97001 – REGRESSION(r128802): It made some JS tests crash

Bug 97001 - REGRESSION(r128802): It made some JS tests crash

Summary: REGRESSION(r128802): It made some JS tests crash

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	JavaScriptCore (show other bugs)
Version:	528+ (Nightly build)
Hardware:	All All

Importance:	P1 Critical
Assignee:	Filip Pizlo

URL:
Keywords:

Depends on:
Blocks:	79668 96596
	Show dependency tree / graph

Reported:	2012-09-18 05:07 PDT by Csaba Osztrogonác
Modified:	2012-09-19 16:26 PDT (History)
CC List:	8 users (show)

See Also:

Attachments
the patch (1.82 KB, patch) 2012-09-18 13:59 PDT, Filip Pizlo	no flags	Details \| Formatted Diff \| Diff
patch for landing (1.37 KB, patch) 2012-09-19 16:25 PDT, Filip Pizlo	no flags	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Csaba Osztrogonác 2012-09-18 05:07:15 PDT

- storage/websql/execute-sql-args.html - crash in release/debug mode
- fast/js/object-bad-time.html - new test, crash in debug mode
- fast/js/array-slow-put.html - new test, crash in debug mode
- fast/js/Object-defineProperty.html - old test, crash in debug mode from r128802
- ietestcenter/Javascript/15.4.4.14-9-b-i-6.html - old test, crash in debug mode from r128802
- ietestcenter/Javascript/15.4.4.15-8-b-i-6.html - old test, crash in debug mode from r128802

Qt results:
------------
http://build.webkit.sed.hu/results/x86-64%20Linux%20Qt%20Debug/r128867%20%2825205%29/results.html

GTK results:
-------------
http://build.webkit.org/results/GTK%20Linux%2064-bit%20Debug/r128871%20%2836857%29/results.html

EFL results:
-------------
http://build.webkit.org/results/EFL%20Linux%2064-bit%20Debug/r128873%20%286043%29/results.html

Comment 1 Csaba Osztrogonác 2012-09-18 05:19:06 PDT

I tried to generate GDB backtraces for these crashes on Qt, but unfortunately
they pass if we run tests one by one, but crash if we run all fast/js tests.

Comment 2 Csaba Osztrogonác 2012-09-18 05:44:39 PDT

I skipped them on Qt to paint the bots green - https://trac.webkit.org/changeset/128878

Please unskip them with the proper fix.

Comment 3 Raphael Kubo da Costa (:rakuco) 2012-09-18 05:51:28 PDT

(In reply to comment #1)
> I tried to generate GDB backtraces for these crashes on Qt, but unfortunately
> they pass if we run tests one by one, but crash if we run all fast/js tests.

Alternatively, if you just run the same test twice or more it crashes after the first run. Example backtrace:

