Bug 15747

Summary:

REGRESSION: Lots of layout tests fail the !HashTranslator::equal(KeyTraits::emptyValue()) ASSERT

Product:

WebKit

Reporter:

Geoffrey Garen <ggaren>

Component:

JavaScriptCore

Assignee:

Maciej Stachowiak <mjs>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

ddkilzer, jimoase, mitz, mjs

Priority:

Keywords:

InRadar, Regression

Version:

523.x (Safari 3)

Hardware:

Mac

OS:

OS X 10.4

URL:

http://www.symantec.com/

Attachments:

Description	Flags
Crash log report....	none
Another crash log	none
Crash log ....... spontaneous crash	none
Crash log r27337	none
10.5 crash log	none
Crash log while in Spaces	none

Description Geoffrey Garen 2007-10-28 23:22:20 PDT

I'm temporarily disabling the ASSERT for the sake of the buildbot.

Comment 1 Geoffrey Garen 2007-10-28 23:34:40 PDT

<rdar://problem/5564604>

Comment 2 David Kilzer (:ddkilzer) 2007-10-29 09:35:55 PDT

I see this assertion failure on the Symantec home page with a debug build of WebKit r27223 as well.

Console:

ASSERTION FAILED: !HashTranslator::equal(KeyTraits::emptyValue(), key)
(/path/to/WebKit/WebKitBuild/Debug/JavaScriptCore.framework/PrivateHeaders/HashTable.h:407 Value* WTF::HashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits>::lookup(const T&) [with T = int, HashTranslator = WTF::IdentityHashTranslator<int, std::pair<int, int>, WTF::IntHash<int32_t> >, Key = int, Value = std::pair<int, int>, Extractor = WTF::PairFirstExtractor<std::pair<int, int> >, HashFunctions = WTF::IntHash<int32_t>, Traits = WTF::PairHashTraits<WTF::HashTraits<int32_t>, WTF::HashTraits<int32_t> >, KeyTraits = WTF::HashTraits<int32_t>])

Stack trace:

Exception:  EXC_BAD_ACCESS (0x0001)
Codes:      KERN_INVALID_ADDRESS (0x0001) at 0xbbadbeef

