Bug 141253

Saw this assertion on dom/html/level1/core/hc_nodeappendchildgetnodename.html today (this test didn't previously hit it): 0 com.apple.JavaScriptCore 0x00000001144428da WTFCrash + 42 (Assertions.cpp:321) 1 com.apple.JavaScriptCore 0x00000001143966ad JSC::Structure::visitChildren(JSC::JSCell*, JSC::SlotVisitor&) + 509 (Structure.cpp:1005) 2 com.apple.JavaScriptCore 0x0000000114374ed8 JSC::visitChildren(JSC::SlotVisitor&, JSC::JSCell const*) + 264 (SlotVisitor.cpp:105) 3 com.apple.JavaScriptCore 0x0000000114374d39 JSC::SlotVisitor::drain() + 249 (SlotVisitor.cpp:145) 4 com.apple.JavaScriptCore 0x0000000113fc66d2 JSC::SlotVisitor::donateAndDrain() + 34 (SlotVisitorInlines.h:235) 5 com.apple.JavaScriptCore 0x0000000113fc0c82 JSC::Heap::visitConservativeRoots(JSC::ConservativeRoots&) + 114 (Heap.cpp:632) 6 com.apple.JavaScriptCore 0x0000000113fc08bf JSC::Heap::markRoots(double) + 591 (Heap.cpp:526) 7 com.apple.JavaScriptCore 0x0000000113fc264b JSC::Heap::collect(JSC::HeapOperation) + 1019 (Heap.cpp:1023) 8 com.apple.JavaScriptCore 0x0000000113aeb517 JSC::Heap::collectIfNecessaryOrDefer() + 87 (HeapInlines.h:277) 9 com.apple.JavaScriptCore 0x0000000113aeb442 JSC::Heap::decrementDeferralDepthAndGCIfNeeded() + 34 (HeapInlines.h:284) 10 com.apple.JavaScriptCore 0x0000000113aeb418 JSC::DeferGC::~DeferGC() + 24 (DeferGC.h:47) Full crash log: https://build.webkit.org/results/Apple%20Mavericks%20Debug%20WK2%20(Tests)/r179602%20(9274)/dom/html/level1/core/hc_nodeappendchildgetnodename-crash-log.txt