RESOLVED FIXED Bug 162986
[mac-wk1 debug] ASSERTION FAILED: thisObject->m_propertyTableUnsafe 
https://bugs.webkit.org/show_bug.cgi?id=162986
Summary [mac-wk1 debug] ASSERTION FAILED: thisObject->m_propertyTableUnsafe
Ryan Haddad
Reported 2016-10-05 14:24:44 PDT
LayoutTest inspector/formatting/formatting-javascript.html is a flaky crash https://build.webkit.org/builders/Apple%20Sierra%20Debug%20WK1%20(Tests)/builds/314 https://webkit-test-results.webkit.org/dashboards/flakiness_dashboard.html#showAllRuns=true&tests=inspector%2Fformatting%2Fformatting-javascript.html ASSERTION FAILED: thisObject->m_propertyTableUnsafe /Volumes/Data/slave/sierra-debug/build/Source/JavaScriptCore/runtime/Structure.cpp(1127) : static void JSC::Structure::visitChildren(JSC::JSCell *, JSC::SlotVisitor &) 1 0x10ef71acd WTFCrash 2 0x10eda6bb2 JSC::Structure::visitChildren(JSC::JSCell*, JSC::SlotVisitor&) 3 0x10ed84496 JSC::SlotVisitor::visitChildren(JSC::JSCell const*) 4 0x10ed84280 JSC::SlotVisitor::drain() 5 0x10ed85172 JSC::SlotVisitor::donateAndDrain() 6 0x10e7dfc8a JSC::Heap::visitConservativeRoots(JSC::ConservativeRoots&) 7 0x10e7df5be JSC::Heap::markRoots(double, void*, void*, int (&) [37]) 8 0x10e7e32fc JSC::Heap::collectImpl(JSC::HeapOperation, void*, void*, int (&) [37]) 9 0x10e7e2bdd JSC::Heap::collectWithoutAnySweep(JSC::HeapOperation) 10 0x10e7e2d50 JSC::Heap::collect(JSC::HeapOperation) 11 0x10dfcb637 JSC::Heap::collectIfNecessaryOrDefer(JSC::GCDeferralContext*) 12 0x10dfcb4af JSC::Heap::decrementDeferralDepthAndGCIfNeeded() 13 0x10dfcb458 JSC::DeferGC::~DeferGC() 14 0x10dfcafc5 JSC::DeferGC::~DeferGC() 15 0x10eda9471 JSC::Structure::takePropertyTableOrCloneIfPinned(JSC::VM&) 16 0x10eda8e7a JSC::Structure::addNewPropertyTransition(JSC::VM&, JSC::Structure*, JSC::PropertyName, unsigned int, int&, JSC::PutPropertySlot::Context, JSC::DeferredStructureTransitionWatchpointFire*) 17 0x10e1f882b bool JSC::JSObject::putDirectInternal<(JSC::JSObject::PutMode)0>(JSC::VM&, JSC::PropertyName, JSC::JSValue, unsigned int, JSC::PutPropertySlot&) 18 0x10e1f7a95 JSC::JSObject::putInline(JSC::JSCell*, JSC::ExecState*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&) 19 0x10e1f2ff4 JSC::JSValue::putInline(JSC::ExecState*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&) 20 0x10e949dc3 operationPutByIdStrict 21 0x452ccf0481cf 22 0x452ccf0a8242 23 0x452ccf096126 24 0x452ccf047e73 25 0x452ccf0963dd 26 0x452ccf047e73 27 0x452ccf09ad93 28 0x452ccf047e73 29 0x452ccf096699 30 0x452ccf047e73 31 0x452ccf0a8242
Attachments
the patch (3.01 KB, patch)
2016-11-15 12:25 PST, Filip Pizlo 		saam: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Ryan Haddad
Comment 1 2016-10-05 14:25:18 PDT
<rdar://problem/28514822>
Ryan Haddad
Comment 2 2016-10-05 16:23:12 PDT
Marked test as flaky on mac-wk1 in http://trac.webkit.org/projects/webkit/changeset/206835
Filip Pizlo
Comment 3 2016-11-15 12:03:28 PST
Same problem as https://bugs.webkit.org/show_bug.cgi?id=164775.
Filip Pizlo
Comment 4 2016-11-15 12:04:35 PST
(In reply to comment #3) > Same problem as https://bugs.webkit.org/show_bug.cgi?id=164775. Wait, no it's not.
Filip Pizlo
Comment 5 2016-11-15 12:25:27 PST
Created attachment 294863 [details] the patch
Alexey Proskuryakov
Comment 6 2016-11-15 12:30:40 PST
*** Bug 141253 has been marked as a duplicate of this bug. ***
Filip Pizlo
Comment 7 2016-11-15 15:32:57 PST
Landed in https://trac.webkit.org/changeset/208762
Note You need to log in before you can comment on or make changes to this bug.