48832 – Web Inspector: [JSC] Crash when starting profiling in debug mode

RESOLVED WORKSFORME 48832

Web Inspector: [JSC] Crash when starting profiling in debug mode

https://bugs.webkit.org/show_bug.cgi?id=48832

Summary Web Inspector: [JSC] Crash when starting profiling in debug mode

Mikhail Naganov

Reported 2010-11-02 06:24:36 PDT

An attempt to execute "console.profile()" leads to crash (in debug mode only). Program received signal EXC_BAD_ACCESS, Could not access memory. Reason: KERN_INVALID_ADDRESS at address: 0x0000000000000030 0x000000010085c8e8 in JSC::JSGlobalObject::d (this=0x0) at JSGlobalObject.h:280 280 JSGlobalObjectData* d() const { return static_cast<JSGlobalObjectData*>(JSVariableObject::d); } (gdb) bt #0 0x000000010085c8e8 in JSC::JSGlobalObject::d (this=0x0) at JSGlobalObject.h:280 #1 0x00000001008bd625 in JSC::JSGlobalObject::profileGroup (this=0x0) at JSGlobalObject.h:253 #2 0x00000001008c0c12 in JSC::Profiler::didExecute (this=0x11e9d27c0, exec=0x11ea10528, function={m_ptr = 0x11c422800}) at /Users/mnaganov/webkit/JavaScriptCore/profiler/Profiler.cpp:130 #3 0x00000001007e5598 in JSC::Interpreter::executeCall (this=0x11c357f60, callFrame=0x11c379458, function=0x11c422800, callType=JSC::CallTypeJS, callData=@0x7fff5fbfbdc0, thisValue={m_ptr = 0x11c423b00}, args=@0x7fff5fbfbdb0) at /Users/mnaganov/webkit/JavaScriptCore/interpreter/Interpreter.cpp:838 #4 0x000000010079c6f0 in JSC::call (exec=0x11c379458, functionObject={m_ptr = 0x11c422800}, callType=JSC::CallTypeJS, callData=@0x7fff5fbfbdc0, thisValue={m_ptr = 0x11c423b00}, args=@0x7fff5fbfbdb0) at /Users/mnaganov/webkit/JavaScriptCore/runtime/CallData.cpp:38 #5 0x0000000101ab9a49 in WebCore::JSMainThreadExecState::call (exec=0x11c379458, functionObject={m_ptr = 0x11c422800}, callType=JSC::CallTypeJS, callData=@0x7fff5fbfbdc0, thisValue={m_ptr = 0x11c423b00}, args=@0x7fff5fbfbdb0) at JSMainThreadExecState.h:48 #6 0x0000000101fb2e6d in WebCore::ScriptFunctionCall::call (this=0x7fff5fbfbec0, hadException=@0x7fff5fbfc36f, reportExceptions=true) at /Users/mnaganov/webkit/WebCore/bindings/js/ScriptFunctionCall.cpp:144 #7 0x00000001019d40a5 in WebCore::InjectedScript::dispatch (this=0x7fff5fbfc020, methodName=@0x7fff5fbfc330, arguments=@0x7fff5fbfc320, result=0x7fff5fbfc240, hadException=0x7fff5fbfc36f) at /Users/mnaganov/webkit/WebCore/inspector/InjectedScript.cpp:59 #8 0x00000001019f197f in WebCore::InspectorBackend::dispatchOnInjectedScript (this=0x106172810, injectedScriptId=0, methodName=@0x7fff5fbfc330, arguments=@0x7fff5fbfc320, result=0x7fff5fbfc240, hadException=0x7fff5fbfc36f) at /Users/mnaganov/webkit/WebCore/inspector/InspectorBackend.cpp:95 #9 0x0000000101a04e44 in WebCore::InspectorBackendDispatcher::dispatchOnInjectedScript (this=0x106172110, callId=17, requestMessageObject=0x11e9e3ba0) at /Users/mnaganov/webkit/WebKitBuild/Debug/DerivedSources/WebCore/InspectorBackendDispatcher.cpp:1397 #10 0x00000001019f4485 in WebCore::InspectorBackendDispatcher::dispatch (this=0x106172110, message=@0x7fff5fbfdf70) at /Users/mnaganov/webkit/WebKitBuild/Debug/DerivedSources/WebCore/InspectorBackendDispatcher.cpp:3633 #11 0x0000000101a77c87 in WebCore::InspectorFrontendClientLocal::sendMessageToBackend (this=0x11e909e10, message=@0x7fff5fbfdf70) at /Users/mnaganov/webkit/WebCore/inspector/InspectorFrontendClientLocal.cpp:154 #12 0x0000000101a7892e in WebCore::InspectorFrontendHost::sendMessageToBackend (this=0x11f210de0, message=@0x7fff5fbfdf70) at /Users/mnaganov/webkit/WebCore/inspector/InspectorFrontendHost.cpp:223 #13 0x0000000101bd5736 in WebCore::jsInspectorFrontendHostPrototypeFunctionSendMessageToBackend (exec=0x11ea10430) at /Users/mnaganov/webkit/WebKitBuild/Debug/DerivedSources/WebCore/JSInspectorFrontendHost.cpp:404 #14 0x00003a82146161b8 in ?? () #15 0x00000001007ea24d in JSC::JITCode::execute (this=0x11f226798, registerFile=0x11c357f78, callFrame=0x11ea10048, globalData=0x1080e3000) at JITCode.h:77 #16 0x00000001007e550c in JSC::Interpreter::executeCall (this=0x11c357f60, callFrame=0x11f20ef18, function=0x11c4741c0, callType=JSC::CallTypeJS, callData=@0x7fff5fbfe430, thisValue={m_ptr = 0x11c4740c0}, args=@0x7fff5fbfe3f0) at /Users/mnaganov/webkit/JavaScriptCore/interpreter/Interpreter.cpp:830 #17 0x000000010079c6f0 in JSC::call (exec=0x11f20ef18, functionObject={m_ptr = 0x11c4741c0}, callType=JSC::CallTypeJS, callData=@0x7fff5fbfe430, thisValue={m_ptr = 0x11c4740c0}, args=@0x7fff5fbfe3f0) at /Users/mnaganov/webkit/JavaScriptCore/runtime/CallData.cpp:38 #18 0x0000000101ab9a49 in WebCore::JSMainThreadExecState::call (exec=0x11f20ef18, functionObject={m_ptr = 0x11c4741c0}, callType=JSC::CallTypeJS, callData=@0x7fff5fbfe430, thisValue={m_ptr = 0x11c4740c0}, args=@0x7fff5fbfe3f0) at JSMainThreadExecState.h:48 #19 0x0000000101b577bc in WebCore::JSEventListener::handleEvent (this=0x11f338ee0, scriptExecutionContext=0x1069e1a68, event=0x109662ef0) at /Users/mnaganov/webkit/WebCore/bindings/js/JSEventListener.cpp:124 #20 0x0000000101811340 in WebCore::EventTarget::fireEventListeners (this=0x11ef84240, event=0x109662ef0, d=0x11af7fd00, entry=@0x106330110) at /Users/mnaganov/webkit/WebCore/dom/EventTarget.cpp:335 #21 0x00000001018119aa in WebCore::EventTarget::fireEventListeners (this=0x11ef84240, event=0x109662ef0) at /Users/mnaganov/webkit/WebCore/dom/EventTarget.cpp:304 #22 0x0000000101dace1d in WebCore::Node::handleLocalEvents (this=0x11ef84240, event=0x109662ef0) at /Users/mnaganov/webkit/WebCore/dom/Node.cpp:2484 #23 0x0000000101dad4c9 in WebCore::Node::dispatchGenericEvent (this=0x11ef84240, prpEvent=@0x7fff5fbfe7d0) at /Users/mnaganov/webkit/WebCore/dom/Node.cpp:2602 #24 0x0000000101dad977 in WebCore::Node::dispatchEvent (this=0x11ef84240, prpEvent=@0x7fff5fbfe860) at /Users/mnaganov/webkit/WebCore/dom/Node.cpp:2547 #25 0x0000000101810eba in WebCore::EventTarget::dispatchEvent (this=0x11ef84240, event=@0x7fff5fbfe990, ec=@0x7fff5fbfea0c) at /Users/mnaganov/webkit/WebCore/dom/EventTarget.cpp:282 #26 0x00000001017fe1a3 in WebCore::EventHandler::keyEvent (this=0x1069bae00, initialKeyEvent=@0x7fff5fbfea70) at /Users/mnaganov/webkit/WebCore/page/EventHandler.cpp:2313 #27 0x000000010180ba29 in WebCore::EventHandler::keyEvent (this=0x1069bae00, event=0x109665590) at /Users/mnaganov/webkit/WebCore/page/mac/EventHandlerMac.mm:148 #28 0x0000000100f6df11 in -[WebHTMLView keyDown:] (self=0x1061fa790, _cmd=0x7fff81b89550, event=0x109665590) at /Users/mnaganov/webkit/WebKit/mac/WebView/WebHTMLView.mm:4132 #29 0x00007fff81589483 in -[NSWindow sendEvent:] () #30 0x000000010004261d in ?? () #31 0x00000001000425aa in ?? () #32 0x00007fff814bdee2 in -[NSApplication sendEvent:] () #33 0x00000001000392ee in ?? () #34 0x00007fff81454922 in -[NSApplication run] () #35 0x00007fff8144d5f8 in NSApplicationMain ()

Attachments
Add attachment proposed patch, testcase, etc.

Brian Burg

Comment 1 2013-05-02 21:50:06 PDT

This doesn't seem to be an issue anymore. I recommend closing unless more specific repro circumstances are available.

Joseph Pecoraro

Comment 2 2014-01-31 10:40:32 PST

Lets close. JSGLobalObjectData* d() doesn't even exist anymore.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution WORKSFORME

Priority P2

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware All

OS All

Product WebKit

Component Web Inspector (Deprecated)

Assignee

Nobody

Reported

2010-11-02 06:24 PDT

Modified

2014-01-31 10:40 PST History

CC List

13 users Show

URL

Keywords

Depends on

Blocks