run-webkit-tests fast/js/toString-stack-overflow.html Thread 0 Crashed: 0 com.apple.JavaScriptCore 0x0039ee4c std::pair<WTF::HashTableIterator<KJS::JSObject*, KJS::JSObject*, WTF::IdentityExtractor<KJS::JSObject*>, WTF::PtrHash<KJS::JSObject*>, WTF::HashTraits<KJS::JSObject*>, WTF::HashTraits<KJS::JSObject*> >, bool> WTF::HashTable<KJS::JSObject*, KJS::JSObject*, WTF::IdentityExtractor<KJS::JSObject*>, WTF::PtrHash<KJS::JSObject*>, WTF::HashTraits<KJS::JSObject*>, WTF::HashTraits<KJS::JSObject*> >::add<KJS::JSObject*, KJS::JSObject*, WTF::IdentityHashTranslator<KJS::JSObject*, KJS::JSObject*, WTF::PtrHash<KJS::JSObject*> > >(KJS::JSObject* const&, KJS::JSObject* const&) + 8 (HashTable.h:607) 1 com.apple.JavaScriptCore 0x0039f106 WTF::HashTable<KJS::JSObject*, KJS::JSObject*, WTF::IdentityExtractor<KJS::JSObject*>, WTF::PtrHash<KJS::JSObject*>, WTF::HashTraits<KJS::JSObject*>, WTF::HashTraits<KJS::JSObject*> >::add(KJS::JSObject* const&) + 52 (HashTable.h:306) 2 com.apple.JavaScriptCore 0x0039f13a WTF::HashSet<KJS::JSObject*, WTF::PtrHash<KJS::JSObject*>, WTF::HashTraits<KJS::JSObject*> >::add(KJS::JSObject* const&) + 38 (HashSet.h:207) 3 com.apple.JavaScriptCore 0x00347dba KJS::arrayProtoFuncToString(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 118 (array_object.cpp:95) 4 com.apple.JavaScriptCore 0x0031f57a KJS::PrototypeFunction::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 34 (function.cpp:742) 5 com.apple.JavaScriptCore 0x0031f7b5 KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 123 (object.cpp:51) 6 com.apple.JavaScriptCore 0x003253dd KJS::tryGetAndCallProperty(KJS::ExecState*, KJS::JSObject const*, KJS::Identifier const&) + 175 (object.cpp:260) 7 com.apple.JavaScriptCore 0x00344415 KJS::JSObject::defaultValue(KJS::ExecState*, KJS::JSType) const + 145 (object.cpp:287) 8 com.apple.JavaScriptCore 0x0037843c KJS::JSObject::toPrimitive(KJS::ExecState*, KJS::JSType) const + 38 (object.h:641) 9 com.apple.JavaScriptCore 0x00342da4 KJS::JSObject::toString(KJS::ExecState*) const + 46 (object.cpp:498) 10 com.apple.JavaScriptCore 0x003bb681 KJS::JSValue::toString(KJS::ExecState*) const + 89 (value.h:518) 11 com.apple.JavaScriptCore 0x00347f1b KJS::arrayProtoFuncToString(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 471 (array_object.cpp:114) 12 com.apple.JavaScriptCore 0x0031f57a KJS::PrototypeFunction::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 34 (function.cpp:742) 13 com.apple.JavaScriptCore 0x0031f7b5 KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 123 (object.cpp:51) 14 com.apple.JavaScriptCore 0x003253dd KJS::tryGetAndCallProperty(KJS::ExecState*, KJS::JSObject const*, KJS::Identifier const&) + 175 (object.cpp:260) 15 com.apple.JavaScriptCore 0x00344415 KJS::JSObject::defaultValue(KJS::ExecState*, KJS::JSType) const + 145 (object.cpp:287) 16 com.apple.JavaScriptCore 0x0037843c KJS::JSObject::toPrimitive(KJS::ExecState*, KJS::JSType) const + 38 (object.h:641) 17 com.apple.JavaScriptCore 0x00342da4 KJS::JSObject::toString(KJS::ExecState*) const + 46 (object.cpp:498) 18 com.apple.JavaScriptCore 0x003bb681 KJS::JSValue::toString(KJS::ExecState*) const + 89 (value.h:518) 19 com.apple.JavaScriptCore 0x00347f1b KJS::arrayProtoFuncToString(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 471 (array_object.cpp:114) ... (as the title says, it's a stack overflow, so the top of your trace may be different).
Reverting r34020 (which removed old recursion protection) fixes this.
<rdar://problem/5955430>
OK, Oliver just rolled out r34020.
I don't think we can call this fixed, because it indicates that squirrelfish's own recursion protection doesn't work in this case.
Renaming and changing priority accordingly. This might be the first conditional bug in our Bugzilla!
This was made irrelevant by r34309: http://trac.webkit.org/changeset/34309