18367 2008-04-08 12:38:52 -0700 Crash during celtic kane js speed 2007 test 2008-04-13 18:48:16 -0700 1 1 1 Unclassified WebKit JavaScriptCore 528+ (Nightly build) PC Linux RESOLVED FIXED P2 Major --- 1 mh+webkit mrowe jasper lethalman88 mrowe oldest_to_newest 76630 0 mh+webkit 2008-04-08 12:38:52 -0700 I spotted a crash during celtic kane js speed 2007 test (http://celtickane.com/webdesign/jsspeed2007.php) on amd64 (not tested anywhere else), confirmed on r31722. I bisected and found this crash has been happening first with r29508. The full backtrace is as follows (I'll try again with a build with -g, in case I can get a better one): [Thread debugging using libthread_db enabled] [New Thread 0x2af40b7fdec0 (LWP 6838)] 0x00002af40213cea5 in waitpid () from /lib/libpthread.so.0 #0 0x00002af40213cea5 in waitpid () from /lib/libpthread.so.0 #1 0x00002af402efb4f6 in g_spawn_sync () from /usr/lib/libglib-2.0.so.0 #2 0x00002af402efb808 in g_spawn_command_line_sync () from /usr/lib/libglib-2.0.so.0 #3 0x00002af40c1774b3 in ?? () from /usr/lib/gtk-2.0/modules/libgnomebreakpad.so #4 <signal handler called> #5 0x00002af401d658f0 in KJS::stringProtoFuncReplace () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #6 0x00002af401d42e49 in KJS::JSObject::call () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #7 0x00002af401d56ae3 in KJS::FunctionCallDotNode::evaluate () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #8 0x00002af401d4de2e in KJS::AssignLocalVarNode::evaluate () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #9 0x00002af401d4adee in KJS::ExprStatementNode::execute () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #10 0x00002af401d1946a in KJS::BlockNode::execute () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #11 0x00002af401d4abe6 in KJS::DoWhileNode::execute () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #12 0x00002af401d1946a in KJS::BlockNode::execute () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #13 0x00002af401d4a9b9 in KJS::ForNode::execute () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #14 0x00002af401d1946a in KJS::BlockNode::execute () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #15 0x00002af401d6c94f in KJS::FunctionImp::callAsFunction () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #16 0x00002af401d42e49 in KJS::JSObject::call () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #17 0x00002af401d55910 in KJS::ScopedVarFunctionCallNode::evaluate () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #18 0x00002af401d4de2e in KJS::AssignLocalVarNode::evaluate () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #19 0x00002af401d4adee in KJS::ExprStatementNode::execute () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #20 0x00002af401d1946a in KJS::BlockNode::execute () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #21 0x00002af401d6c94f in KJS::FunctionImp::callAsFunction () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #22 0x00002af401d42e49 in KJS::JSObject::call () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #23 0x00002af401d77c01 in KJS::NonLocalVarFunctionCallNode::evaluate () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #24 0x00002af401d4adee in KJS::ExprStatementNode::execute () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #25 0x00002af401d1946a in KJS::BlockNode::execute () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #26 0x00002af401d6c94f in KJS::FunctionImp::callAsFunction () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #27 0x00002af401d42e49 in KJS::JSObject::call () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #28 0x00002af401a0f6d2 in WebCore::JSAbstractEventListener::handleEvent () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #29 0x00002af401a892f5 in WebCore::EventTarget::handleLocalEvents () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #30 0x00002af401a890d7 in WebCore::EventTarget::dispatchGenericEvent () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #31 0x00002af401a8a7b3 in WebCore::EventTargetNode::dispatchEvent () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #32 0x00002af401a8aada in WebCore::EventTargetNode::dispatchMouseEvent () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #33 0x00002af401a8b168 in WebCore::EventTargetNode::dispatchMouseEvent () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #34 0x00002af401bdcaa2 in WebCore::EventHandler::dispatchMouseEvent () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #35 0x00002af401bde0bf in WebCore::EventHandler::handleMouseReleaseEvent () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #36 0x00002af40192f209 in webkit_web_view_button_release_event () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #37 0x00002af4027de4df in _gtk_marshal_BOOLEAN__BOXED (closure=0x6358c0, return_value=0x7fffa94ea1c0, n_param_values=<value optimized out>, param_values=0x7fffa94ea2a0, invocation_hint=<value optimized out>, marshal_data=0x2af40192f190) at /build/buildd/gtk+2.0-2.12.9/gtk/gtkmarshalers.c:84 #38 0x00002af402c59b5f