Bug 25981

Summary: REGRESSION: jQuery load() issue.
Product: WebKit Reporter: Ashley Williams <a.j.r.williams>
Component: JavaScriptCoreAssignee: Gavin Barraclough <barraclough>
Status: RESOLVED FIXED    
Severity: Normal CC: abarth, ahaeusler, ap, oliver
Priority: P1 Keywords: InRadar, NeedsReduction, Regression
Version: 528+ (Nightly build)   
Hardware: Mac   
OS: OS X 10.5   
Attachments:
Description Flags
Fix oliver: review+

Description Ashley Williams 2009-05-23 17:59:27 PDT
Just updated to the latest nightly (r44078), and this bug with jQuerys load() function has popped up. Here's how to (hopefully) reproduce it:

1) create a file with the current code:

		<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
			"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
		<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
		<head>
			<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
			<title>tabs</title>
		  <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3/jquery.min.js"></script>
			<script type="text/javascript" charset="utf-8">
			  $(document).ready(function(){
		    	$("a").click(function(){
			      var a = this;
		        $('#page').load(a.href, function(responseText, textStatus, req){
		          console.log("Loading: "+textStatus)
		        });
		        return false;
		    	});
		    });
			</script>	
		</head>
		<body>
		  <a href="http://google.com" rel="load">Google</a>
		  <div id="page">
		  </div>
		</body>
		</html>
		
2) open it in safari (r44078), open the error console, and spam the link (it's fine if you press it once or twice, thus the need to spam it)
3) Instead of executing the requests one at a time (and outputting "Loading: success" in the console for as many times as you spammed the link), it'll just freeze (just the javascript, not the application) and stop the requests completely.
		
I've tested it in the prior nightly (r44015) and it's functioning fine.
Comment 1 Mark Rowe (bdash) 2009-05-23 19:27:32 PDT
<rdar://problem/6918095>
Comment 2 Alexey Proskuryakov 2009-05-24 03:33:40 PDT
I do not see an obvious culprit in this range. Could be a result of some JavaScript changes, or of abarth's ResourceRequest ones.

I haven't tried to reproduce this yet.
Comment 3 Alexey Proskuryakov 2009-05-24 04:17:50 PDT
Seeing an assertion failure in JavaScript on a debug build:

ASSERTION FAILED: result == JSValue(callee)
(/Users/ap/Safari/OpenSource/JavaScriptCore/jit/JITStubs.cpp:745 static void* JSC::JITStubs::cti_op_get_by_id_method_check_second(void*, ...))

Comment 4 Gavin Barraclough 2009-05-26 19:37:46 PDT
Created attachment 30692 [details]
Fix

Method call caching was failing to clear the cached value when overwriting a property in a dictionary.

No performance impact.
Comment 5 Oliver Hunt 2009-05-26 19:42:59 PDT
Comment on attachment 30692 [details]
Fix

Correct the changelog so that it looks like it was written by someone who knows english and r=me
Comment 6 Gavin Barraclough 2009-05-26 19:48:05 PDT
Sending        JavaScriptCore/ChangeLog
Sending        JavaScriptCore/JavaScriptCore.exp
Sending        JavaScriptCore/jit/JITStubs.cpp
Sending        JavaScriptCore/runtime/JSObject.h
Sending        JavaScriptCore/runtime/Structure.cpp
Sending        JavaScriptCore/runtime/Structure.h
Transmitting file data ......
Committed revision 44171.
Comment 7 Alexey Proskuryakov 2009-05-28 14:11:10 PDT
*** Bug 26013 has been marked as a duplicate of this bug. ***