RESOLVED FIXED 19498
REGRESSION (r34497): crash while loading GMail 
https://bugs.webkit.org/show_bug.cgi?id=19498
Summary REGRESSION (r34497): crash while loading GMail
Ismail Donmez
Reported 2008-06-11 14:04:27 PDT
Revision 34498, pretty new regression, backtrace : Process: Safari [68013] Path: /Users/cartman/Applications/WebKit.app/Contents/MacOS/WebKit Identifier: org.webkit.nightly.WebKit Version: r31275 (31275) Code Type: X86 (Native) Parent Process: launchd [72] Date/Time: 2008-06-12 00:04:59.602 +0300 OS Version: Mac OS X 10.5.3 (9D34) Report Version: 6 Exception Type: EXC_BAD_ACCESS (SIGBUS) Exception Codes: KERN_PROTECTION_FAILURE at 0x000000000000002d Crashed Thread: 0 Thread 0 Crashed: 0 ??? 0x00560065 0 + 5636197 1 com.apple.JavaScriptCore 0x004298d8 KJS::Machine::execute(KJS::FunctionBodyNode*, KJS::ExecState*, KJS::FunctionImp*, KJS::JSObject*, KJS::List const&, KJS::RegisterFileStack*, KJS::ScopeChainNode*, KJS::JSValue**) + 760 (RegisterFile.h:112) 2 com.apple.JavaScriptCore 0x0036af28 KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 232 (RegisterFile.h:147) 3 com.apple.JavaScriptCore 0x003f2e3c KJS::functionProtoFuncCall(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 204 (list.h:71) 4 com.apple.JavaScriptCore 0x00428c49 KJS::Machine::privateExecute(KJS::Machine::ExecutionFlag, KJS::ExecState*, KJS::RegisterFile*, KJS::Register*, KJS::ScopeChainNode*, KJS::CodeBlock*, KJS::JSValue**) + 29401 (RegisterFile.h:147) 5 com.apple.JavaScriptCore 0x004298d8 KJS::Machine::execute(KJS::FunctionBodyNode*, KJS::ExecState*, KJS::FunctionImp*, KJS::JSObject*, KJS::List const&, KJS::RegisterFileStack*, KJS::ScopeChainNode*, KJS::JSValue**) + 760 (RegisterFile.h:112) 6 com.apple.JavaScriptCore 0x0036af28 KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 232 (RegisterFile.h:147) 7 com.apple.JavaScriptCore 0x003f2965 KJS::functionProtoFuncApply(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 1237 (function_object.cpp:107) 8 com.apple.JavaScriptCore 0x00428c49 KJS::Machine::privateExecute(KJS::Machine::ExecutionFlag, KJS::ExecState*, KJS::RegisterFile*, KJS::Register*, KJS::ScopeChainNode*, KJS::CodeBlock*, KJS::JSValue**) + 29401 (RegisterFile.h:147) 9 com.apple.JavaScriptCore 0x004298d8 KJS::Machine::execute(KJS::FunctionBodyNode*, KJS::ExecState*, KJS::FunctionImp*, KJS::JSObject*, KJS::List const&, KJS::RegisterFileStack*, KJS::ScopeChainNode*, KJS::JSValue**) + 760 (RegisterFile.h:112) 10 com.apple.JavaScriptCore 0x0036af28 KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 232 (RegisterFile.h:147) 11 com.apple.JavaScriptCore 0x003f2965 KJS::functionProtoFuncApply(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 1237 (function_object.cpp:107) 12 com.apple.JavaScriptCore 0x00428c49 KJS::Machine::privateExecute(KJS::Machine::ExecutionFlag, KJS::ExecState*, KJS::RegisterFile*, KJS::Register*, KJS::ScopeChainNode*, KJS::CodeBlock*, KJS::JSValue**) + 29401 (RegisterFile.h:147) 13 com.apple.JavaScriptCore 0x004298d8 KJS::Machine::execute(KJS::FunctionBodyNode*, KJS::ExecState*, KJS::FunctionImp*, KJS::JSObject*, KJS::List const&, KJS::RegisterFileStack*, KJS::ScopeChainNode*, KJS::JSValue**) + 760 (RegisterFile.h:112) 14 com.apple.JavaScriptCore 0x0036af28 KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 232 (RegisterFile.h:147) 15 com.apple.JavaScriptCore 0x003f2965 KJS::functionProtoFuncApply(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 1237 (function_object.cpp:107) 16 com.apple.JavaScriptCore 0x00428c49 KJS::Machine::privateExecute(KJS::Machine::ExecutionFlag, KJS::ExecState*, KJS::RegisterFile*, KJS::Register*, KJS::ScopeChainNode*, KJS::CodeBlock*, KJS::JSValue**) + 29401 (RegisterFile.h:147) 17 com.apple.JavaScriptCore 0x00429c0a KJS::Machine::execute(KJS::ProgramNode*, KJS::ExecState*, KJS::ScopeChainNode*, KJS::JSObject*, KJS::RegisterFileStack*, KJS::JSValue**) + 426 (Machine.cpp:673) 18 com.apple.JavaScriptCore 0x003f3153 KJS::Interpreter::evaluate(KJS::ExecState*, KJS::ScopeChain&, KJS::UString const&, int, WTF::PassRefPtr<KJS::SourceProvider>, KJS::JSValue*) + 355 (interpreter.cpp:83) 19 com.apple.WebCore 0x015848be WebCore::KJSProxy::evaluate(WebCore::String