47718 2010-10-15 03:32:46 -0700 ASSERT in twitter.com with JIT disabled 2011-06-14 19:05:47 -0700 1 1 1 Unclassified WebKit JavaScriptCore 528+ (Nightly build) PC OS X 10.5 RESOLVED DUPLICATE 47107 P2 Normal --- 1 xan.lopez webkit-unassigned barraclough ddkilzer ggaren kling oliver ossy zherczeg oldest_to_newest 294672 0 xan.lopez 2010-10-15 03:32:46 -0700 Program received signal SIGSEGV, Segmentation fault. 0x00d1e7a1 in JSC::JSValue::asCell (this=0xbfffbf90) at ../../JavaScriptCore/runtime/JSValue.h:572 572 ASSERT(isCell()); (gdb) bt #0 0x00d1e7a1 in JSC::JSValue::asCell (this=0xbfffbf90) at ../../JavaScriptCore/runtime/JSValue.h:572 #1 0x00d1fd6d in JSC::asObject (value=...) at ../../JavaScriptCore/runtime/JSObject.h:298 #2 0x01a0b879 in JSC::asActivation (value=...) at ../../JavaScriptCore/runtime/JSActivation.h:109 #3 0x01a04dc9 in JSC::Interpreter::privateExecute (this=0x8954d48, flag=JSC::Interpreter::Normal, registerFile=0x8954d54, callFrame=0xb6200338, exception=0x895435c) at ../../JavaScriptCore/interpreter/Interpreter.cpp:4065 #4 0x019f6325 in JSC::Interpreter::executeCall (this=0x8954d48, callFrame=0x8972eec, function=0xb67518c0, callType=JSC::CallTypeJS, callData=..., thisValue=..., args=..., exception=0x895435c) at ../../JavaScriptCore/interpreter/Interpreter.cpp:822 #5 0x01a5377f in JSC::call (exec=0x8972eec, functionObject=..., callType=JSC::CallTypeJS, callData=..., thisValue=..., args=...) at ../../JavaScriptCore/runtime/CallData.cpp:38 #6 0x00d2367a in WebCore::JSMainThreadExecState::call (exec=0x8972eec, functionObject=..., callType=JSC::CallTypeJS, callData=..., thisValue=..., args=...) at ../../WebCore/bindings/js/JSMainThreadExecState.h:48 #7 0x00d5e270 in WebCore::JSEventListener::handleEvent (this=0x896f728, scriptExecutionContext=0x89c9230, event=0x8a968c0) at ../../WebCore/bindings/js/JSEventListener.cpp:124 #8 0x00f145f4 in WebCore::EventTarget::fireEventListeners (this=0x89a8fc8, event=0x8a968c0, d=0x8a1abb0, entry=...) at ../../WebCore/dom/EventTarget.cpp:335 #9 0x00f144a5 in WebCore::EventTarget::fireEventListeners (this=0x89a8fc8, event=0x8a968c0) at ../../WebCore/dom/EventTarget.cpp:304 #10 0x00f27a21 in WebCore::Node::handleLocalEvents (this=0x89a8fc8, event=0x8a968c0) at ../../WebCore/dom/Node.cpp:2526 #11 0x00f281dc in WebCore::Node::dispatchGenericEvent (this=0x89a8fc8, prpEvent=...) at ../../WebCore/dom/Node.cpp:2644 #12 0x00f27ddb in WebCore::Node::dispatchEvent (this=0x89a8fc8, prpEvent=...) at ../../WebCore/dom/Node.cpp:2589 #13 0x01060ddd in WebCore::HTMLScriptElement::dispatchLoadEvent (this=0x89a8fc8) at ../../WebCore/html/HTMLScriptElement.cpp:189 #14 0x00f4cfaa in WebCore::ScriptElementData::execute (this=0x89a9010, cachedScript=0x8b0add0) at ../../WebCore/dom/ScriptElement.cpp:242 #15 0x00eaf0ca in WebCore::AsyncScriptRunner::timerFired (this=0x89bd130, timer=0x89bd140) at ../../WebCore/dom/AsyncScriptRunner.cpp:87 #16 0x00eafaf4 in WebCore::Timer<WebCore::AsyncScriptRunner>::fired (this=0x89bd140) at ../../WebCore/platform/Timer.h:98 #17 0x012d0413 in WebCore::ThreadTimers::sharedTimerFiredInternal (this=0x890fbb0) at ../../WebCore/platform/ThreadTimers.cpp:112 #18 0x012d035b in WebCore::ThreadTimers::sharedTimerFired () at ../../WebCore/platform/ThreadTimers.cpp:90 #19 0x015d4021 in WebCore::timeout_cb () at ../../WebCore/platform/gtk/SharedTimerGtk.cpp:49 #20 0x0425265b in g_timeout_dispatch (source=0x8d64348, callback=0x15d3ffd <WebCore::timeout_cb(gpointer)>, user_data=0x0) at gmain.c:3585 #21 0x0424f5f2 in g_main_dispatch (context=0x813ae40) at gmain.c:2149 #22 0x042508e6 in g_main_context_dispatch (context=0x813ae40) at gmain.c:2702 #23 0x04250d3b in g_main_context_iterate (context=0x813ae40, block=1, dispatch=1, self=0x8112f18) at gmain.c:2780 #24 0x042514a4 in g_main_loop_run (loop=0x816ab28) at gmain.c:2988 #25 0x03db5c57 in gtk_main () at gtkmain.c:1320 #26 0x0806d351 in main (argc=1, argv=0xbfffed74) at ../../src/ephy-main.c:741 294673 1 70847 xan.lopez 2010-10-15 03:35:09 -0700 Created attachment 70847 twitterassert.diff This seems to fix the problem. 295396 2 zherczeg 2010-10-18 01:17:23 -0700 Is there a test case for this? if (activationValue) { asActivation(activationValue)->copyRegisters(); if (JSValue argumentsValue = callFrame->r(unmodifiedArgumentsRegister(arguments)).jsValue()) asArguments(argumentsValue)->setActivation(asActivation(activationValue)); } else if (JSValue argumentsValue = callFrame->r(unmodifiedArgumentsRegister(arguments)).jsValue()) asArguments(argumentsValue)->copyRegisters(); if (JSValue argumentsValue = callFrame->r(unmodifiedArgumentsRegister(arguments)).jsValue()) { if (!codeBlock->isStrictMode()) asArguments(argumentsValue)->setActivation(asActivation(activationValue)); } The code is quite strange for me. I suspect the second "if" with argumentsValue should be totally removed since, the "if (activationValue)" already contains this if... Oliver Hunt recently touched this code (one of his patch was titled "fix wrong merge"), maybe he can help you more. 295646 3 70847 oliver 2010-10-18 11:30:11 -0700 Comment on attachment 70847 twitterassert.diff Whoops. Can we get a test case with this or does the interpreter fail existing tests because of this? 298597 4 70847 ddkilzer 2010-10-24 08:56:49 -0700 Comment on attachment 70847 twitterassert.diff r- to add layout test. 420956 5 barraclough 2011-06-14 19:05:47 -0700 *** This bug has been marked as a duplicate of bug 47107 *** 70847 2010-10-15 03:35:09 -0700 2010-10-24 08:56:48 -0700 