#0  0x080d3a5c in JSC::WriteBarrierBase<JSC::Structure>::unvalidatedGet (this=0x0) at /home/rakuco/dev/WebKit/Source/JavaScriptCore/runtime/WriteBarrier.h:139
#1  0x080d24a1 in JSC::JSCell::unvalidatedStructure (this=0x0) at /home/rakuco/dev/WebKit/Source/JavaScriptCore/runtime/JSCell.h:143
#2  0xb786f9bc in JSC::slowValidateCell (cell=0xabadf610) at /home/rakuco/dev/WebKit/Source/JavaScriptCore/runtime/JSCell.cpp:167
#3  0x080d2072 in JSC::validateCell<JSC::JSCell*> (cell=0xabadf610) at /home/rakuco/dev/WebKit/Source/JavaScriptCore/runtime/WriteBarrier.h:55
#4  0x080d3a98 in JSC::WriteBarrierBase<JSC::Structure>::get (this=0xabbcf420) at /home/rakuco/dev/WebKit/Source/JavaScriptCore/runtime/WriteBarrier.h:103
#5  0xb787d74d in JSC::JSGlobalObject::haveABadTime (this=0xabbcf250, globalData=...) at /home/rakuco/dev/WebKit/Source/JavaScriptCore/runtime/JSGlobalObject.cpp:409
#6  0xb788ced7 in JSC::JSObject::notifyPresenceOfIndexedAccessors (this=0xabbef890, globalData=...) at /home/rakuco/dev/WebKit/Source/JavaScriptCore/runtime/JSObject.cpp:470
#7  0xb788f84f in JSC::JSObject::defineOwnIndexedProperty (this=0xabbef890, exec=0xacee00d8, index=0, descriptor=..., throwException=true) at /home/rakuco/dev/WebKit/Source/JavaScriptCore/runtime/JSObject.cpp:1105
#8  0xb786777f in JSC::JSArray::defineOwnProperty (object=0xabbef890, exec=0xacee00d8, propertyName=..., descriptor=..., throwException=true) at /home/rakuco/dev/WebKit/Source/JavaScriptCore/runtime/JSArray.cpp:179
#9  0xb78bf776 in JSC::objectConstructorDefineProperty (exec=0xacee00d8) at /home/rakuco/dev/WebKit/Source/JavaScriptCore/runtime/ObjectConstructor.cpp:304
#10 0xacebd72f in ?? ()
#11 0xb778e3d3 in JSC::JITCode::execute (this=0xabb5fe64, registerFile=0x822042c, callFrame=0xacee0038, globalData=0x8279128) at /home/rakuco/dev/WebKit/Source/JavaScriptCore/jit/JITCode.h:134
#12 0xb778ab08 in JSC::Interpreter::execute (this=0x8220420, program=0xabb5fe50, callFrame=0xabbcf3ac, thisObj=0xabbefff0) at /home/rakuco/dev/WebKit/Source/JavaScriptCore/interpreter/Interpreter.cpp:992
#13 0xb784d07e in JSC::evaluate (exec=0xabbcf3ac, source=..., thisValue=..., returnedException=0xbfffe70c) at /home/rakuco/dev/WebKit/Source/JavaScriptCore/runtime/Completion.cpp:75
#14 0xb35813fa in WebCore::JSMainThreadExecState::evaluate (exec=0xabbcf3ac, source=..., thisValue=..., exception=0xbfffe70c) at /home/rakuco/dev/WebKit/Source/WebCore/bindings/js/JSMainThreadExecState.h:77
#15 0xb359ea11 in WebCore::ScriptController::evaluateInWorld (this=0x81d9b34, sourceCode=..., world=0x821dea0) at /home/rakuco/dev/WebKit/Source/WebCore/bindings/js/ScriptController.cpp:148
#16 0xb359eb08 in WebCore::ScriptController::evaluate (this=0x81d9b34, sourceCode=...) at /home/rakuco/dev/WebKit/Source/WebCore/bindings/js/ScriptController.cpp:165
#17 0xb2b7ece4 in WebCore::ScriptElement::executeScript (this=0x8421604, sourceCode=...) at /home/rakuco/dev/WebKit/Source/WebCore/dom/ScriptElement.cpp:301
#18 0xb2d64db1 in WebCore::HTMLScriptRunner::executePendingScriptAndDispatchEvent (this=0x81f6470, pendingScript=...) at /home/rakuco/dev/WebKit/Source/WebCore/html/parser/HTMLScriptRunner.cpp:139
#19 0xb2d64c29 in WebCore::HTMLScriptRunner::executeParsingBlockingScript (this=0x81f6470) at /home/rakuco/dev/WebKit/Source/WebCore/html/parser/HTMLScriptRunner.cpp:118
#20 0xb2d6512d in WebCore::HTMLScriptRunner::executeParsingBlockingScripts (this=0x81f6470) at /home/rakuco/dev/WebKit/Source/WebCore/html/parser/HTMLScriptRunner.cpp:190
#21 0xb2d650d9 in WebCore::HTMLScriptRunner::execute (this=0x81f6470, scriptElement=..., scriptStartPosition=...) at /home/rakuco/dev/WebKit/Source/WebCore/html/parser/HTMLScriptRunner.cpp:178
