RESOLVED FIXED 47573
REGRESSION: r69429-r69611: Crash in JSC::Interpreter::privateExecute 
https://bugs.webkit.org/show_bug.cgi?id=47573
Summary REGRESSION: r69429-r69611: Crash in JSC::Interpreter::privateExecute
Kevin M. Dean
Reported 2010-10-12 23:12:05 PDT
When I try to load the above URL, it crashes before completely loading. Process: Safari [1895] Path: /Applications/WebKit.app/Contents/MacOS/WebKit Identifier: org.webkit.nightly.WebKit Version: r69611 (69611) Code Type: PPC (Native) Parent Process: launchd [108] Date/Time: 2010-10-13 01:57:05.622 -0400 OS Version: Mac OS X 10.5.8 (9L30) Report Version: 6 Anonymous UUID: F41C1802-6457-4B49-A738-107FEBA3B7F7 Exception Type: EXC_BAD_ACCESS (SIGBUS) Exception Codes: KERN_PROTECTION_FAILURE at 0x000000000000002c Crashed Thread: 0 Thread 0 Crashed: 0 com.apple.JavaScriptCore 0x007cd344 JSC::Interpreter::privateExecute(JSC::Interpreter::ExecutionFlag, JSC::RegisterFile*, JSC::ExecState*, JSC::JSValue*) + 63204 1 com.apple.JavaScriptCore 0x007d2e48 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, JSC::JSValue*) + 1640 2 com.apple.JavaScriptCore 0x00777d9c JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 76 3 com.apple.WebCore 0x0202c0b8 WebCore::ScheduledAction::executeFunctionInContext(JSC::JSGlobalObject*, JSC::JSValue, WebCore::ScriptExecutionContext*) + 584 4 com.apple.WebCore 0x0202c920 WebCore::ScheduledAction::execute(WebCore::Document*) + 208 5 com.apple.WebCore 0x0176b59c WebCore::DOMTimer::fired() + 380 6 com.apple.WebCore 0x02173f00 WebCore::ThreadTimers::sharedTimerFiredInternal() + 128 7 com.apple.WebCore 0x02072528 __ZN7WebCoreL10timerFiredEP16__CFRunLoopTimerPv + 72 8 com.apple.CoreFoundation 0x90693818 CFRunLoopRunSpecific + 2968 9 com.apple.HIToolbox 0x9325bb14 RunCurrentEventLoopInMode + 264 10 com.apple.HIToolbox 0x9325b938 ReceiveNextEventCommon + 412 11 com.apple.HIToolbox 0x9325b778 BlockUntilNextEventMatchingListInMode + 84 12 com.apple.AppKit 0x9721e244 _DPSNextEvent + 596 13 com.apple.AppKit 0x9721dbfc -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 112 14 com.apple.Safari 0x00019044 0x1000 + 98372 15 com.apple.AppKit 0x9721789c -[NSApplication run] + 744 16 com.apple.AppKit 0x971e8298 NSApplicationMain + 440 17 com.apple.Safari 0x0000b648 0x1000 + 42568
Attachments
Patch (6.58 KB, patch)
2010-10-29 11:35 PDT, Oliver Hunt 		barraclough: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Kevin M. Dean
Comment 1 2010-10-12 23:22:54 PDT
On the OUC page, there is a missing javascript that may be contributing to the issue. http://www.ouc.com/js/MP_JavaScriptCode.js but previous versions didn't crash because of the missing file.
Alexey Proskuryakov
Comment 2 2010-10-13 12:01:23 PDT
I couldn't reproduce on Intel.
Kevin M. Dean
Comment 3 2010-10-13 13:55:39 PDT
Another link that crashes in the same way. http://finance.yahoo.com/news/Gaps-logo-back-to-blue-after-apf-3578440916.html?x=0
Geoffrey Garen
Comment 4 2010-10-13 13:57:44 PDT
<rdar://problem/8547598>
fabien.coeurjoly
Comment 5 2010-10-17 11:40:28 PDT
I can confirm these two pages also crash in WebKit for MorphOS/PowerPC
Kevin M. Dean
Comment 6 2010-10-17 12:37:27 PDT
It's also definitely not limited to these pages. I have had the same crashed on a variety of difference sites. So much so, that I had to revert back to the non-crashing Nightly.
Kevin M. Dean
Comment 7 2010-10-22 10:16:00 PDT
Still crashing with r70284.
Kevin M. Dean
Comment 8 2010-10-26 14:42:32 PDT
Possibly related to another issue that I'm seeing between the same webkit nightly releases at Bug 48377 .
Oliver Hunt
Comment 9 2010-10-27 18:55:05 PDT
Clearly this is an interpreter crash, i'll try to look at it tomorrow.
Kevin M. Dean
Comment 10 2010-10-27 18:56:08 PDT
Thanks.
Oliver Hunt
Comment 11 2010-10-29 11:00:26 PDT
I have this fixed I just need to verify that the tests pass in the jit as well as the interpreter.
Oliver Hunt
Comment 12 2010-10-29 11:35:48 PDT
Created attachment 72356 [details] Patch
Oliver Hunt
Comment 13 2010-10-29 11:56:13 PDT
Committed r70910: <http://trac.webkit.org/changeset/70910>
Oliver Hunt
Comment 14 2010-10-29 11:56:36 PDT
Sorry for the delay, this should be fixed in the next nightly.
Note You need to log in before you can comment on or make changes to this bug.