twitterassert.diff twitterassert.diff text/plain 1949 xan.lopez RnJvbSAyODE4Mjk2ZDgzNTI2MzY3NzczZjBmMzIzMDQxZmQxMGNiYzcyNTNjIE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBYYW4gTG9wZXogPHhsb3BlekBpZ2FsaWEuY29tPgpEYXRlOiBG cmksIDE1IE9jdCAyMDEwIDE5OjM0OjI0ICswOTAwClN1YmplY3Q6IFtQQVRDSF0gMjAxMC0xMC0x NSAgWGFuIExvcGV6ICA8eGxvcGV6QGlnYWxpYS5jb20+CgogICAgICAgIFJldmlld2VkIGJ5IE5P Qk9EWSAoT09QUyEpLgoKICAgICAgICBBU1NFUlQgaW4gdHdpdHRlci5jb20gd2l0aCBKSVQgZGlz YWJsZWQKICAgICAgICBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9NDc3 MTgKCiAgICAgICAgKiBpbnRlcnByZXRlci9JbnRlcnByZXRlci5jcHA6CiAgICAgICAgKEpTQzo6 SW50ZXJwcmV0ZXI6OnByaXZhdGVFeGVjdXRlKTogZG8gbm90IHVzZSBhY3RpdmF0aW9uVmFsdWUg aWYgaXQncyBub3Qgc2V0LgotLS0KIEphdmFTY3JpcHRDb3JlL0NoYW5nZUxvZyAgICAgICAgICAg ICAgICAgICB8ICAgMTAgKysrKysrKysrKwogSmF2YVNjcmlwdENvcmUvaW50ZXJwcmV0ZXIvSW50 ZXJwcmV0ZXIuY3BwIHwgICAgMiArLQogMiBmaWxlcyBjaGFuZ2VkLCAxMSBpbnNlcnRpb25zKCsp LCAxIGRlbGV0aW9ucygtKQoKZGlmZiAtLWdpdCBhL0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZyBi L0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwppbmRleCBlNTk5MTUxLi4wYTU0YzM0IDEwMDY0NAot LS0gYS9KYXZhU2NyaXB0Q29yZS9DaGFuZ2VMb2cKKysrIGIvSmF2YVNjcmlwdENvcmUvQ2hhbmdl TG9nCkBAIC0xLDMgKzEsMTMgQEAKKzIwMTAtMTAtMTUgIFhhbiBMb3BleiAgPHhsb3BlekBpZ2Fs aWEuY29tPgorCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAg IEFTU0VSVCBpbiB0d2l0dGVyLmNvbSB3aXRoIEpJVCBkaXNhYmxlZAorICAgICAgICBodHRwczov L2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9NDc3MTgKKworICAgICAgICAqIGludGVy cHJldGVyL0ludGVycHJldGVyLmNwcDoKKyAgICAgICAgKEpTQzo6SW50ZXJwcmV0ZXI6OnByaXZh dGVFeGVjdXRlKTogZG8gbm90IHVzZSBhY3RpdmF0aW9uVmFsdWUgaWYgaXQncyBub3Qgc2V0Lgor CiAyMDEwLTEwLTE1ICBJbHlhIFRpa2hvbm92c2t5ICA8bG9pc2xvQGNocm9taXVtLm9yZz4KIAog ICAgICAgICBVbnJldmlld2VkIGJ1aWxkIGZpeCBmb3IgRGVidWcgTGVvcGFyZCB3aGljaCBpcyBm YWlsbmcgdG8gY29tcGlsZSBhZnRlciByNjk4NDIuCmRpZmYgLS1naXQgYS9KYXZhU2NyaXB0Q29y ZS9pbnRlcnByZXRlci9JbnRlcnByZXRlci5jcHAgYi9KYXZhU2NyaXB0Q29yZS9pbnRlcnByZXRl ci9JbnRlcnByZXRlci5jcHAKaW5kZXggYmJkMTkyNS4uZjQ4ODFkOSAxMDA2NDQKLS0tIGEvSmF2 YVNjcmlwdENvcmUvaW50ZXJwcmV0ZXIvSW50ZXJwcmV0ZXIuY3BwCisrKyBiL0phdmFTY3JpcHRD b3JlL2ludGVycHJldGVyL0ludGVycHJldGVyLmNwcApAQCAtNDA2MSw3ICs0MDYxLDcgQEAgc2tp cF9pZF9jdXN0b21fc2VsZjoKICAgICAgICAgICAgIGFzQXJndW1lbnRzKGFyZ3VtZW50c1ZhbHVl KS0+Y29weVJlZ2lzdGVycygpOwogCiAgICAgICAgIGlmIChKU1ZhbHVlIGFyZ3VtZW50c1ZhbHVl ID0gY2FsbEZyYW1lLT5yKHVubW9kaWZpZWRBcmd1bWVudHNSZWdpc3Rlcihhcmd1bWVudHMpKS5q c1ZhbHVlKCkpIHsKLSAgICAgICAgICAgIGlmICghY29kZUJsb2NrLT5pc1N0cmljdE1vZGUoKSkK KyAgICAgICAgICAgIGlmIChhY3RpdmF0aW9uVmFsdWUgJiYgIWNvZGVCbG9jay0+aXNTdHJpY3RN b2RlKCkpCiAgICAgICAgICAgICAgICAgYXNBcmd1bWVudHMoYXJndW1lbnRzVmFsdWUpLT5zZXRB Y3RpdmF0aW9uKGFzQWN0aXZhdGlvbihhY3RpdmF0aW9uVmFsdWUpKTsKICAgICAgICAgfQogCi0t IAoxLjcuMi4zCgo=