Bug 48832

Summary: Web Inspector: [JSC] Crash when starting profiling in debug mode
Product: WebKit Reporter: Mikhail Naganov <mnaganov>
Component: Web Inspector (Deprecated)Assignee: Nobody <webkit-unassigned>
Status: RESOLVED WORKSFORME    
Severity: Normal CC: apavlov, burg, bweinstein, ggaren, joepeck, keishi, loislo, mark.lam, oliver, pfeldman, pmuellr, rik, yurys
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   

Mikhail Naganov
Reported 2010-11-02 06:24:36 PDT
An attempt to execute "console.profile()" leads to crash (in debug mode only). Program received signal EXC_BAD_ACCESS, Could not access memory. Reason: KERN_INVALID_ADDRESS at address: 0x0000000000000030 0x000000010085c8e8 in JSC::JSGlobalObject::d (this=0x0) at JSGlobalObject.h:280 280 JSGlobalObjectData* d() const { return static_cast<JSGlobalObjectData*>(JSVariableObject::d); } (gdb) bt #0 0x000000010085c8e8 in JSC::JSGlobalObject::d (this=0x0) at JSGlobalObject.h:280 #1 0x00000001008bd625 in JSC::JSGlobalObject::profileGroup (this=0x0) at JSGlobalObject.h:253 #2 0x00000001008c0c12 in JSC::Profiler::didExecute (this=0x11e9d27c0, exec=0x11ea10528, function={m_ptr = 0x11c422800}) at /Users/mnaganov/webkit/JavaScriptCore/profiler/Profiler.cpp:130 #3 0x00000001007e5598 in JSC::Interpreter::executeCall (this=0x11c357f60, callFrame=0x11c379458, function=0x11c422800, callType=JSC::CallTypeJS, callData=@0x7fff5fbfbdc0, thisValue={m_ptr = 0x11c423b00}, args=@0x7fff5fbfbdb0) at /Users/mnaganov/webkit/JavaScriptCore/interpreter/Interpreter.cpp:838 #4 0x000000010079c6f0 in JSC::call (exec=0x11c379458, functionObject={m_ptr = 0x11c422800}, callType=JSC::CallTypeJS, callData=@0x7fff5fbfbdc0, thisValue={m_ptr = 0x11c423b00}, args=@0x7fff5fbfbdb0) at /Users/mnaganov/webkit/JavaScriptCore/runtime/CallData.cpp:38 #5 0x0000000101ab9a49 in WebCore::JSMainThreadExecState::call (exec=0x11c379458, functionObject={m_ptr = 0x11c422800}, callType=JSC::CallTypeJS, callData=@0x7fff5fbfbdc0, thisValue={m_ptr = 0x11c423b00}, args=@0x7fff5fbfbdb0) at JSMainThreadExecState.h:48 #6 0x0000000101fb2e6d in WebCore::ScriptFunctionCall::call (this=0x7fff5fbfbec0, hadException=@0x7fff5fbfc36f, reportExceptions=true) at /Users/mnaganov/webkit/WebCore/bindings/js/ScriptFunctionCall.cpp:144 #7 0x00000001019d40a5 in WebCore::InjectedScript::dispatch (this=0x7fff5fbfc020, methodName=@0x7fff5fbfc330, arguments=@0x7fff5fbfc320, result=0x7fff5fbfc240, hadException=0x7fff5fbfc36f) at /Users/mnaganov/webkit/WebCore/inspector/InjectedScript.cpp:59 #8 0x00000001019f197f in WebCore::InspectorBackend::dispatchOnInjectedScript (this=0x106172810, injectedScriptId=0, methodName=@0x7fff5fbfc330, arguments=@0x7fff5fbfc320, result=0x7fff5fbfc240, hadException=0x7fff5fbfc36f) at /Users/mnaganov/webkit/WebCore/inspector/InspectorBackend.cpp:95 #9 0x0000000101a04e44 in WebCore::InspectorBackendDispatcher::dispatchOnInjectedScript (this=0x106172110, callId=17, requestMessageObject=0x11e9e3ba0) at /Users/mnaganov/webkit/WebKitBuild/Debug/DerivedSources/WebCore/InspectorBackendDispatcher.cpp:1397 #10 0x00000001019f4485 in WebCore::InspectorBackendDispatcher::dispatch (this=0x106172110, message=@0x7fff5fbfdf70) at /Users/mnaganov/webkit/WebKitBuild/Debug/DerivedSources/WebCore/InspectorBackendDispatcher.cpp:3633 #11 0x0000000101a77c87 in WebCore::InspectorFrontendClientLocal::sendMessageToBackend (this=0x11e909e10, message=@0x7fff5fbfdf70) at /Users/mnaganov/webkit/WebCore/inspector/InspectorFrontendClientLocal.cpp:154 #12 0x0000000101a7892e in WebCore::InspectorFrontendHost::sendMessageToBackend (this=0x11f210de0, message=@0x7fff5fbfdf70) at /Users/mnaganov/webkit/WebCore/inspector/InspectorFrontendHost.cpp:223 #13 0x0000000101bd5736 in WebCore::jsInspectorFrontendHostPrototypeFunctionSendMessageToBackend (exec=0x11ea10430) at /Users/mnaganov/webkit/WebKitBuild/Debug/DerivedSources/WebCore/JSInspectorFrontendHost.cpp:404 #14 0x00003a82146161b8 in ?? () #15 0x00000001007ea24d in JSC::JITCode::execute (this=0x11f226798, registerFile=0x11c357f78, callFrame=0x11ea10048, globalData=0x1080e3000) at JITCode.h:77 #16 0x00000001007e550c in JSC::Interpreter::executeCall (this=0x11c357f60, callFrame=0x11f20ef18, function=0x11c4741c0, callType=JSC::CallTypeJS, callData=@0x7fff5fbfe430, thisValue={m_ptr = 0x11c4740c0}, args=@0x7fff5fbfe3f0) at /Users/mnaganov/webkit/JavaScriptCore/interpreter/Interpreter.cpp:830 #17 0x000000010079c6f0 in JSC::call (exec=0x11f20ef18, functionObject={m_ptr = 0x11c4741c0}, callType=JSC::CallTypeJS, callData=@0x7fff5fbfe430, thisValue={m_ptr = 0x11c4740c0}, args=@0x7fff5fbfe3f0) at /Users/mnaganov/webkit/JavaScriptCore/runtime/CallData.cpp:38 #18 0x0000000101ab9a49 in WebCore::JSMainThreadExecState::call (exec=0x11f20ef18, functionObject={m_ptr = 0x11c4741c0}, callType=JSC::CallTypeJS, callData=@0x7fff5fbfe430, thisValue={m_ptr = 0x11c4740c0}, args=@0x7fff5fbfe3f0) at JSMainThreadExecState.h:48 #19 0x0000000101b577bc in WebCore::JSEventListener::handleEvent (this=0x11f338ee0, scriptExecutionContext=0x1069e1a68, event=0x109662ef0) at /Users/mnaganov/webkit/WebCore/bindings/js/JSEventListener.cpp:124 #20 0x0000000101811340 in WebCore::EventTarget::fireEventListeners (this=0x11ef84240, event=0x109662ef0, d=0x11af7fd00, entry=@0x106330110) at /Users/mnaganov/webkit/WebCore/dom/EventTarget.cpp:335 #21 0x00000001018119aa in WebCore::EventTarget::fireEventListeners (this=0x11ef84240, event=0x109662ef0) at /Users/mnaganov/webkit/WebCore/dom/EventTarget.cpp:304 #22 0x0000000101dace1d in WebCore::Node::handleLocalEvents (this=0x11ef84240, event=0x109662ef0) at /Users/mnaganov/webkit/WebCore/dom/Node.cpp:2484 #23 0x0000000101dad4c9 in WebCore::Node::dispatchGenericEvent (this=0x11ef84240, prpEvent=@0x7fff5fbfe7d0) at /Users/mnaganov/webkit/WebCore/dom/Node.cpp:2602 #24 0x0000000101dad977 in WebCore::Node::dispatchEvent (this=0x11ef84240, prpEvent=@0x7fff5fbfe860) at /Users/mnaganov/webkit/WebCore/dom/Node.cpp:2547 #25 0x0000000101810eba in WebCore::EventTarget::dispatchEvent (this=0x11ef84240, event=@0x7fff5fbfe990, ec=@0x7fff5fbfea0c) at /Users/mnaganov/webkit/WebCore/dom/EventTarget.cpp:282 #26 0x00000001017fe1a3 in WebCore::EventHandler::keyEvent (this=0x1069bae00, initialKeyEvent=@0x7fff5fbfea70) at /Users/mnaganov/webkit/WebCore/page/EventHandler.cpp:2313 #27 0x000000010180ba29 in WebCore::EventHandler::keyEvent (this=0x1069bae00, event=0x109665590) at /Users/mnaganov/webkit/WebCore/page/mac/EventHandlerMac.mm:148 #28 0x0000000100f6df11 in -[WebHTMLView keyDown:] (self=0x1061fa790, _cmd=0x7fff81b89550, event=0x109665590) at /Users/mnaganov/webkit/WebKit/mac/WebView/WebHTMLView.mm:4132 #29 0x00007fff81589483 in -[NSWindow sendEvent:] () #30 0x000000010004261d in ?? () #31 0x00000001000425aa in ?? () #32 0x00007fff814bdee2 in -[NSApplication sendEvent:] () #33 0x00000001000392ee in ?? () #34 0x00007fff81454922 in -[NSApplication run] () #35 0x00007fff8144d5f8 in NSApplicationMain ()
Attachments
Brian Burg
Comment 1 2013-05-02 21:50:06 PDT
This doesn't seem to be an issue anymore. I recommend closing unless more specific repro circumstances are available.
Joseph Pecoraro
Comment 2 2014-01-31 10:40:32 PST
Lets close. JSGLobalObjectData* d() doesn't even exist anymore.
Note You need to log in before you can comment on or make changes to this bug.