48832 – Web Inspector: [JSC] Crash when starting profiling in debug mode

Bug 48832 - Web Inspector: [JSC] Crash when starting profiling in debug mode

Summary: Web Inspector: [JSC] Crash when starting profiling in debug mode

Status:	RESOLVED WORKSFORME

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	Web Inspector (Deprecated) (show other bugs)
Version:	528+ (Nightly build)
Hardware:	All All

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:

Depends on:
Blocks:

Reported:	2010-11-02 06:24 PDT by Mikhail Naganov
Modified:	2014-01-31 10:40 PST (History)
CC List:	13 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Mikhail Naganov 2010-11-02 06:24:36 PDT

An attempt to execute "console.profile()" leads to crash (in debug mode only).

Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_INVALID_ADDRESS at address: 0x0000000000000030
0x000000010085c8e8 in JSC::JSGlobalObject::d (this=0x0) at JSGlobalObject.h:280
280	        JSGlobalObjectData* d() const { return static_cast<JSGlobalObjectData*>(JSVariableObject::d); }
(gdb) bt
#0  0x000000010085c8e8 in JSC::JSGlobalObject::d (this=0x0) at JSGlobalObject.h:280
#1  0x00000001008bd625 in JSC::JSGlobalObject::profileGroup (this=0x0) at JSGlobalObject.h:253
#2  0x00000001008c0c12 in JSC::Profiler::didExecute (this=0x11e9d27c0, exec=0x11ea10528, function={m_ptr = 0x11c422800}) at /Users/mnaganov/webkit/JavaScriptCore/profiler/Profiler.cpp:130
#3  0x00000001007e5598 in JSC::Interpreter::executeCall (this=0x11c357f60, callFrame=0x11c379458, function=0x11c422800, callType=JSC::CallTypeJS, callData=@0x7fff5fbfbdc0, thisValue={m_ptr = 0x11c423b00}, args=@0x7fff5fbfbdb0) at /Users/mnaganov/webkit/JavaScriptCore/interpreter/Interpreter.cpp:838
#4  0x000000010079c6f0 in JSC::call (exec=0x11c379458, functionObject={m_ptr = 0x11c422800}, callType=JSC::CallTypeJS, callData=@0x7fff5fbfbdc0, thisValue={m_ptr = 0x11c423b00}, args=@0x7fff5fbfbdb0) at /Users/mnaganov/webkit/JavaScriptCore/runtime/CallData.cpp:38
#5  0x0000000101ab9a49 in WebCore::JSMainThreadExecState::call (exec=0x11c379458, functionObject={m_ptr = 0x11c422800}, callType=JSC::CallTypeJS, callData=@0x7fff5fbfbdc0, thisValue={m_ptr = 0x11c423b00}, args=@0x7fff5fbfbdb0) at JSMainThreadExecState.h:48
#6  0x0000000101fb2e6d in WebCore::ScriptFunctionCall::call (this=0x7fff5fbfbec0, hadException=@0x7fff5fbfc36f, reportExceptions=true) at /Users/mnaganov/webkit/WebCore/bindings/js/ScriptFunctionCall.cpp:144
#7  0x00000001019d40a5 in WebCore::InjectedScript::dispatch (this=0x7fff5fbfc020, methodName=@0x7fff5fbfc330, arguments=@0x7fff5fbfc320, result=0x7fff5fbfc240, hadException=0x7fff5fbfc36f) at /Users/mnaganov/webkit/WebCore/inspector/InjectedScript.cpp:59
#8  0x00000001019f197f in WebCore::InspectorBackend::dispatchOnInjectedScript (this=0x106172810, injectedScriptId=0, methodName=@0x7fff5fbfc330, arguments=@0x7fff5fbfc320, result=0x7fff5fbfc240, hadException=0x7fff5fbfc36f) at /Users/mnaganov/webkit/WebCore/inspector/InspectorBackend.cpp:95
#9  0x0000000101a04e44 in WebCore::InspectorBackendDispatcher::dispatchOnInjectedScript (this=0x106172110, callId=17, requestMessageObject=0x11e9e3ba0) at /Users/mnaganov/webkit/WebKitBuild/Debug/DerivedSources/WebCore/InspectorBackendDispatcher.cpp:1397
#10 0x00000001019f4485 in WebCore::InspectorBackendDispatcher::dispatch (this=0x106172110, message=@0x7fff5fbfdf70) at /Users/mnaganov/webkit/WebKitBuild/Debug/DerivedSources/WebCore/InspectorBackendDispatcher.cpp:3633
#11 0x0000000101a77c87 in WebCore::InspectorFrontendClientLocal::sendMessageToBackend (this=0x11e909e10, message=@0x7fff5fbfdf70) at /Users/mnaganov/webkit/WebCore/inspector/InspectorFrontendClientLocal.cpp:154
