Bug 55671

Summary: REGRESSION (r79987-r80210): Crash in JSWeakObjectMapClear
Product: WebKit Reporter: Kevin M. Dean <kevin>
Component: JavaScriptCoreAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Critical CC: ddkilzer, maccinema, oliver
Priority: P1 Keywords: InRadar, Regression
Version: 528+ (Nightly build)   
Hardware: Mac (PowerPC)   
OS: OS X 10.5   
URL: http://www.avsforum.com/
Attachments:
Description Flags
Patch ggaren: review+

Kevin M. Dean
Reported 2011-03-03 07:12:28 PST
While browsing around the AVS forums with r80210, I'm getting random crashes, possibly due to an ad using javascript. Seems to crash a little different each time: Process: Safari [4711] Path: /Applications/WebKit.app/Contents/MacOS/WebKit Identifier: org.webkit.nightly.WebKit Version: r80210 (80210) Code Type: PPC (Native) Parent Process: launchd [136] Date/Time: 2011-03-03 09:57:14.810 -0500 OS Version: Mac OS X 10.5.8 (9L30) Report Version: 6 Anonymous UUID: F41C1802-6457-4B49-A738-107FEBA3B7F7 Exception Type: EXC_BAD_ACCESS (SIGBUS) Exception Codes: KERN_PROTECTION_FAILURE at 0x0000000000000064 Crashed Thread: 0 Thread 0 Crashed: 0 com.apple.JavaScriptCore 0x008469a0 JSWeakObjectMapClear + 240 1 com.apple.Safari 0x001b28b4 0x1000 + 1775796 2 com.apple.JavaScriptCore 0x007e2558 JSC::JSCallbackObject<JSC::JSObjectWithGlobalObject>::~JSCallbackObject() + 88 3 com.apple.JavaScriptCore 0x00851f20 JSC::MarkedSpace::allocateFromSizeClass(JSC::MarkedSpace::SizeClass&) + 384 4 com.apple.JavaScriptCore 0x007f9c7c JSC::JSGlobalObject::reset(JSC::JSValue) + 16540 5 com.apple.WebCore 0x01c6e1cc WebCore::JSDOMGlobalObject::JSDOMGlobalObject(WTF::NonNullPassRefPtr<JSC::Structure>, WebCore::JSDOMGlobalObject::JSDOMGlobalObjectData*, JSC::JSObject*) + 172 6 com.apple.WebCore 0x01ccf6e4 WebCore::JSDOMWindowBase::JSDOMWindowBase(WTF::NonNullPassRefPtr<JSC::Structure>, WTF::PassRefPtr<WebCore::DOMWindow>, WebCore::JSDOMWindowShell*) + 100 7 com.apple.WebCore 0x01ca0bc4 WebCore::JSDOMWindow::JSDOMWindow(WTF::NonNullPassRefPtr<JSC::Structure>, WTF::PassRefPtr<WebCore::DOMWindow>, WebCore::JSDOMWindowShell*) + 68 8 com.apple.WebCore 0x01cd8e28 WebCore::JSDOMWindowShell::setWindow(WTF::PassRefPtr<WebCore::DOMWindow>) + 584 9 com.apple.WebCore 0x022ccadc WebCore::ScriptController::clearWindowShell(bool) + 220 10 com.apple.WebCore 0x019b98fc WebCore::Frame::~Frame() + 156 11 com.apple.WebCore 0x019ba250 WebCore::Frame::lifeSupportTimerFired(WebCore::Timer<WebCore::Frame>*) + 64 12 com.apple.WebCore 0x0244e080 WebCore::ThreadTimers::sharedTimerFiredInternal() + 128 13 com.apple.WebCore 0x02319c08 __ZN7WebCoreL10timerFiredEP16__CFRunLoopTimerPv + 72 14 com.apple.CoreFoundation 0x97108818 CFRunLoopRunSpecific + 2968 15 com.apple.HIToolbox 0x904d5b14 RunCurrentEventLoopInMode + 264 16 com.apple.HIToolbox 0x904d5938 ReceiveNextEventCommon + 412 17 com.apple.HIToolbox 0x904d5778 BlockUntilNextEventMatchingListInMode + 84 18 com.apple.AppKit 0x925c0244 _DPSNextEvent + 596 19 com.apple.AppKit 0x925bfbfc -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 112 20 com.apple.Safari 0x00018d74 0x1000 + 97652 21 com.apple.AppKit 0x925b989c -[NSApplication run] + 744 22 com.apple.AppKit 0x9258a298 NSApplicationMain + 440 23 com.apple.Safari 0x0000b378 0x1000 + 41848 Process: Safari [4891] Path: /Applications/WebKit.app/Contents/MacOS/WebKit Identifier: org.webkit.nightly.WebKit Version: r80210 (80210) Code Type: PPC (Native) Parent Process: launchd [136] Date/Time: 2011-03-03 10:01:15.649 -0500 OS Version: Mac OS X 10.5.8 (9L30) Report Version: 6 Anonymous UUID: F41C1802-6457-4B49-A738-107FEBA3B7F7 Exception Type: EXC_BAD_ACCESS (SIGBUS) Exception Codes: KERN_PROTECTION_FAILURE at 0x0000000000000060 Crashed Thread: 0 Thread 0 Crashed: 0 com.apple.JavaScriptCore 0x008469a0 JSWeakObjectMapClear + 240 1 com.apple.Safari 0x001b28b4 0x1000 + 1775796 2 com.apple.JavaScriptCore 0x007e2558 JSC::JSCallbackObject<JSC::JSObjectWithGlobalObject>::~JSCallbackObject() + 88 3 com.apple.JavaScriptCore 0x00851f20 JSC::MarkedSpace::allocateFromSizeClass(JSC::MarkedSpace::SizeClass&) + 384 4 com.apple.JavaScriptCore 0x007bb760 JSC::Interpreter::privateExecute(JSC::Interpreter::ExecutionFlag, JSC::RegisterFile*, JSC::ExecState*) + 1072 5 com.apple.JavaScriptCore 0x007d0094 JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::ScopeChainNode*, JSC::JSObject*) + 756 6 com.apple.JavaScriptCore 0x0077a1c0 JSC::evaluate(JSC::ExecState*, JSC::ScopeChainNode*, JSC::SourceCode const&, JSC::JSValue) + 352 7 com.apple.WebCore 0x022cd634 WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld*) + 660 8 com.apple.WebCore 0x019b9128 WebCore::Frame::injectUserScriptsForWorld(WebCore::DOMWrapperWorld*, WTF::Vector<WTF::OwnPtr<WebCore::UserScript>, 0ul> const&, WebCore::UserScriptInjectionTime) + 856 9 com.apple.WebCore 0x019b934c WebCore::Frame::injectUserScripts(WebCore::UserScriptInjectionTime) + 188 10 com.apple.WebCore 0x019c3d64 WebCore::FrameLoader::finishedParsing() + 52 11 com.apple.WebCore 0x01878978 WebCore::Document::finishedParsing() + 456 12 com.apple.WebCore 0x01a34830 WebCore::HTMLDocumentParser::prepareToStopParsing() + 112 13 com.apple.WebCore 0x01a32aec WebCore::HTMLDocumentParser::finish() + 668 14 com.apple.WebCore 0x01892564 WebCore::DocumentWriter::endIfNotLoadingMainResource() + 100 15 com.apple.WebCore 0x019c3308 