119170 – ASSERT failure in wtf/CheckedBoolean.h line 43 on Windows

Bug 119170 - ASSERT failure in wtf/CheckedBoolean.h line 43 on Windows

Summary: ASSERT failure in wtf/CheckedBoolean.h line 43 on Windows

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	JavaScriptCore (show other bugs)
Version:	528+ (Nightly build)
Hardware:	All Windows 7

Importance:	P2 Normal
Assignee:	Michael Saboff

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2013-07-26 16:04 PDT by Michael Saboff
Modified:	2013-07-26 16:51 PDT (History)
CC List:	0 users

See Also:

Attachments
Patch (1.37 KB, patch) 2013-07-26 16:12 PDT, Michael Saboff	no flags	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Michael Saboff 2013-07-26 16:04:11 PDT

On Windows debug build, we get an ASSERT failure in CheckedBoolean.h.

Example traceback:
 WTF.dll!WTFCrash()  Line 339C++
 JavaScriptCore.dll!CheckedBoolean::~CheckedBoolean()  Line 43 + 0x36 bytesC++
 JavaScriptCore.dll!JSC::Heap::tryAllocateStorage(JSC::JSCell * intendedOwner, unsigned int bytes, void * * outPtr)  Line 423 + 0x12 bytesC++
 JavaScriptCore.dll!JSC::Butterfly::createUninitialized(JSC::VM & vm, JSC::JSCell * intendedOwner, unsigned int preCapacity, unsigned int propertyCapacity, bool hasIndexingHeader, unsigned int indexingPayloadSizeInBytes)  Line 42 + 0x1b bytesC++
 JavaScriptCore.dll!JSC::Butterfly::growPropertyStorage(JSC::VM & vm, JSC::JSCell * intendedOwner, unsigned int preCapacity, unsigned int oldPropertyCapacity, bool hasIndexingHeader, unsigned int indexingPayloadSizeInBytes, unsigned int newPropertyCapacity)  Line 85 + 0x1e bytesC++
>JavaScriptCore.dll!JSC::Butterfly::growPropertyStorage(JSC::VM & vm, JSC::JSCell * intendedOwner, JSC::Structure * structure, unsigned int oldPropertyCapacity, unsigned int newPropertyCapacity)  Line 101C++
 JavaScriptCore.dll!JSC::JSObject::growOutOfLineStorage(JSC::VM & vm, unsigned int oldSize, unsigned int newSize)  Line 2379C++
 JavaScriptCore.dll!JSC::JSObject::setStructureAndReallocateStorageIfNecessary(JSC::VM & vm, unsigned int oldCapacity, JSC::Structure * newStructure)  Line 1356 + 0x19 bytesC++
 JavaScriptCore.dll!JSC::JSObject::setStructureAndReallocateStorageIfNecessary(JSC::VM & vm, JSC::Structure * newStructure)  Line 1364C++
 JavaScriptCore.dll!JSC::JSObject::putDirectInternal<1>(JSC::VM & vm, JSC::PropertyName propertyName, JSC::JSValue value, unsigned int attributes, JSC::PutPropertySlot & slot, JSC::JSCell * specificFunction)  Line 1336C++
 JavaScriptCore.dll!JSC::JSObject::putDirect(JSC::VM & vm, JSC::PropertyName propertyName, JSC::JSValue value, unsigned int attributes)  Line 1380C++
 JavaScriptCore.dll!JSC::InternalFunction::finishCreation(JSC::VM & vm, const WTF::String & name)  Line 48C++
 JavaScriptCore.dll!JSC::FunctionPrototype::finishCreation(JSC::ExecState * exec, const WTF::String & name)  Line 53C++
 JavaScriptCore.dll!JSC::FunctionPrototype::create(JSC::ExecState * exec, JSC::JSGlobalObject * globalObject, JSC::Structure * structure)  Line 35 + 0x15 bytesC++
 JavaScriptCore.dll!JSC::JSGlobalObject::reset(JSC::JSValue prototype)  Line 201 + 0x39 bytesC++
 JavaScriptCore.dll!JSC::JSGlobalObject::init(JSC::JSObject * thisValue)  Line 148C++
 WebKit.dll!JSC::JSGlobalObject::finishCreation(JSC::VM & vm, JSC::JSObject * thisValue)  Line 229C++
 WebKit.dll!WebCore::JSDOMGlobalObject::finishCreation(JSC::VM & vm, JSC::JSObject * thisValue)  Line 66C++
 WebKit.dll!WebCore::JSDOMWindowBase::finishCreation(JSC::VM & vm, WebCore::JSDOMWindowShell * shell)  Line 65C++
 WebKit.dll!WebCore::JSDOMWindow::create(JSC::VM & vm, JSC::Structure * structure, WTF::PassRefPtr<WebCore::DOMWindow> impl, WebCore::JSDOMWindowShell * windowShell)  Line 42C++
 WebKit.dll!WebCore::JSDOMWindowShell::setWindow(WTF::PassRefPtr<WebCore::DOMWindow> domWindow)  Line 84 + 0x1f bytesC++
 WebKit.dll!WebCore::JSDOMWindowShell::finishCreation(JSC::VM & vm, WTF::PassRefPtr<WebCore::DOMWindow> window)  Line 57C++
 WebKit.dll!WebCore::JSDOMWindowShell::create(WTF::PassRefPtr<WebCore::DOMWindow> window, JSC::Structure * structure, WebCore::DOMWrapperWorld * world)  Line 59C++
 WebKit.dll!WebCore::ScriptController::createWindowShell(WebCore::DOMWrapperWorld * world)  Line 110 + 0x28 bytesC++
 WebKit.dll!WebCore::ScriptController::initScript(WebCore::DOMWrapperWorld * world)  Line 213 + 0xc bytesC++
 WebKit.dll!WebCore::ScriptController::windowShell(WebCore::DOMWrapperWorld * world)  Line 79 + 0x43 bytesC++
 WebKit.dll!WebCore::ScriptController::globalObject(WebCore::DOMWrapperWorld * world)  Line 88 + 0xc bytesC++
 WebKit.dll!WebFrame::globalContext()  Line 534 + 0x15 bytesC++
 DumpRenderTree.dll!resetWebViewToConsistentStateBeforeTesting()  Line 916 + 0x13 bytesC++
 DumpRenderTree.dll!runTest(const std::basic_string<char,std::char_traits<char>,std::allocator<char> > & inputLine)  Line 1091C++
 DumpRenderTree.dll!dllLauncherEntryPoint(int argc, const char * * argv)  Line 1424 + 0x23 bytesC++
 DumpRenderTree.exe!main(int argc, const char * * argv)  Line 209 + 0xe bytesC++
 DumpRenderTree.exe!__tmainCRTStartup()  Line 555 + 0x17 bytesC
mi

Comment 1 Michael Saboff 2013-07-26 16:12:32 PDT

Created attachment 207561 [details]
Patch

This patch has already been reviewed.  Written by Oliver, to be landed by me.

Comment 2 Michael Saboff 2013-07-26 16:15:25 PDT

<rdar://problem/14563179>

Comment 3 Michael Saboff 2013-07-26 16:51:43 PDT

Fix landed in change set https://trac.webkit.org/changeset/153387.