Bug 76814

Summary: [GTK] fast/xmlhttprequest/xmlhttprequest-get.xhtml flaky crash
Product: WebKit Reporter: Philippe Normand <pnormand>
Component: WebKitGTKAssignee: Nobody <webkit-unassigned>
Status: NEW ---    
Severity: Normal CC: bugs-noreply, fpizlo, ggaren, mrobinson, oliver
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
URL: http://webkit-bots.igalia.com/amd64debug/svn_105592.core-when_1327285498-_-who_DumpRenderTree-_-why_11.trace.html

Description Philippe Normand 2012-01-23 01:06:47 PST 
On 64-bit Debug.


#0  0x00002b47fb3cb83b in JSC::PropertyNameArray::add (this=0x7fffac8f93a0, identifier=0x5b1d980) at ../../Source/JavaScriptCore/runtime/PropertyNameArray.cpp:35
35	    ASSERT(!identifier || identifier == StringImpl::empty() || identifier->isIdentifier());


Thread 1 (Thread 0x2b4808dd0a20 (LWP 29728)):
#0  0x00002b47fb3cb83b in JSC::PropertyNameArray::add (this=0x7fffac8f93a0, identifier=0x5b1d980) at ../../Source/JavaScriptCore/runtime/PropertyNameArray.cpp:35
#1  0x00002b47fb39bf4d in JSC::getClassPropertyNames (exec=0x2b484a4a4040, classInfo=0x2b47ff1d78c0, propertyNames=..., mode=JSC::ExcludeDontEnumProperties) at ../../Source/JavaScriptCore/runtime/JSObject.cpp:81
#2  0x00002b47fb39dcb7 in JSC::JSObject::getOwnPropertyNames (object=0x2b484a8db260, exec=0x2b484a4a4040, propertyNames=..., mode=JSC::ExcludeDontEnumProperties) at ../../Source/JavaScriptCore/runtime/JSObject.cpp:505
#3  0x00002b47fb39db44 in JSC::JSObject::getPropertyNames (object=0x2b484a8db260, exec=0x2b484a4a4040, propertyNames=..., mode=JSC::ExcludeDontEnumProperties) at ../../Source/JavaScriptCore/runtime/JSObject.cpp:482
#4  0x00002b47fb3aae1c in JSC::JSPropertyNameIterator::create (exec=0x2b484a4a4040, o=0x2b484a8db260) at ../../Source/JavaScriptCore/runtime/JSPropertyNameIterator.cpp:55
#5  0x00002b47fb2d264d in JSC::cti_op_get_pnames (args=0x7fffac8f94c0) at ../../Source/JavaScriptCore/jit/JITStubs.cpp:3236
#6  0x00002b47fb2c9b96 in JSC::JITThunks::tryCacheGetByID (callFrame=0x2b480908c86e, codeBlock=0x7fffac8f94c0, returnAddress=..., baseValue=..., propertyName=Traceback (most recent call last):
  File "/home/slave/webkitgtk/gtk-linux-64-debug/build/Tools/gdb/webkit.py", line 160, in to_string
    return JSCUStringPrinter(self.val['m_string']).to_string()
  File "/home/slave/webkitgtk/gtk-linux-64-debug/build/Tools/gdb/webkit.py", line 130, in to_string
    if self.is_8bit():
  File "/home/slave/webkitgtk/gtk-linux-64-debug/build/Tools/gdb/webkit.py", line 135, in is_8bit
    return self.val['m_hashAndFlags'] & self.val['s_hashFlag8BitBuffer']
gdb.error: There is no member or method named m_hashAndFlags.
, slot=..., stubInfo=0x1cda180) at ../../Source/JavaScriptCore/jit/JITStubs.cpp:954
#7  0x00002b47fb2a30ff in JSC::JITCode::execute (this=0x2b4850affef8, registerFile=0x1cdd2e8, callFrame=0x2b484a4a4040, globalData=0x1cda180) at ../../Source/JavaScriptCore/jit/JITCode.h:115
#8  0x00002b47fb2a03b9 in JSC::Interpreter::executeCall (this=0x1cdd2d0, callFrame=0x2b484a8ff4e8, function=0x2b484a8db8e0, callType=JSC::CallTypeJS, callData=..., thisValue=..., args=...) at ../../Source/JavaScriptCore/interpreter/Interpreter.cpp:1081
#9  0x00002b47fb357fda in JSC::call (exec=0x2b484a8ff4e8, functionObject=..., callType=JSC::CallTypeJS, callData=..., thisValue=..., args=...) at ../../Source/JavaScriptCore/runtime/CallData.cpp:39
#10 0x00002b47fc2b6db0 in WebCore::JSMainThreadExecState::call (exec=0x2b484a8ff4e8, functionObject=..., callType=JSC::CallTypeJS, callData=..., thisValue=..., args=...) at ../../Source/WebCore/bindings/js/JSMainThreadExecState.h:52
#11 0x00002b47fc2e64df in WebCore::JSEventListener::handleEvent (this=0xe2b9220, scriptExecutionContext=0xd91d918, event=0xdaf2840) at ../../Source/WebCore/bindings/js/JSEventListener.cpp:124
#12 0x00002b47fc5669b1 in WebCore::EventTarget::fireEventListeners (this=0xe0dcb30, event=0xdaf2840, d=0xe0dcdc8, entry=WTF::Vector of length 1, capacity 1 = {...}) at ../../Source/WebCore/dom/EventTarget.cpp:228