WebCore::FrameLoader::finishedLoading() + 104 16 com.apple.WebCore 0x020beb7c WebCore::MainResourceLoader::didFinishLoading(double) + 188 17 com.apple.Foundation 0x94467814 _NSURLConnectionDidFinishLoading + 120 18 com.apple.CFNetwork 0x94b29d8c URLConnectionClient::_clientDidFinishLoading(URLConnectionClient::ClientConnectionEventQueue*) + 236 19 com.apple.CFNetwork 0x94b2aa08 URLConnectionClient::ClientConnectionEventQueue::processAllEventsAndConsumePayload(XConnectionEventInfo<XClientEvent, XClientEventParams>*, long) + 172 20 com.apple.CFNetwork 0x94b2acd8 URLConnectionClient::ClientConnectionEventQueue::processAllEventsAndConsumePayload(XConnectionEventInfo<XClientEvent, XClientEventParams>*, long) + 892 21 com.apple.CFNetwork 0x94b29500 URLConnectionClient::processEvents() + 132 22 com.apple.CFNetwork 0x94ad3000 MultiplexerSource::perform() + 168 23 com.apple.CoreFoundation 0x971080d0 CFRunLoopRunSpecific + 1104 24 com.apple.HIToolbox 0x904d5b14 RunCurrentEventLoopInMode + 264 25 com.apple.HIToolbox 0x904d5938 ReceiveNextEventCommon + 412 26 com.apple.HIToolbox 0x904d5778 BlockUntilNextEventMatchingListInMode + 84 27 com.apple.AppKit 0x925c0244 _DPSNextEvent + 596 28 com.apple.AppKit 0x925bfbfc -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 112 29 com.apple.Safari 0x00018d74 0x1000 + 97652 30 com.apple.AppKit 0x925b989c -[NSApplication run] + 744 31 com.apple.AppKit 0x9258a298 NSApplicationMain + 440 32 com.apple.Safari 0x0000b378 0x1000 + 41848 Process: Safari [4918] Path: /Applications/WebKit.app/Contents/MacOS/WebKit Identifier: org.webkit.nightly.WebKit Version: r80210 (80210) Code Type: PPC (Native) Parent Process: launchd [136] Date/Time: 2011-03-03 10:03:56.229 -0500 OS Version: Mac OS X 10.5.8 (9L30) Report Version: 6 Anonymous UUID: F41C1802-6457-4B49-A738-107FEBA3B7F7 Exception Type: EXC_BAD_ACCESS (SIGBUS) Exception Codes: KERN_PROTECTION_FAILURE at 0x000000000000006a Crashed Thread: 0 Thread 0 Crashed: 0 com.apple.JavaScriptCore 0x008469a0 JSWeakObjectMapClear + 240 1 com.apple.Safari 0x001b28b4 0x1000 + 1775796 2 com.apple.JavaScriptCore 0x007e2558 JSC::JSCallbackObject<JSC::JSObjectWithGlobalObject>::~JSCallbackObject() + 88 3 com.apple.JavaScriptCore 0x00851f20 JSC::MarkedSpace::allocateFromSizeClass(JSC::MarkedSpace::SizeClass&) + 384 4 com.apple.JavaScriptCore 0x0077d28c JSC::DateConstructor::DateConstructor(JSC::ExecState*, JSC::JSGlobalObject*, WTF::NonNullPassRefPtr<JSC::Structure>, JSC::Structure*, JSC::DatePrototype*) + 844 5 com.apple.JavaScriptCore 0x007f7404 JSC::JSGlobalObject::reset(JSC::JSValue) + 6180 6 com.apple.WebCore 0x01c6e1cc WebCore::JSDOMGlobalObject::JSDOMGlobalObject(WTF::NonNullPassRefPtr<JSC::Structure>, WebCore::JSDOMGlobalObject::JSDOMGlobalObjectData*, JSC::JSObject*) + 172 7 com.apple.WebCore 0x01ccf6e4 WebCore::JSDOMWindowBase::JSDOMWindowBase(WTF::NonNullPassRefPtr<JSC::Structure>, WTF::PassRefPtr<WebCore::DOMWindow>, WebCore::JSDOMWindowShell*) + 100 8 com.apple.WebCore 0x01ca0bc4 WebCore::JSDOMWindow::JSDOMWindow(WTF::NonNullPassRefPtr<JSC::Structure>, WTF::PassRefPtr<WebCore::DOMWindow>, WebCore::JSDOMWindowShell*) + 68 9 com.apple.WebCore 0x01cd8e28 WebCore::JSDOMWindowShell::setWindow(WTF::PassRefPtr<WebCore::DOMWindow>) + 584 10 com.apple.WebCore 0x01cd90d0 WebCore::JSDOMWindowShell::JSDOMWindowShell(WTF::PassRefPtr<WebCore::DOMWindow>, WebCore::DOMWrapperWorld*) + 208 11 com.apple.WebCore 0x022ccdc4 WebCore::ScriptController::createWindowShell(WebCore::DOMWrapperWorld*) + 84 12 com.apple.WebCore 0x022cd1c8 WebCore::ScriptController::initScript(WebCore::DOMWrapperWorld*) + 24 13 com.apple.WebCore 0x022cd468 WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld*) + 200 14 com.apple.WebCore 0x019b9128 WebCore::Frame::injectUserScriptsForWorld(WebCore::DOMWrapperWorld*, WTF::Vector<WTF::OwnPtr<WebCore::UserScript>, 0ul> const&, WebCore::UserScriptInjectionTime) + 856 15 com.apple.WebCore 0x019b934c WebCore::Frame::injectUserScripts(WebCore::UserScriptInjectionTime) + 188 16 com.apple.WebCore 0x019bcf8c WebCore::FrameLoader::dispatchDocumentElementAvailable() + 28 17 com.apple.WebCore 0x01a2bf0c WebCore::HTMLConstructionSite::insertHTMLHtmlStartTagBeforeHTML(WebCore::AtomicHTMLToken&) + 348 18 com.apple.WebCore 0x01ab20dc WebCore::HTMLTreeBuilder::processStartTag(WebCore::AtomicHTMLToken&) + 204 19 com.apple.WebCore 0x01ab7ddc WebCore::HTMLTreeBuilder::constructTreeFromAtomicToken(WebCore::AtomicHTMLToken&) + 28 20 com.apple.WebCore 0x01ab7e88 WebCore::HTMLTreeBuilder::constructTreeFromToken(WebCore::HTMLToken&) + 40 21 com.apple.WebCore 0x01a33a18 WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode) + 360 22 com.apple.WebCore 0x01a344f0 WebCore::HTMLDocumentParser::append(WebCore::SegmentedString const&) + 96 23 com.apple.WebCore 0x018506e8 WebCore::DecodedDataDocumentParser::appendBytes(WebCore::DocumentWriter*, char const*, int, bool) + 344 24 com.apple.WebCore 0x01892558 WebCore::DocumentWriter::endIfNotLoadingMainResource() + 88 25 com.apple.WebCore 0x019c3308 WebCore::FrameLoader::finishedLoading() + 104 26 com.apple.WebCore 0x020beb7c WebCore::MainResourceLoader::didFinishLoading(double) + 188 27 com.apple.Foundation 0x94467814 _NSURLConnectionDidFinishLoading + 120 28 com.apple.CFNetwork 0x94b29d8c URLConnectionClient::_clientDidFinishLoading(URLConnectionClient::ClientConnectionEventQueue*) + 236 29 