const&, int, WebCore::String const&) + 238 (kjs_proxy.cpp:89) 20 com.apple.WebCore 0x011a5c34 WebCore::FrameLoader::executeScript(WebCore::String const&, int, WebCore::String const&) + 116 (FrameLoader.cpp:785) 21 com.apple.WebCore 0x0120fce1 WebCore::HTMLTokenizer::scriptExecution(WebCore::String const&, WebCore::HTMLTokenizer::State, WebCore::String const&, int) + 241 (HTMLTokenizer.h:321) 22 com.apple.WebCore 0x0121373e WebCore::HTMLTokenizer::scriptHandler(WebCore::HTMLTokenizer::State) + 2830 (HTMLTokenizer.cpp:480) 23 com.apple.WebCore 0x012153f1 WebCore::HTMLTokenizer::parseSpecial(WebCore::SegmentedString&, WebCore::HTMLTokenizer::State) + 2273 (HTMLTokenizer.cpp:330) 24 com.apple.WebCore 0x01217fee WebCore::HTMLTokenizer::parseTag(WebCore::SegmentedString&, WebCore::HTMLTokenizer::State) + 8798 (HTMLTokenizer.cpp:1548) 25 com.apple.WebCore 0x01218d4b WebCore::HTMLTokenizer::write(WebCore::SegmentedString const&, bool) + 1387 (HTMLTokenizer.cpp:1729) 26 com.apple.WebCore 0x011963c8 WebCore::FrameLoader::write(char const*, int, bool) + 424 (Deque.h:335) 27 com.apple.WebCore 0x01196857 WebCore::FrameLoader::addData(char const*, int) + 39 (FrameLoader.cpp:1863) 28 com.apple.WebKit 0x001b9e79 -[WebFrame(WebInternal) _receivedData:textEncodingName:] + 137 (RefPtr.h:51) 29 com.apple.WebKit 0x001c7448 -[WebHTMLRepresentation receivedData:withDataSource:] + 264 (WebHTMLRepresentation.mm:165) 30 com.apple.WebKit 0x001adc5b -[WebDataSource(WebInternal) _receivedData:] + 91 (WebDataSource.mm:199) 31 com.apple.WebKit 0x001c1e59 WebFrameLoaderClient::committedLoad(WebCore::DocumentLoader*, char const*, int) + 137 (WebFrameLoaderClient.mm:708) 32 com.apple.WebCore 0x0113a2c6 WebCore::DocumentLoader::commitLoad(char const*, int) + 70 (RefPtr.h:51) 33 com.apple.WebCore 0x01437025 WebCore::ResourceLoader::didReceiveData(char const*, int, long long, bool) + 69 (ResourceLoader.cpp:251) 34 com.apple.WebCore 0x01368357 WebCore::MainResourceLoader::didReceiveData(char const*, int, long long, bool) + 71 (RefPtr.h:51) 35 com.apple.WebCore 0x01436c08 WebCore::ResourceLoader::didReceiveData(WebCore::ResourceHandle*, char const*, int, int) + 56 (ResourceLoader.cpp:385) 36 com.apple.Foundation 0x93944e27 -[NSURLConnection(NSURLConnectionReallyInternal) sendDidReceiveData:originalLength:] + 119 37 com.apple.Foundation 0x93944d71 _NSURLConnectionDidReceiveData + 177 38 com.apple.CFNetwork 0x926337ab sendDidReceiveDataCallback + 518 39 com.apple.CFNetwork 0x92630cee _CFURLConnectionSendCallbacks + 1586 40 com.apple.CFNetwork 0x9263063f muxerSourcePerform + 283 41 com.apple.CoreFoundation 0x9047460e CFRunLoopRunSpecific + 3166 42 com.apple.CoreFoundation 0x90474cf8 CFRunLoopRunInMode + 88 43 com.apple.HIToolbox 0x93b92da4 RunCurrentEventLoopInMode + 283 44 com.apple.HIToolbox 0x93b92bbd ReceiveNextEventCommon + 374 45 com.apple.HIToolbox 0x93b92a31 BlockUntilNextEventMatchingListInMode + 106 46 com.apple.AppKit 0x92c61505 _DPSNextEvent + 657 47 com.apple.AppKit 0x92c60db8 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 128 48 com.apple.Safari 0x00007c7e 0x1000 + 27774 49 com.apple.AppKit 0x92c59df3 -[NSApplication run] + 795 50 com.apple.AppKit 0x92c27030 NSApplicationMain + 574 51 com.apple.Safari 0x000b4de6 0x1000 + 736742
Attachments
Proposed patch (7.20 KB, patch)
2008-06-11 17:22 PDT, Cameron Zwarich (cpst) 		mjs: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Matt Lilek
Comment 1 2008-06-11 15:14:15 PDT
Looks like Cameron broke this with <http://trac.webkit.org/changeset/34497>.
Darin Adler
Comment 2 2008-06-11 16:55:31 PDT
We figured out the problem. We're doing bad code generation when combining the less opcode with a branch in the logical or case because we are optimizing out a needed side effect. Cameron's working on a fix.
Cameron Zwarich (cpst)
Comment 3 2008-06-11 17:22:23 PDT
Created attachment 21652 [details] Proposed patch Here it is.
Maciej Stachowiak
Comment 4 2008-06-11 17:24:07 PDT
Comment on attachment 21652 [details] Proposed patch r=me
Cameron Zwarich (cpst)
Comment 5 2008-06-11 17:35:05 PDT
Landed in r34500.
Note You need to log in before you can comment on or make changes to this bug.