18816 2008-04-30 12:49:38 -0700 ASSERTION FAILED: !vb->isUndefined() loading unl.edu 2008-06-09 14:14:56 -0700 1 1 1 Unclassified WebKit JavaScriptCore 528+ (Nightly build) Mac OS X 10.5 RESOLVED WORKSFORME http://www.unl.edu NeedsReduction, Regression P1 Normal --- 1 shumatejb webkit-unassigned ap zwarich oldest_to_newest 79295 0 shumatejb 2008-04-30 12:49:38 -0700 When visiting the UNL website at www.unl.edu, Webkit crashes. This should be reproducible on WebKit nightly build r32698 79296 1 dev+webkit 2008-04-30 12:59:11 -0700 Confirmed with r32736; regression from Safari 3.1.1 (5525.18) ASSERTION FAILED: !vb->isUndefined() (/Users/matt/Code/WebKit/JavaScriptCore/kjs/array_instance.cpp:496 bool KJS::CompareWithCompareFunctionArguments::operator()(KJS::JSValue*, KJS::JSValue*)) Thread 0 Crashed: 0 com.apple.JavaScriptCore 0x004a3b99 KJS::CompareWithCompareFunctionArguments::operator()(KJS::JSValue*, KJS::JSValue*) + 145 (array_instance.cpp:496) 1 com.apple.JavaScriptCore 0x004a429b void std::__unguarded_linear_insert<KJS::JSValue**, KJS::JSValue*, KJS::CompareWithCompareFunctionArguments>(KJS::JSValue**, KJS::JSValue*, KJS::CompareWithCompareFunctionArguments) + 69 (stl_algo.h:2108) 2 com.apple.JavaScriptCore 0x004a4383 void std::__insertion_sort<KJS::JSValue**, KJS::CompareWithCompareFunctionArguments>(KJS::JSValue**, KJS::JSValue**, KJS::CompareWithCompareFunctionArguments) + 145 (stl_algo.h:2156) 3 com.apple.JavaScriptCore 0x004a4428 void std::__final_insertion_sort<KJS::JSValue**, KJS::CompareWithCompareFunctionArguments>(KJS::JSValue**, KJS::JSValue**, KJS::CompareWithCompareFunctionArguments) + 144 (stl_algo.h:2240) 4 com.apple.JavaScriptCore 0x004a44a4 void std::sort<KJS::JSValue**, KJS::CompareWithCompareFunctionArguments>(KJS::JSValue**, KJS::JSValue**, KJS::CompareWithCompareFunctionArguments) + 122 (stl_algo.h:2608) 5 com.apple.JavaScriptCore 0x00448c14 KJS::ArrayInstance::sort(KJS::ExecState*, KJS::JSObject*) + 104 (array_instance.cpp:518) 6 com.apple.JavaScriptCore 0x004490be KJS::arrayProtoFuncSort(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 194 (array_object.cpp:371) 7 com.apple.JavaScriptCore 0x00426650 KJS::PrototypeFunction::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 34 (function.cpp:906) 8 com.apple.JavaScriptCore 0x004484b6 KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 222 (object.cpp:99) 9 com.apple.JavaScriptCore 0x004a6940 KJS::FunctionCallDotNode::inlineEvaluate(KJS::ExecState*) + 802 (nodes.cpp:1495) 10 com.apple.JavaScriptCore 0x0045edca KJS::FunctionCallDotNode::evaluate(KJS::ExecState*) + 30 (nodes.cpp:1501) 82728 2 zwarich 2008-06-09 03:00:23 -0700 This no longer occurs, even with COLLECT_ON_EVERY_ALLOCATION. I don't have a debug build of r32698 to check, so maybe the page changed and it doesn't even occur with that revision anymore. Should we close this? 82768 3 ap 2008-06-09 14:14:56 -0700 This code has changed a lot since r32698, with many bugs fixed, so it is likely that the root cause of this was addressed.