28997 2009-09-05 17:57:52 -0700 Web Inspector assertion failure related to marking 2009-09-08 12:02:38 -0700 1 1 1 Unclassified WebKit Web Inspector (Deprecated) 528+ (Nightly build) Mac (Intel) OS X 10.5 RESOLVED FIXED P2 Normal --- 1 jberlin darin darin ggaren mrowe oliver oldest_to_newest 145027 0 jberlin 2009-09-05 17:57:52 -0700 In a debug build (r48097), interacting with the web inspector causes an assertion failure in JSC::MarkStack::append ASSERTION FAILED: !m_isCheckingForDefaultMarkViolation (/Users/jessieberlin/WebKit/WebKitBuild/Debug/JavaScriptCore.framework/PrivateHeaders/JSCell.h:329 void JSC::MarkStack::append(JSC::JSCell*)) Steps to reproduce: 1. Make sure the Develop menu is showing in the menu bar. 2. Navigate to a web page (e.g. webkit.org) 3. Inspect any element on the page. 4. Interact with the Web Inspector (e.g. expand or collapse "Computed Style") 5. Note that safari crashes with the assertion above. Possibly related to http://trac.webkit.org/changeset/48068 145028 1 mrowe 2009-09-05 18:00:20 -0700 (gdb) bt #0 0x00000001019b338e in JSC::MarkStack::append (this=0x117826ba0, cell=0x1085aff80) at JSCell.h:329 #1 0x0000000101ad8661 in WebCore::JSQuarantinedObjectWrapper::markChildren (this=0x119f03fc0, markStack=@0x117826ba0) at WebCore/bindings/js/JSQuarantinedObjectWrapper.cpp:99 #2 0x0000000100b42359 in JSC::MarkStack::markChildren (this=0x117826ba0, cell=0x119f03fc0) at JSArray.h:166 #3 0x0000000100b42687 in JSC::MarkStack::drain (this=0x117826ba0) at JSArray.h:215 145030 2 darin 2009-09-05 21:05:18 -0700 JSQuarantinedObjectWrapper overrides markChildren, therefore needs to have a structure without the HasDefaultMark flag set. I can fix this on Tuesday, but if someone else wants to tackle it before then it should be similar to the fix in <http://trac.webkit.org/changeset/48079>. Another alternative would be to turn off the JavaScriptCore assertion by removing it for now. The garbage collection bug will remain, but the inconvenient assertion will be gone for the time being. 