Bug 25981 - REGRESSION: jQuery load() issue.
Summary: REGRESSION: jQuery load() issue.
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: 528+ (Nightly build)
Hardware: Macintosh OS X 10.5
: P1 Normal
Assignee: Gavin Barraclough
Keywords: InRadar, NeedsReduction, Regression
: 26013 (view as bug list)
Depends on:
Reported: 2009-05-23 17:59 PDT by Ashley Williams
Modified: 2009-05-28 14:11 PDT (History)
4 users (show)

See Also:

Fix (11.93 KB, patch)
2009-05-26 19:37 PDT, Gavin Barraclough
oliver: review+
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Ashley Williams 2009-05-23 17:59:27 PDT
Just updated to the latest nightly (r44078), and this bug with jQuerys load() function has popped up. Here's how to (hopefully) reproduce it:

1) create a file with the current code:

		<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
		<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
			<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
		  <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3/jquery.min.js"></script>
			<script type="text/javascript" charset="utf-8">
			      var a = this;
		        $('#page').load(a.href, function(responseText, textStatus, req){
		          console.log("Loading: "+textStatus)
		        return false;
		  <a href="http://google.com" rel="load">Google</a>
		  <div id="page">
2) open it in safari (r44078), open the error console, and spam the link (it's fine if you press it once or twice, thus the need to spam it)
3) Instead of executing the requests one at a time (and outputting "Loading: success" in the console for as many times as you spammed the link), it'll just freeze (just the javascript, not the application) and stop the requests completely.
I've tested it in the prior nightly (r44015) and it's functioning fine.
Comment 1 Mark Rowe (bdash) 2009-05-23 19:27:32 PDT
Comment 2 Alexey Proskuryakov 2009-05-24 03:33:40 PDT
I do not see an obvious culprit in this range. Could be a result of some JavaScript changes, or of abarth's ResourceRequest ones.

I haven't tried to reproduce this yet.
Comment 3 Alexey Proskuryakov 2009-05-24 04:17:50 PDT
Seeing an assertion failure in JavaScript on a debug build:

ASSERTION FAILED: result == JSValue(callee)
(/Users/ap/Safari/OpenSource/JavaScriptCore/jit/JITStubs.cpp:745 static void* JSC::JITStubs::cti_op_get_by_id_method_check_second(void*, ...))

Comment 4 Gavin Barraclough 2009-05-26 19:37:46 PDT
Created attachment 30692 [details]

Method call caching was failing to clear the cached value when overwriting a property in a dictionary.

No performance impact.
Comment 5 Oliver Hunt 2009-05-26 19:42:59 PDT
Comment on attachment 30692 [details]

Correct the changelog so that it looks like it was written by someone who knows english and r=me
Comment 6 Gavin Barraclough 2009-05-26 19:48:05 PDT
Sending        JavaScriptCore/ChangeLog
Sending        JavaScriptCore/JavaScriptCore.exp
Sending        JavaScriptCore/jit/JITStubs.cpp
Sending        JavaScriptCore/runtime/JSObject.h
Sending        JavaScriptCore/runtime/Structure.cpp
Sending        JavaScriptCore/runtime/Structure.h
Transmitting file data ......
Committed revision 44171.
Comment 7 Alexey Proskuryakov 2009-05-28 14:11:10 PDT
*** Bug 26013 has been marked as a duplicate of this bug. ***