Summary: | Assertion failed under operationToLowerCase with a rope with zero length | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | WebKit | Reporter: | Joseph Pecoraro <joepeck> | ||||||
Component: | JavaScriptCore | Assignee: | Saam Barati <saam> | ||||||
Status: | RESOLVED FIXED | ||||||||
Severity: | Normal | CC: | benjamin, commit-queue, fpizlo, ggaren, gskachkov, jfbastien, joepeck, keith_miller, mark.lam, msaboff, oliver, saam, ticaiolima, ysuzuki | ||||||
Priority: | P2 | ||||||||
Version: | WebKit Nightly Build | ||||||||
Hardware: | Unspecified | ||||||||
OS: | Unspecified | ||||||||
Attachments: |
|
Description
Joseph Pecoraro
2016-10-11 20:43:44 PDT
*** Bug 163313 has been marked as a duplicate of this bug. *** Caught in the debugger I can get the JavaScript frames: (lldb) btjs * thread #1: tid = 0x17c773, 0x000000010ed00804, queue = 'com.apple.main-thread, stop reason = EXC_BAD_ACCESS (code=1, addre? frame #0: 0x000000010ed00804 JavaScriptCore`::WTFCrash() + 36 at Assertions.cpp:323 frame #1: 0x000000010ed4cdf8 JavaScriptCore`WTF::Ref<WTF::StringImpl> WTF::StringImpl::createUninitializedInternalNonEmpty<unsigned char>(length=0, data=<no value available>) + 72 at StringImpl.cpp:182 frame #2: 0x000000010ed4d954 JavaScriptCore`WTF::StringImpl::convertToLowercaseWithoutLocaleStartingAtFailingIndex8Bit(this={ length = 0, is8bit = 1, contents = '' }, failingIndex=0) + 116 at StringImpl.cpp:429 frame #3: 0x000000010ed78aad JavaScriptCore`WTF::String::convertToLowercaseWithoutLocaleStartingAtFailingIndex8Bit(this={ length = 0, contents = '' }, failingIndex=0) const + 93 at WTFString.cpp:365 frame #4: 0x000000010e26fe1a JavaScriptCore`::operationToLowerCase(exec=0x00007fff57c30700, string=0x0000000122d540a0, failingIndex=0) + 266 at DFGOperations.cpp:1526 frame #5: 0x00004550dae2c41f parseURL#CeJir5 [DFG](Cell[Window ID: 14469]: 0x11f75c0a0, "file:///Users/pecoraro/Build/Debug/WebInspectorUI.framework/Resources/Models/ResourceQueryMatch.js") frame #6: 0x00004550dae289ae _updateTitles#Cagyoq [DFG](Cell[Object ID: 12179]: 0x1262467e0) frame #7: 0x00004550dad8eeb3 _updateResource#BX7IA4 [Baseline](Cell[Object ID: 12179]: 0x1262467e0, Cell[Object ID: 12229]: 0x1262463c0) frame #8: 0x00004550dae21d02 ResourceTreeElement#BrPePF [DFG](<JSValue()>, Cell[Object ID: 12229]: 0x1262463c0) frame #9: 0x00004550dad8736c _addTreeElementForSourceCodeToTreeOutline#EYkdVP [Baseline](Cell[Object ID: 12240]: 0x122da7e60, Cell[Object ID: 12229]: 0x1262463c0, Cell[Object ID: 14708]: 0x122d62780) frame #10: 0x00004550dad705b0 _addResource#Ab2oND [Baseline](Cell[Object ID: 12240]: 0x122da7e60, Cell[Object ID: 12229]: 0x1262463c0) frame #11: 0x00004550dadc24a6 _resourceAdded#A1GokE [DFG](Cell[Object ID: 12240]: 0x122da7e60, Cell[Object ID: 11290]: 0x126225c20) frame #12: 0x00004550dae11502 dispatch#ALOGGc [DFG](Undefined, Cell[Function ID: 4013]: 0x120a339a0) frame #13: 0x00004550dad43d3c dispatchEventToListeners#B97qyR [DFG](Cell[Object ID: 12571]: 0x122d63640, "frame-resource-was-added", Cell[Object ID: 12072]: 0x1262465a0) frame #14: 0x00004550dad660a1 addResource#AvzKyY [Baseline](Cell[Object ID: 12571]: 0x122d63640, Cell[Object ID: 12229]: 0x1262463c0) frame #15: 0x000000010e8e561a _addFrameTreeFromFrameResourceTreePayload#Ar2abc [LLInt](Cell[Object ID: 14466]: 0x11f62b660, Cell[Object ID: 14336]: 0x122cd6b60, True) frame #16: 0x000000010e8e5694 _processMainFrameResourceTreePayload#AiF4sn [LLInt](Cell[Object ID: 14466]: 0x11f62b660, Null, Cell[Object ID: 14336]: 0x122cd6b60) frame #17: 0x000000010e8de1ae JavaScriptCore`vmEntryToJavaScript + 334 at LowLevelInterpreter64.asm:253 frame #18: 0x000000010e6c7149 JavaScriptCore`JSC::JITCode::execute(this=0x0000000121656618, vm=0x000000011f5f2000, protoCallFrame=0x00007fff57c31120) + 329 at JITCode.cpp:81 frame #19: 0x000000010e6468df JavaScriptCore`JSC::Interpreter::executeCall(this=0x000000011efc0b40, callFrame=0x00007fff57c313d0, function=0x0000000121b0ef20, callType=JS, callData=0x00007fff57c31320, thisValue=JSValue @ 0x00007fff57c31220, args=0x00007fff57c312e8) + 1215 at Interpreter.cpp:948 frame #20: 0x000000010deac258 JavaScriptCore`JSC::call(exec=0x00007fff57c313d0, functionObject=JSValue @ 0x00007fff57c312a0, callType=JS, callData=0x00007fff57c31320, thisValue=JSValue @ 0x00007fff57c31298, args=0x00007fff57c312e8) + 184 at CallData.cpp:40 Created attachment 291432 [details]
patch
Comment on attachment 291432 [details] patch View in context: https://bugs.webkit.org/attachment.cgi?id=291432&action=review r=me > JSTests/ChangeLog:3 > + Assertion failed under operationToLowerCase opening inspector² Please remove the non-ascii char. > Source/JavaScriptCore/ChangeLog:3 > + Assertion failed under operationToLowerCase opening inspector² Fix non-ascii char. Created attachment 291643 [details]
patch for landing
Comment on attachment 291643 [details] patch for landing Clearing flags on attachment: 291643 Committed r207377: <http://trac.webkit.org/changeset/207377> All reviewed patches have been landed. Closing bug. Comment on attachment 291643 [details] patch for landing View in context: https://bugs.webkit.org/attachment.cgi?id=291643&action=review > Source/JavaScriptCore/dfg/DFGOperations.cpp:1526 > + if (!inputString.length()) String has an isEmpty function; I normally assume we should always use that instead of checking length for 0 just in case we some day come up with a more efficient way to implement it. Unless we are also using the length. |