29554 2009-09-21 07:39:12 -0700 REGRESSION (r48573): Assertion failure in Structure::toDictionaryTransition when loading page with simple JavaScript 2009-09-21 07:46:10 -0700 1 1 1 Unclassified WebKit JavaScriptCore 528+ (Nightly build) All All RESOLVED DUPLICATE 29534 data:text/html,<script>function foo() { }</script> Regression P1 Normal --- 1 aroben webkit-unassigned oliver oldest_to_newest 148651 0 aroben 2009-09-21 07:39:12 -0700 To reproduce: 1. Go to data:text/html,<script>function foo() { }</script> You'll hit this assertion in Structure::toDictionaryTransition: ASSERT(!structure->isDictionary()); Here's the backtrace: #0 0x100c4ccad in JSC::Structure::toDictionaryTransition at Structure.cpp:559 #1 0x100c4cdcf in JSC::Structure::toUncacheableDictionaryTransition at Structure.cpp:580 #2 0x100c4ce3d in JSC::Structure::removePropertyTransition at Structure.cpp:459 #3 0x100b0d04c in JSC::JSObject::removeDirect at JSObject.cpp:481 #4 0x100b2f46c in JSC::BytecodeGenerator::BytecodeGenerator at BytecodeGenerator.cpp:260 #5 0x100c5b1b0 in JSC::ProgramExecutable::compile at Executable.cpp:107 #6 0x100b2b64a in JSC::evaluate at Completion.cpp:53 #7 0x101de71dd in WebCore::ScriptController::evaluate at ScriptController.cpp:115 #8 0x1018c9162 in WebCore::FrameLoader::executeScript at FrameLoader.cpp:781 #9 0x101992c5a in WebCore::HTMLTokenizer::scriptExecution at HTMLTokenizer.cpp:562 #10 0x101993922 in WebCore::HTMLTokenizer::scriptHandler at HTMLTokenizer.cpp:504 #11 0x1019940ae in WebCore::HTMLTokenizer::parseNonHTMLText at HTMLTokenizer.cpp:351 #12 0x1019967e4 in WebCore::HTMLTokenizer::parseTag at HTMLTokenizer.cpp:1521 #13 0x10199733d in WebCore::HTMLTokenizer::write at HTMLTokenizer.cpp:1755 #14 0x1018c775d in WebCore::FrameLoader::write at FrameLoader.cpp:1030 #15 0x1018c78f9 in WebCore::FrameLoader::endIfNotLoadingMainResource at FrameLoader.cpp:1065 #16 0x1018c7938 in WebCore::FrameLoader::end at FrameLoader.cpp:1051 #17 0x10176c7ba in WebCore::DocumentLoader::finishedLoading at DocumentLoader.cpp:330 #18 0x1018cb61b in WebCore::FrameLoader::finishedLoading at FrameLoader.cpp:3183 #19 0x101c2b4d5 in WebCore::MainResourceLoader::didFinishLoading at MainResourceLoader.cpp:375 #20 0x101dcda62 in WebCore::ResourceLoader::didFinishLoading at ResourceLoader.cpp:403 #21 0x101dc9dfb in -[WebCoreResourceHandleAsDelegate connectionDidFinishLoading:] at ResourceHandleMac.mm:748 #22 0x7fff831fdbc8 in _NSURLConnectionDidFinishLoading #23 0x7fff846378d1 in URLConnectionClient::_clientDidFinishLoading #24 0x7fff846982a6 in URLConnectionClient::ClientConnectionEventQueue::processAllEventsAndConsumePayload #25 0x7fff84698512 in URLConnectionClient::ClientConnectionEventQueue::processAllEventsAndConsumePayload #26 0x7fff8462262b in URLConnectionClient::processEvents #27 0x7fff84622406 in MultiplexerSource::perform #28 0x7fff805d6281 in __CFRunLoopDoSources0 #29 0x7fff805d4879 in __CFRunLoopRun #30 0x7fff805d403f in CFRunLoopRunSpecific #31 0x7fff876f4c4e in RunCurrentEventLoopInMode #32 0x7fff876f4a53 in ReceiveNextEventCommon #33 0x7fff876f490c in BlockUntilNextEventMatchingListInMode #34 0x7fff84c6d520 in _DPSNextEvent #35 0x7fff84c6ce89 in -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] #36 0x10005fe45 in -[BrowserApplication nextEventMatchingMask:untilDate:inMode:dequeue:] at BrowserApplication.mm:225 #37 0x7fff84c32a7d in -[NSApplication run] #38 0x7fff84c2b798 in NSApplicationMain #39 0x100161b63 in main at main.mm:157 148654 1 aroben 2009-09-21 07:46:10 -0700 *** This bug has been marked as a duplicate of bug 29534 ***