#22 0xb2d560bb in WebCore::HTMLDocumentParser::runScriptsForPausedTreeBuilder (this=0x81ecc88) at /home/rakuco/dev/WebKit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:200
#23 0xb2d56160 in WebCore::HTMLDocumentParser::canTakeNextToken (this=0x81ecc88, mode=WebCore::HTMLDocumentParser::AllowYield, session=...) at /home/rakuco/dev/WebKit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:217
#24 0xb2d56556 in WebCore::HTMLDocumentParser::pumpTokenizer (this=0x81ecc88, mode=WebCore::HTMLDocumentParser::AllowYield) at /home/rakuco/dev/WebKit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:254
#25 0xb2d55f4a in WebCore::HTMLDocumentParser::pumpTokenizerIfPossible (this=0x81ecc88, mode=WebCore::HTMLDocumentParser::AllowYield) at /home/rakuco/dev/WebKit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:173
#26 0xb2d570d3 in WebCore::HTMLDocumentParser::resumeParsingAfterScriptExecution (this=0x81ecc88) at /home/rakuco/dev/WebKit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:476
#27 0xb2d573a4 in WebCore::HTMLDocumentParser::notifyFinished (this=0x81ecc88, cachedResource=0x8257350) at /home/rakuco/dev/WebKit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:516
#28 0xb2f27f4b in WebCore::CachedResource::checkNotify (this=0x8257350) at /home/rakuco/dev/WebKit/Source/WebCore/loader/cache/CachedResource.cpp:248
#29 0xb2f3bccf in WebCore::CachedScript::data (this=0x8257350, data=..., allDataReceived=true) at /home/rakuco/dev/WebKit/Source/WebCore/loader/cache/CachedScript.cpp:90
#30 0xb2eeb897 in WebCore::SubresourceLoader::didFinishLoading (this=0x824ece8, finishTime=0) at /home/rakuco/dev/WebKit/Source/WebCore/loader/SubresourceLoader.cpp:300
#31 0xb2ee6cf5 in WebCore::ResourceLoader::didFinishLoading (this=0x824ece8, finishTime=0) at /home/rakuco/dev/WebKit/Source/WebCore/loader/ResourceLoader.cpp:441
#32 0xb3a19bc0 in WebCore::readCallback (asyncResult=0x8273b60, data=0x8275a78) at /home/rakuco/dev/WebKit/Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp:953
#33 0xb01c62e8 in async_ready_callback_wrapper (source_object=0x8261980, res=0x8273b60, user_data=user_data@entry=0x8275a78) at ginputstream.c:529
#34 0xb01dd200 in g_simple_async_result_complete (simple=simple@entry=0x8273b60) at gsimpleasyncresult.c:767
#35 0xb01dd273 in complete_in_idle_cb_for_thread (_data=_data@entry=0x81f3cd0) at gsimpleasyncresult.c:835
#36 0xb03c0af0 in g_idle_dispatch (source=source@entry=0xac561db8, callback=0xb01dd240 <complete_in_idle_cb_for_thread>, user_data=0x81f3cd0) at gmain.c:4657
#37 0xb03c3033 in g_main_dispatch (context=0x81c4a68) at gmain.c:2539
#38 g_main_context_dispatch (context=context@entry=0x81c4a68) at gmain.c:3075
#39 0xb09af09c in _ecore_glib_select__locked (ecore_timeout=0xbfffee08, efds=0xbfffef10, wfds=0xbfffee90, rfds=0xbfffee10, ecore_fds=10, ctx=0x81c4a68) at ecore_glib.c:171
#40 _ecore_glib_select (ecore_fds=10, rfds=0xbfffee10, wfds=0xbfffee90, efds=0xbfffef10, ecore_timeout=0xbfffee08) at ecore_glib.c:205#41 0xb09a8d9f in _ecore_main_select (timeout=0) at ecore_main.c:1370
#42 0xb09a9875 in _ecore_main_loop_iterate_internal (once_only=once_only@entry=0) at ecore_main.c:1786
#43 0xb09a9c0f in ecore_main_loop_begin () at ecore_main.c:931
#44 0x080b7bd7 in runTest (inputLine=0xbffff4cb "LayoutTests/ietestcenter/Javascript/15.4.4.14-9-b-i-5.html") at /home/rakuco/dev/WebKit/Tools/DumpRenderTree/efl/DumpRenderTree.cpp:289
#45 0x080b8463 in main (argc=3, argv=0xbffff2d4) at /home/rakuco/dev/WebKit/Tools/DumpRenderTree/efl/DumpRenderTree.cpp:457

