83139 2012-04-04 03:52:06 -0700 [Qt] REGRESSION(r113141): All tests assert on 32 bit debug mode 2012-04-04 10:17:37 -0700 1 1 1 Unclassified WebKit Tools / Tests 528+ (Nightly build) All All RESOLVED FIXED Qt, QtTriaged P1 Critical --- 79668 82670 1 ossy ggaren fpizlo ggaren ossy zherczeg oldest_to_newest 595386 0 ossy 2012-04-04 03:52:06 -0700 I'm bisecting manually which revision caused it. Here is the gdb backtrace in debug mode: Program received signal SIGSEGV, Segmentation fault. 0xf4cc415a in JSC::JSValue::asCell (this=0xf1158d70) at ../../../../Source/JavaScriptCore/runtime/JSValueInlineMethods.h:295 295 ASSERT(isCell()); (gdb) bt #0 0xf4cc415a in JSC::JSValue::asCell (this=0xf1158d70) at ../../../../Source/JavaScriptCore/runtime/JSValueInlineMethods.h:295 #1 0xf4f16b36 in JSC::WeakImplAccessor<JSC::Weak<JSC::Bindings::RuntimeObject>, JSC::Bindings::RuntimeObject>::get (this=0x80f73e8) at ../../../../Source/JavaScriptCore/heap/PassWeak.h:110 #2 0xf4f1661c in JSC::Bindings::Instance::createRuntimeObject (this=0x80f73c8, exec=0xecf7fcb4) at ../../../../Source/WebCore/bridge/jsc/BridgeJSC.cpp:93 #3 0xf4cc9c2e in QWebFrame::addToJavaScriptWindowObject (this=0x81029d0, name=..., object=0x811e8d8, ownership=QScriptEngine::QtOwnership) at ../../../Source/WebKit/qt/Api/qwebframe.cpp:697 #4 0xf4cc9a73 in QWebFrame::addToJavaScriptWindowObject (this=0x81029d0, name=..., object=0x811e8d8) at ../../../Source/WebKit/qt/Api/qwebframe.cpp:649 #5 0x0805e722 in WebCore::DumpRenderTree::initJSObjects (this=0xffffd1e4) at /home/oszi/WebKit/Tools/DumpRenderTree/qt/DumpRenderTreeQt.cpp:748 #6 0x0807039c in WebCore::DumpRenderTree::qt_static_metacall (_o=0xffffd1e4, _c=QMetaObject::InvokeMetaMethod, _id=2, _a=0xffffcdbc) at moc_DumpRenderTreeQt.cpp:81 #7 0xf1ad1af4 in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) () from /usr/local/Trolltech/Qt-4.8.0/lib/libQtCore.so.4 #8 0xf4ccfc03 in QWebFrame::javaScriptWindowObjectCleared (this=0x81029d0) at ./moc_qwebframe.cpp:187 #9 0xf4cc8d7a in QWebFramePrivate::didClearWindowObject (this=0x80fc900) at ../../../Source/WebKit/qt/Api/qwebframe.cpp:490 #10 0xf4d2de1c in WebCore::FrameLoaderClientQt::dispatchDidClearWindowObjectInWorld (this=0x81038c0, world=0x8108a88) at ../../../Source/WebKit/qt/WebCoreSupport/FrameLoaderClientQt.cpp:766 #11 0xf555fe07 in WebCore::FrameLoader::dispatchDidClearWindowObjectInWorld (this=0x8104754, world=0x8108a88) at ../../../../Source/WebCore/loader/FrameLoader.cpp:3145 #12 0xf4ecede2 in WebCore::ScriptController::initScript (this=0x8104a78, world=0x8108a88) at ../../../../Source/WebCore/bindings/js/ScriptController.cpp:223 #13 0xf4cc5855 in WebCore::ScriptController::windowShell (this=0x8104a78, world=0x8108a88) at ../../../Source/WebCore/bindings/js/ScriptController.h:75 #14 0xf4e6c3ba in WebCore::toJSDOMWindow (frame=0x81046e0, world=0x8108a88) at ../../../../Source/WebCore/bindings/js/JSDOMWindowBase.cpp:231 #15 0xf4d2179f in DumpRenderTreeSupportQt::resetInternalsObject (frame=0x81029d0) at ../../../Source/WebKit/qt/WebCoreSupport/DumpRenderTreeSupportQt.cpp:1186 #16 0x0805b13a in WebCore::WebPage::resetSettings (this=0xef501148) at /home/oszi/WebKit/Tools/DumpRenderTree/qt/DumpRenderTreeQt.cpp:209 #17 0x0805cdb2 in WebCore::DumpRenderTree::resetToConsistentStateBeforeTesting (this=0xffffd1e4, url=...) at /home/oszi/WebKit/Tools/DumpRenderTree/qt/DumpRenderTreeQt.cpp:533 #18 0x0805d425 in WebCore::DumpRenderTree::open (this=0xffffd1e4, url=...) at /home/oszi/WebKit/Tools/DumpRenderTree/qt/DumpRenderTreeQt.cpp:596 #19 0x0805e4d0 in WebCore::DumpRenderTree::processLine (this=0xffffd1e4, input=...) at /home/oszi/WebKit/Tools/DumpRenderTree/qt/DumpRenderTreeQt.cpp:726 #20 0x0805de56 in WebCore::DumpRenderTree::processArgsLine (this=0xffffd1e4, args=...) at /home/oszi/WebKit/Tools/DumpRenderTree/qt/DumpRenderTreeQt.cpp:676 #21 0x08070048 in main (argc=2, argv=0xffffd384) at /home/oszi/WebKit/Tools/DumpRenderTree/qt/main.cpp:252 595409 1 ossy 2012-04-04 04:32:31 -0700 I got it with manual bisecting, http://trac.webkit.org/changeset/113141 is the culprit. Could you check and fix it, please? 595585 2 ggaren 2012-04-04 09:02:32 -0700 Looks like there's a mismatch between how 32-bit and 64-bit treat JSValue(nullptr). Working on a fix... 595644 3 135617 ggaren 2012-04-04 10:11:43 -0700 Created attachment 135617 Patch 595645 4 135617 ggaren 2012-04-04 10:12:18 -0700 Comment on attachment 135617 Patch Sam reviewed this. 595651 5 ggaren 2012-04-04 10:17:37 -0700 Committed r113209: <http://trac.webkit.org/changeset/113209> 135617 2012-04-04 10:11:43 -0700 2012-04-04 10:12:18 -0700 Patch bug-83139-20120404101142.patch text/plain 1648 ggaren SW5kZXg6IFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9DaGFuZ2VMb2cKPT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291 cmNlL0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkocmV2aXNpb24gMTEzMjA2KQorKysgU291cmNl L0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDE1IEBA CisyMDEyLTA0LTA0ICBHZW9mZnJleSBHYXJlbiAgPGdnYXJlbkBhcHBsZS5jb20+CisKKyAgICAg ICAgW1F0XSBSRUdSRVNTSU9OKHIxMTMxNDEpOiBBbGwgdGVzdHMgYXNzZXJ0IG9uIDMyIGJpdCBk ZWJ1ZyBtb2RlCisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9p ZD04MzEzOQorCisgICAgICAgIFJldmlld2VkIGJ5IFNhbSBXZWluaWcuCisKKyAgICAgICAgKiBo ZWFwL1Bhc3NXZWFrLmg6CisgICAgICAgIChKU0M6Ojo6Z2V0KTogMzItYml0IEpTVmFsdWUgdHJl YXRzIEpTVmFsdWUobnVsbHB0cikuYXNDZWxsKCkgYXMgYW4gZXJyb3IsCisgICAgICAgIHNvIHdv cmsgYXJvdW5kIHRoYXQgaGVyZS4gKExvbmctdGVybSwgd2Ugc2hvdWxkIG1ha2UgMzItYml0IGFu ZCA2NC1iaXQKKyAgICAgICAgYWdyZWUgb24gdGhlIHJpZ2h0IGJlaGF2aW9yLikKKwogMjAxMi0w NC0wMyAgR2VvZmZyZXkgR2FyZW4gIDxnZ2FyZW5AYXBwbGUuY29tPgogCiAgICAgICAgIFVwZGF0 ZWQgSlNDIGV4cGVjdGVkIHRlc3QgcmVzdWx0cyB0byByZWZsZWN0IHJlY2VudCBidWcgZml4ZXMg PGRpc2FwcHJvdmluZyBsb29rPi4KSW5kZXg6IFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9oZWFwL1Bh c3NXZWFrLmgKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PQotLS0gU291cmNlL0phdmFTY3JpcHRDb3JlL2hlYXAvUGFzc1dl YWsuaAkocmV2aXNpb24gMTEzMTQxKQorKysgU291cmNlL0phdmFTY3JpcHRDb3JlL2hlYXAvUGFz c1dlYWsuaAkod29ya2luZyBjb3B5KQpAQCAtMTA1LDcgKzEwNSw3IEBAIHRlbXBsYXRlPHR5cGVu YW1lIEJhc2UsIHR5cGVuYW1lIFQ+IGlubGkKIAogdGVtcGxhdGU8dHlwZW5hbWUgQmFzZSwgdHlw ZW5hbWUgVD4gaW5saW5lIHR5cGVuYW1lIFdlYWtJbXBsQWNjZXNzb3I8QmFzZSwgVD46OkdldFR5 cGUgV2Vha0ltcGxBY2Nlc3NvcjxCYXNlLCBUPjo6Z2V0KCkgY29uc3QKIHsKLSAgICBpZiAoIXN0 YXRpY19jYXN0PGNvbnN0IEJhc2UqPih0aGlzKS0+bV9pbXBsIHx8IHN0YXRpY19jYXN0PGNvbnN0 IEJhc2UqPih0aGlzKS0+bV9pbXBsLT5zdGF0ZSgpICE9IFdlYWtJbXBsOjpMaXZlKQorICAgIGlm ICghc3RhdGljX2Nhc3Q8Y29uc3QgQmFzZSo+KHRoaXMpLT5tX2ltcGwgfHwgc3RhdGljX2Nhc3Q8 Y29uc3QgQmFzZSo+KHRoaXMpLT5tX2ltcGwtPnN0YXRlKCkgIT0gV2Vha0ltcGw6OkxpdmUgfHwg IXN0YXRpY19jYXN0PGNvbnN0IEJhc2UqPih0aGlzKS0+bV9pbXBsLT5qc1ZhbHVlKCkpCiAgICAg ICAgIHJldHVybiBHZXRUeXBlKCk7CiAgICAgcmV0dXJuIGpzQ2FzdDxUKj4oc3RhdGljX2Nhc3Q8 Y29uc3QgQmFzZSo+KHRoaXMpLT5tX2ltcGwtPmpzVmFsdWUoKS5hc0NlbGwoKSk7CiB9Cg==