Bug 22734

Summary: Debugger crashes when stepping into a function call in a return statement
Product: WebKit Reporter: Oliver Hunt <oliver>
Component: JavaScriptCoreAssignee: Cameron Zwarich (cpst) <zwarich>
Status: RESOLVED FIXED    
Severity: Normal CC: ggaren, mjs, sam, zwarich
Priority: P1    
Version: 528+ (Nightly build)   
Hardware: Mac   
OS: OS X 10.5   
URL: http://nerget.com/working/crash.html
Attachments:
Description Flags
Proposed patch oliver: review+

Oliver Hunt
Reported 2008-12-08 05:29:06 PST
There's a reproducible crash (assertion failure on debug is attempt to cast an immediate to a cell) when trying to step into a function call in a return statement. Steps to reproduce: 1. goto http://nerget.com/working/crash.html 2. Enable debugging 3. Set a breakpoint at the return statement in the code <script> function x(y){} window.onload = function () { return x(12); // <-- set break point here } </script> 4. Reload the page 5. When you reach the break point, step into the call 6. Crash :-(
Attachments
Proposed patch (2.02 KB, patch)
2008-12-10 22:21 PST, Cameron Zwarich (cpst) 		oliver: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Cameron Zwarich (cpst)
Comment 1 2008-12-08 13:19:28 PST
I'll take a look at this.
Cameron Zwarich (cpst)
Comment 2 2008-12-10 15:07:46 PST
This happens with the bytecode interpreter as well as the JIT, which should make it easier to debug.
Cameron Zwarich (cpst)
Comment 3 2008-12-10 22:21:11 PST
Created attachment 25940 [details] Proposed patch
Oliver Hunt
Comment 4 2008-12-10 22:23:34 PST
Comment on attachment 25940 [details] Proposed patch r=me!!!!!
Cameron Zwarich (cpst)
Comment 5 2008-12-10 22:27:59 PST
Landed in r39198.
Note You need to log in before you can comment on or make changes to this bug.