127699 2014-01-27 12:53:28 -0800 CStack Branch: [X86-32] testapi crashes in gatherConservativeRoots() 2014-01-27 12:58:36 -0800 1 1 1 Unclassified WebKit JavaScriptCore 528+ (Nightly build) All All RESOLVED FIXED InRadar P2 Normal --- 1 msaboff msaboff oldest_to_newest 972522 0 msaboff 2014-01-27 12:53:28 -0800 Release builds of JavaScriptCore on X86-32 fails in testapi in VM::gatherConservativeRoots() due to a null "this". ... PASS: derivedOnlyDescriptor.configurable should be true and is. PASS: derivedOnlyDescriptor.enumerable should be false and is. PASS: undefined instanceof MyObject should be false and is. Process 93256 stopped * thread #1: tid = 0x4e408f, 0x0036d3b6 JavaScriptCore`JSC::VM::gatherConservativeRoots(this=0x00000000, conservativeRoots=0xbfc1dfe8) + 38 at VM.cpp:766, queue = 'com.apple.main-thread, stop reason = EXC_BAD_ACCESS (code=1, address=0x82444c7) frame #0: 0x0036d3b6 JavaScriptCore`JSC::VM::gatherConservativeRoots(this=0x00000000, conservativeRoots=0xbfc1dfe8) + 38 at VM.cpp:766 763 void VM::gatherConservativeRoots(ConservativeRoots& conservativeRoots) 764 { 765 for (size_t i = 0; i < scratchBuffers.size(); i++) { -> 766 ScratchBuffer* scratchBuffer = scratchBuffers[i]; 767 if (scratchBuffer->activeLength()) { 768 void* bufferStart = scratchBuffer->dataBuffer(); 769 conservativeRoots.add(bufferStart, static_cast<void*>(static_cast<char*>(bufferStart) + scratchBuffer->activeLength())); (lldb) bt 15 * thread #1: tid = 0x4e408f, 0x0036d3b6 JavaScriptCore`JSC::VM::gatherConservativeRoots(this=0x00000000, conservativeRoots=0xbfc1dfe8) + 38 at VM.cpp:766, queue = 'com.apple.main-thread, stop reason = EXC_BAD_ACCESS (code=1, address=0x82444c7) frame #0: 0x0036d3b6 JavaScriptCore`JSC::VM::gatherConservativeRoots(this=0x00000000, conservativeRoots=0xbfc1dfe8) + 38 at VM.cpp:766 frame #1: 0x0018ff82 JavaScriptCore`JSC::Heap::markRoots(this=0x01108000) + 226 at Heap.cpp:480 frame #2: 0x0019124d JavaScriptCore`JSC::Heap::collect(this=0x0110800c) + 493 at Heap.cpp:854 frame #3: 0x0002813c JavaScriptCore`JSC::JSString::create(JSC::VM&, WTF::PassRefPtr<WTF::StringImpl>) [inlined] JSC::Heap::reportExtraMemoryCost(unsigned long) + 316 at Heap.h:417 frame #4: 0x00028115 JavaScriptCore`JSC::JSString::create(JSC::VM&, WTF::PassRefPtr<WTF::StringImpl>) [inlined] JSC::JSString::finishCreation(length=2412439, vm=0x01108000) + 18 at JSString.h:109 frame #5: 0x00028103 JavaScriptCore`JSC::JSString::create(vm=0x01108000, value=<unavailable>) + 259 at JSString.h:129 frame #6: 0x00198ba5 JavaScriptCore`JSC::Interpreter::stackTraceAsString(JSC::ExecState*, WTF::Vector<JSC::StackFrame, 0ul, WTF::CrashOnOverflow>) [inlined] WTF::StringBuilder::toString(this=0x0024cf97, vm=0x01108000) + 135 at JSString.h:405 