Bug 119339

Summary: [Win] JavaScript crash.
Product: WebKit Reporter: peavo
Component: JavaScriptCoreAssignee: Michael Saboff <msaboff>
Status: RESOLVED FIXED    
Severity: Normal CC: bfulgham, commit-queue, msaboff, oliver, ossy, zan
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: PC   
OS: Unspecified   
Attachments:
Description Flags
Patch
none
Updated Patch
none
Patch with tab character removed none

Description peavo 2013-07-31 06:20:12 PDT 
I'm frequently getting JavaScript crashes (access violations) in the latest builds.

The crash occurs in JIT generated code.

This is the stack I'm getting:

	JavaScriptCore.dll!JSC::Interpreter::execute(JSC::ProgramExecutable * program, JSC::ExecState * callFrame, JSC::JSObject * thisObj)  Line 858	C++
 	JavaScriptCore.dll!JSC::evaluate(JSC::ExecState * exec, const JSC::SourceCode & source, JSC::JSValue thisValue, JSC::JSValue * returnedException)  Line 85	C++
 	WebKit.dll!WebCore::JSMainThreadExecState::evaluate(JSC::ExecState * exec, const JSC::SourceCode & source, JSC::JSValue thisValue, JSC::JSValue * exception)  Line 74 + 0x1b bytes	C++
 	WebKit.dll!WebCore::ScriptController::evaluateInWorld(const WebCore::ScriptSourceCode & sourceCode, WebCore::DOMWrapperWorld * world)  Line 142 + 0x34 bytes	C++
 	WebKit.dll!WebCore::ScriptController::evaluate(const WebCore::ScriptSourceCode & sourceCode)  Line 158 + 0x40 bytes	C++
 	WebKit.dll!WebCore::ScriptElement::executeScript(const WebCore::ScriptSourceCode & sourceCode)  Line 316 + 0x16 bytes	C++
 	WebKit.dll!WebCore::HTMLScriptRunner::executePendingScriptAndDispatchEvent(WebCore::PendingScript & pendingScript)  Line 151	C++
 	WebKit.dll!WebCore::HTMLScriptRunner::executeParsingBlockingScripts()  Line 201 + 0x1b bytes	C++
 	WebKit.dll!WebCore::HTMLScriptRunner::executeScriptsWaitingForLoad(WebCore::CachedResource * cachedScript)  Line 211	C++
 	WebKit.dll!WebCore::HTMLDocumentParser::notifyFinished(WebCore::CachedResource * cachedResource)  Line 935	C++
 	WebKit.dll!WebCore::CachedResource::checkNotify()  Line 369 + 0xa bytes	C++
 	WebKit.dll!WebCore::CachedResource::finishLoading(WebCore::ResourceBuffer * __formal)  Line 386	C++
 	WebKit.dll!WebCore::CachedScript::finishLoading(WebCore::ResourceBuffer * data)  Line 94 + 0x8 bytes	C++
 	WebKit.dll!WebCore::SubresourceLoader::didFinishLoading(double finishTime)  Line 284	C++
 	WebKit.dll!WebCore::ResourceLoader::didFinishLoading(WebCore::ResourceHandle * __formal, double finishTime)  Line 489	C++
 	WebKit.dll!WebCore::ResourceHandleManager::downloadTimerCallback(WebCore::Timer<WebCore::ResourceHandleManager> * __formal)  Line 568	C++
 	WebKit.dll!WebCore::Timer<WebCore::IconDatabase>::fired()  Line 114 + 0xb bytes	C++
 	WebKit.dll!WebCore::ThreadTimers::sharedTimerFiredInternal()  Line 132	C++
 	WebKit.dll!WebCore::TimerWindowWndProc(HWND__ * hWnd, unsigned int message, unsigned int wParam, long lParam)  Line 111	C++
Comment 1 peavo 2013-07-31 06:27:14 PDT 
Created attachment 207847 [details]
Patch
Comment 2 peavo 2013-07-31 06:28:53 PDT 
The rationale behind this patch is to implement the function ctiVMThrowTrampolineSlowpath the same way as the gcc x86 version does.
Comment 3 Zan Dobersek 2013-07-31 06:29:06 PDT 
Possibly related to bug #119140. The patch touches sibling code at least.
Comment 4 Zan Dobersek 2013-07-31 06:30:17 PDT 
(In reply to comment #2)
> The rationale behind this patch is to implement the function ctiVMThrowTrampolineSlowpath the same way as the gcc x86 version does.

The GCC-specific implementation might not be entirely correct (as, again, bug #119140 shows). Would be interesting though to know if the proposed patch fixes the issue on Windows?
Comment 5 Brent Fulgham 2013-07-31 08:50:46 PDT 
Michael, can you review this patch?
Comment 6 Michael Saboff 2013-07-31 10:22:22 PDT 
Created attachment 207857 [details]
Updated Patch

peavo, thanks for finding the issue.  There is one other place that needs a similar change.
Comment 7 WebKit Commit Bot 2013-07-31 10:25:53 PDT 
Attachment 207857 [details] did not pass style-queue:

Failed to run "['Tools/Scripts/check-webkit-style', '--diff-files', u'Source/JavaScriptCore/ChangeLog', u'Source/JavaScriptCore/jit/JITStubsX86.h']" exit_code: 1
Source/JavaScriptCore/ChangeLog:9:  Line contains tab character.  [whitespace/tab] [5]
Total errors found: 1 in 2 files


If any of these errors are false positives, please file a bug against check-webkit-style.
Comment 8 Michael Saboff 2013-07-31 10:30:54 PDT 
Created attachment 207859 [details]
Patch with tab character removed
Comment 9 Mark Hahnenberg 2013-07-31 10:39:32 PDT 
Comment on attachment 207859 [details]
Patch with tab character removed

r=me
Comment 10 WebKit Commit Bot 2013-07-31 11:02:37 PDT 
Comment on attachment 207859 [details]
Patch with tab character removed

Clearing flags on attachment: 207859

Committed r153527: <http://trac.webkit.org/changeset/153527>
Comment 11 WebKit Commit Bot 2013-07-31 11:02:39 PDT 
All reviewed patches have been landed.  Closing bug.