com.apple.CFNetwork 0x94b2aa08 URLConnectionClient::ClientConnectionEventQueue::processAllEventsAndConsumePayload(XConnectionEventInfo<XClientEvent, XClientEventParams>*, long) + 172 30 com.apple.CFNetwork 0x94b2acd8 URLConnectionClient::ClientConnectionEventQueue::processAllEventsAndConsumePayload(XConnectionEventInfo<XClientEvent, XClientEventParams>*, long) + 892 31 com.apple.CFNetwork 0x94b29500 URLConnectionClient::processEvents() + 132 32 com.apple.CFNetwork 0x94ad3000 MultiplexerSource::perform() + 168 33 com.apple.CoreFoundation 0x971080d0 CFRunLoopRunSpecific + 1104 34 com.apple.HIToolbox 0x904d5b14 RunCurrentEventLoopInMode + 264 35 com.apple.HIToolbox 0x904d5938 ReceiveNextEventCommon + 412 36 com.apple.HIToolbox 0x904d5778 BlockUntilNextEventMatchingListInMode + 84 37 com.apple.AppKit 0x925c0244 _DPSNextEvent + 596 38 com.apple.AppKit 0x925bfbfc -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 112 39 com.apple.Safari 0x00018d74 0x1000 + 97652 40 com.apple.AppKit 0x925b989c -[NSApplication run] + 744 41 com.apple.AppKit 0x9258a298 NSApplicationMain + 440 42 com.apple.Safari 0x0000b378 0x1000 + 41848
Attachments
Patch (1.54 KB, patch)
2011-03-24 12:33 PDT, Oliver Hunt 		ggaren: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Alexey Proskuryakov
Comment 1 2011-03-03 11:59:04 PST
<rdar://problem/9082329>
Kevin M. Dean
Comment 2 2011-03-06 07:27:33 PST
Just a note that I've had this crash on some other sites as well: myspace.com amazon.com or camelcamelcamel.com (not sure which crashed me since I was switching between the two).
Oliver Hunt
Comment 3 2011-03-09 17:09:18 PST
Do you have any extensions installed?
Kevin M. Dean
Comment 4 2011-03-09 19:35:52 PST
(In reply to comment #3) > Do you have any extensions installed? Yes, but it doesn't seem specific to any one extension. If I have just one of the following and no others enabled, I can still get the crash. Other extensions seem fine alone, but sometimes crash when other extenstion are enables. Seems that there's something broken with a variety of extension's ability to inject content onto the page. All of these extensions work fine in the previous nightly. Franker 1.0.2 http://code.google.com/p/franker/ NinjaKit 0.8 http://translate.google.com/translate?js=y&prev=_t&hl=en&ie=UTF-8&layout=1&eotf=1&u=http%3A%2F%2Fd.hatena.ne.jp%2Fos0x%2F20100612%2F1276330696&sl=auto&tl=en Builtwith 1.0 http://builtwith.com/ InvisibleHand 2.5 http://www.getinvisiblehand.com/ Copy All Links http://blog.firdau.si/?s=copy+all+links BetterSource 1.0 http://www.awarepixel.com/safari/bettersource/ QuickNuke 1.0 http://canisbos.com/
Oliver Hunt
Comment 5 2011-03-10 11:23:52 PST
Can you attach a complete crash report? you should be able to get to the log file through console.app
Kevin M. Dean
Comment 6 2011-03-10 12:13:21 PST
(In reply to comment #5) > Can you attach a complete crash report? you should be able to get to the log file through console.app Since the crash report sometimes varies between crashes, I've uploaded all 20 of them from when I was doing by extensions tests in a zip file. http://development.rhubarbproductions.com/webkit/safari-crashes.zip
Kevin M. Dean
Comment 7 2011-03-10 21:29:45 PST
Since it's been a while between nightlies, I'm just confirming that it still crashes with r80761.
Oliver Hunt
Comment 8 2011-03-10 23:57:24 PST
(In reply to comment #7) > Since it's been a while between nightlies, I'm just confirming that it still crashes with r80761. Are you able to do some debugging for us? It will need you to checkout and build all of webkit (which will unfortunately take a looong time), but with any luck will tell us exactly where everything is going horribly wrong. Basically i'm after a stack trace of the crash from a debug build of webkit as that will give me slightly more insight into what's happening.
Kevin M. Dean
Comment 9 2011-03-11 00:38:31 PST
(In reply to comment #8) > (In reply to comment #7) > > Since it's been a while between nightlies, I'm just confirming that it still crashes with r80761. > > Are you able to do some debugging for us? It will need you to checkout and build all of webkit (which will unfortunately take a looong time), but with any luck will tell us exactly where everything is going horribly wrong. > > Basically i'm after a stack trace of the crash from a debug build of webkit as that will give me slightly more insight into what's happening. I don't know how to do that or if I have the tools to do that. Don't have any developer tools installed here. If I don't need anything special then I can try or I'll need someone to make a debug build that runs on 10.5.8/PPC.
Kevin M. Dean
Comment 10 2011-03-11 00:48:57 PST
Downloading Xcode 3.1.4 and Java Developer 10.5....
Kevin M. Dean
Comment 11 2011-03-11 07:55:47 PST
Building a debug build now.... wow, talk about a processor killer.
Kevin M. Dean
Comment 12 2011-03-11 10:14:25 PST
OK, new problem. I can run a debug build, but when I trigger the crash it just hangs now. The ReportCrash process launches and eats some CPU along with Safari, but a Crash Report window never appears and eventually I have to force quit the ReportCrash process. I shouldn't have to wait 5-10 minutes or more for it to fully Crash, right? I believe I'm running r80853. Is there anyway to get the r version when running the build or from the files? What should I do now?
