125942 – COLLECT_ON_EVERY_ALLOCATION makes any script execution crash with an assertion in DelayedReleaseScope constructor

Bug 125942 - COLLECT_ON_EVERY_ALLOCATION makes any script execution crash with an assertion in DelayedReleaseScope constructor

Summary: COLLECT_ON_EVERY_ALLOCATION makes any script execution crash with an assertio...

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	JavaScriptCore (show other bugs)
Version:	528+ (Nightly build)
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Mark Hahnenberg

URL:
Keywords:

Depends on:
Blocks:

Reported:	2013-12-18 13:33 PST by Alexey Proskuryakov
Modified:	2013-12-19 10:07 PST (History)
CC List:	3 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alexey Proskuryakov 2013-12-18 13:33:26 PST

Regression tests just crash before running any JS when COLLECT_ON_EVERY_ALLOCATION is enabled:

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   com.apple.JavaScriptCore      	0x0000000100f7deaa WTFCrash + 42 (Assertions.cpp:341)
1   com.apple.JavaScriptCore      	0x0000000100c2048a JSC::DelayedReleaseScope::DelayedReleaseScope(JSC::MarkedSpace&) + 106 (DelayedReleaseScope.h:41)
2   com.apple.JavaScriptCore      	0x0000000100c1675d JSC::DelayedReleaseScope::DelayedReleaseScope(JSC::MarkedSpace&) + 29 (DelayedReleaseScope.h:43)
3   com.apple.JavaScriptCore      	0x0000000100c13c3c JSC::Heap::collectAllGarbage() + 60 (Heap.cpp:730)
4   com.apple.JavaScriptCore      	0x0000000100db842d JSC::MarkedAllocator::allocateSlowCase(unsigned long) + 141 (MarkedAllocator.cpp:85)
5   com.apple.WebCore             	0x0000000102ac61df JSC::MarkedAllocator::allocate(unsigned long) + 79 (MarkedAllocator.h:91)
6   com.apple.WebCore             	0x0000000102ac6079 JSC::MarkedSpace::allocateWithImmortalStructureDestructor(unsigned long) + 41 (MarkedSpace.h:224)
7   com.apple.WebCore             	0x0000000102ac6006 JSC::Heap::allocateWithImmortalStructureDestructor(unsigned long) + 118 (Heap.h:420)
8   com.apple.WebCore             	0x0000000102ac5f1c void* JSC::allocateCell<JSC::Structure>(JSC::Heap&, unsigned long) + 252 (JSCellInlines.h:97)
9   com.apple.WebCore             	0x0000000102ac5a8f void* JSC::allocateCell<JSC::Structure>(JSC::Heap&) + 31 (JSCellInlines.h:109)
10  com.apple.WebCore             	0x0000000102ac580f JSC::Structure::create(JSC::VM&, JSC::JSGlobalObject*, JSC::JSValue, JSC::TypeInfo const&, JSC::ClassInfo const*, unsigned char, unsigned int) + 191 (StructureInlines.h:39)
11  com.apple.WebCore             	0x000000010409f788 WebCore::JSDOMWindowShell::createStructure(JSC::VM&, JSC::JSValue) + 104 (JSDOMWindowShell.h:62)

Comment 1 Mark Hahnenberg 2013-12-18 20:40:05 PST

I believe this was fixed in http://trac.webkit.org/changeset/160822.

Comment 2 Alexey Proskuryakov 2013-12-19 10:07:53 PST

Yes, tests run now. Thanks!