std::allocator<history::mostvisitedurl> >>> >>> > > >>> > > ::*)(tuple2<int,std::vector<history::mostvisitedurl,std::allocator<history::mostvisitedurl> >>> > > > const >> >> >> &),tuple1<tuple2<int,std::vector<history::mostvisitedurl,std::allocator<history::mostvisitedurl> >>> >>> > > >>> > > ::run___messageloop::runtask___messageloop::dowork___base::messagepumpdefault::run___messageloop::runinternal___messageloop::run___renderermain___`anonymous >> >> >> namespace'::runnamedprocesstypemain___chromemain___maindllloader::launch___wwinmain_____tmaincrtstartup >> >> -# 75361 >> -PREFIX: >> webcore::cssparser::createfloatingvaluelist___cssyyparse___webcore::cssparser::parsesheet___webcore::cssstylesheet::parsestringatline___webcore::styleelement::createsheet___webcore::styleelement::process___webcore::styleelement::finishparsingchildren >> - >> # 75368 >> PREFIX: >> skpixelref::unlockpixels___skbitmap::freepixels___webcore::framedata::clear___wtf::vector<webcore::framedata,0>::shrink___webcore::bitmapimage::~bitmapimage___webcore::bitmapimage::`scalar >> deleting >> destructor'___webcore::cachedimage::~cachedimage___webcore::cachedimage::`scalar >> deleting destructor' >> >> -# 75373 >> -PREFIX: >> webcore::scriptexecutioncontext::~scriptexecutioncontext___webcore::document::~document___webcore::imagedocument::`scalar >> deleting >> destructor'___webcore::node::~node___webcore::htmlparagraphelement::`scalar >> deleting >> destructor'___themeinstalledinfobardelegate::infobarclosed___webcore::domdatastore::weaknodecallback___v8::internal::globalhandles::node::postgarbagecollectionprocessing___v8::internal::globalhandles::postgarbagecollectionprocessing >> - >> -# 75447 >> -PREFIX: >> tcmalloc::threadcache::freelist::poprange___tcmalloc::threadcache::releasetocentralcache___tcmalloc::threadcache::listtoolong___tcmalloc::threadcache::deallocate___`anonymous >> namespace'::do_free_with_callback___free___pickle::~pickle___ppapihostmsg_ppbtesting_runmessageloop::`scalar >> deleting destructor'___ipc::channel::channelimpl::processoutgoingmessages >> - >> -# 75455 >> -PREFIX: >> webcore::cssselector::~cssselector___webcore::cssselectorlist::deleteselectors___webcore::cssstylerule::~cssstylerule___webcore::cssstylerule::`scalar >> deleting >> destructor'___wtf::vectordestructor<1,wtf::refptr<webcore::cssvalue> >>> >>> >>> ::destruct___webcore::stylesheet::~stylesheet___webcore::cssstylesheet::`scalar >> >> deleting >> destructor'___wtf::vectordestructor<1,wtf::refptr<webcore::cssvalue> >>> >>> >>> ::destruct___webcore::stylesheetlist::~stylesheetlist___webcore::document::~document___webcore::ftpdirectorydocument::`scalar >> >> deleting >> destructor'___webcore::node::~node___webcore::deletebutton::`scalar deleting >> destructor'___v8::string::externalstringresourcebase::dispose___webcore::domdatastore::weaknodecallback___v8::internal::globalhandles::node::postgarbagecollectionprocessing >> - >> # 75459 >> PREFIX: >> webcore::inlinebox::logicalheight___webcore::inlineflowbox::maxyvisualoverflow___webcore::renderlineboxlist::anylineintersectsrect___webcore::renderlineboxlist::paint___webcore::renderblock::paintcontents___webcore::renderblock::paintobject >> >> >> > > |