Comment 4 Raphael Kubo da Costa (:rakuco) 2012-09-18 05:56:44 PDT

(In reply to comment #2)
> I skipped them on Qt to paint the bots green - https://trac.webkit.org/changeset/128878
> 
> Please unskip them with the proper fix.

Tests skipped on EFL as well: <http://trac.webkit.org/changeset/128881>

Comment 5 Filip Pizlo 2012-09-18 09:32:55 PDT

Yup, I'm looking at it.  Strange that I didn't see these on Mac. :-/

Comment 6 Filip Pizlo 2012-09-18 12:21:03 PDT

Which test were you running?

(In reply to comment #3)
> (In reply to comment #1)
> > I tried to generate GDB backtraces for these crashes on Qt, but unfortunately
> > they pass if we run tests one by one, but crash if we run all fast/js tests.
> 
> Alternatively, if you just run the same test twice or more it crashes after the first run. Example backtrace:
> 
> #0  0x080d3a5c in JSC::WriteBarrierBase<JSC::Structure>::unvalidatedGet (this=0x0) at /home/rakuco/dev/WebKit/Source/JavaScriptCore/runtime/WriteBarrier.h:139
> #1  0x080d24a1 in JSC::JSCell::unvalidatedStructure (this=0x0) at /home/rakuco/dev/WebKit/Source/JavaScriptCore/runtime/JSCell.h:143
> #2  0xb786f9bc in JSC::slowValidateCell (cell=0xabadf610) at /home/rakuco/dev/WebKit/Source/JavaScriptCore/runtime/JSCell.cpp:167
> #3  0x080d2072 in JSC::validateCell<JSC::JSCell*> (cell=0xabadf610) at /home/rakuco/dev/WebKit/Source/JavaScriptCore/runtime/WriteBarrier.h:55
> #4  0x080d3a98 in JSC::WriteBarrierBase<JSC::Structure>::get (this=0xabbcf420) at /home/rakuco/dev/WebKit/Source/JavaScriptCore/runtime/WriteBarrier.h:103
> #5  0xb787d74d in JSC::JSGlobalObject::haveABadTime (this=0xabbcf250, globalData=...) at /home/rakuco/dev/WebKit/Source/JavaScriptCore/runtime/JSGlobalObject.cpp:409
> #6  0xb788ced7 in JSC::JSObject::notifyPresenceOfIndexedAccessors (this=0xabbef890, globalData=...) at /home/rakuco/dev/WebKit/Source/JavaScriptCore/runtime/JSObject.cpp:470
> #7  0xb788f84f in JSC::JSObject::defineOwnIndexedProperty (this=0xabbef890, exec=0xacee00d8, index=0, descriptor=..., throwException=true) at /home/rakuco/dev/WebKit/Source/JavaScriptCore/runtime/JSObject.cpp:1105
> #8  0xb786777f in JSC::JSArray::defineOwnProperty (object=0xabbef890, exec=0xacee00d8, propertyName=..., descriptor=..., throwException=true) at /home/rakuco/dev/WebKit/Source/JavaScriptCore/runtime/JSArray.cpp:179
> #9  0xb78bf776 in JSC::objectConstructorDefineProperty (exec=0xacee00d8) at /home/rakuco/dev/WebKit/Source/JavaScriptCore/runtime/ObjectConstructor.cpp:304
> #10 0xacebd72f in ?? ()
> #11 0xb778e3d3 in JSC::JITCode::execute (this=0xabb5fe64, registerFile=0x822042c, callFrame=0xacee0038, globalData=0x8279128) at /home/rakuco/dev/WebKit/Source/JavaScriptCore/jit/JITCode.h:134
> #12 0xb778ab08 in JSC::Interpreter::execute (this=0x8220420, program=0xabb5fe50, callFrame=0xabbcf3ac, thisObj=0xabbefff0) at /home/rakuco/dev/WebKit/Source/JavaScriptCore/interpreter/Interpreter.cpp:992
> #13 0xb784d07e in JSC::evaluate (exec=0xabbcf3ac, source=..., thisValue=..., returnedException=0xbfffe70c) at /home/rakuco/dev/WebKit/Source/JavaScriptCore/runtime/Completion.cpp:75
> #14 0xb35813fa in WebCore::JSMainThreadExecState::evaluate (exec=0xabbcf3ac, source=..., thisValue=..., exception=0xbfffe70c) at /home/rakuco/dev/WebKit/Source/WebCore/bindings/js/JSMainThreadExecState.h:77
> #15 0xb359ea11 in WebCore::ScriptController::evaluateInWorld (this=0x81d9b34, sourceCode=..., world=0x821dea0) at /home/rakuco/dev/WebKit/Source/WebCore/bindings/js/ScriptController.cpp:148
> #16 0xb359eb08 in WebCore::ScriptController::evaluate (this=0x81d9b34, sourceCode=...) at /home/rakuco/dev/WebKit/Source/WebCore/bindings/js/ScriptController.cpp:165
> #17 0xb2b7ece4 in WebCore::ScriptElement::executeScript (this=0x8421604, sourceCode=...) at /home/rakuco/dev/WebKit/Source/WebCore/dom/ScriptElement.cpp:301
> #18 0xb2d64db1 in WebCore::HTMLScriptRunner::executePendingScriptAndDispatchEvent (this=0x81f6470, pendingScript=...) at /home/rakuco/dev/WebKit/Source/WebCore/html/parser/HTMLScriptRunner.cpp:139
