RESOLVED FIXED 133574
ASSERTION FAILED: is8Bit() at StringImpl::characters8() 
https://bugs.webkit.org/show_bug.cgi?id=133574
Summary ASSERTION FAILED: is8Bit() at StringImpl::characters8()
zalan
Reported 2014-06-06 06:55:53 PDT
It happens when I fire up Safari with a bunch of tabs pointing to various bugs.webkit.org pages. Difficult to repro. ASSERTION FAILED: is8Bit() /Users/zbujtas/OpenSource/WebKitBuild/Debug/usr/local/include/wtf/text/StringImpl.h(417) : const LChar *WTF::StringImpl::characters8() const 1 0x119c04ec0 WTFCrash 2 0x119445035 WTF::StringImpl::characters8() const 3 0x11998af4b JSC::JSRopeString::resolveRopeInternal8(unsigned char*) const 4 0x11998c0d2 JSC::JSRopeString::resolveRopeToExistingAtomicString(JSC::ExecState*) const 5 0x112d17d5d JSC::JSString::toExistingAtomicString(JSC::ExecState*) const 6 0x112d1000f WebCore::jsDocumentPrototypeFunctionGetElementById(JSC::ExecState*) 7 0x4c6f4b001034 8 0x119a10c74 llint_entry 9 0x119a10c74 llint_entry 10 0x119a0a4c4 callToJavaScript 11 0x1198a5bdd JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) 12 0x11988a5fa JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) 13 0x1194c9c8e JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) 14 0x1194c9cf3 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, JSC::JSValue*) 15 0x112c6bacb WebCore::JSMainThreadExecState::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, JSC::JSValue*) 16 0x112df5174 WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext*, WebCore::Event*) 17 0x1125db01f WebCore::EventTarget::fireEventListeners(WebCore::Event*, WebCore::EventTargetData*, WTF::Vector<WebCore::RegisteredEventListener, 1ul, WTF::CrashOnOverflow>&) 18 0x1125da8ee WebCore::EventTarget::fireEventListeners(WebCore::Event*) 19 0x11250489b WebCore::DOMWindow::dispatchEvent(WTF::PassRefPtr<WebCore::Event>, WTF::PassRefPtr<WebCore::EventTarget>) 20 0x11250c0d8 WebCore::DOMWindow::dispatchLoadEvent() 21 0x1123e43bd WebCore::Document::dispatchWindowLoadEvent() 22 0x1123e1883 WebCore::Document::implicitClose() 23 0x1127402fb WebCore::FrameLoader::checkCallImplicitClose() 24 0x11273ffb4 WebCore::FrameLoader::checkCompleted() 25 0x1127403e4 WebCore::FrameLoader::completed() 26 0x11273ffd1 WebCore::FrameLoader::checkCompleted() 27 0x11273e828 WebCore::FrameLoader::finishedParsing() 28 0x1123ed7ab WebCore::Document::finishedParsing() 29 0x112873098 WebCore::HTMLConstructionSite::finishedParsing() 30 0x112988cb7 WebCore::HTMLTreeBuilder::finished() 31 0x11288370e WebCore::HTMLDocumentParser::end()
Attachments
Patch (7.47 KB, patch)
2014-08-18 12:15 PDT, Andreas Kling 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Andreas Kling
Comment 1 2014-06-06 13:03:40 PDT
I can't seem to reproduce this :| Could you save all the tabs in a bookmark folder the next time it happens and pass me that bookmark? I wonder if this could be related to <rdar://problem/14296167>; I don't see how we could end up with a rope string that thinks the rope is 8-bit clean, but has an individual 16-bit fiber inside..
Alexey Proskuryakov
Comment 2 2014-06-06 15:49:42 PDT
I also see this from time to time, and can never reproduce, not even when reloading the same page.
Andreas Kling
Comment 3 2014-08-18 12:05:17 PDT
<rdar://problem/18051847>
Andreas Kling
Comment 4 2014-08-18 12:15:48 PDT
Created attachment 236775 [details] Patch
Darin Adler
Comment 5 2014-08-18 13:03:23 PDT
Comment on attachment 236775 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=236775&action=review > Source/JavaScriptCore/runtime/JSString.h:204 > + mutable unsigned m_flags; I think it’s a little peculiar to make this change, but I think what makes it clear that it’s right is that this is closely associated with m_value and the two need to match. Too bad m_length is between this and m_value, making it really hard to see that connection.
Mark Lam
Comment 6 2014-08-18 13:29:53 PDT
*** Bug 135714 has been marked as a duplicate of this bug. ***
WebKit Commit Bot
Comment 7 2014-08-18 14:33:14 PDT
Comment on attachment 236775 [details] Patch Clearing flags on attachment: 236775 Committed r172727: <http://trac.webkit.org/changeset/172727>
WebKit Commit Bot
Comment 8 2014-08-18 14:33:19 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.