Kevin M. Dean
Comment 13 2011-03-11 10:22:40 PST
Maybe r80853 has other issues becuase it's crashing on other pages that don't usually crash for me. The terminal shows the following after one of the newer hangs on a new page: Multiverse:~ kdean$ run-safari --debug Starting Safari with DYLD_FRAMEWORK_PATH set to point to built WebKit in /Users/kdean/WebKit/WebKitBuild/Debug. ASSERTION FAILED: scriptExecutionContext /Users/kdean/WebKit/Source/WebCore/bindings/js/JSDOMBinding.cpp(513) : void WebCore::reportException(JSC::ExecState*, JSC::JSValue) 1 WebCore::reportException(JSC::ExecState*, JSC::JSValue) 2 WebLocalizedString 3 _mh_execute_header 4 _mh_execute_header 5 _mh_execute_header 6 _mh_execute_header 7 _mh_execute_header 8 WTF::callOnMainThread(void (*)(void*), void*) 9 WTF::isMainThread() 10 CFRunLoopRunSpecific 11 BlockUntilNextEventMatchingListInMode 12 BlockUntilNextEventMatchingListInMode 13 BlockUntilNextEventMatchingListInMode 14 _DPSNextEvent 15 _NSUpdateMenuRefWithChangedMenuItem 16 _mh_execute_header 17 _NSSetViewMultiClipDrawingHelper 18 NSApplicationMain 19 _mh_execute_header 20 0xbffff8cc
Oliver Hunt
Comment 14 2011-03-11 10:25:40 PST
(In reply to comment #12) > OK, new problem. > > I can run a debug build, but when I trigger the crash it just hangs now. The ReportCrash process launches and eats some CPU along with Safari, but a Crash Report window never appears and eventually I have to force quit the ReportCrash process. I shouldn't have to wait 5-10 minutes or more for it to fully Crash, right? > > I believe I'm running r80853. Is there anyway to get the r version when running the build or from the files? > > What should I do now? Actually it can take a huge amount of time in a debug build. The easiest solution will be to run inside a debugger. If you use the gdb-safari script that should launch gdb in a way that will be setup to run safari with your build of webkit. once you're given a prompt just type run and hit enter. Then trigger the crash. At that point gdb should say where the code is. then type bt and hit enter to get a full backtrace
Oliver Hunt
Comment 15 2011-03-11 10:27:11 PST
Replace ASSERT(scriptExecutionContext) with if (!scriptExecutionContext) return; --Oliver (In reply to comment #13) > Maybe r80853 has other issues becuase it's crashing on other pages that don't usually crash for me. The terminal shows the following after one of the newer hangs on a new page: > > > Multiverse:~ kdean$ run-safari --debug > Starting Safari with DYLD_FRAMEWORK_PATH set to point to built WebKit in /Users/kdean/WebKit/WebKitBuild/Debug. > ASSERTION FAILED: scriptExecutionContext > /Users/kdean/WebKit/Source/WebCore/bindings/js/JSDOMBinding.cpp(513) : void WebCore::reportException(JSC::ExecState*, JSC::JSValue) > 1 WebCore::reportException(JSC::ExecState*, JSC::JSValue) > 2 WebLocalizedString > 3 _mh_execute_header > 4 _mh_execute_header > 5 _mh_execute_header > 6 _mh_execute_header > 7 _mh_execute_header > 8 WTF::callOnMainThread(void (*)(void*), void*) > 9 WTF::isMainThread() > 10 CFRunLoopRunSpecific > 11 BlockUntilNextEventMatchingListInMode > 12 BlockUntilNextEventMatchingListInMode > 13 BlockUntilNextEventMatchingListInMode > 14 _DPSNextEvent > 15 _NSUpdateMenuRefWithChangedMenuItem > 16 _mh_execute_header > 17 _NSSetViewMultiClipDrawingHelper > 18 NSApplicationMain > 19 _mh_execute_header > 20 0xbffff8cc
Kevin M. Dean
Comment 16 2011-03-11 10:29:25 PST
(In reply to comment #14) > > Actually it can take a huge amount of time in a debug build. The easiest solution will be to run inside a debugger. If you use the gdb-safari script that should launch gdb in a way that will be setup to run safari with your build of webkit. running gdb-safari fails with: Can't find built framework at "/Users/kdean/WebKit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore".
Kevin M. Dean
Comment 17 2011-03-11 10:32:15 PST
(In reply to comment #15) > Replace > ASSERT(scriptExecutionContext) > > with > > if (!scriptExecutionContext) return; Ok, I replaced that. Will I need to rebuild? That's basically a 2 hour process with max-ed out cpu during that time for me, unless a subsequent build is quicker after an initial build.
Oliver Hunt
Comment 18 2011-03-11 10:34:15 PST
(In reply to comment #16) > (In reply to comment #14) > > > > Actually it can take a huge amount of time in a debug build. The easiest solution will be to run inside a debugger. If you use the gdb-safari script that should launch gdb in a way that will be setup to run safari with your build of webkit. > > running gdb-safari fails with: > > Can't find built framework at "/Users/kdean/WebKit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore". Do gdb-safari --debug and see if that works
Oliver Hunt
Comment 19 2011-03-11 10:36:39 PST
(In reply to comment #17) > (In reply to comment #15) > > Replace > > ASSERT(scriptExecutionContext) > > > > with > > > > if (!scriptExecutionContext) return; > > Ok, I replaced that. Will I need to rebuild? That's basically a 2 hour process with max-ed out cpu during that time for me, unless a subsequent build is quicker after an initial build. just build webcore (you don't need to rebuild anything else) and it should only recompile that one file, although linking will still probably take 10 minutes or so. Do not do "clean" or anything like that though :) Thanks for helping out with this.
Kevin M. Dean
Comment 20 2011-03-11 10:41:22 PST
(In reply to comment #18) > Do gdb-safari --debug and see if that works That worked, here's the result: Program received signal EXC_BAD_ACCESS, Could not access memory. Reason: KERN_PROTECTION_FAILURE at address: 0x00000090 0x007dba9c in JSC::APIEntryShimWithoutLock::APIEntryShimWithoutLock (this=0xbfffb1d0, globalData=0x18, registerThread=true) at APIShims.h:40 40 , m_entryIdentifierTable(wtfThreadData().setCurrentIdentifierTable(globalData->identifierTable)) (gdb) bt #0 0x007dba9c in JSC::APIEntryShimWithoutLock::APIEntryShimWithoutLock (this=0xbfffb1d0, globalData=0x18, registerThread=true) at APIShims.h:40 #1 0x008210d0 in JSC::APIEntryShim::APIEntryShim (this=0xbfffb1d0, exec=0x1d929a0, registerThread=true) at APIShims.h:67 #2 0x008a8928 in JSWeakObjectMapClear (ctx=0x1d929a0, map=0x244af1e0, key=0x1c4b6f90, object=0x1c3f7a00) at /Users/kdean/WebKit/Source/JavaScriptCore/API/JSWeakObjectMapRefPrivate.cpp:74 #3 0x001b402c in ?? () #4 0x001b3778 in ?? () #5 0x008335d8 in JSC::JSCallbackObject<JSC::JSObjectWithGlobalObject>::~JSCallbackObject (this=Cannot access memory at address 0x79 ) at JSCallbackObjectFunctions.h:100 #6 0x008bb1a8 in JSC::MarkedBlock::allocate (this=0x1c3f4000) at JSCell.h:404 #7 0x008ba0bc in JSC::MarkedSpace::allocateFromSizeClass (this=0x99006b4, sizeClass=@0x9900714) at /Users/kdean/WebKit/Source/JavaScriptCore/runtime/MarkedSpace.cpp:77 #8 0x04a946cc in JSC::MarkedSpace::allocate (this=0x99006b4, bytes=52) at JSCell.h:424 #9 0x04a95024 in JSC::Heap::allocate (this=0x99006b0, bytes=52) at JSCell.h:436 #10 0x04a950b4 in JSC::JSCell::operator new (size=52, exec=0x1a9d6078) at JSCell.h:451 #11 0x0538d92c in WebCore::createDOMNodeWrapper<WebCore::JSHTMLImageElement, WebCore::HTMLImageElement> (exec=0x1a9d6078, globalObject=0x2398da20, node=0x234dbe60) at JSDOMBinding.h:181 #12 0x05380044 in WebCore::createHTMLImageElementWrapper (exec=0x1a9d6078, globalObject=0x2398da20, element=@0xbfffb5dc) at /Users/kdean/WebKit/WebKitBuild/Debug/DerivedSources/WebCore/JSHTMLElementWrapperFactory.cpp:389 #13 0x0537f2a0 in WebCore::createJSHTMLWrapper (exec=0x1a9d6078, globalObject=0x2398da20, element=@0xbfffc000) at /Users/kdean/WebKit/WebKitBuild/Debug/DerivedSources/WebCore/JSHTMLElementWrapperFactory.cpp:694 #14 0x0543b06c in WebCore::createWrapperInline (exec=0x1a9d6078, globalObject=0x2398da20, node=0x234dbe60) at /Users/kdean/WebKit/Source/WebCore/bindings/js/JSNodeCustom.cpp:173 #15 0x0543b334 in WebCore::createWrapper (exec=0x1a9d6078, globalObject=0x2398da20, node=0x234dbe60) at /Users/kdean/WebKit/Source/WebCore/bindings/js/JSNodeCustom.cpp:223 #16 0x04db4980 in WebCore::toJS (exec=0x1a9d6078, globalObject=0x2398da20, node=0x234dbe60) at js/JSNodeCustom.h:57 #17 0x054423a0 in WebCore::JSNodeList::indexGetter (exec=0x1a9d6078, slotBase={u = {asEncodedJSValue = -16595110272, asDouble = -nan(0xffffc22dab680), asBits = {tag = -4, payload = 584758912}}}, index=106) at /Users/kdean/WebKit/WebKitBuild/Debug/DerivedSources/WebCore/JSNodeList.cpp:257 #18 0x0073aa84 in JSC::PropertySlot::getValue (this=0xbfffc240, exec=0x1a9d6078, propertyName=106) at PropertySlot.h:83 #19 0x0080cd10 in JSC::JSValue::get (this=0xbfffd598, exec=0x1a9d6078, propertyName=106, slot=@0xbfffc240) at JSObject.h:781 #20 0x0080cdec in JSC::JSValue::get (this=0xbfffd598, exec=0x1a9d6078, propertyName=106) at JSObject.h:767 #21 0x007fb8dc in JSC::Interpreter::privateExecute (this=0x9871a00, flag=JSC::Interpreter::Normal, registerFile=0x9871a0c, callFrame=0x1a9d6078) at /Users/kdean/WebKit/Source/JavaScriptCore/interpreter/Interpreter.cpp:3278 #22 0x00803da8 in JSC::Interpreter::execute (this=0x9871a00, program=0x22dab648, callFrame=0x2398daa0, scopeChain=0x22ec7660, thisObj=0x21d39578) at /Users/kdean/WebKit/Source/JavaScriptCore/interpreter/Interpreter.cpp:776 #23 0x007a5a9c in JSC::evaluate (exec=0x2398daa0, scopeChain=0x22ec7660, source=@0xbfffdd04, thisValue={u = {asEncodedJSValue = -16612354696, asDouble = -nan(0xffffc21d39578), asBits = {tag = -4, payload = 567514488}}}) at /Users/kdean/WebKit/Source/JavaScriptCore/runtime/Completion.cpp:67 #24 0x059ddeec in WebCore::JSMainThreadExecState::evaluate (exec=0x2398daa0, chain=0x22ec7660, source=@0xbfffdd04, thisValue={u = {asEncodedJSValue = -16612354696, asDouble = -nan(0xffffc21d39578), asBits = {tag = -4, payload = 567514488}}}) at JSMainThreadExecState.h:54 #25 0x059d5fa4 in WebCore::ScriptController::evaluateInWorld (this=0x9a137e8, sourceCode=@0xbfffdd00, world=0x967dbb0) at /Users/kdean/WebKit/Source/WebCore/bindings/js/ScriptController.cpp:142 #26 0x059d6178 in WebCore::ScriptController::evaluate (this=0x9a137e8, sourceCode=@0xbfffdd00) at /Users/kdean/WebKit/Source/WebCore/bindings/js/ScriptController.cpp:165 #27 0x059f1a04 in WebCore::ScriptElement::executeScript (this=0x22a74d58, sourceCode=@0xbfffdd00) at /Users/kdean/WebKit/Source/WebCore/dom/ScriptElement.cpp:256 #28 0x059f228c in WebCore::ScriptElement::prepareScript (this=0x22a74d58, scriptStartPosition=@0xbfffdf30, supportLegacyTypes=WebCore::ScriptElement::DisallowLegacyTypeInTypeAttribute) at /Users/kdean/WebKit/Source/WebCore/dom/ScriptElement.cpp:213 #29 0x05084320 in WebCore::HTMLScriptRunner::runScript (this=0x2265e2f0, script=0x22a74d10, scriptStartPosition=@0xbfffdf30) at /Users/kdean/WebKit/Source/WebCore/html/parser/HTMLScriptRunner.cpp:289 #30 0x05085240 in WebCore::HTMLScriptRunner::execute (this=0x2265e2f0, scriptElement=@0xbfffdf28, scriptStartPosition=@0xbfffdf30) at /Users/kdean/WebKit/Source/WebCore/html/parser/HTMLScriptRunner.cpp:173 #31 0x050038e8 in WebCore::HTMLDocumentParser::runScriptsForPausedTreeBuilder (this=0x209ce200) at /Users/kdean/WebKit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:205 #32 0x05003998 in WebCore::HTMLDocumentParser::canTakeNextToken (this=0x209ce200, mode=WebCore::HTMLDocumentParser::AllowYield, session=@0xbfffe008) at /Users/kdean/WebKit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:216 #33 0x050051ac in WebCore::HTMLDocumentParser::pumpTokenizer (this=0x209ce200, mode=WebCore::HTMLDocumentParser::AllowYield) at /Users/kdean/WebKit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:255 #34 0x05005494 in WebCore::HTMLDocumentParser::resumeParsingAfterYield (this=0x209ce200) at /Users/kdean/WebKit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:192 #35 0x0507d3e4 in WebCore::HTMLParserScheduler::continueNextChunkTimerFired (this=0x2265e1a0, timer=0x2265e1b0) at /Users/kdean/WebKit/Source/WebCore/html/parser/HTMLParserScheduler.cpp:86 #36 0x0507d79c in WebCore::Timer<WebCore::HTMLParserScheduler>::fired (this=0x2265e1b0) at Timer.h:100 #37 0x05c0ee78 in WebCore::ThreadTimers::sharedTimerFiredInternal (this=0x93b5c40) at /Users/kdean/WebKit/Source/WebCore/platform/ThreadTimers.cpp:112 #38 0x05c0f1f0 in WebCore::ThreadTimers::sharedTimerFired () at /Users/kdean/WebKit/Source/WebCore/platform/ThreadTimers.cpp:90 #39 0x05a597a0 in WebCore::timerFired () at /Users/kdean/WebKit/Source/WebCore/platform/mac/SharedTimerMac.mm:166 #40 0x901cc81c in CFRunLoopRunSpecific () #41 0x91f71b18 in RunCurrentEventLoopInMode () #42 0x91f7193c in ReceiveNextEventCommon () #43 0x91f7177c in BlockUntilNextEventMatchingListInMode () #44 0x90831248 in _DPSNextEvent () #45 0x90830c00 in -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] () #46 0x00019a14 in ?? () #47 0x9082a8a0 in -[NSApplication run] () #48 0x907fb29c in NSApplicationMain () #49 0x0000c05c in ?? () Current language: auto; currently c++
Kevin M. Dean
Comment 21 2011-03-11 10:44:21 PST
(In reply to comment #19) > just build webcore (you don't need to rebuild anything else) and it should only recompile that one file, although linking will still probably take 10 minutes or so. > > Do not do "clean" or anything like that though :) > > Thanks for helping out with this. Since I've only got so far by following instructions off webkit.org and your help, I'd need a more specific instruction on how to just build webcore. Basically I only know about the build-webkit script.