> #19 0xb2d64c29 in WebCore::HTMLScriptRunner::executeParsingBlockingScript (this=0x81f6470) at /home/rakuco/dev/WebKit/Source/WebCore/html/parser/HTMLScriptRunner.cpp:118
> #20 0xb2d6512d in WebCore::HTMLScriptRunner::executeParsingBlockingScripts (this=0x81f6470) at /home/rakuco/dev/WebKit/Source/WebCore/html/parser/HTMLScriptRunner.cpp:190
> #21 0xb2d650d9 in WebCore::HTMLScriptRunner::execute (this=0x81f6470, scriptElement=..., scriptStartPosition=...) at /home/rakuco/dev/WebKit/Source/WebCore/html/parser/HTMLScriptRunner.cpp:178
> #22 0xb2d560bb in WebCore::HTMLDocumentParser::runScriptsForPausedTreeBuilder (this=0x81ecc88) at /home/rakuco/dev/WebKit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:200
> #23 0xb2d56160 in WebCore::HTMLDocumentParser::canTakeNextToken (this=0x81ecc88, mode=WebCore::HTMLDocumentParser::AllowYield, session=...) at /home/rakuco/dev/WebKit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:217
> #24 0xb2d56556 in WebCore::HTMLDocumentParser::pumpTokenizer (this=0x81ecc88, mode=WebCore::HTMLDocumentParser::AllowYield) at /home/rakuco/dev/WebKit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:254
> #25 0xb2d55f4a in WebCore::HTMLDocumentParser::pumpTokenizerIfPossible (this=0x81ecc88, mode=WebCore::HTMLDocumentParser::AllowYield) at /home/rakuco/dev/WebKit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:173
> #26 0xb2d570d3 in WebCore::HTMLDocumentParser::resumeParsingAfterScriptExecution (this=0x81ecc88) at /home/rakuco/dev/WebKit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:476
> #27 0xb2d573a4 in WebCore::HTMLDocumentParser::notifyFinished (this=0x81ecc88, cachedResource=0x8257350) at /home/rakuco/dev/WebKit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:516
> #28 0xb2f27f4b in WebCore::CachedResource::checkNotify (this=0x8257350) at /home/rakuco/dev/WebKit/Source/WebCore/loader/cache/CachedResource.cpp:248
> #29 0xb2f3bccf in WebCore::CachedScript::data (this=0x8257350, data=..., allDataReceived=true) at /home/rakuco/dev/WebKit/Source/WebCore/loader/cache/CachedScript.cpp:90
> #30 0xb2eeb897 in WebCore::SubresourceLoader::didFinishLoading (this=0x824ece8, finishTime=0) at /home/rakuco/dev/WebKit/Source/WebCore/loader/SubresourceLoader.cpp:300
> #31 0xb2ee6cf5 in WebCore::ResourceLoader::didFinishLoading (this=0x824ece8, finishTime=0) at /home/rakuco/dev/WebKit/Source/WebCore/loader/ResourceLoader.cpp:441
> #32 0xb3a19bc0 in WebCore::readCallback (asyncResult=0x8273b60, data=0x8275a78) at /home/rakuco/dev/WebKit/Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp:953
> #33 0xb01c62e8 in async_ready_callback_wrapper (source_object=0x8261980, res=0x8273b60, user_data=user_data@entry=0x8275a78) at ginputstream.c:529
> #34 0xb01dd200 in g_simple_async_result_complete (simple=simple@entry=0x8273b60) at gsimpleasyncresult.c:767
> #35 0xb01dd273 in complete_in_idle_cb_for_thread (_data=_data@entry=0x81f3cd0) at gsimpleasyncresult.c:835
> #36 0xb03c0af0 in g_idle_dispatch (source=source@entry=0xac561db8, callback=0xb01dd240 <complete_in_idle_cb_for_thread>, user_data=0x81f3cd0) at gmain.c:4657
> #37 0xb03c3033 in g_main_dispatch (context=0x81c4a68) at gmain.c:2539
> #38 g_main_context_dispatch (context=context@entry=0x81c4a68) at gmain.c:3075
> #39 0xb09af09c in _ecore_glib_select__locked (ecore_timeout=0xbfffee08, efds=0xbfffef10, wfds=0xbfffee90, rfds=0xbfffee10, ecore_fds=10, ctx=0x81c4a68) at ecore_glib.c:171
> #40 _ecore_glib_select (ecore_fds=10, rfds=0xbfffee10, wfds=0xbfffee90, efds=0xbfffef10, ecore_timeout=0xbfffee08) at ecore_glib.c:205#41 0xb09a8d9f in _ecore_main_select (timeout=0) at ecore_main.c:1370
> #42 0xb09a9875 in _ecore_main_loop_iterate_internal (once_only=once_only@entry=0) at ecore_main.c:1786
> #43 0xb09a9c0f in ecore_main_loop_begin () at ecore_main.c:931
> #44 0x080b7bd7 in runTest (inputLine=0xbffff4cb "LayoutTests/ietestcenter/Javascript/15.4.4.14-9-b-i-5.html") at /home/rakuco/dev/WebKit/Tools/DumpRenderTree/efl/DumpRenderTree.cpp:289
> #45 0x080b8463 in main (argc=3, argv=0xbffff2d4) at /home/rakuco/dev/WebKit/Tools/DumpRenderTree/efl/DumpRenderTree.cpp:457

