Bug 135822
| Summary: | REGRESSION: Web Inspector crashes in JSC::repatchCall under requestAnimationFrame when capturing an execution | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Brian Burg <burg> |
| Component: | JavaScriptCore | Assignee: | Mark Lam <mark.lam> |
| Status: | RESOLVED WORKSFORME | ||
| Severity: | Normal | CC: | ggaren, joepeck, mark.lam, msaboff, saam, timothy, webkit-bug-importer |
| Priority: | P2 | Keywords: | InRadar |
| Version: | 528+ (Nightly build) | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| URL: | http://www.nihilogic.dk/labs/tetris/ | ||
Brian Burg
Steps to reproduce:
1. Use an engineering build which has WEB_REPLAY enabled.
2. Navigate to the page
3. Open the web inspector
4. Open the timelines sidebar panel
5. Right-click on the navigation bar and select "Show Replay Controls"
6. Press the recording button (centered)
After recording for a few (5-10) seconds, the inspector crashes.
This is very reproducible on this page. I am currently trying to narrow down the reproduction steps, as it is probably triggered by the timelines overview, not anything specific to WEB_REPLAY. I will update this bug if a debug build/lldb hits any useful asserts.
Stack trace:
1 0x1119bba6a JSC::repatchCall(JSC::RepatchBuffer&, JSC::CodeLocationCall, JSC::FunctionPtr)
2 0x1119ba7e8 JSC::repatchIn(JSC::ExecState*, JSC::JSCell*, JSC::Identifier const&, bool, JSC::PropertySlot const&, JSC::StructureStubInfo&)
3 0x11181efa9 operationInOptimize
4 0x3b491b3df194
5 0x1118f64f9 callToJavaScript
6 0x111803093 JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*)
7 0x1117e86ea JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)
8 0x1115cc55e JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)
9 0x1117b1f39 JSC::callGetter(JSC::ExecState*, JSC::JSValue, JSC::JSValue)
10 0x11181ddcd operationGetById
11 0x3b491b416934
12 0x3b491b45ae57
13 0x3b491b492882
14 0x3b491b48e66e
15 0x3b491b36a8c7
16 0x1118f64f9 callToJavaScript
17 0x111803093 JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*)
18 0x1117e86ea JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)
19 0x1115cc55e JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)
20 0x11184c33b JSC::boundFunctionCall(JSC::ExecState*)
21 0x1118f6697 callToNativeFunction
22 0x1117e8730 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)
23 0x1115cc5af JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, JSC::JSValue*)
24 0x11235ab14 WebCore::JSCallbackData::invokeCallback(JSC::JSValue, JSC::MarkedArgumentBuffer&, bool*)
25 0x1125491cf WebCore::JSRequestAnimationFrameCallback::handleEvent(double)
26 0x11292e387 WebCore::ScriptedAnimationController::serviceScriptedAnimations(double)
27 0x111fda27b WebCore::DisplayRefreshMonitor::displayDidRefresh()
28 0x111a50b94 WTF::dispatchFunctionsFromMainThread()
29 0x7fff9390d13e __NSThreadPerformPerform
30 0x7fff96b0e5b1 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__
31 0x7fff96affc62 __CFRunLoopDoSources0
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Radar WebKit Bug Importer
<rdar://problem/17988544>
Brian Burg
Seems to not reproduce anymore. It may have been related to msaboff's fix yesterday.