Oliver Hunt
Comment 22 2011-03-11 10:51:46 PST
(In reply to comment #21) > (In reply to comment #19) > > > just build webcore (you don't need to rebuild anything else) and it should only recompile that one file, although linking will still probably take 10 minutes or so. > > > > Do not do "clean" or anything like that though :) > > > > Thanks for helping out with this. > > Since I've only got so far by following instructions off webkit.org and your help, I'd need a more specific instruction on how to just build webcore. Basically I only know about the build-webkit script. build-webkit will do the right thing :)
Kevin M. Dean
Comment 23 2011-03-11 11:23:26 PST
Did my previous backtrace give you what you need or do you need me to do it again after a rebuild?
Oliver Hunt
Comment 24 2011-03-11 11:27:34 PST
(In reply to comment #23) > Did my previous backtrace give you what you need or do you need me to do it again after a rebuild? I have an idea for how to deal with this, but i probably won't get to it for a couple of days.
Kevin M. Dean
Comment 25 2011-03-11 11:34:58 PST
(In reply to comment #24) > (In reply to comment #23) > > Did my previous backtrace give you what you need or do you need me to do it again after a rebuild? > > I have an idea for how to deal with this, but i probably won't get to it for a couple of days. Great, here's another backtrace that's a little different that I ran after doing a update / rebuild. Program received signal EXC_BAD_ACCESS, Could not access memory. Reason: KERN_PROTECTION_FAILURE at address: 0x0000007e 0x007dba9c in JSC::APIEntryShimWithoutLock::APIEntryShimWithoutLock (this=0xbfffba30, globalData=0x6, registerThread=true) at APIShims.h:40 40 , m_entryIdentifierTable(wtfThreadData().setCurrentIdentifierTable(globalData->identifierTable)) (gdb) bt #0 0x007dba9c in JSC::APIEntryShimWithoutLock::APIEntryShimWithoutLock (this=0xbfffba30, globalData=0x6, registerThread=true) at APIShims.h:40 #1 0x008210d0 in JSC::APIEntryShim::APIEntryShim (this=0xbfffba30, exec=0x22409d20, registerThread=true) at APIShims.h:67 #2 0x008a8928 in JSWeakObjectMapClear (ctx=0x22409d20, map=0x2045ede0, key=0x1c45a120, object=0x2248e8b8) at /Users/kdean/WebKit/Source/JavaScriptCore/API/JSWeakObjectMapRefPrivate.cpp:74 #3 0x001b402c in ?? () #4 0x001b3778 in ?? () #5 0x008335d8 in JSC::JSCallbackObject<JSC::JSObjectWithGlobalObject>::~JSCallbackObject (this=Cannot access memory at address 0x79 ) at JSCallbackObjectFunctions.h:100 #6 0x008bb1a8 in JSC::MarkedBlock::allocate (this=0x2248c000) at JSCell.h:404 #7 0x008ba0bc in JSC::MarkedSpace::allocateFromSizeClass (this=0x98d7cb4, sizeClass=@0x98d7d14) at /Users/kdean/WebKit/Source/JavaScriptCore/runtime/MarkedSpace.cpp:77 #8 0x0073c988 in JSC::MarkedSpace::allocate (this=0x98d7cb4, bytes=56) at JSCell.h:424 #9 0x0073d2a4 in JSC::Heap::allocate (this=0x98d7cb0, bytes=56) at JSCell.h:436 #10 0x0073d334 in JSC::JSCell::operator new (size=56, exec=0x1a9d6038) at JSCell.h:451 #11 0x0081109c in JSC::FunctionExecutable::make (this=0x224f0510, exec=0x1a9d6038, scopeChain=0x2240f7e0) at Executable.h:312 #12 0x007fdc98 in JSC::Interpreter::privateExecute (this=0x98d0800, flag=JSC::Interpreter::Normal, registerFile=0x98d080c, callFrame=0x1a9d6038) at /Users/kdean/WebKit/Source/JavaScriptCore/interpreter/Interpreter.cpp:3793 #13 0x00803da8 in JSC::Interpreter::execute (this=0x98d0800, program=0x2248e7a0, callFrame=0x22409aa0, scopeChain=0x2240f7e0, thisObj=0x2248da48) at /Users/kdean/WebKit/Source/JavaScriptCore/interpreter/Interpreter.cpp:776 #14 0x007a5a9c in JSC::evaluate (exec=0x22409aa0, scopeChain=0x2240f7e0, source=@0xbfffd754, thisValue={u = {asEncodedJSValue = -16604669368, asDouble = -nan(0xffffc2248da48), asBits = {tag = -4, payload = 575199816}}}) at /Users/kdean/WebKit/Source/JavaScriptCore/runtime/Completion.cpp:67 #15 0x059ddeec in WebCore::JSMainThreadExecState::evaluate (exec=0x22409aa0, chain=0x2240f7e0, source=@0xbfffd754, thisValue={u = {asEncodedJSValue = -16604669368, asDouble = -nan(0xffffc2248da48), asBits = {tag = -4, payload = 575199816}}}) at JSMainThreadExecState.h:54 #16 0x059d5fa4 in WebCore::ScriptController::evaluateInWorld (this=0x20b21fe8, sourceCode=@0xbfffd750, world=0x1b01f420) at /Users/kdean/WebKit/Source/WebCore/bindings/js/ScriptController.cpp:142 #17 0x04f28d80 in WebCore::Frame::injectUserScriptsForWorld (this=0x20b21c00, world=0x1b01f420, userScripts=@0x1c44abb0, injectionTime=WebCore::InjectAtDocumentEnd) at /Users/kdean/WebKit/Source/WebCore/page/Frame.cpp:550 #18 0x04f28ec4 in WebCore::Frame::injectUserScripts (this=0x20b21c00, injectionTime=WebCore::InjectAtDocumentEnd) at /Users/kdean/WebKit/Source/WebCore/page/Frame.cpp:530 #19 0x04f43248 in WebCore::FrameLoader::finishedParsing (this=0x20b21c78) at /Users/kdean/WebKit/Source/WebCore/loader/FrameLoader.cpp:764 #20 0x04d11210 in WebCore::Document::finishedParsing (this=0x24098200) at /Users/kdean/WebKit/Source/WebCore/dom/Document.cpp:4282 #21 0x050a7fec in WebCore::HTMLTreeBuilder::finished (this=0x230ea5e0) at /Users/kdean/WebKit/Source/WebCore/html/parser/HTMLTreeBuilder.cpp:2807 #22 0x05003f5c in WebCore::HTMLDocumentParser::end (this=0x20ba3e00) at /Users/kdean/WebKit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:354 #23 0x050040d8 in WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd (this=0x20ba3e00) at /Users/kdean/WebKit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:363 #24 0x05005f60 in