19106 2008-05-16 20:15:42 -0700 SquirrelFish: Activation is not marked correctly 2008-05-17 00:23:56 -0700 1 1 1 Unclassified WebKit JavaScriptCore 528+ (Nightly build) Mac OS X 10.5 RESOLVED FIXED http://www.tvtv.de/ P1 Major --- 1 oliver oliver ggaren mjs zwarich oldest_to_newest 80670 0 oliver 2008-05-16 20:15:42 -0700 Attempting to inspect tvtv.de resulted in this assertion: Program received signal EXC_BAD_ACCESS, Could not access memory. Reason: KERN_INVALID_ADDRESS at address: 0xbbadbeef 0x02a63224 in WebCore::JSInspectedObjectWrapper::prepareIncomingValue (this=0x1afb9f80, value=0xb598a0) at /Volumes/Data/git/WebKit/OpenSource/WebCore/bindings/js/JSInspectedObjectWrapper.cpp:97 97 ASSERT_WITH_MESSAGE(wrapper->inherits(&JSInspectorCallbackWrapper::s_info), "A wrapper that was not from the inspected page and is not an Inspector callback was passed to a JSInspectedObjectWrapper"); (gdb) where #0 0x02a63224 in WebCore::JSInspectedObjectWrapper::prepareIncomingValue (this=0x1afb9f80, value=0xb598a0) at /Volumes/Data/git/WebKit/OpenSource/WebCore/bindings/js/JSInspectedObjectWrapper.cpp:97 #1 0x02a67681 in WebCore::JSQuarantinedObjectWrapper::callAsFunction (this=0x1afb9f80, exec=0xbfff98a4, thisObj=0xb598a0, args=@0xbfff8b28) at /Volumes/Data/git/WebKit/OpenSource/WebCore/bindings/js/JSQuarantinedObjectWrapper.cpp:252 #2 0x004ef4de in KJS::Machine::privateExecute (this=0x540960, flag=KJS::Machine::Normal, exec=0xbfff98a4, registerFile=0x1abb7ce0, r=0x4c6f5b0, scopeChain=0x1a324ba0, codeBlock=0x1ab66660, exception=0xbfff995c) at /Volumes/Data/git/WebKit/OpenSource/JavaScriptCore/VM/Machine.cpp:1792 #3 0x004f0e65 in KJS::Machine::execute (this=0x540960, functionBodyNode=0x1ab83640, exec=0xbfffa8b4, function=0x1a814240, thisObj=0xb598a0, args=@0xbfff99e0, registerFileStack=0x1ab5eb38, scopeChain=0x1a324ba0, exception=0xbfff995c) at /Volumes/Data/git/WebKit/OpenSource/JavaScriptCore/VM/Machine.cpp:664 #4 0x0044a7ad in KJS::FunctionImp::callAsFunction (this=0x1a814240, exec=0xbfffa8b4, thisObj=0xb598a0, args=@0xbfff99e0) at function.cpp:95 #5 0x00462faf in KJS::JSObject::call (this=0x1a814240, exec=0xbfffa8b4, thisObj=0xb598a0, args=@0xbfff99e0) at object.cpp:99 #6 0x00464f96 in functionProtoFuncCall (exec=0xbfffa8b4, thisObj=0x1a814240, args=@0xbfff9b38) at function_object.cpp:125 #7 0x0043e872 in KJS::PrototypeFunction::callAsFunction (this=0x1a8132c0, exec=0xbfffa8b4, thisObj=0x1a814240, args=@0xbfff9b38) at function.cpp:747 #8 0x004ef4de in KJS::Machine::privateExecute (this=0x540960, flag=KJS::Machine::Normal, exec=0xbfffa8b4, registerFile=0x1abb7ce0, r=0x4c6f3e0, scopeChain=0x1a324ba0, codeBlock=0x1ab7ca00, exception=0xbfffa96c) at /Volumes/Data/git/WebKit/OpenSource/JavaScriptCore/VM/Machine.cpp:1792 #9 0x004f0e65 in KJS::Machine::execute (this=0x540960, functionBodyNode=0x1ad21560, exec=0xbfffb8c4, function=0x1a81a7c0, thisObj=0xb216a0, args=@0xbfffaa00, registerFileStack=0x1ab5eb38, scopeChain=0x1a324ba0, exception=0xbfffa96c) at /Volumes/Data/git/WebKit/OpenSource/JavaScriptCore/VM/Machine.cpp:664 80671 1 oliver 2008-05-16 20:16:42 -0700 (not a merge blocker, i curse autocomplete :D ) 80673 2 oliver 2008-05-16 21:48:48 -0700 This actually broke many exciting things however it's a marking issue in JSActivationObject 80674 3 21208 oliver 2008-05-16 21:51:17 -0700 Created attachment 21208 Patch to fix marking in an activation (This has been reviewed by maciej) 80677 4 oliver 2008-05-17 00:23:56 -0700 M JavaScriptCore/ChangeLog M JavaScriptCore/kjs/JSActivation.cpp M LayoutTests/ChangeLog A LayoutTests/fast/js/duplicate-param-gc-crash.html A LayoutTests/fast/js/resources/duplicate-param-gc-crash.js A LayoutTests/fast/js/resources/var-shadows-arg-gc-crash.js A LayoutTests/fast/js/var-shadows-arg-gc-crash.html Committed r33550 21208 2008-05-16 21:51:17 -0700 2008-05-16 21:51:17 -0700 Patch to fix marking in an activation activationmarking.patch text/plain 674 oliver ZGlmZiAtLWdpdCBhL0phdmFTY3JpcHRDb3JlL2tqcy9KU0FjdGl2YXRpb24uY3BwIGIvSmF2YVNj cmlwdENvcmUva2pzL0pTQWN0aXZhdGlvbi5jcHAKaW5kZXggYmU1NWYzYi4uNjY5NjFmZCAxMDA2 NDQKLS0tIGEvSmF2YVNjcmlwdENvcmUva2pzL0pTQWN0aXZhdGlvbi5jcHAKKysrIGIvSmF2YVNj cmlwdENvcmUva2pzL0pTQWN0aXZhdGlvbi5jcHAKQEAgLTE0MCw4ICsxNDAsOSBAQCB2b2lkIEpT QWN0aXZhdGlvbjo6bWFyaygpCiAgICAgLy8gdGhlIHJlZ2lzdGVyIGZpbGUgZ2V0cyBtYXJrZWQg aW5kZXBlbmRlbnRseS4KICAgICBpZighZCgpLT5yZWdpc3RlckFycmF5KQogICAgICAgICByZXR1 cm47Ci0KLSAgICBSZWdpc3RlciogZW5kID0gZCgpLT5yZWdpc3RlckFycmF5ICsgc3ltYm9sVGFi bGUoKS5zaXplKCk7CisgICAgCisgICAgaW50IG51bVJlZ2lzdGVycyA9IGQoKS0+ZnVuY3Rpb25C b2R5LT5nZW5lcmF0ZWRDb2RlKCkubnVtTG9jYWxzOworICAgIFJlZ2lzdGVyKiBlbmQgPSBkKCkt PnJlZ2lzdGVyQXJyYXkgKyBudW1SZWdpc3RlcnM7CiAgICAgZm9yIChSZWdpc3RlciogaXQgPSBk KCktPnJlZ2lzdGVyQXJyYXk7IGl0ICE9IGVuZDsgKytpdCkgewogICAgICAgICBKU1ZhbHVlKiB2 ID0gKCppdCkudS5qc1ZhbHVlOwogICAgICAgICBpZiAoIXYtPm1hcmtlZCgpKQo=