Bug 185503

Summary: Various crashes on observablehq.com when opening Web Inspector
Product: WebKit Reporter: Ivan Reese <ivanreese>
Component: Web InspectorAssignee: Mark Lam <mark.lam>
Status: ASSIGNED    
Severity: Normal CC: fpizlo, inspector-bugzilla-changes, mark.lam, webkit-bug-importer, ysuzuki
Priority: P2 Keywords: InRadar
Version: Safari Technology Preview   
Hardware: Mac   
OS: macOS 10.13   

Ivan Reese
Reported 2018-05-09 18:36:20 PDT
On various pages at observablehq.com, opening the Web Inspector causes the browser tab to immediately crash and reload the page. I've reproduced this in both Safari 11.0.3 (13604.5.6) and Safari TP 55 (13606.1.15). Pages that exhibit this issue: https://beta.observablehq.com/@mbostock/introduction-to-generators https://beta.observablehq.com/@mbostock/five-minute-introduction https://beta.observablehq.com/@mbostock/introduction-to-notebooks https://beta.observablehq.com/@jashkenas/night-skies-lights-and-light-pollution-globe (Those are the first 4 I tried.) If the page is loaded with the inspector already open, it does not crash the browser tab. However, if the inspector is then closed, the browser tab does crash.
Attachments
Add attachment proposed patch, testcase, etc.
Alexey Proskuryakov
Comment 1 2018-05-09 23:32:08 PDT
I'm hitting multiple different crash signatures. Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.JavaScriptCore 0x00007fff537076f4 JSC::JSFunction::create(JSC::VM&, JSC::FunctionExecutable*, JSC::JSScope*) + 4 1 com.apple.JavaScriptCore 0x00007fff52eb3236 llint_slow_path_new_func_exp + 102 2 com.apple.JavaScriptCore 0x00007fff52ebad78 llint_entry + 28966 Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.JavaScriptCore 0x00007fff52d82704 JSC::JSCell::toNumber(JSC::ExecState*) const + 4 1 com.apple.JavaScriptCore 0x00007fff5367d269 slow_path_inc + 153 2 com.apple.JavaScriptCore 0x00007fff52eb5b1a llint_entry + 7880 Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.JavaScriptCore 0x00007fff534f52fb JSC::ShadowChicken::update(JSC::VM&, JSC::ExecState*) + 2939 1 com.apple.JavaScriptCore 0x00007fff534f4732 JSC::ShadowChicken::log(JSC::VM&, JSC::ExecState*, JSC::ShadowChicken::Packet const&) + 18 2 com.apple.JavaScriptCore 0x00007fff53521f14 JSC::genericUnwind(JSC::VM*, JSC::ExecState*, JSC::UnwindStart) + 132 3 com.apple.JavaScriptCore 0x00007fff5357376d llint_slow_path_handle_exception + 45 4 com.apple.JavaScriptCore 0x00007fff52eb8645 llint_entry + 18931
Radar WebKit Bug Importer
Comment 2 2018-05-09 23:32:35 PDT
<rdar://problem/40120019>
Note You need to log in before you can comment on or make changes to this bug.