haikuwebkit/LayoutTests/webaudio/worklet-crash.html

<!DOCTYPE html><!-- webkit-test-runner [ jscOptions=--collectContinuously=true ] -->
<html>
<body>
This test passes if it does not crash.
<script>
if (window.testRunner) {
    testRunner.dumpAsText();
    testRunner.waitUntilDone();
}

new AudioContext().createBiquadFilter().context.audioWorklet.addModule('').then(() => {
    testRunner.notifyDone();
}, (e) => {
    console.log(e);
    testRunner.notifyDone();
});
</script>
</body>
</html>
Crash under JSC::Heap::acquireAccessSlow() / JSC::Heap::releaseAccess() when starting an AudioWorklet https://bugs.webkit.org/show_bug.cgi?id=219183 <rdar://problem/71188544> Reviewed by Mark Lam. Source/WebCore: When audio rendering has already started when the AudioWorklet is constructed, it is possible for AudioWorkletGlobalScope::handlePreRenderTasks() to get called initially on the initial audio rendering thread instead of the audio worklet thread. Once the AudioWorklet is ready, the next rendering quantums will actually get processed on the audio worklet thread. However, there is a race when audio rendering has already started when the AudioWorklet gets created. This is not normally an issue. However, AudioWorkletGlobalScope::handlePreRenderTasks() grabs a JavaScript Lock and it is only safe to do so on the thread where we constructed the VM (i.e. the Audio Worklet thread). To address the issue, we now only grab the lock if we are on the audio worklet thread. Note that this lock is only used to delay the draining of the microtask queue until the end of the rendering quantum. Test: webaudio/worklet-crash.html * Modules/webaudio/AudioWorkletGlobalScope.cpp: (WebCore::AudioWorkletGlobalScope::handlePreRenderTasks): LayoutTests: Add layout test coverage. * webaudio/worklet-crash-expected.txt: Added. * webaudio/worklet-crash.html: Added. Canonical link: https://commits.webkit.org/231795@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@270056 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2020-11-20 00:46:10 +00:00			`<!DOCTYPE html><!-- webkit-test-runner [ jscOptions=--collectContinuously=true ] -->`
			`<html>`
			`<body>`
			`This test passes if it does not crash.`
			`<script>`
			`if (window.testRunner) {`
			`testRunner.dumpAsText();`
			`testRunner.waitUntilDone();`
			`}`

			`new AudioContext().createBiquadFilter().context.audioWorklet.addModule('').then(() => {`
			`testRunner.notifyDone();`
			`}, (e) => {`
			`console.log(e);`
			`testRunner.notifyDone();`
			`});`
			`</script>`
			`</body>`
			`</html>`