RESOLVED FIXED 163314
Assertion failed under operationToLowerCase with a rope with zero length 
https://bugs.webkit.org/show_bug.cgi?id=163314
Summary Assertion failed under operationToLowerCase with a rope with zero length
Joseph Pecoraro
Reported 2016-10-11 20:43:44 PDT
Summary: Assertion failed under operationToLowerCase opening inspector² Steps to Reproduce: 1. Get a debug build 2. Open inspector¹ 3. Open inspector² => ASSERT ASSERTION FAILED: length Source/WTF/wtf/text/StringImpl.cpp(182) : static Ref<WTF::StringImpl> WTF::StringImpl::createUninitializedInternalNonEmpty(unsigned int, CharType *&) [CharType = unsigned char] 1 0x10ed908bd WTFCrash 2 0x10eddceb8 WTF::Ref<WTF::StringImpl> WTF::StringImpl::createUninitializedInternalNonEmpty<unsigned char>(unsigned int, unsigned char*&) 3 0x10eddda14 WTF::StringImpl::convertToLowercaseWithoutLocaleStartingAtFailingIndex8Bit(unsigned int) 4 0x10ee08b6d WTF::String::convertToLowercaseWithoutLocaleStartingAtFailingIndex8Bit(unsigned int) const 5 0x10e3000fa operationToLowerCase 6 0x48aabb23e3bf 7 0x48aabb23aa57 8 0x48aabb1cf352 9 0x48aabb22dd82 10 0x48aabb1c522c 11 0x48aabb189510 12 0x48aabb2020c6 13 0x48aabb2153ec 14 0x48aabb15bb20 15 0x48aabb17f001 16 0x10e9756ba llint_entry 17 0x10e975734 llint_entry 18 0x10e96e24e vmEntryToJavaScript 19 0x10e757429 JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) 20 0x10e6d6bbf JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) 21 0x10df3c538 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) 22 0x10e7b26cd JSC::boundThisNoArgsFunctionCall(JSC::ExecState*) 23 0x48aabb0126e7 24 0x10e975b7c llint_entry 25 0x10e9756ba llint_entry 26 0x10e9756ba llint_entry 27 0x10e9756ba llint_entry 28 0x10e96e24e vmEntryToJavaScript 29 0x10e757429 JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) 30 0x10e6d6bbf JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) 31 0x10df3c538 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)
Attachments
patch (4.96 KB, patch)
2016-10-12 18:08 PDT, Saam Barati 		mark.lam: review+
DetailsFormatted DiffDiff
patch for landing (4.94 KB, patch)
2016-10-14 10:18 PDT, Saam Barati 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Saam Barati
Comment 1 2016-10-11 21:10:49 PDT
*** Bug 163313 has been marked as a duplicate of this bug. ***
Joseph Pecoraro
Comment 2 2016-10-12 17:41:59 PDT
Caught in the debugger I can get the JavaScript frames: (lldb) btjs * thread #1: tid = 0x17c773, 0x000000010ed00804, queue = 'com.apple.main-thread, stop reason = EXC_BAD_ACCESS (code=1, addre? frame #0: 0x000000010ed00804 JavaScriptCore`::WTFCrash() + 36 at Assertions.cpp:323 frame #1: 0x000000010ed4cdf8 JavaScriptCore`WTF::Ref<WTF::StringImpl> WTF::StringImpl::createUninitializedInternalNonEmpty<unsigned char>(length=0, data=<no value available>) + 72 at StringImpl.cpp:182 frame #2: 0x000000010ed4d954 JavaScriptCore`WTF::StringImpl::convertToLowercaseWithoutLocaleStartingAtFailingIndex8Bit(this={ length = 0, is8bit = 1, contents = '' }, failingIndex=0) + 116 at StringImpl.cpp:429 frame #3: 0x000000010ed78aad JavaScriptCore`WTF::String::convertToLowercaseWithoutLocaleStartingAtFailingIndex8Bit(this={ length = 0, contents = '' }, failingIndex=0) const + 93 at WTFString.cpp:365 frame #4: 0x000000010e26fe1a JavaScriptCore`::operationToLowerCase(exec=0x00007fff57c30700, string=0x0000000122d540a0, failingIndex=0) + 266 at DFGOperations.cpp:1526 frame #5: 0x00004550dae2c41f parseURL#CeJir5 [DFG](Cell[Window ID: 14469]: 0x11f75c0a0, "file:///Users/pecoraro/Build/Debug/WebInspectorUI.framework/Resources/Models/ResourceQueryMatch.js") frame #6: 0x00004550dae289ae _updateTitles#Cagyoq [DFG](Cell[Object ID: 12179]: 0x1262467e0) frame #7: 0x00004550dad8eeb3 _updateResource#BX7IA4 [Baseline](Cell[Object ID: 12179]: 0x1262467e0, Cell[Object ID: 12229]: 0x1262463c0) frame #8: 0x00004550dae21d02 ResourceTreeElement#BrPePF [DFG](<JSValue()>, Cell[Object ID: 12229]: 0x1262463c0) frame #9: 0x00004550dad8736c _addTreeElementForSourceCodeToTreeOutline#EYkdVP [Baseline](Cell[Object ID: 12240]: 0x122da7e60, Cell[Object ID: 12229]: 0x1262463c0, Cell[Object ID: 14708]: 0x122d62780) frame #10: 0x00004550dad705b0 _addResource#Ab2oND [Baseline](Cell[Object ID: 12240]: 0x122da7e60, Cell[Object ID: 12229]: 0x1262463c0) frame #11: 0x00004550dadc24a6 _resourceAdded#A1GokE [DFG](Cell[Object ID: 12240]: 0x122da7e60, Cell[Object ID: 11290]: 0x126225c20) frame #12: 0x00004550dae11502 dispatch#ALOGGc [DFG](Undefined, Cell[Function ID: 4013]: 0x120a339a0) frame #13: 0x00004550dad43d3c dispatchEventToListeners#B97qyR [DFG](Cell[Object ID: 12571]: 0x122d63640, "frame-resource-was-added", Cell[Object ID: 12072]: 0x1262465a0) frame #14: 0x00004550dad660a1 addResource#AvzKyY [Baseline](Cell[Object ID: 12571]: 0x122d63640, Cell[Object ID: 12229]: 0x1262463c0) frame #15: 0x000000010e8e561a _addFrameTreeFromFrameResourceTreePayload#Ar2abc [LLInt](Cell[Object ID: 14466]: 0x11f62b660, Cell[Object ID: 14336]: 0x122cd6b60, True) frame #16: 0x000000010e8e5694 _processMainFrameResourceTreePayload#AiF4sn [LLInt](Cell[Object ID: 14466]: 0x11f62b660, Null, Cell[Object ID: 14336]: 0x122cd6b60) frame #17: 0x000000010e8de1ae JavaScriptCore`vmEntryToJavaScript + 334 at LowLevelInterpreter64.asm:253 frame #18: 0x000000010e6c7149 JavaScriptCore`JSC::JITCode::execute(this=0x0000000121656618, vm=0x000000011f5f2000, protoCallFrame=0x00007fff57c31120) + 329 at JITCode.cpp:81 frame #19: 0x000000010e6468df JavaScriptCore`JSC::Interpreter::executeCall(this=0x000000011efc0b40, callFrame=0x00007fff57c313d0, function=0x0000000121b0ef20, callType=JS, callData=0x00007fff57c31320, thisValue=JSValue @ 0x00007fff57c31220, args=0x00007fff57c312e8) + 1215 at Interpreter.cpp:948 frame #20: 0x000000010deac258 JavaScriptCore`JSC::call(exec=0x00007fff57c313d0, functionObject=JSValue @ 0x00007fff57c312a0, callType=JS, callData=0x00007fff57c31320, thisValue=JSValue @ 0x00007fff57c31298, args=0x00007fff57c312e8) + 184 at CallData.cpp:40
Saam Barati
Comment 3 2016-10-12 18:08:17 PDT
Created attachment 291432 [details] patch
Mark Lam
Comment 4 2016-10-12 18:16:15 PDT
Comment on attachment 291432 [details] patch View in context: https://bugs.webkit.org/attachment.cgi?id=291432&action=review r=me > JSTests/ChangeLog:3 > + Assertion failed under operationToLowerCase opening inspector² Please remove the non-ascii char. > Source/JavaScriptCore/ChangeLog:3 > + Assertion failed under operationToLowerCase opening inspector² Fix non-ascii char.
Saam Barati
Comment 5 2016-10-14 10:18:55 PDT
Created attachment 291643 [details] patch for landing
WebKit Commit Bot
Comment 6 2016-10-15 13:59:03 PDT
Comment on attachment 291643 [details] patch for landing Clearing flags on attachment: 291643 Committed r207377: <http://trac.webkit.org/changeset/207377>
WebKit Commit Bot
Comment 7 2016-10-15 13:59:08 PDT
All reviewed patches have been landed. Closing bug.
Darin Adler
Comment 8 2016-10-15 14:29:58 PDT
Comment on attachment 291643 [details] patch for landing View in context: https://bugs.webkit.org/attachment.cgi?id=291643&action=review > Source/JavaScriptCore/dfg/DFGOperations.cpp:1526 > + if (!inputString.length()) String has an isEmpty function; I normally assume we should always use that instead of checking length for 0 just in case we some day come up with a more efficient way to implement it. Unless we are also using the length.
Note You need to log in before you can comment on or make changes to this bug.