145047 3 mrowe 2009-09-06 06:03:07 -0700 JSQuarantinedObjectWrapper does have a structure without HasDefaultMark set (per its implementation of createStructure in JSQuarantinedObjectWrapper.h). The problematic object appears to be an instance of JSInspectorCallbackWrapper. The structure seems to be passed in to the JSInspectorCallbackWrapper constructor, and sometimes ends up being the result of a call to asObject(wrap(unwrappedExec, prototype))->inheritorID() (<http://trac.webkit.org/browser/trunk/WebCore/bindings/js/JSInspectorCallbackWrapper.cpp#L76>). JSObject::inheritorID() seems to call JSObject::createStructure itself if there is no inheritor ID set, which results in HasDefaultMark being set on the structure. 145458 4 ggaren 2009-09-08 11:09:54 -0700 (In reply to comment #3) Oliver's in the middle of a fix. 145459 5 ggaren 2009-09-08 11:11:02 -0700 (In reply to comment #4) (Changing the call to inheritorID() to a call to createStructure(), since inheritorID() is only appropriate for vanilla JavaScript objects.) 145475 6 39200 oliver 2009-09-08 11:56:41 -0700 Created attachment 39200 Patch v1 145477 7 39200 ggaren 2009-09-08 11:59:11 -0700 Comment on attachment 39200 Patch v1 Please revert changes to b/WebCore/WebCore.xcodeproj/project.pbxproj. r=me 145478 8 oliver 2009-09-08 12:02:38 -0700 Committed r48172 39200 2009-09-08 11:56:41 -0700 2009-09-08 11:59:11 -0700 Patch v1 bug-28997-20090908115640.patch text/plain 5058 oliver ZGlmZiAtLWdpdCBhL1dlYkNvcmUvQ2hhbmdlTG9nIGIvV2ViQ29yZS9DaGFuZ2VMb2cKaW5kZXgg NDk2NDhhYy4uZjE4YjE4MSAxMDA2NDQKLS0tIGEvV2ViQ29yZS9DaGFuZ2VMb2cKKysrIGIvV2Vi Q29yZS9DaGFuZ2VMb2cKQEAgLTEsMyArMSwxOSBAQAorMjAwOS0wOS0wOCAgT2xpdmVyIEh1bnQg IDxvbGl2ZXJAYXBwbGUuY29tPgorCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEp LgorCisgICAgICAgIFdlYiBJbnNwZWN0b3IgYXNzZXJ0aW9uIGZhaWx1cmUgcmVsYXRlZCB0byBt YXJraW5nCisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD0y ODk5NworCisgICAgICAgIFdoZW4gd3JhcHBpbmcgdGhlIGNhbGxiYWNrIHRoZSBKU0luc3BlY3Rv ckNhbGxiYWNrV3JhcHBlciBjcmVhdG9yIHdhcyB1c2luZworICAgICAgICBpbmhlcml0b3JJRCBm