Bug 156357

Summary: Invalid assertion inside DebuggerScope::getOwnPropertySlot
Product: WebKit Reporter: Saam Barati <saam>
Component: JavaScriptCoreAssignee: Saam Barati <saam>
Status: RESOLVED FIXED    
Severity: Normal CC: benjamin, commit-queue, fpizlo, ggaren, gskachkov, keith_miller, mark.lam, msaboff, oliver, sukolsak, ysuzuki
Priority: P2 Keywords: InRadar
Version: WebKit Local Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
patch none

Description Saam Barati 2016-04-07 13:28:59 PDT 
The Type Profiler might profile JS code that uses DebuggerScope and accesses properties
on it. Therefore, it may have a DebuggerScope object in its log. Objects in the log
are subject to having their getOwnPropertySlot method called. Therefore, the DebuggerScope
might not always be in a valid state when this happens. The assertion is therefore invalid.
Comment 1 Saam Barati 2016-04-07 13:31:40 PDT 
Created attachment 275923 [details]
patch
Comment 2 Keith Miller 2016-04-07 13:33:30 PDT 
Comment on attachment 275923 [details]
patch

r=me
Comment 3 WebKit Commit Bot 2016-04-07 14:25:22 PDT 
Comment on attachment 275923 [details]
patch

Clearing flags on attachment: 275923

Committed r199182: <http://trac.webkit.org/changeset/199182>
Comment 4 WebKit Commit Bot 2016-04-07 14:25:26 PDT 
All reviewed patches have been landed.  Closing bug.
Comment 5 Mark Lam 2016-04-28 11:40:20 PDT 
<rdar://problem/20790971>