Bug 125942

Summary: COLLECT_ON_EVERY_ALLOCATION makes any script execution crash with an assertion in DelayedReleaseScope constructor
Product: WebKit Reporter: Alexey Proskuryakov <ap>
Component: JavaScriptCoreAssignee: Mark Hahnenberg <mhahnenberg>
Status: RESOLVED FIXED    
Severity: Normal CC: ggaren, mhahnenberg, webkit-bug-importer
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   

Description Alexey Proskuryakov 2013-12-18 13:33:26 PST 
Regression tests just crash before running any JS when COLLECT_ON_EVERY_ALLOCATION is enabled:

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   com.apple.JavaScriptCore      	0x0000000100f7deaa WTFCrash + 42 (Assertions.cpp:341)
1   com.apple.JavaScriptCore      	0x0000000100c2048a JSC::DelayedReleaseScope::DelayedReleaseScope(JSC::MarkedSpace&) + 106 (DelayedReleaseScope.h:41)
2   com.apple.JavaScriptCore      	0x0000000100c1675d JSC::DelayedReleaseScope::DelayedReleaseScope(JSC::MarkedSpace&) + 29 (DelayedReleaseScope.h:43)
3   com.apple.JavaScriptCore      	0x0000000100c13c3c JSC::Heap::collectAllGarbage() + 60 (Heap.cpp:730)
4   com.apple.JavaScriptCore      	0x0000000100db842d JSC::MarkedAllocator::allocateSlowCase(unsigned long) + 141 (MarkedAllocator.cpp:85)
5   com.apple.WebCore             	0x0000000102ac61df JSC::MarkedAllocator::allocate(unsigned long) + 79 (MarkedAllocator.h:91)
6   com.apple.WebCore             	0x0000000102ac6079 JSC::MarkedSpace::allocateWithImmortalStructureDestructor(unsigned long) + 41 (MarkedSpace.h:224)
7   com.apple.WebCore             	0x0000000102ac6006 JSC::Heap::allocateWithImmortalStructureDestructor(unsigned long) + 118 (Heap.h:420)
8   com.apple.WebCore             	0x0000000102ac5f1c void* JSC::allocateCell<JSC::Structure>(JSC::Heap&, unsigned long) + 252 (JSCellInlines.h:97)
9   com.apple.WebCore             	0x0000000102ac5a8f void* JSC::allocateCell<JSC::Structure>(JSC::Heap&) + 31 (JSCellInlines.h:109)
10  com.apple.WebCore             	0x0000000102ac580f JSC::Structure::create(JSC::VM&, JSC::JSGlobalObject*, JSC::JSValue, JSC::TypeInfo const&, JSC::ClassInfo const*, unsigned char, unsigned int) + 191 (StructureInlines.h:39)
11  com.apple.WebCore             	0x000000010409f788 WebCore::JSDOMWindowShell::createStructure(JSC::VM&, JSC::JSValue) + 104 (JSDOMWindowShell.h:62)
Comment 1 Mark Hahnenberg 2013-12-18 20:40:05 PST 
I believe this was fixed in http://trac.webkit.org/changeset/160822.
Comment 2 Alexey Proskuryakov 2013-12-19 10:07:53 PST 
Yes, tests run now. Thanks!