RESOLVED FIXED 276333
REGRESSION(280734@main): ASSERTION FAILED: isInt32() in JSC::JSValue::asInt32() for js/basic-map.html
https://bugs.webkit.org/show_bug.cgi?id=276333
Summary REGRESSION(280734@main): ASSERTION FAILED: isInt32() in JSC::JSValue::asInt32...
Fujii Hironori
Reported 2024-07-08 13:21:02 PDT
js/basic-map.html is crashing due to an assertion failure. 280734@main introduced OrderedHashTableHelper class. https://build.webkit.org/results/Apple-iPadOS-17-Simulator-Debug-WK2-Tests/280741@main%20(1903)/js/basic-map-crash-log.txt stderr: ASSERTION FAILED: isInt32() ./runtime/JSCJSValueInlines.h(515) : int32_t JSC::JSValue::asInt32() const 1 0x1091fdc84 JSC::JSValue::asInt32() const 2 0x108ac8c1c JSC::OrderedHashTableHelper<JSC::MapTraits>::toNumber(JSC::JSValue) 3 0x1091fdc1c JSC::OrderedHashTableHelper<JSC::MapTraits>::asNumber(JSC::JSImmutableButterfly&, unsigned int) 4 0x108ba1ac8 JSC::OrderedHashTableHelper<JSC::MapTraits>::iterationEntry(JSC::JSImmutableButterfly&) 5 0x10969f1c0 JSC::OrderedHashTableHelper<JSC::MapTraits>::getIterationEntry(JSC::JSImmutableButterfly&) 6 0x10969f190 JSC::mapPrivateFuncMapIterationEntry(JSC::JSGlobalObject*, JSC::CallFrame*) 7 0x30001003c 6 ??? 0x000000030001003c 0x0 + 12884967484 8 0x109fcc58c llint_entry 9 0x109fcc700 llint_entry 10 0x109fa5cb4 vmEntryToJavaScript 11 0x108fbbcb8 JSC::Interpreter::executeProgram(JSC::SourceCode const&, JSC::JSGlobalObject*, JSC::JSObject*) 12 0x1093072d4 JSC::evaluate(JSC::JSGlobalObject*, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) 13 0x10930743c JSC::profiledEvaluate(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) 14 0x356255da8 WebCore::JSExecState::profiledEvaluate(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) 15 0x356255824 WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld&) 16 0x356255658 WebCore::ScriptController::evaluateInWorldIgnoringException(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld&) 17 0x356256084 WebCore::ScriptController::evaluateIgnoringException(WebCore::ScriptSourceCode const&) 18 0x356e819d8 WebCore::ScriptElement::executeClassicScript(WebCore::ScriptSourceCode const&) 19 0x356dcbdb4 WebCore::LoadableClassicScript::execute(WebCore::ScriptElement&) 20 0x356e82e44 WebCore::ScriptElement::executeScriptAndDispatchEvent(WebCore::LoadableScript&) 21 0x356e831bc WebCore::ScriptElement::executePendingScript(WebCore::PendingScript&) 22 0x3574f1a20 WebCore::HTMLScriptRunner::executePendingScriptAndDispatchEvent(WebCore::PendingScript&) 23 0x3574f2210 WebCore::HTMLScriptRunner::executeParsingBlockingScripts() 24 0x3574f247c WebCore::HTMLScriptRunner::executeScriptsWaitingForLoad(WebCore::PendingScript&) 25 0x3574b2840 WebCore::HTMLDocumentParser::notifyFinished(WebCore::PendingScript&) 26 0x356e40230 WebCore::PendingScript::notifyClientFinished() 27 0x356e402ec WebCore::PendingScript::notifyFinished(WebCore::LoadableScript&) 28 0x356ddcca0 WebCore::LoadableScript::notifyClientFinished() 29 0x356dcb6fc WebCore::LoadableNonModuleScriptBase::notifyFinished(WebCore::CachedResource&, WebCore::NetworkLoadMetrics const&, WebCore::LoadWillContinueInAnotherProcess) 30 0x357b7cf60 WebCore::CachedResource::checkNotify(WebCore::NetworkLoadMetrics const&, WebCore::LoadWillContinueInAnotherProcess) 31 0x357b7873c WebCore::CachedResource::finishLoading(WebCore::FragmentedSharedBuffer const*, WebCore::NetworkLoadMetrics const&) com.apple.WebKit.WebContent.Development terminated (pid 45017) for reason: crash LEAK: 14 WebPageProxy History: https://results.webkit.org/?suite=layout-tests&test=js%2Fbasic-map.html&style=debug
Attachments
Radar WebKit Bug Importer
Comment 1 2024-07-08 15:14:21 PDT
Yijia Huang
Comment 2 2024-07-08 20:16:36 PDT
EWS
Comment 3 2024-07-09 08:13:10 PDT
Committed 280776@main (6f5b850ee206): <https://commits.webkit.org/280776@main> Reviewed commits have been landed. Closing PR #30591 and removing active labels.
Note You need to log in before you can comment on or make changes to this bug.