Bug 29554 - REGRESSION (r48573): Assertion failure in Structure::toDictionaryTransition when loading page with simple JavaScript
Summary: REGRESSION (r48573): Assertion failure in Structure::toDictionaryTransition w...
Status: RESOLVED DUPLICATE of bug 29534
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: 528+ (Nightly build)
Hardware: All All
: P1 Normal
Assignee: Nobody
URL: data:text/html,<script>function foo()...
Keywords: Regression
Depends on:
Blocks:
 
Reported: 2009-09-21 07:39 PDT by Adam Roben (:aroben)
Modified: 2009-09-21 07:46 PDT (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Adam Roben (:aroben) 2009-09-21 07:39:12 PDT 
To reproduce:

1. Go to data:text/html,<script>function foo() { }</script>

You'll hit this assertion in Structure::toDictionaryTransition:

    ASSERT(!structure->isDictionary());

Here's the backtrace:

#0	0x100c4ccad in JSC::Structure::toDictionaryTransition at Structure.cpp:559
#1	0x100c4cdcf in JSC::Structure::toUncacheableDictionaryTransition at Structure.cpp:580
#2	0x100c4ce3d in JSC::Structure::removePropertyTransition at Structure.cpp:459
#3	0x100b0d04c in JSC::JSObject::removeDirect at JSObject.cpp:481
#4	0x100b2f46c in JSC::BytecodeGenerator::BytecodeGenerator at BytecodeGenerator.cpp:260
#5	0x100c5b1b0 in JSC::ProgramExecutable::compile at Executable.cpp:107
#6	0x100b2b64a in JSC::evaluate at Completion.cpp:53
#7	0x101de71dd in WebCore::ScriptController::evaluate at ScriptController.cpp:115
#8	0x1018c9162 in WebCore::FrameLoader::executeScript at FrameLoader.cpp:781
#9	0x101992c5a in WebCore::HTMLTokenizer::scriptExecution at HTMLTokenizer.cpp:562
#10	0x101993922 in WebCore::HTMLTokenizer::scriptHandler at HTMLTokenizer.cpp:504
#11	0x1019940ae in WebCore::HTMLTokenizer::parseNonHTMLText at HTMLTokenizer.cpp:351
#12	0x1019967e4 in WebCore::HTMLTokenizer::parseTag at HTMLTokenizer.cpp:1521
#13	0x10199733d in WebCore::HTMLTokenizer::write at HTMLTokenizer.cpp:1755
#14	0x1018c775d in WebCore::FrameLoader::write at FrameLoader.cpp:1030
#15	0x1018c78f9 in WebCore::FrameLoader::endIfNotLoadingMainResource at FrameLoader.cpp:1065
#16	0x1018c7938 in WebCore::FrameLoader::end at FrameLoader.cpp:1051
#17	0x10176c7ba in WebCore::DocumentLoader::finishedLoading at DocumentLoader.cpp:330
#18	0x1018cb61b in WebCore::FrameLoader::finishedLoading at FrameLoader.cpp:3183
#19	0x101c2b4d5 in WebCore::MainResourceLoader::didFinishLoading at MainResourceLoader.cpp:375
#20	0x101dcda62 in WebCore::ResourceLoader::didFinishLoading at ResourceLoader.cpp:403
#21	0x101dc9dfb in -[WebCoreResourceHandleAsDelegate connectionDidFinishLoading:] at ResourceHandleMac.mm:748
#22	0x7fff831fdbc8 in _NSURLConnectionDidFinishLoading
#23	0x7fff846378d1 in URLConnectionClient::_clientDidFinishLoading
#24	0x7fff846982a6 in URLConnectionClient::ClientConnectionEventQueue::processAllEventsAndConsumePayload
#25	0x7fff84698512 in URLConnectionClient::ClientConnectionEventQueue::processAllEventsAndConsumePayload
#26	0x7fff8462262b in URLConnectionClient::processEvents
#27	0x7fff84622406 in MultiplexerSource::perform
#28	0x7fff805d6281 in __CFRunLoopDoSources0
#29	0x7fff805d4879 in __CFRunLoopRun
#30	0x7fff805d403f in CFRunLoopRunSpecific
#31	0x7fff876f4c4e in RunCurrentEventLoopInMode
#32	0x7fff876f4a53 in ReceiveNextEventCommon
#33	0x7fff876f490c in BlockUntilNextEventMatchingListInMode
#34	0x7fff84c6d520 in _DPSNextEvent
#35	0x7fff84c6ce89 in -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:]
#36	0x10005fe45 in -[BrowserApplication nextEventMatchingMask:untilDate:inMode:dequeue:] at BrowserApplication.mm:225
#37	0x7fff84c32a7d in -[NSApplication run]
#38	0x7fff84c2b798 in NSApplicationMain
#39	0x100161b63 in main at main.mm:157
Comment 1 Adam Roben (:aroben) 2009-09-21 07:46:10 PDT 

*** This bug has been marked as a duplicate of bug 29534 ***