in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0 #39 0x00002af402c6d9d8 in ?? () from /usr/lib/libgobject-2.0.so.0 #40 0x00002af402c6ed16 in g_signal_emit_valist () from /usr/lib/libgobject-2.0.so.0 #41 0x00002af402c6f3b3 in g_signal_emit () from /usr/lib/libgobject-2.0.so.0 #42 0x00002af4028e5925 in gtk_widget_event_internal (widget=0x66e3b0, event=0x871a50) at /build/buildd/gtk+2.0-2.12.9/gtk/gtkwidget.c:4678 #43 0x00002af4027d77f2 in IA__gtk_propagate_event (widget=0x66e3b0, event=0x871a50) at /build/buildd/gtk+2.0-2.12.9/gtk/gtkmain.c:2336 #44 0x00002af4027d8795 in IA__gtk_main_do_event (event=0x871a50) at /build/buildd/gtk+2.0-2.12.9/gtk/gtkmain.c:1556 #45 0x00002af4035a214c in gdk_event_dispatch (source=<value optimized out>, callback=<value optimized out>, user_data=<value optimized out>) at /build/buildd/gtk+2.0-2.12.9/gdk/x11/gdkevents-x11.c:2351 #46 0x00002af402ec80b2 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0 #47 0x00002af402ecb356 in ?? () from /usr/lib/libglib-2.0.so.0 #48 0x00002af402ecb617 in g_main_loop_run () from /usr/lib/libglib-2.0.so.0 #49 0x00002af4027d8b63 in IA__gtk_main () at /build/buildd/gtk+2.0-2.12.9/gtk/gtkmain.c:1163 #50 0x0000000000401eab in main () 76642 1 mh+webkit 2008-04-08 13:48:27 -0700 Better backtrace: Thread 1 (Thread 0x2b83fd43fec0 (LWP 31556)): #0 0x00002b83f3d7eea5 in waitpid () from /lib/libpthread.so.0 No symbol table info available. #1 0x00002b83f4b3d4f6 in g_spawn_sync () from /usr/lib/libglib-2.0.so.0 No symbol table info available. #2 0x00002b83f4b3d808 in g_spawn_command_line_sync () from /usr/lib/libglib-2.0.so.0 No symbol table info available. #3 0x00002b83fddb94b3 in ?? () from /usr/lib/gtk-2.0/modules/libgnomebreakpad.so No symbol table info available. #4 <signal handler called> No symbol table info available. #5 0x00002b83f39a685b in KJS::stringProtoFuncIndexOf (exec=0x7fffb78a7750, thisObj=0x2b83ff8a0180, args=@0x7fffb78a74b0) at JavaScriptCore/kjs/object.h:510 s = {m_rep = {m_ptr = 0x7fffb78a7490}} len = <value optimized out> a0 = <value optimized out> a1 = <value optimized out> u2 = {m_rep = {m_ptr = 0x2b83fe709660}} dpos = <value optimized out> #6 0x00002b83f3984e49 in KJS::JSObject::call (this=0x2b83ff8a0180, exec=0x7fffb78a7750, thisObj=0x7fffb78a74b0, args=@0x7fffb78a74b0) at JavaScriptCore/kjs/object.cpp:96 ret = (class KJS::JSValue *) 0x0 depth = 4 #7 0x00002b83f3998ae3 in KJS::FunctionCallDotNode::evaluate (this=0x2b83fe708aa0, exec=0x7fffb78a7750) at JavaScriptCore/kjs/nodes.cpp:1500 No locals. #8 0x00002b83f3990f43 in KJS::EqualNode::evaluateToBoolean (this=0x2b83fe709620, exec=0x2b83ff8a0180) at JavaScriptCore/kjs/nodes.cpp:3121 No locals. #9 0x00002b83f3990a1d in KJS::LogicalAndNode::evaluateToBoolean (this=0x2b83fe709600, exec=0x7fffb78a7750) at JavaScriptCore/kjs/nodes.cpp:3371 b = <value optimized out> #10 0x00002b83f39909ee in KJS::LogicalAndNode::evaluateToBoolean (this=0x2b83fe709560, exec=0x2b83ff8a0180) at JavaScriptCore/kjs/nodes.cpp:3369 b = <value optimized out> #11 0x00002b83f39909ee in KJS::LogicalAndNode::evaluateToBoolean (this=0x2b83fe7094c0, exec=0x2b83ff8a0180) at JavaScriptCore/kjs/nodes.cpp:3369 b = <value optimized out> #12 0x00002b83f39909ee in KJS::LogicalAndNode::evaluateToBoolean (this=0x2b83fe709420, exec=0x2b83ff8a0180) at JavaScriptCore/kjs/nodes.cpp:3369 b = <value optimized out> #13 0x00002b83f39909ee in KJS::LogicalAndNode::evaluateToBoolean (this=0x2b83fe709b80, exec=0x2b83ff8a0180) at JavaScriptCore/kjs/nodes.cpp:3369 b = <value optimized out> #14 0x00002b83f39909ee in KJS::LogicalAndNode::evaluateToBoolean (this=0x2b83fe709ae0, exec=0x2b83ff8a0180) at JavaScriptCore/kjs/nodes.cpp:3369 b = <value optimized out> #15 0x00002b83f395d8ce in KJS::LogicalNotNode::evaluateToBoolean (this=<value optimized out>, exec=0x2b83ff8a0180) at JavaScriptCore/kjs/nodes.cpp:2382 No locals. #16 0x00002b83f398cbc2 in KJS::DoWhileNode::execute (this=0x2b83fe6f5360, exec=0x7fffb78a7750) at JavaScriptCore/kjs/nodes.cpp:4089 statementValue = (class KJS::JSValue *) 0x2b83ff8a02c0 b = <value optimized out> value = (class KJS::JSValue *) 0x2b83ff8a02c0 #17 0x00002b83f395b46a in KJS::BlockNode::execute (this=0x2b83fe62be38, exec=0x7fffb78a7750) at JavaScriptCore/kjs/nodes.cpp:3951 No locals. #18 0x00002b83f398c9b9 in KJS::ForNode::execute (this=0x2b83fe61f000, exec=0x7fffb78a7750) at JavaScriptCore/kjs/nodes.cpp:4164 b = <value optimized out> statementValue = (class KJS::JSValue *) 0x7fffb78a7750 value = (class KJS::JSValue *) 0x0 #19 0x00002b83f395b46a in KJS::BlockNode::execute (this=0x2b83fe706240, exec=0x7fffb78a7750) at JavaScriptCore/kjs/nodes.cpp:3951 No locals. #20 0x00002b83f39ae94f in KJS::FunctionImp::callAsFunction (this=0x2b83ff331b00, exec=0x7fffb78a7980, thisObj=<value optimized out>, args=<value optimized out>) at JavaScriptCore/kjs/function.cpp:77 newExec = {<KJS::ExecState> = {<WTFNoncopyable::Noncopyable> = {<No data fields>}, m_globalObject = 0x2b83ff330000, m_exception = 0x0, m_propertyNames = 0x2b83fe6cfdc0, m_emptyList = 0x2b83f3d5ebe0, m_callingExec = 0x7fffb78a7980, m_scopeNode = 0x2b83fe706240, m_function = 0x2b83ff331b00, m_arguments = 0x7fffb78a7850, m_activation = 0x2b83fe64d4e8, m_localStorage = 0x2b83fe64d518, m_scopeChain = {_node = 0x7fffb78a77a8}, m_inlineScopeChainNode = { next = 0x2b83fe704948, object = 0x2b83fe64d4e8, refCount = 2}, m_variableObject = 0x2b83fe64d4e8, m_thisValue = 0x2b83ff330000, m_labelStack = {<WTFNoncopyable::Noncopyable> = {<No data fields>}, tos = 0x0}, m_iterationDepth = 1, m_switchDepth = 0, m_codeType = KJS::FunctionCode, m_completionType = KJS::Normal, m_breakOrContinueTarget = 0x2b83fe6ed690}, <No data fields>} result = <value optimized out> #21 0x00002b83f3984e49 in KJS::JSObject::call (this=0x2b83ff8a0180, exec=0x7fffb78a7750, thisObj=0x7fffb78a74b0, args=@0x7fffb78a74b0) at JavaScriptCore/kjs/object.cpp:96 ret = (class KJS::JSValue *) 0x0 depth = 4 #22 0x00002b83f3997910 in KJS::ScopedVarFunctionCallNode::evaluate (this=0x2b83fe6f5480, exec=0x7fffb78a7980) at JavaScriptCore/kjs/nodes.cpp:1322 No locals. #23 0x00002b83f398fe2e in KJS::AssignLocalVarNode::evaluate (this=0x2b83fe6f6050, exec=0x2b83ff8a0180) at JavaScriptCore/kjs/nodes.cpp:3559 v = <value optimized out> #24 0x00002b83f398cdee in KJS::ExprStatementNode::execute (this=0x2b83fe6f6028, exec=0x2b83ff8a0180) at JavaScriptCore/kjs/nodes.cpp:3998 value = (class KJS::JSValue *) 0x0 #25 0x00002b83f395b46a in KJS::BlockNode::execute (this=0x2b83fe6ed480, exec=0x7fffb78a7980) at JavaScriptCore/kjs/nodes.cpp:3951 No locals. #26 0x00002b83f39ae94f in KJS::FunctionImp::callAsFunction (this=0x2b83ff331780, exec=0x7fffb78a7bd0, thisObj=<value optimized out>, args=<value optimized out>) at JavaScriptCore/kjs/function.cpp:77 newExec = {<KJS::ExecState> = {<WTFNoncopyable::Noncopyable> = {<No data fields>}, m_globalObject = 0x2b83ff330000, m_exception = 0x0, m_propertyNames = 0x2b83fe6cfdc0, m_emptyList = 0x2b83f3d5ebe0, m_callingExec = 0x7fffb78a7bd0, m_scopeNode = 0x2b83fe6ed480, m_function = 0x2b83ff331780, m_arguments = 0x7fffb78a7a90, m_activation = 0x2b83fe64d278, m_localStorage = 0x2b83fe64d2a8, m_scopeChain = {_node = 0x7fffb78a79d8}, m_inlineScopeChainNode = { next = 0x2b83fe704948, object = 0x2b83fe64d278, refCount = 2}, m_variableObject = 0x2b83fe64d278, m_thisValue = 0x2b83ff330000, m_labelStack = {<WTFNoncopyable::Noncopyable> = {<No data fields>}, tos = 0x0}, m_iterationDepth = 0, m_switchDepth = 0, m_codeType = KJS::FunctionCode, m_completionType = KJS::Normal, m_breakOrContinueTarget = 0x2b83ff330000}, <No data fields>} result = <value optimized out> #27 0x00002b83f3984e49 in KJS::JSObject::call (this=0x2b83ff8a0180, exec=0x7fffb78a7750, thisObj=0x7fffb78a74b0, args=@0x7fffb78a74b0) at JavaScriptCore/kjs/object.cpp:96 ret = (class KJS::JSValue *) 0x0 depth = 4 #28 0x00002b83f39b9c01 in KJS::NonLocalVarFunctionCallNode::evaluate (this=0x2b83ff586360, exec=0x7fffb78a7bd0) at JavaScriptCore/kjs/nodes.cpp:1141 No locals. #29 0x00002b83f398cdee in KJS::ExprStatementNode::execute (this=0x2b83ff5f0618, exec=0x2b83ff8a0180) at JavaScriptCore/kjs/nodes.cpp:3998 value = (class KJS::JSValue *) 0x0 #30 0x00002b83f395b46a in KJS::BlockNode::execute (this=0x2b83ff4fb000, exec=0x7fffb78a7bd0) at JavaScriptCore/kjs/nodes.cpp:3951 No locals. #31 0x00002b83f39ae94f in KJS::FunctionImp::callAsFunction (this=0x2b83ff33ae80, exec=0x2b83fe6cec38, thisObj=<value optimized out>, args=<value optimized out>) at JavaScriptCore/kjs/function.cpp:77 newExec = {<KJS::ExecState> = {<WTFNoncopyable::Noncopyable> = {<No data fields>}, m_globalObject = 0x2b83ff330000, m_exception = 0x0, m_propertyNames = 0x2b83fe6cfdc0, m_emptyList = 0x2b83f3d5ebe0, m_callingExec = 0x2b83fe6cec38, m_scopeNode = 0x2b83ff4fb000, m_function = 0x2b83ff33ae80, m_arguments = 0x7fffb78a7d00, m_activation = 0x2b83fe64d008, m_localStorage = 0x2b83fe64d038, m_scopeChain = {_node = 0x7fffb78a7c28}, m_inlineScopeChainNode = { next = 0x2b83ff4e7168, object = 0x2b83fe64d008, refCount = 2}, m_variableObject = 0x2b83fe64d008, m_thisValue = 0x2b83ff33ad80, m_labelStack = {<WTFNoncopyable::Noncopyable> = {<No data fields>}, tos = 0x0}, m_iterationDepth = 0, m_switchDepth = 0, m_codeType = KJS::FunctionCode, m_completionType = 11139, m_breakOrContinueTarget = 0x2b83ff6dbdc0}, <No data fields>} result = <value optimized out> #32 0x00002b83f3984e49 in KJS::JSObject::call (this=0x2b83ff8a0180, exec=0x7fffb78a7750, thisObj=0x7fffb78a74b0, args=@0x7fffb78a74b0) at JavaScriptCore/kjs/object.cpp:96 ret = (class KJS::JSValue *) 0x0 depth = 4 #33 0x00002b83f36516d2 in WebCore::JSAbstractEventListener::handleEvent (this=0x2b83ff53fd40, ele=0x2b83ff6dbdc0, isWindowEvent=false) at WebCore/bindings/js/kjs_events.cpp:101 thisObj = (class KJS::JSObject *) 0x2b83ff33ad80 args = {<WTFNoncopyable::Noncopyable> = {<No data fields>}, m_vector = {m_size = 1, m_buffer = {<WTF::VectorBufferBase<KJS::JSValue*>> = {<WTFNoncopyable::Noncopyable> = {<No data fields>}, m_buffer = 0x7fffb78a7d18, m_capacity = 8}, static m_inlineBufferSize = <optimized out>, m_inlineBuffer = "\200¬3ÿ\203+\000\000p\177\212·ÿ\177\000\000\aV\212ó\203+\000\000 \227]ÿ\203+\000\000ðB\226ó\203+\000\000\000\000\000\000\000\000\000\000\210±dþ\203+\000\000P©dþ\203+\000"}}, m_isInMarkSet = false} retval = <value optimized out> listener = (class KJS::JSObject *) 0x2b83ff33ae80 window = (class WebCore::JSDOMWindow *) 0x2b83ff330000 frame = <value optimized out> scriptProxy = <value optimized out> globalObject = (class KJS::JSGlobalObject *) 0x2b83ff330000 exec = (class KJS::ExecState *) 0x2b83fe6cec38 handleEventFuncValue = <value optimized out> handleEventFunc = <value optimized out> #34 0x00002b83f36cb2f5 in WebCore::EventTarget::handleLocalEvents (this=<value optimized out>, referenceNode=<value optimized out>, evt=0x2b83ff6dbdc0, useCapture=false) at WebCore/dom/EventTarget.cpp:307 listenersCopy = {impl = {d = {m_ptr = 0x2b83fe69d3c0}}} #35 0x00002b83f36cb0d7 in WebCore::EventTarget::dispatchGenericEvent (this=0x2b83ff4e3908, referenceNode=0x2b83ff4e38c0, e=<value optimized out>, tempEvent=true) at WebCore/dom/EventTarget.cpp:205 nodeChain = {impl = {head = 0x2b83ff4e7090, tail = 0x2b83fe716378, cur = 0x2b83ff4e7090, nodeCount = 10, deleteItem = 0x2b83f36cb770 <WebCore::DeprecatedPtrList<WebCore::Node>::deleteFunc(void*)>, iterators = 0x7fffb78a7f20}, del_item = false} it = {impl = {list = 0x7fffb78a7ee0, node = 0x2b83fe716378, next = 0x0, prev = 0x0}} data = (void *) 0x0 eventTargetNode = (class WebCore::EventTargetNode *) 0x2b83ff4e38c0 frame = <value optimized out> #36 0x00002b83f36cc7b3 in WebCore::EventTargetNode::dispatchEvent (this=<value optimized out>, e=<value optimized out>, ec=@0x7fffb78a80cc, tempEvent=80) at WebCore/dom/EventTargetNode.cpp:118 eventTarget = (class WebCore::EventTargetNode *) 0x2b83ff4e38c0 #37 0x00002b83f36ccada in WebCore::EventTargetNode::dispatchMouseEvent (this=0x2b83ff4e38c0, eventType=@0x2b83f3d39868, button=<value optimized out>, detail=1, pageX=446, pageY=1071, screenX=450, screenY=455, ctrlKey=false, altKey=false, shiftKey=false, metaKey=false, isSimulated=false, relatedTargetArg=0x0, underlyingEvent=@0x7fffb78a8160) at WebCore/dom/EventTargetNode.cpp:287 ec = 0 swallowEvent = <value optimized out> #38 0x00002b83f36cd168 in WebCore::EventTargetNode::dispatchMouseEvent (this=0x2b83ff4e38c0, event=@0x7fffb78a82c0, eventType=@0x2b83f3d39868, detail=1, relatedTarget=0x0) at WebCore/dom/EventTargetNode.cpp:204 button = 29872 #39 0x00002b83f381eaa2 in WebCore::EventHandler::dispatchMouseEvent (this=0x2b83fe61c9f0, eventType=@0x2b83f3d39868, targetNode=<value optimized out>, cancelable=<value optimized out>, clickCount=1, mouseEvent=@0x7fffb78a82c0, setUnder=<value optimized out>) at WebCore/page/EventHandler.cpp:1262 swallowEvent = <value optimized out> #40 0x00002b83f38200bf in WebCore::EventHandler::handleMouseReleaseEvent (this=0x2b83fe61c9f0, mouseEvent=@0x7fffb78a82c0) at WebCore/page/EventHandler.cpp:1084 mev = {m_event = {m_position = {m_x = 446, m_y = 391}, m_globalPosition = {m_x = 450, m_y = 455}, m_button = WebCore::LeftButton, m_eventType = WebCore::MouseEventReleased, m_clickCount = 0, m_shiftKey = false, m_ctrlKey = false, m_altKey = false, m_metaKey = false, m_timestamp = 228561197, m_modifierFlags = 3079308896}, m_hitTestResult = {m_innerNode = {m_ptr = 0x2b83ff4e38c0}, m_innerNonSharedNode = {m_ptr = 0x2b83ff4e38c0}, m_point = {m_x = 446, m_y = 1071}, m_localPoint = {m_x = 38, m_y = 12}, m_innerURLElement = {m_ptr = 0x0}, m_scrollbar = {m_ptr = 0x0}}} targetNode = <value optimized out> subframe = <value optimized out> swallowMouseUpEvent = false swallowClickEvent = <value optimized out> swallowMouseReleaseEvent = <value optimized out> #41 0x00002b83f3571209 in webkit_web_view_button_release_event (widget=0x66e3b0, event=0x871ac0) at WebKit/gtk/webkit/webkitwebview.cpp:359 priv = (WebKitWebViewPrivate *) 0x66e430 focusedFrame = (class WebCore::Frame *) 0x2b83fe61d228 #42 0x00002b83f44204df in _gtk_marshal_BOOLEAN__BOXED (closure=0x6358c0, return_value=0x7fffb78a8580, n_param_values=<value optimized out>, param_values=0x7fffb78a8660, invocation_hint=<value optimized out>, marshal_data=0x2b83f3571190) at /build/buildd/gtk+2.0-2.12.9/gtk/gtkmarshalers.c:84 data1 = (gpointer) 0x66e3b0 data2 = (gpointer) 0x7fffb78a74b0 v_return = <value optimized out> __PRETTY_FUNCTION__ = "_gtk_marshal_BOOLEAN__BOXED" #43 0x00002b83f489bb5f in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0 No symbol table info available. #44 0x00002b83f48af9d8 in ?? () from /usr/lib/libgobject-2.0.so.0 No symbol table info available. #45 0x00002b83f48b0d16 in g_signal_emit_valist () from /usr/lib/libgobject-2.0.so.0 No symbol table info available. #46 0x00002b83f48b13b3 in g_signal_emit () from /usr/lib/libgobject-2.0.so.0 No symbol table info available. #47 0x00002b83f4527925 in gtk_widget_event_internal (widget=0x66e3b0, event=0x871ac0) at /build/buildd/gtk+2.0-2.12.9/gtk/gtkwidget.c:4678 signal_num = <value optimized out> return_val = 0 #48 0x00002b83f44197f2 in IA__gtk_propagate_event (widget=0x66e3b0, event=0x871ac0) at /build/buildd/gtk+2.0-2.12.9/gtk/gtkmain.c:2336 tmp = (GtkWidget *) 0x6da2c0 handled_event = <value