Bug 156930

Summary: ASSERT(m_stack.last().isTailDeleted) at ShadowChicken.cpp:127 inspecting the inspector
Product: WebKit Reporter: Joseph Pecoraro <joepeck>
Component: JavaScriptCoreAssignee: Filip Pizlo <fpizlo>
Status: RESOLVED FIXED    
Severity: Normal CC: commit-queue, fpizlo, ggaren, keith_miller, mark.lam, msaboff, saam
Priority: P2    
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
patch for EWS none

Joseph Pecoraro
Reported 2016-04-22 14:07:09 PDT
* SUMMARY Assertion when inspecting the inspector. * STEPS TO REPRODUCE 1. $ defaults write com.apple.Safari WebKitDebugDeveloperExtrasEnabled -bool YES 2. $ run-safari --debug 3. Inspect about:blank 4. Inspect the inspector (Right Click on the toolbar and select Inspect Element) 5. inspector²: Open DebuggerObserver.js 6. inspector²: Set a breakpoint in globalObjectCleared 7. inspector¹: Reload the page => triggers breakpoint in inspector² 8. inspector²: Continue 9. Repeat steps 7 and 8 if needed => ASSERT * ASSERT ASSERTION FAILED: !m_stack.last().isTailDeleted /Users/pecoraro/Code/safari/OpenSource/Source/JavaScriptCore/interpreter/ShadowChicken.cpp(127) : void JSC::ShadowChicken::update(JSC::VM &, JSC::ExecState *) 1 0x10a158130 WTFCrash 2 0x109cc6045 JSC::ShadowChicken::update(JSC::VM&, JSC::ExecState*) 3 0x109ba2723 operationProcessShadowChickenLog 4 0x54ddab59107d 5 0x54ddab5aa6bf 6 0x54ddab8f9295 7 0x54ddab573005 8 0x54ddab573026 9 0x54ddab573026 10 0x54ddab573026 11 0x54ddab573026 12 0x109d8311f llint_entry 13 0x109d83199 llint_entry 14 0x109d83199 llint_entry 15 0x109d83199 llint_entry 16 0x109d83199 llint_entry 17 0x109d7c65e vmEntryToJavaScript 18 0x109b8bdea JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) 19 0x109b1f1cc JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) 20 0x1093fc28e JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) 21 0x109bdf4d2 JSC::boundFunctionCall(JSC::ExecState*) 22 0x54ddab401028 23 0x109d83199 llint_entry 24 0x109d83199 llint_entry 25 0x109d7c65e vmEntryToJavaScript 26 0x109b8bdea JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) 27 0x109b1f1cc JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) 28 0x1093fc28e JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) 29 0x109a3e4f5 JSC::callSetter(JSC::ExecState*, JSC::JSValue, JSC::JSValue, JSC::JSValue, JSC::ECMAMode) 30 0x109c9622f JSC::JSObject::putInlineSlow(JSC::ExecState*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&) 31 0x109ba52e8 JSC::JSObject::putInline(JSC::JSCell*, JSC::ExecState*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&) ERROR: Exiting process early due to unacknowledged closed-connection
Attachments
patch for EWS (716 bytes, patch)
2016-04-22 14:21 PDT, Filip Pizlo 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Filip Pizlo
Comment 1 2016-04-22 14:08:19 PDT
I think that this may be a bad assertion. I will look.
Filip Pizlo
Comment 2 2016-04-22 14:13:40 PDT
I think I have a fix.
Filip Pizlo
Comment 3 2016-04-22 14:20:34 PDT
JoePeck confirmed that my fix works for him and he reviewed it. I am running all of the tests.
Filip Pizlo
Comment 4 2016-04-22 14:21:10 PDT
Created attachment 277101 [details] patch for EWS If EWS and my tests are happy then I'll land this, with a ChangeLog of course.
Filip Pizlo
Comment 5 2016-04-22 15:46:13 PDT
Landed in http://trac.webkit.org/changeset/199918
Note You need to log in before you can comment on or make changes to this bug.