Bug 154350

Summary: SES selftest page crashes on nightly r196694
Product: WebKit Reporter: Mark S. Miller <erights>
Component: JavaScriptCoreAssignee: Chris Dumez <cdumez>
Status: RESOLVED FIXED    
Severity: Normal CC: barraclough, commit-queue, erights, ggaren, keith_miller, mark.lam, msaboff, oliver, saam, webkit-bug-importer
Priority: P1 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=154378
Attachments:
Description Flags
Screenshots of Nightly before and after bug
none
Patch
none
SES selftest page now: A problem occurred with this webpage so it was reloaded none

Mark S. Miller
Reported 2016-02-17 12:19:05 PST
Created attachment 271577 [details] Screenshots of Nightly before and after bug Visit https://rawgit.com/tvcutsem/es-lab/master/src/ses/contract.html in the latest Webkit. As shown on the attachment, it worked fine on Nightly r196074, so the problem happened since then.
Attachments
Screenshots of Nightly before and after bug (782.32 KB, image/png)
2016-02-17 12:19 PST, Mark S. Miller 		no flags
Details
Patch (5.45 KB, patch)
2016-02-17 14:22 PST, Chris Dumez 		no flags
DetailsFormatted DiffDiff
SES selftest page now: A problem occurred with this webpage so it was reloaded (171.28 KB, image/png)
2016-02-17 19:35 PST, Mark S. Miller 		no flags
Details
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Keith Miller
Comment 1 2016-02-17 12:44:12 PST
This looks like it's probably because of http://trac.webkit.org/changeset/196220. That's the commit that has modified the crashing function, getOwnPropertyDescriptor, this year.
Radar WebKit Bug Importer
Comment 2 2016-02-17 12:46:10 PST
<rdar://problem/24704334>
Radar WebKit Bug Importer
Comment 3 2016-02-17 12:46:14 PST
<rdar://problem/24704338>
Chris Dumez
Comment 4 2016-02-17 13:02:39 PST
Likely to be a regression from: http://trac.webkit.org/changeset/196001 or http://trac.webkit.org/changeset/196145
Chris Dumez
Comment 5 2016-02-17 13:30:57 PST
I am working on this.
Chris Dumez
Comment 6 2016-02-17 14:22:00 PST
Created attachment 271592 [details] Patch
Mark Lam
Comment 7 2016-02-17 14:57:08 PST
Comment on attachment 271592 [details] Patch r=me
Chris Dumez
Comment 8 2016-02-17 14:59:56 PST
Comment on attachment 271592 [details] Patch Clearing flags on attachment: 271592 Committed r196723: <http://trac.webkit.org/changeset/196723>
Chris Dumez
Comment 9 2016-02-17 15:00:02 PST
All reviewed patches have been landed. Closing bug.
Mark S. Miller
Comment 10 2016-02-17 19:33:36 PST
As of r196733 I am now seeing "A problem occurred with this webpage so it was reloaded." most times when I visit https://rawgit.com/tvcutsem/es-lab/master/src/ses/contract.html . It doesn't happen every time. But if I bring up the web inspector, set a breakpoint, and then reload, then it does happen every time closing the web inspector in the process, preventing me from catching ses at a breakpoint. Will attach a screenshot momentarily. Should I reopen this bug or file a fresh one?
Mark S. Miller
Comment 11 2016-02-17 19:35:10 PST
Created attachment 271617 [details] SES selftest page now: A problem occurred with this webpage so it was reloaded
Chris Dumez
Comment 12 2016-02-17 19:37:24 PST
(In reply to comment #11) > Created attachment 271617 [details] > SES selftest page now: A problem occurred with this webpage so it was > reloaded Ok, I will take another look and see if I can reproduce. Thank you for verifying the fix.
Chris Dumez
Comment 13 2016-02-17 19:40:34 PST
(In reply to comment #11) > Created attachment 271617 [details] > SES selftest page now: A problem occurred with this webpage so it was > reloaded Also, a backtrace is more useful than a screenshot :) You can get the backtrace the .crash file for the com.apple.WebKit.WebContent process from the "console" utility.
Chris Dumez
Comment 14 2016-02-17 19:52:48 PST
Looks like a can reproduce the crash but I have to open Web Inspector and reload the page. I filed https://bugs.webkit.org/show_bug.cgi?id=154378 to track it.
Alexey Proskuryakov
Comment 15 2016-02-17 21:30:45 PST
*** Bug 154349 has been marked as a duplicate of this bug. ***
Darin Adler
Comment 16 2016-02-21 20:04:32 PST
Comment on attachment 271592 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=271592&action=review > Source/JavaScriptCore/runtime/JSObject.h:1231 > - if ((attributes & Accessor) != (currentAttributes & Accessor)) { > + if ((attributes & Accessor) != (currentAttributes & Accessor) || (attributes & CustomAccessor) != (currentAttributes & CustomAccessor)) { Here’s how I’d write it: auto accessAttributes = Accessor | CustomAccessor; if ((attributes & accessAttributes) != (currentAttributes & accessAttributes)) { Better than the || I think.
Note You need to log in before you can comment on or make changes to this bug.