Bug 107340 - Change set r140201 broke editing/selection/move-by-word-visually-multi-line.html
Summary: Change set r140201 broke editing/selection/move-by-word-visually-multi-line.html
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: 528+ (Nightly build)
Hardware: All All
: P2 Normal
Assignee: Michael Saboff
URL:
Keywords:
Depends on:
Blocks: 107309
  Show dependency treegraph
 
Reported: 2013-01-18 16:38 PST by Michael Saboff
Modified: 2013-01-18 16:57 PST (History)
1 user (show)

See Also:


Attachments
Patch (1.90 KB, patch)
2013-01-18 16:54 PST, Michael Saboff
fpizlo: review+
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Saboff 2013-01-18 16:38:35 PST
After http://trac.webkit.org/changeset/140201, editing/selection/move-by-word-visually-multi-line.html fails in a release build and crashes on a debug build.

The crash in the main thread is

Process:         DumpRenderTree [58187]
Path:            /Volumes/VOLUME/*/DumpRenderTree
Identifier:      DumpRenderTree
Version:         0
Code Type:       X86-64 (Native)
Parent Process:  Python [56880]
User ID:         501

Date/Time:       2013-01-18 15:08:05.559 -0800
OS Version:      Mac OS X 10.8.2 (12C54)
Report Version:  10

Crashed Thread:  0  Dispatch queue: com.apple.main-thread

Exception Type:  EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: KERN_INVALID_ADDRESS at 0x00000000bbadbeef

VM Regions Near 0xbbadbeef:
--> 
    __TEXT                 0000000107f29000-0000000107fc6000 [  628K] r-x/rwx SM=COW  /Volumes/VOLUME/*

Application Specific Information:
CRASHING TEST: editing/selection/move-by-word-visually-multi-line.html