#13 0x00002b47fc566850 in WebCore::EventTarget::fireEventListeners (this=0xe0dcb30, event=0xdaf2840) at ../../Source/WebCore/dom/EventTarget.cpp:197
#14 0x00002b47fc5666f8 in WebCore::EventTarget::dispatchEvent (this=0xe0dcb30, event=...) at ../../Source/WebCore/dom/EventTarget.cpp:176
#15 0x00002b47fcf0b952 in WebCore::XMLHttpRequestProgressEventThrottle::dispatchEvent (this=0xe0dce18, event=..., progressEventAction=WebCore::DoNotFlushProgressEvent) at ../../Source/WebCore/xml/XMLHttpRequestProgressEventThrottle.cpp:81
#16 0x00002b47fcf06c91 in WebCore::XMLHttpRequest::callReadyStateChangeListener (this=0xe0dcb30) at ../../Source/WebCore/xml/XMLHttpRequest.cpp:372
#17 0x00002b47fcf06a3b in WebCore::XMLHttpRequest::changeState (this=0xe0dcb30, newState=WebCore::XMLHttpRequest::DONE) at ../../Source/WebCore/xml/XMLHttpRequest.cpp:354
#18 0x00002b47fcf09d7c in WebCore::XMLHttpRequest::didFinishLoading (this=0xe0dcb30, identifier=5006) at ../../Source/WebCore/xml/XMLHttpRequest.cpp:1042
#19 0x00002b47fc8d5667 in WebCore::DocumentThreadableLoader::didFinishLoading (this=0xd670770, identifier=5006, finishTime=0) at ../../Source/WebCore/loader/DocumentThreadableLoader.cpp:276
#20 0x00002b47fc8d54ff in WebCore::DocumentThreadableLoader::notifyFinished (this=0xd670770, resource=0xe24df10) at ../../Source/WebCore/loader/DocumentThreadableLoader.cpp:261
#21 0x00002b47fc8b258c in WebCore::CachedResource::checkNotify (this=0xe24df10) at ../../Source/WebCore/loader/cache/CachedResource.cpp:237
#22 0x00002b47fc8b25cf in WebCore::CachedResource::data (this=0xe24df10, allDataReceived=true) at ../../Source/WebCore/loader/cache/CachedResource.cpp:246
#23 0x00002b47fc8b0947 in WebCore::CachedRawResource::data (this=0xe24df10, data=..., allDataReceived=true) at ../../Source/WebCore/loader/cache/CachedRawResource.cpp:67
#24 0x00002b47fc9308d7 in WebCore::SubresourceLoader::didFinishLoading (this=0xdc0a9f0, finishTime=0) at ../../Source/WebCore/loader/SubresourceLoader.cpp:276
#25 0x00002b47fc9264fd in WebCore::ResourceLoader::didFinishLoading (this=0xdc0a9f0, finishTime=0) at ../../Source/WebCore/loader/ResourceLoader.cpp:451
#26 0x00002b47fcad2f98 in WebCore::readCallback (source=0x2b484c3171e0, asyncResult=0x2b484c2d7760, data=0xde29af0) at ../../Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp:663
#27 0x00002b480059d103 in async_ready_callback_wrapper () from /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Dependencies/Root/lib64/libgio-2.0.so.0
#28 0x00002b48005b3fbb in g_simple_async_result_complete () from /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Dependencies/Root/lib64/libgio-2.0.so.0
#29 0x00002b48005b4187 in complete_in_idle_cb_for_thread () from /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Dependencies/Root/lib64/libgio-2.0.so.0
#30 0x00002b480096555c in g_idle_dispatch () from /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Dependencies/Root/lib64/libglib-2.0.so.0
#31 0x00002b4800962df3 in g_main_dispatch () from /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Dependencies/Root/lib64/libglib-2.0.so.0
#32 0x00002b4800963ab9 in g_main_context_dispatch () from /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Dependencies/Root/lib64/libglib-2.0.so.0
#33 0x00002b4800963ca3 in g_main_context_iterate () from /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Dependencies/Root/lib64/libglib-2.0.so.0
#34 0x00002b48009640d9 in g_main_loop_run () from /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Dependencies/Root/lib64/libglib-2.0.so.0
#35 0x00002b47ff604e99 in gtk_main () from /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Dependencies/Root/lib64/libgtk-3.so.0
#36 0x00000000004356a4 in runTest (testPathOrURL=...) at ../../Tools/DumpRenderTree/gtk/DumpRenderTree.cpp:694
#37 0x0000000000434cd7 in runTestingServerLoop () at ../../Tools/DumpRenderTree/gtk/DumpRenderTree.cpp:486
#38 0x0000000000437082 in main (argc=2, argv=0x7fffac8faca8) at ../../Tools/DumpRenderTree/gtk/DumpRenderTree.cpp:1197
Comment 1 Martin Robinson 2012-01-23 08:34:51 PST 
CCing some JSC people for this one.