#12 0x0000000101a7892e in WebCore::InspectorFrontendHost::sendMessageToBackend (this=0x11f210de0, message=@0x7fff5fbfdf70) at /Users/mnaganov/webkit/WebCore/inspector/InspectorFrontendHost.cpp:223
#13 0x0000000101bd5736 in WebCore::jsInspectorFrontendHostPrototypeFunctionSendMessageToBackend (exec=0x11ea10430) at /Users/mnaganov/webkit/WebKitBuild/Debug/DerivedSources/WebCore/JSInspectorFrontendHost.cpp:404
#14 0x00003a82146161b8 in ?? ()
#15 0x00000001007ea24d in JSC::JITCode::execute (this=0x11f226798, registerFile=0x11c357f78, callFrame=0x11ea10048, globalData=0x1080e3000) at JITCode.h:77
#16 0x00000001007e550c in JSC::Interpreter::executeCall (this=0x11c357f60, callFrame=0x11f20ef18, function=0x11c4741c0, callType=JSC::CallTypeJS, callData=@0x7fff5fbfe430, thisValue={m_ptr = 0x11c4740c0}, args=@0x7fff5fbfe3f0) at /Users/mnaganov/webkit/JavaScriptCore/interpreter/Interpreter.cpp:830
#17 0x000000010079c6f0 in JSC::call (exec=0x11f20ef18, functionObject={m_ptr = 0x11c4741c0}, callType=JSC::CallTypeJS, callData=@0x7fff5fbfe430, thisValue={m_ptr = 0x11c4740c0}, args=@0x7fff5fbfe3f0) at /Users/mnaganov/webkit/JavaScriptCore/runtime/CallData.cpp:38
#18 0x0000000101ab9a49 in WebCore::JSMainThreadExecState::call (exec=0x11f20ef18, functionObject={m_ptr = 0x11c4741c0}, callType=JSC::CallTypeJS, callData=@0x7fff5fbfe430, thisValue={m_ptr = 0x11c4740c0}, args=@0x7fff5fbfe3f0) at JSMainThreadExecState.h:48
#19 0x0000000101b577bc in WebCore::JSEventListener::handleEvent (this=0x11f338ee0, scriptExecutionContext=0x1069e1a68, event=0x109662ef0) at /Users/mnaganov/webkit/WebCore/bindings/js/JSEventListener.cpp:124
#20 0x0000000101811340 in WebCore::EventTarget::fireEventListeners (this=0x11ef84240, event=0x109662ef0, d=0x11af7fd00, entry=@0x106330110) at /Users/mnaganov/webkit/WebCore/dom/EventTarget.cpp:335
#21 0x00000001018119aa in WebCore::EventTarget::fireEventListeners (this=0x11ef84240, event=0x109662ef0) at /Users/mnaganov/webkit/WebCore/dom/EventTarget.cpp:304
#22 0x0000000101dace1d in WebCore::Node::handleLocalEvents (this=0x11ef84240, event=0x109662ef0) at /Users/mnaganov/webkit/WebCore/dom/Node.cpp:2484
#23 0x0000000101dad4c9 in WebCore::Node::dispatchGenericEvent (this=0x11ef84240, prpEvent=@0x7fff5fbfe7d0) at /Users/mnaganov/webkit/WebCore/dom/Node.cpp:2602
#24 0x0000000101dad977 in WebCore::Node::dispatchEvent (this=0x11ef84240, prpEvent=@0x7fff5fbfe860) at /Users/mnaganov/webkit/WebCore/dom/Node.cpp:2547
#25 0x0000000101810eba in WebCore::EventTarget::dispatchEvent (this=0x11ef84240, event=@0x7fff5fbfe990, ec=@0x7fff5fbfea0c) at /Users/mnaganov/webkit/WebCore/dom/EventTarget.cpp:282
#26 0x00000001017fe1a3 in WebCore::EventHandler::keyEvent (this=0x1069bae00, initialKeyEvent=@0x7fff5fbfea70) at /Users/mnaganov/webkit/WebCore/page/EventHandler.cpp:2313
#27 0x000000010180ba29 in WebCore::EventHandler::keyEvent (this=0x1069bae00, event=0x109665590) at /Users/mnaganov/webkit/WebCore/page/mac/EventHandlerMac.mm:148
#28 0x0000000100f6df11 in -[WebHTMLView keyDown:] (self=0x1061fa790, _cmd=0x7fff81b89550, event=0x109665590) at /Users/mnaganov/webkit/WebKit/mac/WebView/WebHTMLView.mm:4132
#29 0x00007fff81589483 in -[NSWindow sendEvent:] ()
#30 0x000000010004261d in ?? ()
#31 0x00000001000425aa in ?? ()
#32 0x00007fff814bdee2 in -[NSApplication sendEvent:] ()
#33 0x00000001000392ee in ?? ()
#34 0x00007fff81454922 in -[NSApplication run] ()
#35 0x00007fff8144d5f8 in NSApplicationMain ()

Comment 1 Brian Burg 2013-05-02 21:50:06 PDT

This doesn't seem to be an issue anymore. I recommend closing unless more specific repro circumstances are available.

Comment 2 Joseph Pecoraro 2014-01-31 10:40:32 PST

Lets close. JSGLobalObjectData* d() doesn't even exist anymore.