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   com.apple.JavaScriptCore      	0x000000010827932c JSC::DFG::SpeculativeJIT::compileInt32ToDouble(JSC::DFG::Node&) + 172 (DFGSpeculativeJIT.cpp:2475)
1   com.apple.JavaScriptCore      	0x00000001082a79b9 JSC::DFG::SpeculativeJIT::compile(JSC::DFG::Node&) + 5321 (DFGSpeculativeJIT64.cpp:2355)
2   com.apple.JavaScriptCore      	0x0000000108276478 JSC::DFG::SpeculativeJIT::compile(JSC::DFG::BasicBlock&) + 3048 (DFGSpeculativeJIT.cpp:1911)
3   com.apple.JavaScriptCore      	0x0000000108276e3d JSC::DFG::SpeculativeJIT::compile() + 253 (DFGSpeculativeJIT.cpp:2020)
4   com.apple.JavaScriptCore      	0x0000000108236d09 JSC::DFG::JITCompiler::compileBody(JSC::DFG::SpeculativeJIT&) + 25 (DFGJITCompiler.cpp:108)
5   com.apple.JavaScriptCore      	0x000000010823834a JSC::DFG::JITCompiler::compileFunction(JSC::JITCode&, JSC::MacroAssemblerCodePtr&) + 314 (DFGJITCompiler.cpp:304)
6   com.apple.JavaScriptCore      	0x0000000108223423 JSC::DFG::compile(JSC::DFG::CompileMode, JSC::ExecState*, JSC::CodeBlock*, JSC::JITCode&, JSC::MacroAssemblerCodePtr*, unsigned int) + 1507 (DFGDriver.cpp:156)
7   com.apple.JavaScriptCore      	0x0000000108222e2c JSC::DFG::tryCompileFunction(JSC::ExecState*, JSC::CodeBlock*, JSC::JITCode&, JSC::MacroAssemblerCodePtr&, unsigned int) + 60 (DFGDriver.cpp:174)
8   com.apple.JavaScriptCore      	0x00000001082ebc21 JSC::jitCompileFunctionIfAppropriate(JSC::ExecState*, WTF::OwnPtr<JSC::FunctionCodeBlock>&, JSC::JITCode&, JSC::MacroAssemblerCodePtr&, JSC::JITCode::JITType, unsigned int, JSC::JITCompilationEffort) + 241 (JITDriver.h:95)
9   com.apple.JavaScriptCore      	0x00000001082ec375 JSC::prepareFunctionForExecution(JSC::ExecState*, WTF::OwnPtr<JSC::FunctionCodeBlock>&, JSC::JITCode&, JSC::MacroAssemblerCodePtr&, JSC::JITCode::JITType, unsigned int, JSC::CodeSpecializationKind) + 341 (ExecutionHarness.h:68)
10  com.apple.JavaScriptCore      	0x00000001082e8da9 JSC::FunctionExecutable::compileForCallInternal(JSC::ExecState*, JSC::JSScope*, JSC::JITCode::JITType, unsigned int) + 617 (Executable.cpp:538)
11  com.apple.JavaScriptCore      	0x00000001082e8ac5 JSC::FunctionExecutable::compileOptimizedForCall(JSC::ExecState*, JSC::JSScope*, unsigned int) + 341 (Executable.cpp:463)
12  com.apple.JavaScriptCore      	0x000000010815287f JSC::FunctionExecutable::compileOptimizedFor(JSC::ExecState*, JSC::JSScope*, unsigned int, JSC::CodeSpecializationKind) + 351 (Executable.h:677)
13  com.apple.JavaScriptCore      	0x000000010814899e JSC::FunctionCodeBlock::compileOptimized(JSC::ExecState*, JSC::JSScope*, unsigned int) + 158 (CodeBlock.cpp:2873)
14  com.apple.JavaScriptCore      	0x00000001083545df cti_optimize + 287 (JITStubs.cpp:1890)
15  com.apple.JavaScriptCore      	0x000000010835cb80 0x1080c4000 + 2722688
16  com.apple.JavaScriptCore      	0x000000010831a324 JSC::JITCode::execute(JSC::JSStack*, JSC::ExecState*, JSC::JSGlobalData*) + 84 (JITCode.h:135)
17  com.apple.JavaScriptCore      	0x000000010831759f JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 1519 (Interpreter.cpp:1055)
18  com.apple.JavaScriptCore      	0x0000000108134712 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 306 (CallData.cpp:40)
19  com.apple.WebCore             	0x000000010a4799e2 WebCore::JSMainThreadExecState::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 146 (JSMainThreadExecState.h:56)
20  com.apple.WebCore             	0x000000010a5bb216 WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext*, WebCore::Event*) + 1238 (JSEventListener.cpp:129)
21  com.apple.WebCore             	0x0000000109f8f093 WebCore::EventTarget::fireEventListeners(WebCore::Event*, WebCore::EventTargetData*, WTF::Vector<WebCore::RegisteredEventListener, 1ul>&) + 499 (EventTarget.cpp:257)
22  com.apple.WebCore             	0x0000000109f8ec7f WebCore::EventTarget::fireEventListeners(WebCore::Event*) + 383 (EventTarget.cpp:203)