optimized out> __PRETTY_FUNCTION__ = "IA__gtk_propagate_event" #49 0x00002b83f441a795 in IA__gtk_main_do_event (event=0x871ac0) at /build/buildd/gtk+2.0-2.12.9/gtk/gtkmain.c:1556 event_widget = (GtkWidget *) 0x66e3b0 grab_widget = (GtkWidget *) 0x66e3b0 window_group = (GtkWindowGroup *) 0x6da2c0 rewritten_event = (GdkEvent *) 0x0 tmp_list = <value optimized out> __PRETTY_FUNCTION__ = "IA__gtk_main_do_event" #50 0x00002b83f51e414c in gdk_event_dispatch (source=<value optimized out>, callback=<value optimized out>, user_data=<value optimized out>) at /build/buildd/gtk+2.0-2.12.9/gdk/x11/gdkevents-x11.c:2351 display = <value optimized out> event = (GdkEvent *) 0x871ac0 #51 0x00002b83f4b0a0b2 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0 No symbol table info available. #52 0x00002b83f4b0d356 in ?? () from /usr/lib/libglib-2.0.so.0 No symbol table info available. #53 0x00002b83f4b0d617 in g_main_loop_run () from /usr/lib/libglib-2.0.so.0 No symbol table info available. #54 0x00002b83f441ab63 in IA__gtk_main () at /build/buildd/gtk+2.0-2.12.9/gtk/gtkmain.c:1163 tmp_list = (GList *) 0x62a8b0 functions = (GList *) 0x0 init = (GtkInitFunction *) 0x661280 loop = (GMainLoop *) 0x884460 #55 0x0000000000401eab in main (argc=2, argv=0x7fffb78a8d58) at WebKitTools/GtkLauncher/main.c:200 vbox = (GtkWidget *) 0x62a8b0 uri = <value optimized out> 76700 2 mh+webkit 2008-04-09 02:51:05 -0700 FWIW, building without -O2 leads to a webkit that doesn't crash 76711 3 mh+webkit 2008-04-09 05:07:22 -0700 It also happens on the Qt port. 76738 4 mh+webkit 2008-04-09 10:20:51 -0700 It doesn't happen on x86 77110 5 mrowe 2008-04-09 17:03:41 -0700 I can reproduce a crash that looks very similar to this while running SunSpider at http://webkit.org/perf/sunspider-0.9/sunspider.html in WebKitGtk on x86_64. I'll see if I can debug and track down the issue. 77115 6 mrowe 2008-04-09 18:07:55 -0700 Simpler steps to reproduce: WebKitBuild/Release/Programs/testkjs -f SunSpider/tmp/sunspider-test-prefix.js -f SunSpider/tests/string-tagcloud.js 77121 7 mrowe 2008-04-09 21:03:28 -0700 Ok, I think I've tracked down the problem: Collector::markCurrentThreadConservatively uses setjmp to force registers onto the stack. The setjmp implementation for x86-64 in glibc is the following: 0x00007f5f7d0c5e00 <__sigsetjmp+0>: mov %rbx,(%rdi) 0x00007f5f7d0c5e03 <__sigsetjmp+3>: mov %rbp,%rax 0x00007f5f7d0c5e06 <__sigsetjmp+6>: xor %fs:0x30,%rax 0x00007f5f7d0c5e0f <__sigsetjmp+15>: rol $0x11,%rax 0x00007f5f7d0c5e13 <__sigsetjmp+19>: mov %rax,0x8(%rdi) 0x00007f5f7d0c5e17 <__sigsetjmp+23>: mov %r12,0x10(%rdi) 0x00007f5f7d0c5e1b <__sigsetjmp+27>: mov %r13,0x18(%rdi) 0x00007f5f7d0c5e1f <__sigsetjmp+31>: mov %r14,0x20(%rdi) 0x00007f5f7d0c5e23 <__sigsetjmp+35>: mov %r15,0x28(%rdi) 0x00007f5f7d0c5e27 <__sigsetjmp+39>: lea 0x8(%rsp),%rdx 0x00007f5f7d0c5e2c <__sigsetjmp+44>: xor %fs:0x30,%rdx 0x00007f5f7d0c5e35 <__sigsetjmp+53>: rol $0x11,%rdx 0x00007f5f7d0c5e39 <__sigsetjmp+57>: mov %rdx,0x30(%rdi) 0x00007f5f7d0c5e3d <__sigsetjmp+61>: mov (%rsp),%rax 0x00007f5f7d0c5e41 <__sigsetjmp+65>: xor %fs:0x30,%rax 0x00007f5f7d0c5e4a <__sigsetjmp+74>: rol $0x11,%rax 0x00007f5f7d0c5e4e <__sigsetjmp+78>: mov %rax,0x38(%rdi) 0x00007f5f7d0c5e52 <__sigsetjmp+82>: jmpq 0x7f5f7d0c5e60 Two important things to note: only a subset of registers are saved, and several of those that are saved are mangled (xor'd with a magic value, then rotated left) to not look pointer-like. I suspect this may explain many, if not all, of the x86-64 specific crashers. 77122 8 mrowe 2008-04-09 21:04:37 -0700 0xb7e4dcb0 <_setjmp+0>: xor %eax,%eax 0xb7e4dcb2 <_setjmp+2>: mov 0x4(%esp),%edx 0xb7e4dcb6 <_setjmp+6>: mov %ebx,(%edx) 0xb7e4dcb8 <_setjmp+8>: mov %esi,0x4(%edx) 0xb7e4dcbb <_setjmp+11>: mov %edi,0x8(%edx) 0xb7e4dcbe <_setjmp+14>: lea 0x4(%esp),%ecx 0xb7e4dcc2 <_setjmp+18>: xor %gs:0x18,%ecx 0xb7e4dcc9 <_setjmp+25>: rol $0x9,%ecx 0xb7e4dccc <_setjmp+28>: mov %ecx,0x10(%edx) 0xb7e4dccf <_setjmp+31>: mov (%esp),%ecx 0xb7e4dcd2 <_setjmp+34>: xor %gs:0x18,%ecx 0xb7e4dcd9 <_setjmp+41>: rol $0x9,%ecx 0xb7e4dcdc <_setjmp+44>: mov %ecx,0x14(%edx) 0xb7e4dcdf <_setjmp+47>: mov %ebp,0xc(%edx) 0xb7e4dce2 <_setjmp+50>: mov %eax,0x18(%edx) 0xb7e4dce5 <_setjmp+53>: ret i386 looks to have similar pointer-mangling behaviour in setjmp, so perhaps we should consider applying the fix for this to i386 too. 77132 9 mrowe 2008-04-10 00:22:22 -0700 Ok, looks like I misspoke. It looks like GCC on Linux is ordering the local variables differently inside Collector::markCurrentThreadConservatively, which causes the address of dummy to no longer be that of the top of the stack. This means that markStackObjectsConservatively is effectively not scanning the registers at all. 77133 10 mh+webkit 2008-04-10 00:51:22 -0700 It's usually not a good idea to depend on relative position of variables on the stack when using optimization. This also explains why it doesn't happen without optimization, as the stack is left alone. 