frame #7: 0x00198b1e JavaScriptCore`JSC::Interpreter::stackTraceAsString(this=0x011023f0, exec=<unavailable>, stackTrace=<unavailable>) + 318 at Interpreter.cpp:584 frame #8: 0x0036d068 JavaScriptCore`JSC::VM::throwException(this=<unavailable>, exec=<unavailable>, error=JSValue at 0xbfc1e6b8) + 3288 at VM.cpp:711 frame #9: 0x0036d227 JavaScriptCore`JSC::VM::throwException(this=0x01108000, exec=0xbfc1e768, error=0x006fef60) + 55 at VM.cpp:717 frame #10: 0x001c9649 JavaScriptCore`operationThrowStackOverflowError(exec=<unavailable>, codeBlock=0x011dd300) + 89 at JITOperations.cpp:84 frame #11: 0x01203546 972524 1 msaboff 2014-01-27 12:57:22 -0800 <rdar://problem/15906077> 972525 2 222347 msaboff 2014-01-27 12:58:04 -0800 Created attachment 222347 Patch for landing Reviewed in person. 972526 3 msaboff 2014-01-27 12:58:36 -0800 Committed r162861: <http://trac.webkit.org/changeset/162861> 222347 2014-01-27 12:58:04 -0800 2014-01-27 12:58:04 -0800 Patch for landing 127699.patch text/plain 1292 msaboff SW5kZXg6IFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9DaGFuZ2VMb2cKPT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291 cmNlL0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkocmV2aXNpb24gMTYyODU5KQorKysgU291cmNl L0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDE1IEBA CisyMDE0LTAxLTI3ICBNaWNoYWVsIFNhYm9mZiAgPG1zYWJvZmZAYXBwbGUuY29tPgorCisgICAg ICAgIENTdGFjayBCcmFuY2g6IFtYODYtMzJdIHRlc3RhcGkgY3Jhc2hlcyBpbiBnYXRoZXJDb25z ZXJ2YXRpdmVSb290cygpCisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVn LmNnaT9pZD0xMjc2OTkKKworICAgICAgICBSZXZpZXdlZCBieSBNYXJrIEhhaG5lbmJlcmcuCisK KyAgICAgICAgc2FuaXRpemVTdGFja0ZvclZNSW1wbCB3YXMgdXNpbmcgInQ0IiAoZWRpKSB3aGlj aCBpcyBhIGNhbGxlZSBzYXZlIHJlZ2lzdGVyLCB3aGljaAorICAgICAgICB0cmFzaGVkIGl0cyBw cmlvciBjb250ZW50cy4gIENoYW5nZSB0byB1c2UgdDIgKGVjeCkgb24gWDg2IHdoaWNoIGlzIGEg c2NyYXRjaCByZWdpc3Rlci4KKworICAgICAgICAqIGxsaW50L0xvd0xldmVsSW50ZXJwcmV0ZXIu YXNtOgorCiAyMDE0LTAxLTIzICBNYXJrIEhhaG5lbmJlcmcgIDxtaGFobmVuYmVyZ0BhcHBsZS5j b20+CiAKICAgICAgICAgTWVyZ2UgYnJhbmNoIHVwIHRvIFRvVCByMTYyODQ0LgpJbmRleDogU291 cmNlL0phdmFTY3JpcHRDb3JlL2xsaW50L0xvd0xldmVsSW50ZXJwcmV0ZXIuYXNtCj09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT0KLS0tIFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9sbGludC9Mb3dMZXZlbEludGVycHJldGVyLmFz bQkocmV2aXNpb24gMTYyODU5KQorKysgU291cmNlL0phdmFTY3JpcHRDb3JlL2xsaW50L0xvd0xl dmVsSW50ZXJwcmV0ZXIuYXNtCSh3b3JraW5nIGNvcHkpCkBAIC02MzIsNyArNjMyLDcgQEAgX3Nh bml0aXplU3RhY2tGb3JWTUltcGw6CiAgICAgICAgIGNvbnN0IGFkZHJlc3MgPSB0MQogICAgICAg ICBjb25zdCB6ZXJvVmFsdWUgPSB0MAogICAgIGVsc2lmIFg4NgotICAgICAgICBjb25zdCB2bSA9 IHQ0CisgICAgICAgIGNvbnN0IHZtID0gdDIKICAgICAgICAgY29uc3QgYWRkcmVzcyA9IHQxCiAg ICAgICAgIGNvbnN0IHplcm9WYWx1ZSA9IHQwCiAgICAgZWxzZQo=