23  com.apple.WebCore             	0x0000000109ed91d0 WebCore::DOMWindow::dispatchEvent(WTF::PassRefPtr<WebCore::Event>, WTF::PassRefPtr<WebCore::EventTarget>) + 272 (DOMWindow.cpp:1695)
24  com.apple.WebCore             	0x0000000109ee0298 WebCore::DOMWindow::dispatchLoadEvent() + 296 (DOMWindow.cpp:1669)
25  com.apple.WebCore             	0x0000000109d2748f WebCore::Document::dispatchWindowLoadEvent() + 143 (Document.cpp:3648)
26  com.apple.WebCore             	0x0000000109d24efd WebCore::Document::implicitClose() + 493 (Document.cpp:2404)
27  com.apple.WebCore             	0x000000010a05771b WebCore::FrameLoader::checkCallImplicitClose() + 155 (FrameLoader.cpp:836)
28  com.apple.WebCore             	0x000000010a0573e3 WebCore::FrameLoader::checkCompleted() + 323 (FrameLoader.cpp:780)
29  com.apple.WebCore             	0x000000010a057585 WebCore::FrameLoader::loadDone() + 21 (FrameLoader.cpp:725)
30  com.apple.WebCore             	0x0000000109a685b2 WebCore::CachedResourceLoader::loadDone(WebCore::CachedResource*) + 114 (CachedResourceLoader.cpp:723)
31  com.apple.WebCore             	0x000000010b11f63f WebCore::SubresourceLoader::releaseResources() + 191 (SubresourceLoader.cpp:323)
32  com.apple.WebCore             	0x000000010aed57c9 WebCore::ResourceLoader::didFinishLoading(double) + 73 (ResourceLoader.cpp:319)
33  com.apple.WebCore             	0x000000010b11f245 WebCore::SubresourceLoader::didFinishLoading(double) + 581 (SubresourceLoader.cpp:280)
34  com.apple.WebCore             	0x000000010aed5fb5 WebCore::ResourceLoader::didFinishLoading(WebCore::ResourceHandle*, double) + 53 (ResourceLoader.cpp:458)
35  com.apple.WebCore             	0x000000010aed2c0a -[WebCoreResourceHandleAsDelegate connectionDidFinishLoading:] + 186 (ResourceHandleMac.mm:823)
36  com.apple.Foundation          	0x00007fff8c606f58 __65-[NSURLConnectionInternal _withConnectionAndDelegate:onlyActive:]_block_invoke_0 + 28
37  com.apple.Foundation          	0x00007fff8c606e9c -[NSURLConnectionInternal _withConnectionAndDelegate:onlyActive:] + 227
38  com.apple.Foundation          	0x00007fff8c606d98 -[NSURLConnectionInternal _withActiveConnectionAndDelegate:] + 63
39  com.apple.CFNetwork           	0x00007fff94f2bfd1 ___delegate_didFinishLoading_block_invoke_0 + 40
40  com.apple.CFNetwork           	0x00007fff94f1e753 ___withDelegateAsync_block_invoke_0 + 90
41  com.apple.CFNetwork           	0x00007fff94fad2ca __block_global_1 + 28
42  com.apple.CoreFoundation      	0x00007fff8f692724 CFArrayApplyFunction + 68
43  com.apple.CFNetwork           	0x00007fff94f0fa6c RunloopBlockContext::perform() + 126
44  com.apple.CFNetwork           	0x00007fff94f0f94b MultiplexerSource::perform() + 221
45  com.apple.CoreFoundation      	0x00007fff8f674101 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
46  com.apple.CoreFoundation      	0x00007fff8f673a25 __CFRunLoopDoSources0 + 245
47  com.apple.CoreFoundation      	0x00007fff8f696dc5 __CFRunLoopRun + 789
48  com.apple.CoreFoundation      	0x00007fff8f6966b2 CFRunLoopRunSpecific + 290
49  com.apple.Foundation          	0x00007fff8c68489e -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 268
50  DumpRenderTree                	0x0000000107f42039 runTest(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&) + 5017 (DumpRenderTree.mm:1389)
51  DumpRenderTree                	0x0000000107f40c2a runTestingServerLoop() + 282 (DumpRenderTree.mm:852)
52  DumpRenderTree                	0x0000000107f404f7 dumpRenderTree(int, char const**) + 423 (DumpRenderTree.mm:901)
53  DumpRenderTree                	0x0000000107f42829 main + 105 (DumpRenderTree.mm:939)
54  libdyld.dylib                 	0x00007fff8f51f7e1 start + 1
Comment 1 Michael Saboff 2013-01-18 16:54:38 PST
Created attachment 183576 [details]
Patch
Comment 2 Michael Saboff 2013-01-18 16:57:53 PST
Committed r140221: <http://trac.webkit.org/changeset/140221>