Comment 7 Filip Pizlo 2012-09-18 13:55:52 PDT

Found it.  IndexingHeaderInlineMethods was incorrectly assuming that if the HasArrayStorage bit is clear, then that means that indexing payload capacity is zero.

Comment 8 Filip Pizlo 2012-09-18 13:59:00 PDT

Created attachment 164617 [details]
the patch

Comment 9 Mark Hahnenberg 2012-09-18 13:59:40 PDT

Comment on attachment 164617 [details]
the patch

r=me

Comment 10 Filip Pizlo 2012-09-18 14:18:42 PDT

Fix landed in http://trac.webkit.org/changeset/128928

Will land unskippage in separate revision.

Comment 11 Filip Pizlo 2012-09-18 14:27:13 PDT

Bunch of unskippage in http://trac.webkit.org/changeset/128929

Comment 12 Csaba Osztrogonác 2012-09-18 22:12:34 PDT

Reopen, because unfortunately these tests still crash on Qt:
http://build.webkit.sed.hu/results/x86-64%20Linux%20Qt%20Debug/r128935%20%2825217%29/results.html

and on EFL too: http://build.webkit.org/results/EFL%20Linux%2064-bit%20Debug/r128933%20%286069%29/results.html

Comment 13 Filip Pizlo 2012-09-18 22:42:38 PDT

(In reply to comment #12)
> Reopen, because unfortunately these tests still crash on Qt:
> http://build.webkit.sed.hu/results/x86-64%20Linux%20Qt%20Debug/r128935%20%2825217%29/results.html
> 
> and on EFL too: http://build.webkit.org/results/EFL%20Linux%2064-bit%20Debug/r128933%20%286069%29/results.html

That is unfortunate!  I will look.

Comment 14 Chris Dumez 2012-09-18 23:27:13 PDT

Skipping those tests again for EFL port in Bug 97074 since they crash consistently on the debug bots.

Comment 15 Simon Fraser (smfr) 2012-09-19 09:33:03 PDT

Still seeing crashes here:
http://build.webkit.org/results/Apple%20MountainLion%20Debug%20WK2%20(Tests)/r129007%20(1227)/ietestcenter/Javascript/15.4.4.14-9-b-i-6-crash-log.txt

Comment 16 Filip Pizlo 2012-09-19 16:22:29 PDT

OK.  I think I've found the real problem.  Testing now.

Comment 17 Filip Pizlo 2012-09-19 16:25:53 PDT

Created attachment 164800 [details]
patch for landing

Already reviewed by Mark in person.

Comment 18 Filip Pizlo 2012-09-19 16:26:42 PDT

Landed in http://trac.webkit.org/changeset/129065