RESOLVED FIXED 119339
[Win] JavaScript crash. 
https://bugs.webkit.org/show_bug.cgi?id=119339
Summary [Win] JavaScript crash.
peavo
Reported 2013-07-31 06:20:12 PDT
I'm frequently getting JavaScript crashes (access violations) in the latest builds. The crash occurs in JIT generated code. This is the stack I'm getting: JavaScriptCore.dll!JSC::Interpreter::execute(JSC::ProgramExecutable * program, JSC::ExecState * callFrame, JSC::JSObject * thisObj) Line 858 C++ JavaScriptCore.dll!JSC::evaluate(JSC::ExecState * exec, const JSC::SourceCode & source, JSC::JSValue thisValue, JSC::JSValue * returnedException) Line 85 C++ WebKit.dll!WebCore::JSMainThreadExecState::evaluate(JSC::ExecState * exec, const JSC::SourceCode & source, JSC::JSValue thisValue, JSC::JSValue * exception) Line 74 + 0x1b bytes C++ WebKit.dll!WebCore::ScriptController::evaluateInWorld(const WebCore::ScriptSourceCode & sourceCode, WebCore::DOMWrapperWorld * world) Line 142 + 0x34 bytes C++ WebKit.dll!WebCore::ScriptController::evaluate(const WebCore::ScriptSourceCode & sourceCode) Line 158 + 0x40 bytes C++ WebKit.dll!WebCore::ScriptElement::executeScript(const WebCore::ScriptSourceCode & sourceCode) Line 316 + 0x16 bytes C++ WebKit.dll!WebCore::HTMLScriptRunner::executePendingScriptAndDispatchEvent(WebCore::PendingScript & pendingScript) Line 151 C++ WebKit.dll!WebCore::HTMLScriptRunner::executeParsingBlockingScripts() Line 201 + 0x1b bytes C++ WebKit.dll!WebCore::HTMLScriptRunner::executeScriptsWaitingForLoad(WebCore::CachedResource * cachedScript) Line 211 C++ WebKit.dll!WebCore::HTMLDocumentParser::notifyFinished(WebCore::CachedResource * cachedResource) Line 935 C++ WebKit.dll!WebCore::CachedResource::checkNotify() Line 369 + 0xa bytes C++ WebKit.dll!WebCore::CachedResource::finishLoading(WebCore::ResourceBuffer * __formal) Line 386 C++ WebKit.dll!WebCore::CachedScript::finishLoading(WebCore::ResourceBuffer * data) Line 94 + 0x8 bytes C++ WebKit.dll!WebCore::SubresourceLoader::didFinishLoading(double finishTime) Line 284 C++ WebKit.dll!WebCore::ResourceLoader::didFinishLoading(WebCore::ResourceHandle * __formal, double finishTime) Line 489 C++ WebKit.dll!WebCore::ResourceHandleManager::downloadTimerCallback(WebCore::Timer<WebCore::ResourceHandleManager> * __formal) Line 568 C++ WebKit.dll!WebCore::Timer<WebCore::IconDatabase>::fired() Line 114 + 0xb bytes C++ WebKit.dll!WebCore::ThreadTimers::sharedTimerFiredInternal() Line 132 C++ WebKit.dll!WebCore::TimerWindowWndProc(HWND__ * hWnd, unsigned int message, unsigned int wParam, long lParam) Line 111 C++
Attachments
Patch (1.25 KB, patch)
2013-07-31 06:27 PDT, peavo 		no flags
DetailsFormatted DiffDiff
Updated Patch (1.56 KB, patch)
2013-07-31 10:22 PDT, Michael Saboff 		no flags
DetailsFormatted DiffDiff
Patch with tab character removed (1.57 KB, patch)
2013-07-31 10:30 PDT, Michael Saboff 		no flags
DetailsFormatted DiffDiff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
peavo
Comment 1 2013-07-31 06:27:14 PDT
Created attachment 207847 [details] Patch
peavo
Comment 2 2013-07-31 06:28:53 PDT
The rationale behind this patch is to implement the function ctiVMThrowTrampolineSlowpath the same way as the gcc x86 version does.
Zan Dobersek
Comment 3 2013-07-31 06:29:06 PDT
Possibly related to bug #119140. The patch touches sibling code at least.
Zan Dobersek
Comment 4 2013-07-31 06:30:17 PDT
(In reply to comment #2) > The rationale behind this patch is to implement the function ctiVMThrowTrampolineSlowpath the same way as the gcc x86 version does. The GCC-specific implementation might not be entirely correct (as, again, bug #119140 shows). Would be interesting though to know if the proposed patch fixes the issue on Windows?
Brent Fulgham
Comment 5 2013-07-31 08:50:46 PDT
Michael, can you review this patch?
Michael Saboff
Comment 6 2013-07-31 10:22:22 PDT
Created attachment 207857 [details] Updated Patch peavo, thanks for finding the issue. There is one other place that needs a similar change.
WebKit Commit Bot
Comment 7 2013-07-31 10:25:53 PDT
Attachment 207857 [details] did not pass style-queue: Failed to run "['Tools/Scripts/check-webkit-style', '--diff-files', u'Source/JavaScriptCore/ChangeLog', u'Source/JavaScriptCore/jit/JITStubsX86.h']" exit_code: 1 Source/JavaScriptCore/ChangeLog:9: Line contains tab character. [whitespace/tab] [5] Total errors found: 1 in 2 files If any of these errors are false positives, please file a bug against check-webkit-style.
Michael Saboff
Comment 8 2013-07-31 10:30:54 PDT
Created attachment 207859 [details] Patch with tab character removed
Mark Hahnenberg
Comment 9 2013-07-31 10:39:32 PDT
Comment on attachment 207859 [details] Patch with tab character removed r=me
WebKit Commit Bot
Comment 10 2013-07-31 11:02:37 PDT
Comment on attachment 207859 [details] Patch with tab character removed Clearing flags on attachment: 207859 Committed r153527: <http://trac.webkit.org/changeset/153527>
WebKit Commit Bot
Comment 11 2013-07-31 11:02:39 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.