Bug 106690 - Python implementation reports "MemoryError" instead of doing things
Summary: Python implementation reports "MemoryError" instead of doing things
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Filip Pizlo
URL: http://syntensity.com/static/python.html
Keywords:
Depends on: 106715 106724 106727
Blocks:
  Show dependency treegraph
 
Reported: 2013-01-11 12:53 PST by Oliver Hunt
Modified: 2013-01-14 16:55 PST (History)
1 user (show)

See Also:

Attachments
the patch (15.37 KB, patch)
2013-01-11 22:52 PST, Filip Pizlo 		oliver: review+
Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Oliver Hunt 2013-01-11 12:53:49 PST 
Going to http://syntensity.com/static/python.html in a debug build crashes reliably for me.  

ASSERTION FAILED: from.isCell() && from.asCell()->JSCell::inherits(&WTF::RemovePointer<To>::Type::s_info)
/Volumes/Data/git/WebKit/OpenSource/Source/JavaScriptCore/runtime/JSCell.h(346) : To JSC::jsCast(JSC::JSValue) [To = JSC::JSObject *]
1   0x1176e72f9 JSC::JSObject* JSC::jsCast<JSC::JSObject*>(JSC::JSValue)
2   0x1176e66c9 JSC::JSScope::resolvePut(JSC::ExecState*, JSC::JSValue, JSC::Identifier const&, JSC::JSValue, JSC::PutToBaseOperation*)
3   0x11765262b cti_op_put_to_base
4   0x117659040 jscGeneratedNativeCode
5   0x117615194 JSC::JITCode::execute(JSC::JSStack*, JSC::ExecState*, JSC::JSGlobalData*)
6   0x117612328 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)
7   0x117423b3c JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)
8   0x11767ac61 JSC::boundFunctionCall(JSC::ExecState*)
9   0x117612352 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)
10  0x117423b3c JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)
11  0x11904abc2 WebCore::JSMainThreadExecState::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)
12  0x119b1ed34 WebCore::ScheduledAction::executeFunctionInContext(JSC::JSGlobalObject*, JSC::JSValue, WebCore::ScriptExecutionContext*)
13  0x119b1e8d2 WebCore::ScheduledAction::execute(WebCore::Document*)
14  0x119b1e719 WebCore::ScheduledAction::execute(WebCore::ScriptExecutionContext*)
15  0x118a87057 WebCore::DOMTimer::fired()
16  0x119ec6cfb WebCore::ThreadTimers::sharedTimerFiredInternal()
17  0x119ec6a89 WebCore::ThreadTimers::sharedTimerFired()
18  0x119be65f3 WebCore::timerFired(__CFRunLoopTimer*, void*)
19  0x7fff82f6ae14 __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__
20  0x7fff82f6a925 __CFRunLoopDoTimer
21  0x7fff82f50686 __CFRunLoopRun
22  0x7fff82f4fe29 CFRunLoopRunSpecific
23  0x7fff8e5cd524 RunCurrentEventLoopInMode
24  0x7fff8e5cd2c1 ReceiveNextEventCommon
25  0x7fff8e6e0917 _BlockUntilNextEventMatchingListInModeWithFilter
26  0x7fff88d16281 _DPSNextEvent
27  0x7fff88d158ae -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:]
28  0x7fff88d0db2f -[NSApplication run]
29  0x7fff88cb65e6 NSApplicationMain
30  0x7fff8232bfa3 _xpc_main
31  0x7fff8240cee4 xpc_main


It looks like the base in a put_to_base operation is undefined which should not be possible (we should have thrown an exception already if that were the case).

The ResolvePutOperation seems to imply we're putting a global property down, but the base is undefined
Comment 1 Filip Pizlo 2013-01-11 20:31:23 PST 
I fixed the crash, but it appears that we're still doing bad things.  Renaming the bug accordingly.
Comment 2 Filip Pizlo 2013-01-11 22:52:58 PST 
Created attachment 182459 [details]
the patch
Comment 3 Filip Pizlo 2013-01-14 16:55:15 PST 
Landed in http://trac.webkit.org/changeset/139687