Thread 0 Crashed:
0   com.apple.WebCore        	0x017478cc std::pair<int, int>* WTF::HashTable<int, std::pair<int, int>, WTF::PairFirstExtractor<std::pair<int, int> >, WTF::IntHash<int>, WTF::PairHashTraits<WTF::HashTraits<int>, WTF::HashTraits<int> >, WTF::HashTraits<int> >::lookup<int, WTF::IdentityHashTranslator<int, std::pair<int, int>, WTF::IntHash<int> > >(int const&) + 184 (HashTable.h:407)
1   com.apple.WebCore        	0x01747a58 WTF::HashTable<int, std::pair<int, int>, WTF::PairFirstExtractor<std::pair<int, int> >, WTF::IntHash<int>, WTF::PairHashTraits<WTF::HashTraits<int>, WTF::HashTraits<int> >, WTF::HashTraits<int> >::lookup(int const&) + 40 (HashTable.h:321)
2   com.apple.WebCore        	0x019d237c WTF::HashMap<WebCore::AtomicStringImpl*, WebCore::CSSRuleDataList*, WTF::PtrHash<WebCore::AtomicStringImpl*>, WTF::HashTraits<WebCore::AtomicStringImpl*>, WTF::HashTraits<WebCore::CSSRuleDataList*> >::get(WebCore::AtomicStringImpl* const&) const + 88 (HashMap.h:299)
3   com.apple.WebCore        	0x019d2448 WebCore::CSSRuleSet::getClassRules(WebCore::AtomicStringImpl*) + 52 (CSSStyleSelector.cpp:196)
4   com.apple.WebCore        	0x015af8b0 WebCore::CSSStyleSelector::matchRules(WebCore::CSSRuleSet*, int&, int&) + 296 (CSSStyleSelector.cpp:382)
5   com.apple.WebCore        	0x015c013c WebCore::CSSStyleSelector::styleForElement(WebCore::Element*, WebCore::RenderStyle*, bool, bool) + 1328 (CSSStyleSelector.cpp:854)
6   com.apple.WebCore        	0x012f139c WebCore::Element::styleForRenderer(WebCore::RenderObject*) + 80 (Element.cpp:615)
7   com.apple.WebCore        	0x012e8d7c WebCore::Node::createRendererIfNeeded() + 496 (Node.cpp:1020)
8   com.apple.WebCore        	0x012f4c34 WebCore::Element::attach() + 36 (Element.cpp:663)
9   com.apple.WebCore        	0x0102481c WebCore::HTMLParser::insertNode(WebCore::Node*, bool) + 920 (HTMLParser.cpp:327)
10  com.apple.WebCore        	0x01025468 WebCore::HTMLParser::parseToken(WebCore::Token*) + 1796 (HTMLParser.cpp:252)
11  com.apple.WebCore        	0x01027f64 WebCore::HTMLTokenizer::processToken() + 608 (HTMLTokenizer.cpp:1653)
12  com.apple.WebCore        	0x0102bddc WebCore::HTMLTokenizer::parseTag(WebCore::SegmentedString&, WebCore::HTMLTokenizer::State) + 6988 (HTMLTokenizer.cpp:1218)
13  com.apple.WebCore        	0x0102c994 WebCore::HTMLTokenizer::write(WebCore::SegmentedString const&, bool) + 1524 (HTMLTokenizer.cpp:1449)
14  com.apple.WebCore        	0x01027c60 WebCore::HTMLTokenizer::notifyFinished(WebCore::CachedResource*) + 1144 (HTMLTokenizer.cpp:1762)
15  com.apple.WebCore        	0x01165f64 WebCore::CachedScript::checkNotify() + 108 (CachedScript.cpp:92)
16  com.apple.WebCore        	0x01166140 WebCore::CachedScript::data(WTF::PassRefPtr<WebCore::SharedBuffer>, bool) + 336 (CachedScript.cpp:84)
17  com.apple.WebCore        	0x01169210 WebCore::Loader::didFinishLoading(WebCore::SubresourceLoader*) + 408 (loader.cpp:116)
18  com.apple.WebCore        	0x014e7388 WebCore::SubresourceLoader::didFinishLoading() + 204 (SubresourceLoader.cpp:195)
19  com.apple.WebCore        	0x014e5150 WebCore::ResourceLoader::didFinishLoading(WebCore::ResourceHandle*) + 60
20  com.apple.WebCore        	0x014b3f38 -[WebCoreResourceHandleAsDelegate connectionDidFinishLoading:] + 204 (ResourceHandleMac.mm:456)
21  com.apple.Foundation     	0x92c1589c -[NSURLConnection(NSURLConnectionInternal) _sendDidFinishLoadingCallback] + 188
22  com.apple.Foundation     	0x92c13b08 -[NSURLConnection(NSURLConnectionInternal) _sendCallbacks] + 556
23  com.apple.Foundation     	0x92c13860 _sendCallbacks + 156
24  com.apple.CoreFoundation 	0x907de4fc __CFRunLoopDoSources0 + 384
25  com.apple.CoreFoundation 	0x907dda2c __CFRunLoopRun + 452
26  com.apple.CoreFoundation 	0x907dd4ac CFRunLoopRunSpecific + 268
27  com.apple.HIToolbox      	0x9329bb20 RunCurrentEventLoopInMode + 264
28  com.apple.HIToolbox      	0x9329b1b4 ReceiveNextEventCommon + 380
29  com.apple.HIToolbox      	0x9329b020 BlockUntilNextEventMatchingListInMode + 96
30  com.apple.AppKit         	0x937a1ae4 _DPSNextEvent + 384
31  com.apple.AppKit         	0x937a17a8 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 116
32  com.apple.Safari         	0x00006770 0x1000 + 22384
33  com.apple.AppKit         	0x9379dcec -[NSApplication run] + 472
34  com.apple.AppKit         	0x9388e87c NSApplicationMain + 452
35  com.apple.Safari         	0x0000244c 0x1000 + 5196
36  com.apple.Safari         	0x0004f1b0 0x1000 + 319920

Comment 3 David Kilzer (:ddkilzer) 2007-10-30 16:49:37 PDT

This also asserts on Hotwire.com when searching for flights.