77134 11 mrowe 2008-04-10 00:56:23 -0700 Yup, definitely a bad idea to depend on it as the compiler is free to structure stack frames as it sees fit. I'm working on a fix which should be a lot less fragile than the current situation, though it still won't be quite perfect in this regard. 77137 12 mrowe 2008-04-10 01:52:01 -0700 Had two different thoughts on how to solve this: <http://rafb.net/p/77WoeV92.txt> and <http://rafb.net/p/x6jxG810.txt>. Neither is 100% guaranteed to be portable and correct, but I can't think of any other method that is. I need to think on this further before deciding which should be reviewed. 77187 13 mh+webkit 2008-04-10 13:06:26 -0700 *** Bug 18369 has been marked as a duplicate of this bug. *** 77189 14 mh+webkit 2008-04-10 13:06:53 -0700 *** Bug 18368 has been marked as a duplicate of this bug. *** 77191 15 mh+webkit 2008-04-10 13:07:13 -0700 *** Bug 18366 has been marked as a duplicate of this bug. *** 77193 16 mh+webkit 2008-04-10 13:19:47 -0700 (In reply to comment #12) > Had two different thoughts on how to solve this: > <http://rafb.net/p/77WoeV92.txt> and <http://rafb.net/p/x6jxG810.txt>. Neither > is 100% guaranteed to be portable and correct, but I can't think of any other > method that is. I need to think on this further before deciding which should > be reviewed. FWIW, all the crashes I reported on amd64 (bugs 18366 to 18369) that had different backtraces are solved with both these patches. 77196 17 mrowe 2008-04-10 13:33:09 -0700 Thanks for verifying that Mike! I had suspected that would be the case. 77203 18 20464 mrowe 2008-04-10 15:38:18 -0700 Created attachment 20464 Patch 77204 19 20465 mrowe 2008-04-10 15:40:55 -0700 Created attachment 20465 Patch 77205 20 20465 mjs 2008-04-10 15:42:16 -0700 Comment on attachment 20465 Patch r=me 77206 21 mrowe 2008-04-10 15:53:35 -0700 Landed in r31787. 77252 22 mh+webkit 2008-04-10 23:36:11 -0700 FWIW, I don't know yet if this is related, but I got a crash with gcc-4.3 with the following backtrace: [Thread debugging using libthread_db enabled] [New Thread 0x2ad6586adec0 (LWP 13452)] 0x00002ad64efedea5 in waitpid () from /lib/libpthread.so.0 #0 0x00002ad64efedea5 in waitpid () from /lib/libpthread.so.0 #1 0x00002ad64fdac5a6 in g_spawn_sync () from /usr/lib/libglib-2.0.so.0 #2 0x00002ad64fdac8b8 in g_spawn_command_line_sync () from /usr/lib/libglib-2.0.so.0 #3 0x00002ad6590274b3 in ?? () from /usr/lib/gtk-2.0/modules/libgnomebreakpad.so #4 <signal handler called> #5 0x00002ad64ebbe584 in KJS::JSGlobalObject::getOwnPropertySlot () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #6 0x00002ad64e88e0ad in WebCore::JSDOMWindow::customGetOwnPropertySlot () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #7 0x00002ad64e81c979 in WebCore::JSDOMWindow::getOwnPropertySlot () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #8 0x00002ad64ec081d2 in KJS::AssignResolveNode::evaluate () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #9 0x00002ad64ec07cae in KJS::ExprStatementNode::execute () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #10 0x00002ad64ebcaefd in KJS::BlockNode::execute () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #11 0x00002ad64ec2544a in KJS::ProgramNode::execute () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #12 0x00002ad64ec1f879 in KJS::Interpreter::evaluate () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #13 0x00002ad64e8a3511 in WebCore::KJSProxy::evaluate () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #14 0x00002ad64ea38608 in WebCore::FrameLoader::executeScript () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #15 0x00002ad64ea01995 in WebCore::HTMLTokenizer::scriptExecution () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #16 0x00002ad64ea04ce9 in WebCore::HTMLTokenizer::scriptHandler () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #17 0x00002ad64ea053e8 in WebCore::HTMLTokenizer::parseSpecial () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #18 0x00002ad64ea070f0 in WebCore::HTMLTokenizer::parseTag () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #19 0x00002ad64ea07987 in WebCore::HTMLTokenizer::write () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #20 0x00002ad64ea01e68 in WebCore::HTMLTokenizer::notifyFinished () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #21 0x00002ad64ea1a60c in WebCore::CachedScript::checkNotify () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #22 0x00002ad64ea1ab22 in WebCore::CachedScript::data () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #23 0x00002ad64ea463fc in WebCore::Loader::Host::didFinishLoading () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #24 0x00002ad64ea56653 in WebCore::SubresourceLoader::didFinishLoading () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #25 0x00002ad64eb79fb7 in WebCore::ResourceHandleManager::downloadTimerCallback () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #26 0x00002ad64eacb203 in WebCore::TimerBase::fireTimers () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #27 0x00002ad64eacb2be in WebCore::TimerBase::sharedTimerFired () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #28 