Bug 69555

To reproduce: 1. Go to http://www.nytimes.com/ ASSERTION FAILED: !structure->m_previous Source/JavaScriptCore/runtime/Structure.cpp(236) : void JSC::Structure::materializePropertyMap(JSC::JSGlobalData &) 2 0x10203207c JSC::Structure::materializePropertyMap(JSC::JSGlobalData&) 3 0x101e0903c JSC::Structure::materializePropertyMapIfNecessary(JSC::JSGlobalData&) 4 0x101e08e93 JSC::Structure::get(JSC::JSGlobalData&, JSC::Identifier const&) 5 0x101e8a984 JSC::DFG::ByteCodeParser::parseBlock(unsigned int) 6 0x101e8d70d JSC::DFG::ByteCodeParser::parse() 7 0x101e8d913 JSC::DFG::parse(JSC::DFG::Graph&, JSC::JSGlobalData*, JSC::CodeBlock*) 8 0x101df4d9f JSC::DFG::compile(JSC::DFG::CompileMode, JSC::ExecState*, JSC::ExecState*, JSC::CodeBlock*, JSC::JITCode&, JSC::MacroAssemblerCodePtr*) 9 0x101df4d3c JSC::DFG::tryCompileFunction(JSC::ExecState*, JSC::ExecState*, JSC::CodeBlock*, JSC::JITCode&, JSC::MacroAssemblerCodePtr&) 10 0x101ecf743 JSC::FunctionExecutable::compileForCallInternal(JSC::ExecState*, JSC::ScopeChainNode*, JSC::ExecState*, JSC::JITCode::JITType) 11 0x101ecee9b JSC::FunctionExecutable::compileOptimizedForCall(JSC::ExecState*, JSC::ScopeChainNode*, JSC::ExecState*) 12 0x101e650fb JSC::FunctionExecutable::compileOptimizedFor(JSC::ExecState*, JSC::ScopeChainNode*, JSC::CodeSpecializationKind) 13 0x101e624b4 JSC::FunctionCodeBlock::compileOptimized(JSC::ExecState*, JSC::ScopeChainNode*) 14 0x101f1c4fb cti_optimize_from_ret 15 0x101f25f20 jscGeneratedNativeCode 16 0x101eeb509 JSC::JITCode::execute(JSC::RegisterFile*, JSC::ExecState*, JSC::JSGlobalData*) 17 0x101ee78b0 JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::ScopeChainNode*, JSC::JSObject*) 18 0x101e70fba JSC::evaluate(JSC::ExecState*, JSC::ScopeChainNode*, JSC::SourceCode const&, JSC::JSValue, JSC::JSValue*) 19 0x10326106d WebCore::JSMainThreadExecState::evaluate(JSC::ExecState*, JSC::ScopeChainNode*, JSC::SourceCode const&, JSC::JSValue, JSC::JSValue*) 20 0x10387c51c WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld*) 21 0x10387c644 WebCore::ScriptController::evaluate(WebCore::ScriptSourceCode const&) 22 0x103890372 WebCore::ScriptElement::executeScript(WebCore::ScriptSourceCode const&) 23 0x10388f49f WebCore::ScriptElement::prepareScript(WTF::TextPosition const&, WebCore::ScriptElement::LegacyTypeSupport) 24 0x102ed1c34 WebCore::HTMLScriptRunner::runScript(WebCore::Element*, WTF::TextPosition const&) 25 0x102ed1a07 WebCore::HTMLScriptRunner::execute(WTF::PassRefPtr<WebCore::Element>, WTF::TextPosition const&) 26 0x102e63320 WebCore::HTMLDocumentParser::runScriptsForPausedTreeBuilder() 27 0x102e6340b WebCore::HTMLDocumentParser::canTakeNextToken(WebCore::HTMLDocumentParser::SynchronousMode, WebCore::PumpSession&) 28 0x102e62d48 WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode) 29 0x102e629b0 WebCore::HTMLDocumentParser::pumpTokenizerIfPossible(WebCore::HTMLDocumentParser::SynchronousMode) 30 0x102e63d44 WebCore::HTMLDocumentParser::resumeParsingAfterScriptExecution() 31 0x102e64387 WebCore::HTMLDocumentParser::executeScriptsWaitingForStylesheets() 32 0x102afbb62 WebCore::Document::removePendingSheet()