Comment 4 David Kilzer (:ddkilzer) 2007-10-31 09:59:21 PDT

*** Bug 15757 has been marked as a duplicate of this bug. ***

Comment 5 David Kilzer (:ddkilzer) 2007-10-31 10:00:08 PDT

(In reply to comment #4)
> *** Bug 15757 has been marked as a duplicate of this bug. ***

Digg.com crashes in release builds (different stack).  See Bug 15757.

Comment 6 Jim Oase 2007-10-31 19:36:15 PDT

Created attachment 16973 [details]
Crash log report....

Crash happened moments after accessing digg.com

Comment 7 Jim Oase 2007-10-31 19:45:58 PDT

Created attachment 16974 [details]
Another crash log

Like last night's crash this one occurred while viewing a discussion.  Ironically on a OS X Trojan Horse

Jim

Comment 8 Jim Oase 2007-11-01 06:45:59 PDT

Created attachment 16981 [details]
Crash log  ....... spontaneous crash

Same spontaneous crash as before........
Go to Digg.com
Select a long discussion
use you scroll ball to move up and down quickly
Crash will occur in a few seconds...... generally going down

Jim

Comment 9 Jim Oase 2007-11-01 14:03:57 PDT

Created attachment 16986 [details]
Crash log   r27337

Again looking at a Digg.com discussion.  This time no scrolling was taking place.

Comment 10 Matt Lilek 2007-11-01 14:25:13 PDT

(In reply to comment #9)
> Created an attachment (id=16986) [edit]
> Crash log   r27337
> 
> Again looking at a Digg.com discussion.  This time no scrolling was taking
> place.
> 

Jim, thanks for the crash logs, but they're all identical so we don't need anymore right now.  If you can trigger a crash another way and the crash log isn't the same as the one for this bug, please file a new bug and attach it there.

Comment 11 Jim Oase 2007-11-03 19:58:33 PDT

Created attachment 17027 [details]
10.5 crash log

Just opened Webkit and started to browse when crash occurred.

Previous spontaneous crashes while view Digg.com had not occurred since using this last nightly build.  Then I installed 10.5.

Jim

Comment 12 Jim Oase 2007-11-04 13:15:24 PST

Created attachment 17036 [details]
Crash log while in Spaces

using in spaces...  Crash occurred while viewing an iPhoto slide show in another space

Comment 13 Darin Adler 2007-11-05 11:07:34 PST

(In reply to comment #12)
> Crash log while in Spaces

Jim, your crash is unrelated to HashTranslator::equal. Please file a separate bug report.

Comment 14 Darin Adler 2007-11-05 11:09:19 PST

Actually, I'm not at all sure if that's true.

What's the status of this bug, Maciej?

Comment 15 Darin Adler 2007-11-05 11:11:26 PST

This bug is definitely fixed.

If the digg.com problem is still around with the latest nightly builds, then it's another bug. Changing status on this one to FIXED.

Comment 16 David Kilzer (:ddkilzer) 2007-11-05 13:08:03 PST

I believe this was fixed in r27441, but neither the ChangeLog nor the commit message mention it.

http://trac.webkit.org/projects/webkit/changeset/27441

Comment 17 mitz 2007-11-05 13:11:38 PST

(In reply to comment #16)
> I believe this was fixed in r27441, but neither the ChangeLog nor the commit
> message mention it.
> 
> http://trac.webkit.org/projects/webkit/changeset/27441
> 

It was hard to tell from the crash logs attached to this bug whether it was about the instance that I'd fixed.

Comment 18 David Kilzer (:ddkilzer) 2007-11-05 13:39:46 PST

(In reply to comment #15)
> If the digg.com problem is still around with the latest nightly builds, then
> it's another bug. Changing status on this one to FIXED.

The digg.com bug still occurs.  See Bug 15848.

(In reply to comment #17)
> It was hard to tell from the crash logs attached to this bug whether it was
> about the instance that I'd fixed.

Doh!  You were correct.

Comment 19 David Kilzer (:ddkilzer) 2007-11-05 13:53:48 PST

(In reply to comment #3)
> This also asserts on Hotwire.com when searching for flights.

The Hotwire.com bug appears to have been fixed.  See Comment #16.