WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
19834
Failed assertion in JavaScriptCore/VM/SegmentedVector.h:82
https://bugs.webkit.org/show_bug.cgi?id=19834
Summary
Failed assertion in JavaScriptCore/VM/SegmentedVector.h:82
David Hansen
Reported
2008-06-30 21:03:09 PDT
Just run this little test program: #include <stdlib.h> #include <JavaScriptCore/JavaScript.h> static JSValueRef jsGet_prop (JSContextRef jsCtx, JSObjectRef jsObj, JSStringRef jsName, JSValueRef* jsExn) { return JSValueMakeNumber (jsCtx, 42.0); } static bool jsSet_prop (JSContextRef jsCtx, JSObjectRef jsObj, JSStringRef jsName, JSValueRef jsVal, JSValueRef* jsExn) { return true; } static JSClassRef create_class (void) { static const JSStaticValue vals[] = { { "a", jsGet_prop, jsSet_prop, kJSPropertyAttributeDontDelete }, { NULL, NULL, NULL, 0 } }; JSClassDefinition cdef = kJSClassDefinitionEmpty; cdef.className = "FooObject"; cdef.staticValues = vals; return JSClassCreate (&cdef); } int main (void) { JSClassRef jsClass; JSGlobalContextRef jsCtx; JSStringRef jsScript; jsScript = JSStringCreateWithUTF8CString ("// blah blub!"); jsClass = create_class (); jsCtx = JSGlobalContextCreate (jsClass); /* Boom! */ JSEvaluateScript (jsCtx, jsScript, NULL, NULL, 0, NULL); return EXIT_SUCCESS; } /* Local Variables: compile-command: "gcc -g -ggdb -O0 -W -Wall \ `pkg-config --cflags --libs webkit-1.0` \ jseval.c -o jseval" End: */ $ ./jseval ASSERTION FAILED: index < m_size (JavaScriptCore/VM/SegmentedVector.h:82 T& KJS::SegmentedVector<T, SegmentSize>::operator[](size_t) [with T = KJS::RegisterID, unsigned int SegmentSize = 512u]) segmentation fault
Attachments
naive fix
(5.62 KB, patch)
2008-07-01 07:53 PDT
,
Alexey Proskuryakov
darin
: review+
Details
Formatted Diff
Diff
View All
Add attachment
proposed patch, testcase, etc.
Alexey Proskuryakov
Comment 1
2008-07-01 03:06:23 PDT
I'm seeing the assertion failure on Mac OS X, too. Not being a JavaScriptCore API expect, I'm not sure if this is a bug or expected behavior for this usage.
Alexey Proskuryakov
Comment 2
2008-07-01 03:23:23 PDT
Feels more like a bug though, confirming.
David Hansen
Comment 3
2008-07-01 07:17:17 PDT
(In reply to
comment #2
)
> Feels more like a bug though, confirming. >
I should have added some more words... Was a bit tired. This is just the shortest test case I came up with. It doesn't depend on the implementation of the getter / setters. w/o assertions enabled it produces the weirdest things (I discovered this when I managed to define `undefined' to some function) but usually it just segfaults. Linking against electric fence (w/ disabled assertions) results in a seg fault in the hash table code. I suspect the symbol table of the global object is completely foobared. This started after updating from SVN yesterday, didn't happen before (about 1 week old version from svn). Hope this helps a bit to narrow it down.
Alexey Proskuryakov
Comment 4
2008-07-01 07:53:18 PDT
Created
attachment 22030
[details]
naive fix
Darin Adler
Comment 5
2008-07-01 08:20:49 PDT
Comment on
attachment 22030
[details]
naive fix Why not use new [] and OwnArrayPtr for registerArray? Why not have JSVariableObjectData inherit from Noncopyable rather than reimplementing it? Seems OK, as-is. r=me
Alexey Proskuryakov
Comment 6
2008-07-01 08:28:51 PDT
(In reply to
comment #5
)
> Why not have JSVariableObjectData inherit from Noncopyable rather than > reimplementing it?
Confusingly, Noncopyable didn't work for me, I was getting a compiler error ('class WTFNoncopyable::Noncopyable' is inaccessible). I couldn't figure out why.
Geoffrey Garen
Comment 7
2008-07-01 14:13:51 PDT
Comment on
attachment 22030
[details]
naive fix This patch looks good to me, too. In the long term, though, we should just get rid of JSGlobalObject::reset -- we no longer need to support resetting a global object.
Alexey Proskuryakov
Comment 8
2008-07-01 23:35:47 PDT
Committed revision 34946 (changed registerArray to OwnArrayPtr).
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug