RESOLVED FIXED 26746
REGRESSION(r45039): Crashes inside JSEvent::put on PowerPC 
https://bugs.webkit.org/show_bug.cgi?id=26746
Summary REGRESSION(r45039): Crashes inside JSEvent::put on PowerPC
John Kieken
Reported 2009-06-25 18:22:32 PDT
Can't run Safari/Webkit for more than a few minutes without crashing today. Updated to latest nightly build three times today... no matter, I can't keep it going. I reload my tabs from scratch... Facebook, Netflix, etc. Then after clicking some links, switching tabs, or refreshing... boom... it crashes. I lost count at over a dozen crashes in the last few hours and four times in the last hour alone. I'll see about attaching the entire crash log here as a file. Too long to post otherwise. Jun 25 20:08:30 Power-Mac-G4 crashdump[518]: Safari crashed Jun 25 20:08:36 Power-Mac-G4 crashdump[518]: crash report written to: /Users/johnkieken/Library/Logs/CrashReporter/Safari.crash.log
Attachments
Safari Crash Log (3.89 MB, application/octet-stream)
2009-06-25 18:25 PDT, John Kieken 		no flags
Details
Page Source (466.12 KB, text/html)
2009-06-25 22:41 PDT, John Kieken 		no flags
Details
webarchive (1.96 MB, application/octet-stream)
2009-06-25 22:42 PDT, John Kieken 		no flags
Details
Most recent crash log (24.85 KB, text/plain)
2009-06-26 18:37 PDT, Deirdre Saoirse Moen 		no flags
Details
Fixeration! (1.30 KB, patch)
2009-06-26 22:09 PDT, Oliver Hunt 		mitz: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
John Kieken
Comment 1 2009-06-25 18:25:06 PDT
Created attachment 31896 [details] Safari Crash Log Safari Crash Log contains at least last four crashes.
Mark Rowe (bdash)
Comment 2 2009-06-25 22:17:55 PDT
Are there any single URLs that reliably trigger a crash?
Mark Rowe (bdash)
Comment 3 2009-06-25 22:20:14 PDT
<rdar://problem/7009684>
John Kieken
Comment 4 2009-06-25 22:25:31 PDT
Quote Mark: "Are there any single URLs that reliably trigger a crash?" Not that I can tell but many of them occurred while on Facebook just because that's what I was mostly doing. While a person's Facebook profile was loading caused a few. Then a few occurred while merely moving the mouse over to a menu item and happened either just before or during the click.
Mark Rowe (bdash)
Comment 5 2009-06-25 22:26:20 PDT
Does running SunSpider (eg, loading <http://www2.webkit.org/perf/sunspider-0.9/sunspider-driver.html>) cause you to crash?
John Kieken
Comment 6 2009-06-25 22:32:21 PDT
Quote Mark: "Does running SunSpider (eg, loading <http://www2.webkit.org/perf/sunspider-0.9/sunspider-driver.html>) cause you to crash?" No. ============================================ RESULTS (means and 95% confidence intervals) -------------------------------------------- Total: 26848.2ms +/- 32.0% -------------------------------------------- 3d: 7935.2ms +/- 39.0% cube: 4041.6ms +/- 55.7% morph: 2146.0ms +/- 22.4% raytrace: 1747.6ms +/- 25.0% access: 5560.8ms +/- 33.5% binary-trees: 107.8ms +/- 29.3% fannkuch: 178.8ms +/- 30.2% nbody: 5182.8ms +/- 34.2% nsieve: 91.4ms +/- 67.4% bitops: 1223.6ms +/- 35.6% 3bit-bits-in-byte: 47.8ms +/- 13.9% bits-in-byte: 93.4ms +/- 39.8% bitwise-and: 141.6ms +/- 51.1% nsieve-bits: 940.8ms +/- 43.0% controlflow: 38.0ms +/- 9.3% recursive: 38.0ms +/- 9.3% crypto: 1270.0ms +/- 28.2% aes: 111.0ms +/- 69.0% md5: 627.8ms +/- 29.9% sha1: 531.2ms +/- 34.3% date: 804.0ms +/- 62.6% format-tofte: 448.8ms +/- 85.7% format-xparb: 355.2ms +/- 50.2% math: 6335.2ms +/- 40.1% cordic: 2160.2ms +/- 30.6% partial-sums: 2798.0ms +/- 48.8% spectral-norm: 1377.0ms +/- 49.1% regexp: 1231.4ms +/- 38.4% dna: 1231.4ms +/- 38.4% string: 2450.0ms +/- 32.6% base64: 373.6ms +/- 28.2% fasta: 534.4ms +/- 62.0% tagcloud: 406.6ms +/- 72.5% unpack-code: 541.8ms +/- 28.8% validate-input: 593.6ms +/- 32.3%
Mark Rowe (bdash)
Comment 7 2009-06-25 22:34:22 PDT
Ok, thanks for trying that.
John Kieken
Comment 8 2009-06-25 22:35:58 PDT
I just reliably caused a crash by visiting the same page twice. Joyce Marie Kocher is her name and her Facebook page crashes it just as it finishes loading. How can this help you? Maybe I can get a webarchive of this page from a different Mac.
Mark Rowe (bdash)
Comment 9 2009-06-25 22:36:37 PDT
If certain pages on Facebook reproducibly crash then we may be able to reproduce it ourselves by clicking around a little. Thanks for the extra info.
John Kieken
Comment 10 2009-06-25 22:37:37 PDT
OK, hang on and I'll get you a webarchive of the page in question.
John Kieken
Comment 11 2009-06-25 22:41:12 PDT
Created attachment 31908 [details] Page Source
John Kieken
Comment 12 2009-06-25 22:42:17 PDT
Created attachment 31909 [details] webarchive
John Kieken
Comment 13 2009-06-25 22:43:19 PDT
Ok, source & archive attached. I hope that helps.
John Kieken
Comment 14 2009-06-26 12:34:24 PDT
Also, if it helps you, Zinga's Mafia Wars game on Facebook will also crash it reproducibly. As of now, I'm only trying Webkit looking for the updates... no stability.
Deirdre Saoirse Moen
Comment 15 2009-06-26 18:29:19 PDT
Is there a reason you're using Safari 2.0.3 on MacOS 10.4.6?
Mark Rowe (bdash)
Comment 16 2009-06-26 18:32:28 PDT
Is there a reason you aren't looking at the most recent crash log?
John Kieken
Comment 17 2009-06-26 18:33:16 PDT
Quote Deirdre: "Is there a reason you're using Safari 2.0.3 on MacOS 10.4.6?" NO, NO... why would you think that?? I am using Safari 4.0 (4530.17, r45247) on OS 10.4.11
John Kieken
Comment 18 2009-06-26 18:36:15 PDT
Quote Mark: "Is there a reason you aren't looking at the most recent crash log?" Is this question directed at me? My log showed a path of where the crash log was saved... Jun 25 20:08:30 Power-Mac-G4 crashdump[518]: Safari crashed Jun 25 20:08:36 Power-Mac-G4 crashdump[518]: crash report written to: /Users/johnkieken/Library/Logs/CrashReporter/Safari.crash.log I simply went to that path and sent the entire log file.
Deirdre Saoirse Moen
Comment 19 2009-06-26 18:37:01 PDT
Sorry, three years of crash logs were attached and I looked at the first handful.
Deirdre Saoirse Moen
Comment 20 2009-06-26 18:37:34 PDT
Created attachment 31968 [details] Most recent crash log
Oliver Hunt
Comment 21 2009-06-26 21:57:33 PDT
wow epic fail on my part. my fix for the prototype caching bug added code that swapped a get_by_id with put_by_id_generic. These are subtly different...
John Kieken
Comment 22 2009-06-26 22:04:21 PDT
Quote Oliver: "wow epic fail on my part. my fix for the prototype caching bug added code that swapped a get_by_id with put_by_id_generic. These are subtly different..." Does this mean build 45300 fixes it? And am I actually the only person to catch & report this one?
Oliver Hunt
Comment 23 2009-06-26 22:08:28 PDT
(In reply to comment #22) > Quote Oliver: "wow epic fail on my part. my fix for the prototype caching bug > added code that > swapped a get_by_id with put_by_id_generic. These are subtly different..." > > Does this mean build 45300 fixes it? Nope, only just worked out the bug so have to get fix reviewed and landed. > > And am I actually the only person to catch & report this one? > Apparently so :-( That's why we love every nightly user who files bugs (a lot of people will comment on bugs in comments on blogs, etc, but don't actually file a bug report which unfortunate) Layout tests catch this so it's a shame we don't have a PPC build bot anymore
Oliver Hunt
Comment 24 2009-06-26 22:09:16 PDT
Created attachment 31974 [details] Fixeration!
Oliver Hunt
Comment 25 2009-06-26 22:16:02 PDT
Committing to http://svn.webkit.org/repository/webkit/trunk ... M JavaScriptCore/ChangeLog M JavaScriptCore/interpreter/Interpreter.cpp Committed r45307 Please verify the fix in a nightly after r45307
John Kieken
Comment 26 2009-06-27 07:41:35 PDT
Yes... installed r45311 and started running Mafia Wars on Facebook. So far, no crash.
Note You need to log in before you can comment on or make changes to this bug.