22682 – Assertion failure in JSC::asCell while debugging SlickSpeed tests

Bug 22682 - Assertion failure in JSC::asCell while debugging SlickSpeed tests

Summary: Assertion failure in JSC::asCell while debugging SlickSpeed tests

Status:	RESOLVED WORKSFORME

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	JavaScriptCore (show other bugs)
Version:	528+ (Nightly build)
Hardware:	PC Windows XP

Importance:	P2 Normal
Assignee:	Nobody

URL:	http://mootools.net/slickspeed/
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2008-12-05 08:17 PST by Adam Roben (:aroben)
Modified:	2009-02-17 15:23 PST (History)
CC List:	6 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Adam Roben (:aroben) 2008-12-05 08:17:09 PST

To reproduce:

1. Go to http://mootools.net/slickspeed/
2. Choose Develop > Show Web Inspector
3. Go to the Scripts panel in the Web Inspector and click "Enable Debugging"
4. Enable "Pause on Exceptions" by clicking the button in the status bar that looks like a stop sign (or an electrical outlet ;-)
5. Click "Start Tests" on the webpage

You'll hit this assertion:

        ASSERT(!JSImmediate::isImmediate(value));

value is 0x2

Here's the backtrace:

>	WebKit_debug.dll!JSC::asCell(JSC::JSValue * value=0x00000002)  Line 114 + 0x2c bytes	C++
 	WebKit_debug.dll!JSC::asObject(JSC::JSValue * value=0x00000002)  Line 214 + 0x9 bytes	C++
 	WebKit_debug.dll!JSC::DebuggerCallFrame::thisObject()  Line 64 + 0x10 bytes	C++
 	WebKit_debug.dll!WebCore::JavaScriptCallFrame::thisObject()  Line 88	C++
 	WebKit_debug.dll!WebCore::JSJavaScriptCallFrame::thisObject(JSC::ExecState * exec=0x05bdc06c)  Line 49 + 0xf bytes	C++
 	WebKit_debug.dll!WebCore::jsJavaScriptCallFrameThisObject(JSC::ExecState * exec=0x05bdc06c, const JSC::Identifier & __formal={...}, const JSC::PropertySlot & slot={...})  Line 129	C++
 	WebKit_debug.dll!JSC::PropertySlot::getValue(JSC::ExecState * exec=0x05bdc06c, const JSC::Identifier & propertyName={...})  Line 62 + 0x15 bytes	C++
 	WebKit_debug.dll!WebCore::JSQuarantinedObjectWrapper::getOwnPropertySlot(JSC::ExecState * exec=0x0aed0c18, const JSC::Identifier & identifier={...}, JSC::PropertySlot & slot={...})  Line 114 + 0x15 bytes	C++
 	WebKit_debug.dll!JSC::JSCell::fastGetOwnPropertySlot(JSC::ExecState * exec=0x0aed0c18, const JSC::Identifier & propertyName={...}, JSC::PropertySlot & slot={...})  Line 331 + 0x1b bytes	C++
 	WebKit_debug.dll!JSC::JSValue::get(JSC::ExecState * exec=0x0aed0c18, const JSC::Identifier & propertyName={...}, JSC::PropertySlot & slot={...})  Line 484 + 0x14 bytes	C++
 	WebKit_debug.dll!JSC::Interpreter::cti_op_get_by_id(void * * args=0x0012eefc)  Line 4523 + 0x14 bytes	C++
 	WebKit_debug.dll!JSC::Interpreter::cti_op_convert_this()  + 0xdf bytes	C++
 	WebKit_debug.dll!JSC::Interpreter::execute(JSC::FunctionBodyNode * functionBodyNode=0x17663c08, JSC::ExecState * callFrame=0x0aed0aa0, JSC::JSFunction * function=0x0e8022e0, JSC::JSObject * thisObj=0x0e80e4a0, const JSC::ArgList & args={...}, JSC::ScopeChainNode * scopeChain=0x120f4650, JSC::JSValue * * exception=0x05ac64dc)  Line 1006 + 0x22 bytes	C++
 	WebKit_debug.dll!JSC::JSFunction::call(JSC::ExecState * exec=0x0aed0aa0, JSC::JSValue * thisValue=0x0e80e4a0, const JSC::ArgList & args={...})  Line 83	C++