b3IgdGhlIHByb3RvdHlwZSBzdHJ1Y3R1cmUgd2hpY2ggaXMgdW5zYWZlIGZvciBhbnl0aGluZyBv dGhlcgorICAgICAgICB0aGFuIGEgcHVyZSBKUyBvYmplY3QuICBJbnN0ZWFkIHdlIG5vdyBjcmVh dGUgYSBuZXcgc3RydWN0dXJlLCB3aGljaCB3aGlsZQorICAgICAgICBpbmVmZmljaWVudCBpcyBu b3QgcHJvYmxlbWF0aWMgYXMgdGhpcyBjb2RlIGlzIG5vdCBoaXQgZnJlcXVlbnRseS4KKworICAg ICAgICAqIFdlYkNvcmUueGNvZGVwcm9qL3Byb2plY3QucGJ4cHJvajoKKyAgICAgICAgKiBiaW5k aW5ncy9qcy9KU0luc3BlY3RvckNhbGxiYWNrV3JhcHBlci5jcHA6CisgICAgICAgIChXZWJDb3Jl OjpKU0luc3BlY3RvckNhbGxiYWNrV3JhcHBlcjo6d3JhcCk6CisKIDIwMDktMDktMDggIEppYW4g TGkgIDxqaWFubGlAY2hyb21pdW0ub3JnPgogCiAgICAgICAgIFJldmlld2VkIGJ5IERhdmlkIExl dmluLgpkaWZmIC0tZ2l0IGEvV2ViQ29yZS9XZWJDb3JlLnhjb2RlcHJvai9wcm9qZWN0LnBieHBy b2ogYi9XZWJDb3JlL1dlYkNvcmUueGNvZGVwcm9qL3Byb2plY3QucGJ4cHJvagppbmRleCAzMTk3 MjFiLi41MjM4YzY2IDEwMDY0NAotLS0gYS9XZWJDb3JlL1dlYkNvcmUueGNvZGVwcm9qL3Byb2pl Y3QucGJ4cHJvagorKysgYi9XZWJDb3JlL1dlYkNvcmUueGNvZGVwcm9qL3Byb2plY3QucGJ4cHJv agpAQCAtMTE4Miw4ICsxMTgyLDYgQEAKIAkJNjVERjMyNjEwOUQxRTE5OTAwMEJFMzI1IC8qIFVz ZXJBZ2VudFN0eWxlU2hlZXRzRGF0YS5jcHAgaW4gU291cmNlcyAqLyA9IHtpc2EgPSBQQlhCdWls ZEZpbGU7IGZpbGVSZWYgPSA2NTY1ODFBRjA5RDE0RUU2MDAwRTYxRDcgLyogVXNlckFnZW50U3R5 bGVTaGVldHNEYXRhLmNwcCAqLzsgfTsKIAkJNjVGRUE4NjkwOTgzM0FERTAwQkVENEFCIC8qIFBh Z2UuY3BwIGluIFNvdXJjZXMgKi8gPSB7aXNhID0gUEJYQnVpbGRGaWxlOyBmaWxlUmVmID0gNjVG RUE4NjgwOTgzM0FERTAwQkVENEFCIC8qIFBhZ2UuY3BwICovOyB9OwogCQk3MjYyNkUwMjBFRjAy MkZFMDBBMDdFMjAgLyogRm9udEZhc3RQYXRoLmNwcCBpbiBTb3VyY2VzICovID0ge2lzYSA9IFBC WEJ1aWxkRmlsZTsgZmlsZVJlZiA9IDcyNjI2RTAxMEVGMDIyRkUwMEEwN0UyMCAvKiBGb250RmFz dFBhdGguY3BwICovOyB9OwotCQk3Mjg0QURERDBFNkZFQjMxMDAyRUVGQkQgLyogVXNlclN0eWxl U2hlZXRMb2FkZXIuY3BwIGluIFNvdXJjZXMgKi8gPSB7aXNhID0gUEJYQnVpbGRGaWxlOyBmaWxl UmVmID0gNzI4NEFEREIwRTZGRUIzMTAwMkVFRkJEIC8qIFVzZXJTdHlsZVNoZWV0TG9hZGVyLmNw cCAqLzsgfTsKLQkJNzI4NEFEREUwRTZGRUIzMTAwMkVFRkJEIC8qIFVzZXJTdHlsZVNoZWV0TG9h ZGVyLmggaW4gSGVhZGVycyAqLyA9IHtpc2EgPSBQQlhCdWlsZEZpbGU7IGZpbGVSZWYgPSA3Mjg0 QUREQzBFNkZFQjMxMDAyRUVGQkQgLyogVXNlclN0eWxlU2hlZXRMb2FkZXIuaCAqLzsgfTsKIAkJ NzUwOTJCRkUxMDRCODBGOTAwM0REMTY4IC8qIERPTURpc3BhdGNoVGltZWxpbmVJdGVtLmNwcCBp