0x00002ad64e7e2a12 in WebCore::timeout_cb () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #29 0x00002ad64fd790f2 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0 #30 0x00002ad64fd7c396 in ?? () from /usr/lib/libglib-2.0.so.0 #31 0x00002ad64fd7c657 in g_main_loop_run () from /usr/lib/libglib-2.0.so.0 #32 0x00002ad64f689b63 in IA__gtk_main () at /build/buildd/gtk+2.0-2.12.9/gtk/gtkmain.c:1163 #33 0x0000000000401eeb in main () This happens both with r31789 and r31722 + the patch from r31787 (which means it's not a regression since r31722). I doubt this patch to be responsible, though just to make sure, I will try a build without it. Please tell me if I should file a new bug with this information right now or if you think it is yet the same issue raising on a different form with gcc 4.3. 77253 23 mh+webkit 2008-04-10 23:42:12 -0700 btw, you don't even need to start the test to get this (new) crash 77254 24 mh+webkit 2008-04-10 23:46:48 -0700 Confirmed. This crashes with plain r31722. 77296 25 mrowe 2008-04-11 12:53:59 -0700 Please file a new bug report on that Mike. 77297 26 mh+webkit 2008-04-11 12:58:45 -0700 Already did ;) Bug 18430 77439 27 jmalonzo 2008-04-13 18:48:16 -0700 *** Bug 18108 has been marked as a duplicate of this bug. *** 20464 2008-04-10 15:38:18 -0700 2008-04-10 15:40:55 -0700 Patch bug-18367-v1.patch text/plain 3167 mrowe ZGlmZiAtLWdpdCBhL0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZyBiL0phdmFTY3JpcHRDb3JlL0No YW5nZUxvZwppbmRleCA1YTFjMzg2Li5lYTVhMjFjIDEwMDY0NAotLS0gYS9KYXZhU2NyaXB0Q29y ZS9DaGFuZ2VMb2cKKysrIGIvSmF2YVNjcmlwdENvcmUvQ2hhbmdlTG9nCkBAIC0xLDMgKzEsMjYg QEAKKzIwMDgtMDQtMTAgIE1hcmsgUm93ZSAgPG1yb3dlQGFwcGxlLmNvbT4KKworICAgICAgICBS ZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICBGaXggaHR0cHM6Ly9idWdzLndl YmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTE4MzY3IGFuZCB0aGUgbWFueSBkdXBlcy4KKyAgICAg ICAgQnVnIDE4MzY3OiBDcmFzaCBkdXJpbmcgY2VsdGljIGthbmUganMgc3BlZWQgMjAwNyB0ZXN0 CisKKyAgICAgICAgR0NDIDQuMiBvbiB4ODZfNjQgTGludXggZGVjaWRlZCB0byByZW9yZGVyIHRo ZSBsb2NhbCB2YXJpYWJsZXMgaW4gbWFya0N1cnJlbnRUaHJlYWRDb25zZXJ2YXRpdmVseSdzCisg ICAgICAgIHN0YWNrIGZyYW1lLiAgVGhpcyBsZWFkIHRvIHRoZSByYW5nZSBvZiBhZGRyZXNzZXMg dGhlIGNvbGxlY3RvciB0cmVhdGVkIGFzIHN0YWNrIHRvIGV4Y2x1ZGUgdGhlCisgICAgICAgIGNv bnRlbnRzIG9mIHZvbGF0aWxlIHJlZ2lzdGVycyB0aGF0IG1hcmtDdXJyZW50VGhyZWFkQ29uc2Vy dmF0aXZlbHkgZm9yY2VzIG9udG8gdGhlIHN0YWNrLiAgVGhpcyB3YXMKKyAgICAgICAgbGVhZGlu ZyB0byBvYmplY3RzIGJlaW5nIHByZW1hdHVyZWx5IGNvbGxlY3RlZCBpZiB0aGUgb25seSByZWZl cmVuY2UgdG8gdGhlbSB3YXMgdmlhIGEgcmVnaXN0ZXIgYXQKKyAgICAgICAgdGhlIHRpbWUgYSBj b2xsZWN0aW9uIG9jY3VycmVkLgorCisgICAgICAgIFRoZSBmaXggZm9yIHRoaXMgaXMgdG8gbW92 ZSB0aGUgY2FsY3VsYXRpb24gb2YgdGhlIHRvcCBvZiB0aGUgc3RhY2sgaW50byBhIE5FVkVSX0lO TElORSBmdW5jdGlvbgorICAgICAgICB0aGF0IGlzIGNhbGxlZCBmcm9tIG1hcmtDdXJyZW50VGhy ZWFkQ29uc2VydmF0aXZlbHkuICBUaGlzIGZvcmNlcyB0aGUgZHVtbXkgdmFyaWFibGUgd2UgdXNl IGZvcgorICAgICAgICBkZXRlcm1pbmluZyB0aGUgdG9wIG9mIHN0YWNrIHRvIGJlIGluIGEgZGlm ZmVyZW50IHN0YWNrIGZyYW1lIHdoaWNoIHByZXZlbnRzIHRoZSBjb21waWxlciBmcm9tCisgICAg ICAgIHJlb3JkZXJpbmcgaXQgcmVsYXRpdmUgdG8gdGhlIHJlZ2lzdGVycyB0aGF0IG1hcmtDdXJy ZW50VGhyZWFkQ29uc2VydmF0aXZlbHkgZm9yY2VzIG9udG8gdGhlIHN0YWNrLgorCisgICAgICAg ICoga2pzL2NvbGxlY3Rvci5jcHA6CisgICAgICAgIChLSlM6OkNvbGxlY3Rvcjo6bWFya0N1cnJl bnRUaHJlYWRDb25zZXJ2YXRpdmVseUludGVybmFsKToKKyAgICAgICAgKEtKUzo6Q29sbGVjdG9y OjptYXJrQ3VycmVudFRocmVhZENvbnNlcnZhdGl2ZWx5KToKKyAgICAgICAgKiBranMvY29sbGVj dG9yLmg6CisKIDIwMDgtMDQtMDkgIEFkYW0gUm9iZW4gIDxhcm9iZW5AYXBwbGUuY29tPgogCiAg ICAgICAgIFZDKysgRXhwcmVzcyBidWlsZCBmaXgKZGlmZiAtLWdpdCBhL0phdmFTY3JpcHRDb3Jl L2tqcy9jb2xsZWN0b3IuY3BwIGIvSmF2YVNjcmlwdENvcmUva2pzL2NvbGxlY3Rvci5jcHAKaW5k ZXggNjQ2NmRlMS4uYThmOGM3MCAxMDA2NDQKLS0tIGEvSmF2YVNjcmlwdENvcmUva2pzL2NvbGxl Y3Rvci5jcHAKKysrIGIvSmF2YVNjcmlwdENvcmUva2pzL2NvbGxlY3Rvci5jcHAKQEAgLTUyOCw2 ICs1MjgsMTQgQEAgdm9pZCBDb2xsZWN0b3I6Om1hcmtTdGFja09iamVjdHNDb25zZXJ2YXRpdmVs eSh2b2lkICpzdGFydCwgdm9pZCAqZW5kKQogICB9CiB9CiAKK3ZvaWQgTkVWRVJfSU5MSU5FIENv bGxlY3Rvcjo6bWFya0N1cnJlbnRUaHJlYWRDb25zZXJ2YXRpdmVseUludGVybmFsKCkKK3sKKyAg ICB2b2lkKiBkdW1teTsKKyAgICB2b2lkKiBzdGFja1BvaW50ZXIgPSAmZHVtbXk7CisgICAgdm9p ZCogc3RhY2tCYXNlID0gY3VycmVudFRocmVhZFN0YWNrQmFzZSgpOworICAgIENvbGxlY3Rvcjo6 bWFya1N0YWNrT2JqZWN0c0NvbnNlcnZhdGl2ZWx5KHN0YWNrUG9pbnRlciwgc3RhY2tCYXNlKTsK K30KKwogdm9pZCBDb2xsZWN0b3I6Om1hcmtDdXJyZW50VGhyZWFkQ29uc2VydmF0aXZlbHkoKQog ewogICAgIC8vIHNldGptcCBmb3JjZXMgdm9sYXRpbGUgcmVnaXN0ZXJzIG9udG8gdGhlIHN0YWNr CkBAIC01NDEsMTEgKzU0OSw3IEBAIHZvaWQgQ29sbGVjdG9yOjptYXJrQ3VycmVudFRocmVhZENv bnNlcnZhdGl2ZWx5KCkKICNwcmFnbWEgd2FybmluZyhwb3ApCiAjZW5kaWYKIAotICAgIHZvaWQq IGR1bW15OwotICAgIHZvaWQqIHN0YWNrUG9pbnRlciA9ICZkdW1teTsKLSAgICB2b2lkKiBzdGFj a0Jhc2UgPSBjdXJyZW50VGhyZWFkU3RhY2tCYXNlKCk7Ci0KLSAgICBtYXJrU3RhY2tPYmplY3Rz Q29uc2VydmF0aXZlbHkoc3RhY2tQb2ludGVyLCBzdGFja0Jhc2UpOworICAgIG1hcmtDdXJyZW50 VGhyZWFkQ29uc2VydmF0aXZlbHlJbnRlcm5hbCgpOwogfQogCiAjaWYgVVNFKE1VTFRJUExFX1RI UkVBRFMpCmRpZmYgLS1naXQgYS9KYXZhU2NyaXB0Q29yZS9ranMvY29sbGVjdG9yLmggYi9KYXZh U2NyaXB0Q29yZS9ranMvY29sbGVjdG9yLmgKaW5kZXggNDM2YTZhZi4uNzBkYjZiNSAxMDA2NDQK LS0tIGEvSmF2YVNjcmlwdENvcmUva2pzL2NvbGxlY3Rvci5oCisrKyBiL0phdmFTY3JpcHRDb3Jl L2tqcy9jb2xsZWN0b3IuaApAQCAtNzksNiArNzksNyBAQCBuYW1lc3BhY2UgS0pTIHsKICAgICBz dGF0aWMgdm9pZCBtYXJrUHJvdGVjdGVkT2JqZWN0cygpOwogICAgIHN0YXRpYyB2b2lkIG1hcmtN YWluVGhyZWFkT25seU9iamVjdHMoKTsKICAgICBzdGF0aWMgdm9pZCBtYXJrQ3VycmVudFRocmVh ZENvbnNlcnZhdGl2ZWx5KCk7CisgICAgc3RhdGljIHZvaWQgbWFya0N1cnJlbnRUaHJlYWRDb25z ZXJ2YXRpdmVseUludGVybmFsKCk7CiAgICAgc3RhdGljIHZvaWQgbWFya090aGVyVGhyZWFkQ29u c2VydmF0aXZlbHkoVGhyZWFkKik7CiAgICAgc3RhdGljIHZvaWQgbWFya1N0YWNrT2JqZWN0c0Nv bnNlcnZhdGl2ZWx5KCk7CiAgICAgc3RhdGljIHZvaWQgbWFya1N0YWNrT2JqZWN0c0NvbnNlcnZh dGl2ZWx5KHZvaWQqIHN0YXJ0LCB2b2lkKiBlbmQpOwo= 20465 2008-04-10 15:40:55 -0700 2008-04-10 15:42:16 -0700 Patch bug-18367-v2.patch text/plain 3156 mrowe ZGlmZiAtLWdpdCBhL0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZyBiL0phdmFTY3JpcHRDb3JlL0No YW5nZUxvZwppbmRleCA1YTFjMzg2Li5lYTVhMjFjIDEwMDY0NAotLS0gYS9KYXZhU2NyaXB0Q29y ZS9DaGFuZ2VMb2cKKysrIGIvSmF2YVNjcmlwdENvcmUvQ2hhbmdlTG9nCkBAIC0xLDMgKzEsMjYg QEAKKzIwMDgtMDQtMTAgIE1hcmsgUm93ZSAgPG1yb3dlQGFwcGxlLmNvbT4KKworICAgICAgICBS ZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICBGaXggaHR0cHM6Ly9idWdzLndl YmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTE4MzY3IGFuZCB0aGUgbWFueSBkdXBlcy4KKyAgICAg ICAgQnVnIDE4MzY3OiBDcmFzaCBkdXJpbmcgY2VsdGljIGthbmUganMgc3BlZWQgMjAwNyB0ZXN0 CisKKyAgICAgICAgR0NDIDQuMiBvbiB4ODZfNjQgTGludXggZGVjaWRlZCB0byByZW9yZGVyIHRo ZSBsb2NhbCB2YXJpYWJsZXMgaW4gbWFya0N1cnJlbnRUaHJlYWRDb25zZXJ2YXRpdmVseSdzCisg ICAgICAgIHN0YWNrIGZyYW1lLiAgVGhpcyBsZWFkIHRvIHRoZSByYW5nZSBvZiBhZGRyZXNzZXMg dGhlIGNvbGxlY3RvciB0cmVhdGVkIGFzIHN0YWNrIHRvIGV4Y2x1ZGUgdGhlCisgICAgICAgIGNv bnRlbnRzIG9mIHZvbGF0aWxlIHJlZ2lzdGVycyB0aGF0IG1hcmtDdXJyZW50VGhyZWFkQ29uc2Vy dmF0aXZlbHkgZm9yY2VzIG9udG8gdGhlIHN0YWNrLiAgVGhpcyB3YXMKKyAgICAgICAgbGVhZGlu ZyB0byBvYmplY3RzIGJlaW5nIHByZW1hdHVyZWx5IGNvbGxlY3RlZCBpZiB0aGUgb25seSByZWZl cmVuY2UgdG8gdGhlbSB3YXMgdmlhIGEgcmVnaXN0ZXIgYXQKKyAgICAgICAgdGhlIHRpbWUgYSBj b2xsZWN0aW9uIG9jY3VycmVkLgorCisgICAgICAgIFRoZSBmaXggZm9yIHRoaXMgaXMgdG8gbW92 ZSB0aGUgY2FsY3VsYXRpb24gb2YgdGhlIHRvcCBvZiB0aGUgc3RhY2sgaW50byBhIE5FVkVSX0lO TElORSBmdW5jdGlvbgorICAgICAgICB0aGF0IGlzIGNhbGxlZCBmcm9tIG1hcmtDdXJyZW50VGhy ZWFkQ29uc2VydmF0aXZlbHkuICBUaGlzIGZvcmNlcyB0aGUgZHVtbXkgdmFyaWFibGUgd2UgdXNl IGZvcgorICAgICAgICBkZXRlcm1pbmluZyB0aGUgdG9wIG9mIHN0YWNrIHRvIGJlIGluIGEgZGlm ZmVyZW50IHN0YWNrIGZyYW1lIHdoaWNoIHByZXZlbnRzIHRoZSBjb21waWxlciBmcm9tCisgICAg ICAgIHJlb3JkZXJpbmcgaXQgcmVsYXRpdmUgdG8gdGhlIHJlZ2lzdGVycyB0aGF0IG1hcmtDdXJy ZW50VGhyZWFkQ29uc2VydmF0aXZlbHkgZm9yY2VzIG9udG8gdGhlIHN0YWNrLgorCisgICAgICAg ICoga2pzL2NvbGxlY3Rvci5jcHA6CisgICAgICAgIChLSlM6OkNvbGxlY3Rvcjo6bWFya0N1cnJl bnRUaHJlYWRDb25zZXJ2YXRpdmVseUludGVybmFsKToKKyAgICAgICAgKEtKUzo6Q29sbGVjdG9y OjptYXJrQ3VycmVudFRocmVhZENvbnNlcnZhdGl2ZWx5KToKKyAgICAgICAgKiBranMvY29sbGVj dG9yLmg6CisKIDIwMDgtMDQtMDkgIEFkYW0gUm9iZW4gIDxhcm9iZW5AYXBwbGUuY29tPgogCiAg ICAgICAgIFZDKysgRXhwcmVzcyBidWlsZCBmaXgKZGlmZiAtLWdpdCBhL0phdmFTY3JpcHRDb3Jl L2tqcy9jb2xsZWN0b3IuY3BwIGIvSmF2YVNjcmlwdENvcmUva2pzL2NvbGxlY3Rvci5jcHAKaW5k ZXggNjQ2NmRlMS4uNjM3MWM1YyAxMDA2NDQKLS0tIGEvSmF2YVNjcmlwdENvcmUva2pzL2NvbGxl Y3Rvci5jcHAKKysrIGIvSmF2YVNjcmlwdENvcmUva2pzL2NvbGxlY3Rvci5jcHAKQEAgLTUyOCw2 ICs1MjgsMTQgQEAgdm9pZCBDb2xsZWN0b3I6Om1hcmtTdGFja09iamVjdHNDb25zZXJ2YXRpdmVs eSh2b2lkICpzdGFydCwgdm9pZCAqZW5kKQogICB9CiB9CiAKK3ZvaWQgTkVWRVJfSU5MSU5FIENv bGxlY3Rvcjo6bWFya0N1cnJlbnRUaHJlYWRDb25zZXJ2YXRpdmVseUludGVybmFsKCkKK3sKKyAg ICB2b2lkKiBkdW1teTsKKyAgICB2b2lkKiBzdGFja1BvaW50ZXIgPSAmZHVtbXk7CisgICAgdm9p ZCogc3RhY2tCYXNlID0gY3VycmVudFRocmVhZFN0YWNrQmFzZSgpOworICAgIG1hcmtTdGFja09i amVjdHNDb25zZXJ2YXRpdmVseShzdGFja1BvaW50ZXIsIHN0YWNrQmFzZSk7Cit9CisKIHZvaWQg Q29sbGVjdG9yOjptYXJrQ3VycmVudFRocmVhZENvbnNlcnZhdGl2ZWx5KCkKIHsKICAgICAvLyBz ZXRqbXAgZm9yY2VzIHZvbGF0aWxlIHJlZ2lzdGVycyBvbnRvIHRoZSBzdGFjawpAQCAtNTQxLDEx ICs1NDksNyBAQCB2b2lkIENvbGxlY3Rvcjo6bWFya0N1cnJlbnRUaHJlYWRDb25zZXJ2YXRpdmVs eSgpCiAjcHJhZ21hIHdhcm5pbmcocG9wKQogI2VuZGlmCiAKLSAgICB2b2lkKiBkdW1teTsKLSAg ICB2b2lkKiBzdGFja1BvaW50ZXIgPSAmZHVtbXk7Ci0gICAgdm9pZCogc3RhY2tCYXNlID0gY3Vy cmVudFRocmVhZFN0YWNrQmFzZSgpOwotCi0gICAgbWFya1N0YWNrT2JqZWN0c0NvbnNlcnZhdGl2 ZWx5KHN0YWNrUG9pbnRlciwgc3RhY2tCYXNlKTsKKyAgICBtYXJrQ3VycmVudFRocmVhZENvbnNl cnZhdGl2ZWx5SW50ZXJuYWwoKTsKIH0KIAogI2lmIFVTRShNVUxUSVBMRV9USFJFQURTKQpkaWZm IC0tZ2l0IGEvSmF2YVNjcmlwdENvcmUva2pzL2NvbGxlY3Rvci5oIGIvSmF2YVNjcmlwdENvcmUv a2pzL2NvbGxlY3Rvci5oCmluZGV4IDQzNmE2YWYuLjcwZGI2YjUgMTAwNjQ0Ci0tLSBhL0phdmFT Y3JpcHRDb3JlL2tqcy9jb2xsZWN0b3IuaAorKysgYi9KYXZhU2NyaXB0Q29yZS9ranMvY29sbGVj dG9yLmgKQEAgLTc5LDYgKzc5LDcgQEAgbmFtZXNwYWNlIEtKUyB7CiAgICAgc3RhdGljIHZvaWQg bWFya1Byb3RlY3RlZE9iamVjdHMoKTsKICAgICBzdGF0aWMgdm9pZCBtYXJrTWFpblRocmVhZE9u bHlPYmplY3RzKCk7CiAgICAgc3RhdGljIHZvaWQgbWFya0N1cnJlbnRUaHJlYWRDb25zZXJ2YXRp dmVseSgpOworICAgIHN0YXRpYyB2b2lkIG1hcmtDdXJyZW50VGhyZWFkQ29uc2VydmF0aXZlbHlJ bnRlcm5hbCgpOwogICAgIHN0YXRpYyB2b2lkIG1hcmtPdGhlclRocmVhZENvbnNlcnZhdGl2ZWx5 KFRocmVhZCopOwogICAgIHN0YXRpYyB2b2lkIG1hcmtTdGFja09iamVjdHNDb25zZXJ2YXRpdmVs eSgpOwogICAgIHN0YXRpYyB2b2lkIG1hcmtTdGFja09iamVjdHNDb25zZXJ2YXRpdmVseSh2b2lk KiBzdGFydCwgdm9pZCogZW5kKTsK