 	WebKit_debug.dll!JSC::call(JSC::ExecState * exec=0x0aed0aa0, JSC::JSValue * functionObject=0x0e8022e0, JSC::CallType callType=CallTypeJS, const JSC::CallData & callData={...}, JSC::JSValue * thisValue=0x0e80e4a0, const JSC::ArgList & args={...})  Line 40	C++
 	WebKit_debug.dll!JSC::functionProtoFuncCall(JSC::ExecState * exec=0x0aed0aa0, JSC::JSObject * __formal=0x0fd597e0, JSC::JSValue * thisValue=0x0e8022e0, const JSC::ArgList & args={...})  Line 133 + 0x1d bytes	C++
 	WebKit_debug.dll!JSC::Interpreter::cti_op_call_NotJSFunction(void * * args=0x0012f19c)  Line 4971 + 0x24 bytes	C++
 	WebKit_debug.dll!JSC::Interpreter::cti_op_convert_this()  + 0xdf bytes	C++
 	WebKit_debug.dll!JSC::Interpreter::execute(JSC::FunctionBodyNode * functionBodyNode=0x17200568, JSC::ExecState * callFrame=0x0aed0430, JSC::JSFunction * function=0x0fd500c0, JSC::JSObject * thisObj=0x0e80fc80, const JSC::ArgList & args={...}, JSC::ScopeChainNode * scopeChain=0x120f4650, JSC::JSValue * * exception=0x05ac64dc)  Line 1006 + 0x22 bytes	C++
 	WebKit_debug.dll!JSC::JSFunction::call(JSC::ExecState * exec=0x0aed0430, JSC::JSValue * thisValue=0x0e80fc80, const JSC::ArgList & args={...})  Line 83	C++
 	WebKit_debug.dll!JSC::call(JSC::ExecState * exec=0x0aed0430, JSC::JSValue * functionObject=0x0fd500c0, JSC::CallType callType=CallTypeJS, const JSC::CallData & callData={...}, JSC::JSValue * thisValue=0x0e80fc80, const JSC::ArgList & args={...})  Line 40	C++
 	WebKit_debug.dll!JSC::JSObject::put(JSC::ExecState * exec=0x0aed0430, const JSC::Identifier & propertyName={...}, JSC::JSValue * value=0x090f85a0, JSC::PutPropertySlot & slot={...})  Line 152 + 0x20 bytes	C++
 	WebKit_debug.dll!JSC::JSValue::put(JSC::ExecState * exec=0x0aed0430, const JSC::Identifier & propertyName={...}, JSC::JSValue * value=0x090f85a0, JSC::PutPropertySlot & slot={...})  Line 526 + 0x2a bytes	C++
 	WebKit_debug.dll!JSC::Interpreter::cti_op_put_by_id(void * * args=0x0012f3f4)  Line 4477	C++
 	WebKit_debug.dll!JSC::Interpreter::cti_op_convert_this()  + 0xdf bytes	C++
 	WebKit_debug.dll!JSC::Interpreter::execute(JSC::FunctionBodyNode * functionBodyNode=0x17379748, JSC::ExecState * callFrame=0x114685dc, JSC::JSFunction * function=0x0fd545e0, JSC::JSObject * thisObj=0x0fd551e0, const JSC::ArgList & args={...}, JSC::ScopeChainNode * scopeChain=0x120f4650, JSC::JSValue * * exception=0x05ac64dc)  Line 1006 + 0x22 bytes	C++
 	WebKit_debug.dll!JSC::JSFunction::call(JSC::ExecState * exec=0x114685dc, JSC::JSValue * thisValue=0x0fd551e0, const JSC::ArgList & args={...})  Line 83	C++
 	WebKit_debug.dll!JSC::call(JSC::ExecState * exec=0x114685dc, JSC::JSValue * functionObject=0x0fd545e0, JSC::CallType callType=CallTypeJS, const JSC::CallData & callData={...}, JSC::JSValue * thisValue=0x0fd551e0, const JSC::ArgList & args={...})  Line 40	C++
 	WebKit_debug.dll!JSObjectCallAsFunction(const OpaqueJSContext * ctx=0x114685dc, OpaqueJSValue * object=0x0fd545e0, OpaqueJSValue * thisObject=0x0fd551e0, unsigned int argumentCount=0, const OpaqueJSValue * const * arguments=0x00000000, const OpaqueJSValue * * exception=0x0012f620)  Line 399 + 0x23 bytes	C++
 	WebKit_debug.dll!WebCore::InspectorController::callFunction(const OpaqueJSContext * context=0x114685dc, OpaqueJSValue * thisObject=0x0fd551e0, const char * functionName=0x01ddd524, unsigned int argumentCount=0, const OpaqueJSValue * const * arguments=0x00000000, const OpaqueJSValue * & exception=0x00000000)  Line 152 + 0x1d bytes	C++
 	WebKit_debug.dll!WebCore::InspectorController::didPause()  Line 2882	C++
 	WebKit_debug.dll!WebCore::dispatchFunctionToListeners(const WTF::HashSet<WebCore::JavaScriptDebugListener *,WTF::PtrHash<WebCore::JavaScriptDebugListener *>,WTF::HashTraits<WebCore::JavaScriptDebugListener *> > & listeners={...}, void (void)* callback=0x014883a0)  Line 314 + 0x13 bytes	C++
 	WebKit_debug.dll!WebCore::JavaScriptDebugServer::dispatchFunctionToListeners(void (void)* callback=0x014883a0, WebCore::Page * page=0x0558cb88)  Line 330 + 0xd bytes	C++
 	WebKit_debug.dll!WebCore::JavaScriptDebugServer::pauseIfNeeded(WebCore::Page * page=0x0558cb88)  Line 415	C++
 	WebKit_debug.dll!WebCore::JavaScriptDebugServer::exception(const JSC::DebuggerCallFrame & debuggerCallFrame={...}, int sourceID=174793304, int lineNumber=20)  Line 483	C++
 	WebKit_debug.dll!JSC::Interpreter::throwException(JSC::ExecState * & callFrame=0x0aed02b0, JSC::JSValue * & exceptionValue=0x090f9060, const JSC::Instruction * vPC=0x17d34ecc, bool explicitThrow=false)  Line 843 + 0x2b bytes	C++
 	WebKit_debug.dll!JSC::Interpreter::cti_vm_throw(void * * args=0x0012f7f8)  Line 6108 + 0x27 bytes	C++
 	WebKit_debug.dll!JSC::Interpreter::cti_op_convert_this()  + 0xdf bytes	C++
 	WebKit_debug.dll!JSC::Interpreter::execute(JSC::FunctionBodyNode * functionBodyNode=0x174c9948, JSC::ExecState * callFrame=0x0a2f1a74, JSC::JSFunction * function=0x0fd59920, JSC::JSObject * thisObj=0x078f4040, const JSC::ArgList & args={...}, JSC::ScopeChainNode * scopeChain=0x1135ad48, JSC::JSValue * * exception=0x05ac64dc)  Line 1006 + 0x22 bytes	C++
 	WebKit_debug.dll!JSC::JSFunction::call(JSC::ExecState * exec=0x0a2f1a74, JSC::JSValue * thisValue=0x078f4040, const JSC::ArgList & args={...})  Line 83	C++
 	WebKit_debug.dll!JSC::call(JSC::ExecState * exec=0x0a2f1a74, JSC::JSValue * functionObject=0x0fd59920, JSC::CallType callType=CallTypeJS, const JSC::CallData & callData={...}, JSC::JSValue * thisValue=0x078f4040, const JSC::ArgList & args={...})  Line 40	C++
 	WebKit_debug.dll!WebCore::ScheduledAction::execute(WebCore::JSDOMWindowShell * windowShell=0x078f4040)  Line 75 + 0x25 bytes	C++
 	WebKit_debug.dll!WebCore::JSDOMWindowBase::timerFired(WebCore::DOMTimer * timer=0x18290ef8)  Line 895	C++
 	WebKit_debug.dll!WebCore::DOMTimer::fired()  Line 71	C++
 	WebKit_debug.dll!WebCore::TimerBase::fireTimers(double fireTime=1228493686.9491339, const WTF::Vector<WebCore::TimerBase *,0> & firingTimers=[1](0x18290ef8 {m_nextFireTime=1.1080535411388742e-197 m_repeatInterval=-1.4568160835476641e+144 m_heapIndex=524295 ...}))  Line 347 + 0xf bytes	C++
 	WebKit_debug.dll!WebCore::TimerBase::sharedTimerFired()  Line 368 + 0x12 bytes	C++
 	WebKit_debug.dll!WebCore::TimerWindowWndProc(HWND__ * hWnd=0x00060844, unsigned int message=49540, unsigned int wParam=0, long lParam=0)  Line 102 + 0x8 bytes	C++

Comment 1 Geoffrey Garen 2009-01-05 14:43:42 PST

<rdar://problem/6473972>

Comment 2 Alice Liu 2009-02-17 15:23:03 PST

I tried this on XP in a debug build, and other than 3 tests throwing exceptions, I didn't encounter any problems.  I did not hit the described assertion failure.