WebCore::HTMLDocumentParser::prepareToStopParsing (this=0x20ba3e00) at /Users/kdean/WebKit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:151 #25 0x05003df4 in WebCore::HTMLDocumentParser::attemptToEnd (this=0x20ba3e00) at /Users/kdean/WebKit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:375 #26 0x05003e58 in WebCore::HTMLDocumentParser::finish (this=0x20ba3e00) at /Users/kdean/WebKit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:403 #27 0x04cfa04c in WebCore::Document::finishParsing (this=0x24098200) at /Users/kdean/WebKit/Source/WebCore/dom/Document.cpp:2271 #28 0x04d6aec0 in WebCore::DocumentWriter::endIfNotLoadingMainResource (this=0x20c036ec) at /Users/kdean/WebKit/Source/WebCore/loader/DocumentWriter.cpp:222 #29 0x04d6af1c in WebCore::DocumentWriter::end (this=0x20c036ec) at /Users/kdean/WebKit/Source/WebCore/loader/DocumentWriter.cpp:207 #30 0x04d4bacc in WebCore::DocumentLoader::finishedLoading (this=0x20c03600) at /Users/kdean/WebKit/Source/WebCore/loader/DocumentLoader.cpp:284 #31 0x04f42454 in WebCore::FrameLoader::finishedLoading (this=0x20b21c78) at /Users/kdean/WebKit/Source/WebCore/loader/FrameLoader.cpp:2188 #32 0x0564a25c in WebCore::MainResourceLoader::didFinishLoading (this=0x20be0e00, finishTime=0) at /Users/kdean/WebKit/Source/WebCore/loader/MainResourceLoader.cpp:467 #33 0x0599cc0c in WebCore::ResourceLoader::didFinishLoading (this=0x20be0e00, finishTime=0) at /Users/kdean/WebKit/Source/WebCore/loader/ResourceLoader.cpp:436 #34 0x05997a58 in -[WebCoreResourceHandleAsDelegate connectionDidFinishLoading:] (self=0x230dfe60, _cmd=0x917a1300, connection=0x230dc930) at /Users/kdean/WebKit/Source/WebCore/platform/network/mac/ResourceHandleMac.mm:969 #35 0x937d8818 in _NSURLConnectionDidFinishLoading () #36 0x9636bd90 in URLConnectionClient::_clientDidFinishLoading () #37 0x9636ca0c in URLConnectionClient::ClientConnectionEventQueue::processAllEventsAndConsumePayload () #38 0x9636ccdc in URLConnectionClient::ClientConnectionEventQueue::processAllEventsAndConsumePayload () #39 0x9636b504 in URLConnectionClient::processEvents () #40 0x96315004 in MultiplexerSource::perform () #41 0x901cc1a0 in CFRunLoopRunSpecific () #42 0x91f71b18 in RunCurrentEventLoopInMode () #43 0x91f7193c in ReceiveNextEventCommon () #44 0x91f7177c in BlockUntilNextEventMatchingListInMode () #45 0x90831248 in _DPSNextEvent () #46 0x90830c00 in -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] () #47 0x00019a14 in ?? () #48 0x9082a8a0 in -[NSApplication run] () #49 0x907fb29c in NSApplicationMain () #50 0x0000c05c in ?? () Current language: auto; currently c++
Oliver Hunt
Comment 26 2011-03-11 11:45:01 PST
You're getting slightly different traces as the crash occurs during an object's finalization, which can happen anytime there's a gc sweep. The top of the trace is always the same. (In reply to comment #25) > (In reply to comment #24) > > (In reply to comment #23) > > > Did my previous backtrace give you what you need or do you need me to do it again after a rebuild? > > > > I have an idea for how to deal with this, but i probably won't get to it for a couple of days. > > Great, here's another backtrace that's a little different that I ran after doing a update / rebuild. > > > Program received signal EXC_BAD_ACCESS, Could not access memory. > Reason: KERN_PROTECTION_FAILURE at address: 0x0000007e > 0x007dba9c in JSC::APIEntryShimWithoutLock::APIEntryShimWithoutLock (this=0xbfffba30, globalData=0x6, registerThread=true) at APIShims.h:40 > 40 , m_entryIdentifierTable(wtfThreadData().setCurrentIdentifierTable(globalData->identifierTable)) > (gdb) bt > #0 0x007dba9c in JSC::APIEntryShimWithoutLock::APIEntryShimWithoutLock (this=0xbfffba30, globalData=0x6, registerThread=true) at APIShims.h:40 > #1 0x008210d0 in JSC::APIEntryShim::APIEntryShim (this=0xbfffba30, exec=0x22409d20, registerThread=true) at APIShims.h:67 > #2 0x008a8928 in JSWeakObjectMapClear (ctx=0x22409d20, map=0x2045ede0, key=0x1c45a120, object=0x2248e8b8) at /Users/kdean/WebKit/Source/JavaScriptCore/API/JSWeakObjectMapRefPrivate.cpp:74 > #3 0x001b402c in ?? () > #4 0x001b3778 in ?? () > #5 0x008335d8 in JSC::JSCallbackObject<JSC::JSObjectWithGlobalObject>::~JSCallbackObject (this=Cannot access memory at address 0x79 > ) at JSCallbackObjectFunctions.h:100 > #6 0x008bb1a8 in JSC::MarkedBlock::allocate (this=0x2248c000) at JSCell.h:404 > #7 0x008ba0bc in JSC::MarkedSpace::allocateFromSizeClass (this=0x98d7cb4, sizeClass=@0x98d7d14) at /Users/kdean/WebKit/Source/JavaScriptCore/runtime/MarkedSpace.cpp:77 > #8 0x0073c988 in JSC::MarkedSpace::allocate (this=0x98d7cb4, bytes=56) at JSCell.h:424 > #9 0x0073d2a4 in JSC::Heap::allocate (this=0x98d7cb0, bytes=56) at JSCell.h:436 > #10 0x0073d334 in JSC::JSCell::operator new (size=56, exec=0x1a9d6038) at JSCell.h:451 > #11 0x0081109c in JSC::FunctionExecutable::make (this=0x224f0510, exec=0x1a9d6038, scopeChain=0x2240f7e0) at Executable.h:312 > #12 0x007fdc98 in JSC::Interpreter::privateExecute (this=0x98d0800, flag=JSC::Interpreter::Normal, registerFile=0x98d080c, callFrame=0x1a9d6038) at /Users/kdean/WebKit/Source/JavaScriptCore/interpreter/Interpreter.cpp:3793 > #13 0x00803da8 in JSC::Interpreter::execute (this=0x98d0800, program=0x2248e7a0, callFrame=0x22409aa0, scopeChain=0x2240f7e0, thisObj=0x2248da48) at /Users/kdean/WebKit/Source/JavaScriptCore/interpreter/Interpreter.cpp:776 > #14 0x007a5a9c in JSC::evaluate (exec=0x22409aa0, scopeChain=0x2240f7e0, source=@0xbfffd754, thisValue={u = {asEncodedJSValue = -16604669368, asDouble = -nan(0xffffc2248da48), asBits = {tag = -4, payload = 575199816}}}) at /Users/kdean/WebKit/Source/JavaScriptCore/runtime/Completion.cpp:67 > #15 0x059ddeec in WebCore::JSMainThreadExecState::evaluate (exec=0x22409aa0, chain=0x2240f7e0, source=@0xbfffd754, thisValue={u = {asEncodedJSValue = -16604669368, asDouble = -nan(0xffffc2248da48), asBits = {tag = -4, payload = 575199816}}}) at JSMainThreadExecState.h:54 > #16 0x059d5fa4 in WebCore::ScriptController::evaluateInWorld (this=0x20b21fe8, sourceCode=@0xbfffd750, world=0x1b01f420) at /Users/kdean/WebKit/Source/WebCore/bindings/js/ScriptController.cpp:142 > #17 0x04f28d80 in WebCore::Frame::injectUserScriptsForWorld (this=0x20b21c00, world=0x1b01f420, userScripts=@0x1c44abb0, injectionTime=WebCore::InjectAtDocumentEnd) at /Users/kdean/WebKit/Source/WebCore/page/Frame.cpp:550 > #18 0x04f28ec4 in WebCore::Frame::injectUserScripts (this=0x20b21c00, injectionTime=WebCore::InjectAtDocumentEnd) at /Users/kdean/WebKit/Source/WebCore/page/Frame.cpp:530 > #19 0x04f43248 in WebCore::FrameLoader::finishedParsing (this=0x20b21c78) at /Users/kdean/WebKit/Source/WebCore/loader/FrameLoader.cpp:764 > #20 0x04d11210 in WebCore::Document::finishedParsing (this=0x24098200) at /Users/kdean/WebKit/Source/WebCore/dom/Document.cpp:4282 > #21 0x050a7fec in WebCore::HTMLTreeBuilder::finished (this=0x230ea5e0) at /Users/kdean/WebKit/Source/WebCore/html/parser/HTMLTreeBuilder.cpp:2807 > #22 0x05003f5c in WebCore::HTMLDocumentParser::end (this=0x20ba3e00) at /Users/kdean/WebKit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:354 > #23 0x050040d8 in WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd (this=0x20ba3e00) at /Users/kdean/WebKit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:363 > #24 0x05005f60 in WebCore::HTMLDocumentParser::prepareToStopParsing (this=0x20ba3e00) at /Users/kdean/WebKit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:151 > #25 0x05003df4 in WebCore::HTMLDocumentParser::attemptToEnd (this=0x20ba3e00) at /Users/kdean/WebKit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:375 > #26 0x05003e58 in WebCore::HTMLDocumentParser::finish (this=0x20ba3e00) at /Users/kdean/WebKit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:403 > #27 0x04cfa04c in WebCore::Document::finishParsing (this=0x24098200) at /Users/kdean/WebKit/Source/WebCore/dom/Document.cpp:2271 > #28 0x04d6aec0 in WebCore::DocumentWriter::endIfNotLoadingMainResource (this=0x20c036ec) at /Users/kdean/WebKit/Source/WebCore/loader/DocumentWriter.cpp:222 > #29 0x04d6af1c in WebCore::DocumentWriter::end (this=0x20c036ec) at /Users/kdean/WebKit/Source/WebCore/loader/DocumentWriter.cpp:207 > #30 0x04d4bacc in WebCore::DocumentLoader::finishedLoading (this=0x20c03600) at /Users/kdean/WebKit/Source/WebCore/loader/DocumentLoader.cpp:284 > #31 0x04f42454 in WebCore::FrameLoader::finishedLoading (this=0x20b21c78) at /Users/kdean/WebKit/Source/WebCore/loader/FrameLoader.cpp:2188 > #32 0x0564a25c in WebCore::MainResourceLoader::didFinishLoading (this=0x20be0e00, finishTime=0) at /Users/kdean/WebKit/Source/WebCore/loader/MainResourceLoader.cpp:467 > #33 0x0599cc0c in WebCore::ResourceLoader::didFinishLoading (this=0x20be0e00, finishTime=0) at /Users/kdean/WebKit/Source/WebCore/loader/ResourceLoader.cpp:436 > #34 0x05997a58 in -[WebCoreResourceHandleAsDelegate connectionDidFinishLoading:] (self=0x230dfe60, _cmd=0x917a1300, connection=0x230dc930) at /Users/kdean/WebKit/Source/WebCore/platform/network/mac/ResourceHandleMac.mm:969 > #35 0x937d8818 in _NSURLConnectionDidFinishLoading () > #36 0x9636bd90 in URLConnectionClient::_clientDidFinishLoading () > #37 0x9636ca0c in URLConnectionClient::ClientConnectionEventQueue::processAllEventsAndConsumePayload () > #38 0x9636ccdc in URLConnectionClient::ClientConnectionEventQueue::processAllEventsAndConsumePayload () > #39 0x9636b504 in URLConnectionClient::processEvents () > #40 0x96315004 in MultiplexerSource::perform () > #41 0x901cc1a0 in CFRunLoopRunSpecific () > #42 0x91f71b18 in RunCurrentEventLoopInMode () > #43 0x91f7193c in ReceiveNextEventCommon () > #44 0x91f7177c in BlockUntilNextEventMatchingListInMode () > #45 0x90831248 in _DPSNextEvent () > #46 0x90830c00 in -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] () > #47 0x00019a14 in ?? () > #48 0x9082a8a0 in -[NSApplication run] () > #49 0x907fb29c in NSApplicationMain () > #50 0x0000c05c in ?? () > Current language: auto; currently c++
Kevin M. Dean
Comment 27 2011-03-22 19:29:07 PDT
Just checking in on this one... maybe it can get fixed in the next Nightly, Monthly, or whatever it is now. 8)
Kevin M. Dean
Comment 28 2011-03-22 20:12:31 PDT
(In reply to comment #27) > Just checking in on this one... maybe it can get fixed in the next Nightly, Monthly, or whatever it is now. 8) ...and not sooner than making this comment, a new nightly finally comes out... although it still crashes, so back to r79987 for me.
Oliver Hunt
Comment 29 2011-03-24 12:33:09 PDT
Created attachment 86812 [details] Patch
Geoffrey Garen
Comment 30 2011-03-24 12:47:50 PDT
Comment on attachment 86812 [details] Patch r=me Would be worth a comment like "We need to keep this function present so nightly builds still work," to reduce mystery.
Oliver Hunt
Comment 31 2011-03-24 14:46:50 PDT
Committed r81900: <http://trac.webkit.org/changeset/81900>
Note You need to log in before you can comment on or make changes to this bug.