biBTb3VyY2VzICovID0ge2lzYSA9IFBCWEJ1aWxkRmlsZTsgZmlsZVJlZiA9IDc1MDkyQkZDMTA0 QjgwRjkwMDNERDE2OCAvKiBET01EaXNwYXRjaFRpbWVsaW5lSXRlbS5jcHAgKi87IH07CiAJCTc1 MDkyQkZGMTA0QjgwRjkwMDNERDE2OCAvKiBET01EaXNwYXRjaFRpbWVsaW5lSXRlbS5oIGluIEhl YWRlcnMgKi8gPSB7aXNhID0gUEJYQnVpbGRGaWxlOyBmaWxlUmVmID0gNzUwOTJCRkQxMDRCODBG OTAwM0REMTY4IC8qIERPTURpc3BhdGNoVGltZWxpbmVJdGVtLmggKi87IH07CiAJCTc1NDEzM0E4 MTAyRTAwRTgwMDA3NUQwMCAvKiBJbnNwZWN0b3JUaW1lbGluZUFnZW50LmggaW4gSGVhZGVycyAq LyA9IHtpc2EgPSBQQlhCdWlsZEZpbGU7IGZpbGVSZWYgPSA3NTQxMzNBNzEwMkUwMEU4MDAwNzVE MDAgLyogSW5zcGVjdG9yVGltZWxpbmVBZ2VudC5oICovOyB9OwpAQCAtNjQxMCw4ICs2NDA4LDYg QEAKIAkJNjVGODA2OTcwNTREOUY4NjAwOEJGNzc2IC8qIEJsb2NrRXhjZXB0aW9ucy5tbSAqLyA9 IHtpc2EgPSBQQlhGaWxlUmVmZXJlbmNlOyBmaWxlRW5jb2RpbmcgPSAzMDsgaW5kZW50V2lkdGgg PSA0OyBsYXN0S25vd25GaWxlVHlwZSA9IHNvdXJjZWNvZGUuY3BwLm9iamNwcDsgcGF0aCA9IEJs b2NrRXhjZXB0aW9ucy5tbTsgc291cmNlVHJlZSA9ICI8Z3JvdXA+IjsgdGFiV2lkdGggPSA4OyB1 c2VzVGFicyA9IDA7IH07CiAJCTY1RkVBODY4MDk4MzNBREUwMEJFRDRBQiAvKiBQYWdlLmNwcCAq LyA9IHtpc2EgPSBQQlhGaWxlUmVmZXJlbmNlOyBmaWxlRW5jb2RpbmcgPSAzMDsgbGFzdEtub3du RmlsZVR5cGUgPSBzb3VyY2Vjb2RlLmNwcC5jcHA7IHBhdGggPSBQYWdlLmNwcDsgc291cmNlVHJl ZSA9ICI8Z3JvdXA+IjsgfTsKIAkJNzI2MjZFMDEwRUYwMjJGRTAwQTA3RTIwIC8qIEZvbnRGYXN0 UGF0aC5jcHAgKi8gPSB7aXNhID0gUEJYRmlsZVJlZmVyZW5jZTsgZmlsZUVuY29kaW5nID0gNDsg bGFzdEtub3duRmlsZVR5cGUgPSBzb3VyY2Vjb2RlLmNwcC5jcHA7IHBhdGggPSBGb250RmFzdFBh dGguY3BwOyBzb3VyY2VUcmVlID0gIjxncm91cD4iOyB9OwotCQk3Mjg0QUREQjBFNkZFQjMxMDAy RUVGQkQgLyogVXNlclN0eWxlU2hlZXRMb2FkZXIuY3BwICovID0ge2lzYSA9IFBCWEZpbGVSZWZl cmVuY2U7IGZpbGVFbmNvZGluZyA9IDQ7IGxhc3RLbm93bkZpbGVUeXBlID0gc291cmNlY29kZS5j cHAuY3BwOyBwYXRoID0gVXNlclN0eWxlU2hlZXRMb2FkZXIuY3BwOyBzb3VyY2VUcmVlID0gIjxn cm91cD4iOyB9OwotCQk3Mjg0QUREQzBFNkZFQjMxMDAyRUVGQkQgLyogVXNlclN0eWxlU2hlZXRM b2FkZXIuaCAqLyA9IHtpc2EgPSBQQlhGaWxlUmVmZXJlbmNlOyBmaWxlRW5jb2RpbmcgPSA0OyBs YXN0S25vd25GaWxlVHlwZSA9IHNvdXJjZWNvZGUuYy5oOyBwYXRoID0gVXNlclN0eWxlU2hlZXRM b2FkZXIuaDsgc291cmNlVHJlZSA9ICI8Z3JvdXA+IjsgfTsKIAkJNzUwOTJCRkMxMDRCODBGOTAw M0REMTY4IC8qIERPTURpc3BhdGNoVGltZWxpbmVJdGVtLmNwcCAqLyA9IHtpc2EgPSBQQlhGaWxl