Summary: | Crash when loading apple.com/startpage | ||
---|---|---|---|
Product: | WebKit | Reporter: | Adam Roben (:aroben) <aroben> |
Component: | JavaScriptCore | Assignee: | Nobody <webkit-unassigned> |
Status: | RESOLVED WORKSFORME | ||
Severity: | Normal | CC: | barraclough, c.petersen87, darin, ggaren, mjs |
Priority: | P2 | Keywords: | InRadar |
Version: | 528+ (Nightly build) | ||
Hardware: | PC | ||
OS: | Windows XP | ||
URL: | http://www.apple.com/startpage |
Description
Adam Roben (:aroben)
2008-01-14 10:12:55 PST
This seems to not quite be fixed. I'm still seeing the same crash after r29474. I could not reproduce this with a version of WebKit that GCs on every allocation and neither could Cameron. I can still reproduce this about 1 in 10 times on a debug Windows build of r29485. Adam, can you try the patch in attachment 18458 [details]?
Adam tried out my latest patch (attachment 18461 [details]) for bug 16868, and he said that it fixes the crash for him. Commenting out the lines if (exec->m_savedExec != exec->m_callingExec && exec->m_savedExec) exec->m_savedExec->mark(); makes it crash, and commenting out the lines if (exec->m_activation && exec->m_activation->isOnStack()) exec->m_activation->markChildren(); doesn't seem make it crash after quite a number of reloads. Is that added bit actually necessary now that we are checking savedExec? The patch adding the m_activation marking made the crash occur less frequently, so it must be possible for m_activation to not be in the scope chain of an ExecState in the callingExec chain, but will any such ActivationImp also be in the scope chain of an ExecState in the savedExec chain? We should really find an explicit example or code path where the m_activation marking is necessary. I do not believe that this still crashes. :-) |