Bug 106690

Summary: Python implementation reports "MemoryError" instead of doing things
Product: WebKit Reporter: Oliver Hunt <oliver>
Component: JavaScriptCoreAssignee: Filip Pizlo <fpizlo>
Status: RESOLVED FIXED    
Severity: Normal CC: oliver
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
URL: http://syntensity.com/static/python.html
Bug Depends on: 106715, 106724, 106727    
Bug Blocks:    
Attachments:
Description Flags
the patch oliver: review+

Oliver Hunt
Reported 2013-01-11 12:53:49 PST
Going to http://syntensity.com/static/python.html in a debug build crashes reliably for me. ASSERTION FAILED: from.isCell() && from.asCell()->JSCell::inherits(&WTF::RemovePointer<To>::Type::s_info) /Volumes/Data/git/WebKit/OpenSource/Source/JavaScriptCore/runtime/JSCell.h(346) : To JSC::jsCast(JSC::JSValue) [To = JSC::JSObject *] 1 0x1176e72f9 JSC::JSObject* JSC::jsCast<JSC::JSObject*>(JSC::JSValue) 2 0x1176e66c9 JSC::JSScope::resolvePut(JSC::ExecState*, JSC::JSValue, JSC::Identifier const&, JSC::JSValue, JSC::PutToBaseOperation*) 3 0x11765262b cti_op_put_to_base 4 0x117659040 jscGeneratedNativeCode 5 0x117615194 JSC::JITCode::execute(JSC::JSStack*, JSC::ExecState*, JSC::JSGlobalData*) 6 0x117612328 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) 7 0x117423b3c JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) 8 0x11767ac61 JSC::boundFunctionCall(JSC::ExecState*) 9 0x117612352 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) 10 0x117423b3c JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) 11 0x11904abc2 WebCore::JSMainThreadExecState::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) 12 0x119b1ed34 WebCore::ScheduledAction::executeFunctionInContext(JSC::JSGlobalObject*, JSC::JSValue, WebCore::ScriptExecutionContext*) 13 0x119b1e8d2 WebCore::ScheduledAction::execute(WebCore::Document*) 14 0x119b1e719 WebCore::ScheduledAction::execute(WebCore::ScriptExecutionContext*) 15 0x118a87057 WebCore::DOMTimer::fired() 16 0x119ec6cfb WebCore::ThreadTimers::sharedTimerFiredInternal() 17 0x119ec6a89 WebCore::ThreadTimers::sharedTimerFired() 18 0x119be65f3 WebCore::timerFired(__CFRunLoopTimer*, void*) 19 0x7fff82f6ae14 __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ 20 0x7fff82f6a925 __CFRunLoopDoTimer 21 0x7fff82f50686 __CFRunLoopRun 22 0x7fff82f4fe29 CFRunLoopRunSpecific 23 0x7fff8e5cd524 RunCurrentEventLoopInMode 24 0x7fff8e5cd2c1 ReceiveNextEventCommon 25 0x7fff8e6e0917 _BlockUntilNextEventMatchingListInModeWithFilter 26 0x7fff88d16281 _DPSNextEvent 27 0x7fff88d158ae -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] 28 0x7fff88d0db2f -[NSApplication run] 29 0x7fff88cb65e6 NSApplicationMain 30 0x7fff8232bfa3 _xpc_main 31 0x7fff8240cee4 xpc_main It looks like the base in a put_to_base operation is undefined which should not be possible (we should have thrown an exception already if that were the case). The ResolvePutOperation seems to imply we're putting a global property down, but the base is undefined
Attachments
the patch (15.37 KB, patch)
2013-01-11 22:52 PST, Filip Pizlo 		oliver: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Filip Pizlo
Comment 1 2013-01-11 20:31:23 PST
I fixed the crash, but it appears that we're still doing bad things. Renaming the bug accordingly.
Filip Pizlo
Comment 2 2013-01-11 22:52:58 PST
Created attachment 182459 [details] the patch
Filip Pizlo
Comment 3 2013-01-14 16:55:15 PST
Landed in http://trac.webkit.org/changeset/139687
Note You need to log in before you can comment on or make changes to this bug.