UmVmZXJlbmNlOyBmaWxlRW5jb2RpbmcgPSA0OyBsYXN0S25vd25GaWxlVHlwZSA9IHNvdXJjZWNv ZGUuY3BwLmNwcDsgcGF0aCA9IERPTURpc3BhdGNoVGltZWxpbmVJdGVtLmNwcDsgc291cmNlVHJl ZSA9ICI8Z3JvdXA+IjsgfTsKIAkJNzUwOTJCRkQxMDRCODBGOTAwM0REMTY4IC8qIERPTURpc3Bh dGNoVGltZWxpbmVJdGVtLmggKi8gPSB7aXNhID0gUEJYRmlsZVJlZmVyZW5jZTsgZmlsZUVuY29k aW5nID0gNDsgbGFzdEtub3duRmlsZVR5cGUgPSBzb3VyY2Vjb2RlLmMuaDsgcGF0aCA9IERPTURp c3BhdGNoVGltZWxpbmVJdGVtLmg7IHNvdXJjZVRyZWUgPSAiPGdyb3VwPiI7IH07CiAJCTc1NDEz M0E3MTAyRTAwRTgwMDA3NUQwMCAvKiBJbnNwZWN0b3JUaW1lbGluZUFnZW50LmggKi8gPSB7aXNh ID0gUEJYRmlsZVJlZmVyZW5jZTsgZmlsZUVuY29kaW5nID0gNDsgbGFzdEtub3duRmlsZVR5cGUg PSBzb3VyY2Vjb2RlLmMuaDsgcGF0aCA9IEluc3BlY3RvclRpbWVsaW5lQWdlbnQuaDsgc291cmNl VHJlZSA9ICI8Z3JvdXA+IjsgfTsKZGlmZiAtLWdpdCBhL1dlYkNvcmUvYmluZGluZ3MvanMvSlNJ bnNwZWN0b3JDYWxsYmFja1dyYXBwZXIuY3BwIGIvV2ViQ29yZS9iaW5kaW5ncy9qcy9KU0luc3Bl Y3RvckNhbGxiYWNrV3JhcHBlci5jcHAKaW5kZXggMGUxNDEwOS4uNWMzY2QyOSAxMDA2NDQKLS0t IGEvV2ViQ29yZS9iaW5kaW5ncy9qcy9KU0luc3BlY3RvckNhbGxiYWNrV3JhcHBlci5jcHAKKysr IGIvV2ViQ29yZS9iaW5kaW5ncy9qcy9KU0luc3BlY3RvckNhbGxiYWNrV3JhcHBlci5jcHAKQEAg LTczLDcgKzczLDcgQEAgSlNWYWx1ZSBKU0luc3BlY3RvckNhbGxiYWNrV3JhcHBlcjo6d3JhcChF eGVjU3RhdGUqIHVud3JhcHBlZEV4ZWMsIEpTVmFsdWUgdW53cmEKICAgICAgICAgc3RhdGljIFN0 cnVjdHVyZSogc3RydWN0dXJlID0gbGVha0luc3BlY3RvckNhbGxiYWNrV3JhcHBlclN0cnVjdHVy ZSgpOwogICAgICAgICByZXR1cm4gbmV3ICh1bndyYXBwZWRFeGVjKSBKU0luc3BlY3RvckNhbGxi YWNrV3JhcHBlcih1bndyYXBwZWRFeGVjLCB1bndyYXBwZWRPYmplY3QsIHN0cnVjdHVyZSk7CiAg ICAgfQotICAgIHJldHVybiBuZXcgKHVud3JhcHBlZEV4ZWMpIEpTSW5zcGVjdG9yQ2FsbGJhY2tX cmFwcGVyKHVud3JhcHBlZEV4ZWMsIHVud3JhcHBlZE9iamVjdCwgYXNPYmplY3Qod3JhcCh1bndy YXBwZWRFeGVjLCBwcm90b3R5cGUpKS0+aW5oZXJpdG9ySUQoKSk7CisgICAgcmV0dXJuIG5ldyAo dW53cmFwcGVkRXhlYykgSlNJbnNwZWN0b3JDYWxsYmFja1dyYXBwZXIodW53cmFwcGVkRXhlYywg dW53cmFwcGVkT2JqZWN0LCBjcmVhdGVTdHJ1Y3R1cmUod3JhcCh1bndyYXBwZWRFeGVjLCBwcm90 b3R5cGUpKSk7CiB9CiAKIEpTSW5zcGVjdG9yQ2FsbGJhY2tXcmFwcGVyOjpKU0luc3BlY3RvckNh bGxiYWNrV3JhcHBlcihFeGVjU3RhdGUqIHVud3JhcHBlZEV4ZWMsIEpTT2JqZWN0KiB1bndyYXBw ZWRPYmplY3QsIFBhc3NSZWZQdHI8U3RydWN0dXJlPiBzdHJ1Y3R1cmUp