RESOLVED FIXED Bug 35335
[REGRESSION in r55185] EXC_BAD_ACCESS on opening inspector. 
https://bugs.webkit.org/show_bug.cgi?id=35335
Summary [REGRESSION in r55185] EXC_BAD_ACCESS on opening inspector.
Pavel Feldman
Reported 2010-02-24 02:51:57 PST
1. Go to http://google.com 2. Open inspector Actual: #0 ?? #1 0x00676373 in JSC::JSValue::toThisObject at JSCell.h:325 #2 0x0074d956 in JSC::JSFunction::call at JSFunction.cpp:122 #3 0x0069e7f1 in JSC::call at CallData.cpp:39 #4 0x00731c78 in cti_op_get_by_id_getter_stub at JITStubs.cpp:1450 #5 0x00728236 in WTF::doubleHash at HashTable.h:446 #6 0x0070c07b in JSC::JITCode::execute at JITCode.h:79 #7 0x006f6063 in JSC::Interpreter::execute at Interpreter.cpp:687 #8 0x0074d9a7 in JSC::JSFunction::call at JSFunction.cpp:122 #9 0x0069e7f1 in JSC::call at CallData.cpp:39 #10 0x0075d8e5 in JSC::JSObject::put at JSObject.cpp:149 #11 0x00709386 in JSC::JSValue::put at JSObject.h:645 #12 0x00729c08 in cti_op_put_by_id_generic at JITStubs.cpp:1204 #13 0x00728236 in WTF::doubleHash at HashTable.h:446 #14 0x0070c07b in JSC::JITCode::execute at JITCode.h:79 #15 0x006f6063 in JSC::Interpreter::execute at Interpreter.cpp:687 #16 0x0074d9a7 in JSC::JSFunction::call at JSFunction.cpp:122 #17 0x0069e7f1 in JSC::call at CallData.cpp:39 #18 0x045e57fa in WebCore::ScheduledAction::executeFunctionInContext at ScheduledAction.cpp:106 #19 0x045e5d20 in WebCore::ScheduledAction::execute at ScheduledAction.cpp:126 #20 0x045e5dff in WebCore::ScheduledAction::execute at ScheduledAction.cpp:77 #21 0x03f2b826 in WebCore::DOMTimer::fired at DOMTimer.cpp:149 #22 0x0476fb1f in WebCore::ThreadTimers::sharedTimerFiredInternal at ThreadTimers.cpp:112 #23 0x0476fcbb in WebCore::ThreadTimers::sharedTimerFired at ThreadTimers.cpp:90 #24 0x0462fec6 in WebCore::timerFired at SharedTimerMac.mm:86
Attachments
Patch (10.61 KB, patch)
2010-02-24 13:14 PST, Oliver Hunt 		ggaren: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Oliver Hunt
Comment 1 2010-02-24 12:14:28 PST
Got it, compileGetDirectOffset may clobber the base register if the object is not using inline storage. Weee! We really need some way to mark a register as being immutable and have that trigger assertion. Although i guess that wouldn't have helped here as it still depends on hitting the code path.
Oliver Hunt
Comment 2 2010-02-24 12:24:21 PST
<rdar://problem/7686014>
Oliver Hunt
Comment 3 2010-02-24 13:14:47 PST
Created attachment 49424 [details] Patch
Geoffrey Garen
Comment 4 2010-02-24 13:18:10 PST
Comment on attachment 49424 [details] Patch r=me
Oliver Hunt
Comment 5 2010-02-24 13:26:28 PST
Committed r55198: <http://trac.webkit.org/changeset/55198>
Note You need to log in before you can comment on or make changes to this bug.