Bug 156357

Summary:

Invalid assertion inside DebuggerScope::getOwnPropertySlot

Product:

WebKit

Reporter:

Saam Barati <saam>

Component:

JavaScriptCore

Assignee:

Saam Barati <saam>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

benjamin, commit-queue, fpizlo, ggaren, gskachkov, keith_miller, mark.lam, msaboff, oliver, sukolsak, ysuzuki

Priority:

Keywords:

InRadar

Version:

WebKit Local Build

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
patch	none

Saam Barati

Reported 2016-04-07 13:28:59 PDT

The Type Profiler might profile JS code that uses DebuggerScope and accesses properties on it. Therefore, it may have a DebuggerScope object in its log. Objects in the log are subject to having their getOwnPropertySlot method called. Therefore, the DebuggerScope might not always be in a valid state when this happens. The assertion is therefore invalid.

Attachments
patch (1.70 KB, patch) 2016-04-07 13:31 PDT, Saam Barati	no flags	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Saam Barati

Comment 1 2016-04-07 13:31:40 PDT

Created attachment 275923 [details] patch

Keith Miller

Comment 2 2016-04-07 13:33:30 PDT

Comment on attachment 275923 [details] patch r=me

WebKit Commit Bot

Comment 3 2016-04-07 14:25:22 PDT

Comment on attachment 275923 [details] patch Clearing flags on attachment: 275923 Committed r199182: <http://trac.webkit.org/changeset/199182>

WebKit Commit Bot

Comment 4 2016-04-07 14:25:26 PDT

All reviewed patches have been landed. Closing bug.

Mark Lam

Comment 5 2016-04-28 11:40:20 PDT

<rdar://problem/20790971>

Note You need to log in before you can comment on or make changes to this bug.