RESOLVED FIXED99732
Crash in JSC::Interpreter::execute at launch of webkit-gtk 1.10.0 based applications 
https://bugs.webkit.org/show_bug.cgi?id=99732
Summary Crash in JSC::Interpreter::execute at launch of webkit-gtk 1.10.0 based appli...
Jeremy Huddleston Sequoia
Reported 2012-10-18 10:36:18 PDT
When launching midori or epiphany built with webkit-gtk 1.10.0, they crash when trying to load their start page. Both crash at the same location in JavaScriptCore: Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 ??? 0x0000571adc001535 0 + 95772871759157 1 libjavascriptcoregtk-1.0.0.dylib 0x000000010f4ae958 JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::ScopeChainNode*, JSC::JSObject*) + 3282 (JSValueInlineMethods.h:363) 2 libjavascriptcoregtk-1.0.0.dylib 0x000000010f5644df JSC::evaluate(JSC::ExecState*, JSC::ScopeChainNode*, JSC::SourceCode const&, JSC::JSValue, JSC::JSValue*) + 383 (Register.h:122) 3 libwebkitgtk-1.0.0.dylib 0x000000010cb7be0d WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld*) + 447 (JSMainThreadExecState.h:77) 4 libwebkitgtk-1.0.0.dylib 0x000000010cb7c012 WebCore::ScriptController::evaluate(WebCore::ScriptSourceCode const&) + 44 (ScriptController.cpp:165) 5 libwebkitgtk-1.0.0.dylib 0x000000010ccf349e WebCore::ScriptElement::executeScript(WebCore::ScriptSourceCode const&) + 476 (ScriptElement.cpp:301) 6 libwebkitgtk-1.0.0.dylib 0x000000010ce5a261 WebCore::HTMLScriptRunner::executePendingScriptAndDispatchEvent(WebCore::PendingScript&) + 205 (HTMLScriptRunner.cpp:140) 7 libwebkitgtk-1.0.0.dylib 0x000000010ce5a4da WebCore::HTMLScriptRunner::executeParsingBlockingScript() + 262 (HTMLScriptRunner.cpp:118) 8 libwebkitgtk-1.0.0.dylib 0x000000010ce5a5e8 WebCore::HTMLScriptRunner::executeScriptsWaitingForLoad(WebCore::CachedResource*) + 30 (RefPtr.h:58) 9 libwebkitgtk-1.0.0.dylib 0x000000010ce519a0 WebCore::HTMLDocumentParser::notifyFinished(WebCore::CachedResource*) + 66 (HTMLDocumentParser.cpp:515) 10 libwebkitgtk-1.0.0.dylib 0x000000010cf45e52 WebCore::CachedResource::checkNotify() + 82 (CachedResource.cpp:248) 11 libwebkitgtk-1.0.0.dylib 0x000000010cf8ed4e WebCore::SubresourceLoader::didFinishLoading(double) + 148 (PassRefPtr.h:67) 12 libwebkitgtk-1.0.0.dylib 0x000000010d093740 WebCore::readCallback(_GObject*, _GAsyncResult*, void*) + 272 (ResourceHandleSoup.cpp:953) 13 libgio-2.0.0.dylib 0x000000010c33aa4a async_ready_callback_wrapper + 122 14 libgio-2.0.0.dylib 0x000000010c34dd62 g_simple_async_result_complete + 178 15 libgio-2.0.0.dylib 0x000000010c34dca9 complete_in_idle_cb + 9 16 libglib-2.0.0.dylib 0x000000010bbafa88 g_main_context_dispatch + 328 17 libglib-2.0.0.dylib 0x000000010bbb1b9e g_main_context_iterate + 510 18 libglib-2.0.0.dylib 0x000000010bbb313f g_main_loop_run + 287 19 libgtk-x11-2.0.0.dylib 0x000000010bdac10f gtk_main + 191 20 midori 0x000000010ba3538d main + 11949 (main.c:2574) 21 libdyld.dylib 0x00007fff8a1337e1 start + 1 Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 ??? 0x00004898bb601a00 0 + 79820815866368 1 libjavascriptcoregtk-1.0.0.dylib 0x0000000108f34958 JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::ScopeChainNode*, JSC::JSObject*) + 3282 (JSValueInlineMethods.h:363) 2 libjavascriptcoregtk-1.0.0.dylib 0x0000000108fea4df JSC::evaluate(JSC::ExecState*, JSC::ScopeChainNode*, JSC::SourceCode const&, JSC::JSValue, JSC::JSValue*) + 383 (Register.h:122) 3 libwebkitgtk-1.0.0.dylib 0x0000000105cb0e0d WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld*) + 447 (JSMainThreadExecState.h:77) 4 libwebkitgtk-1.0.0.dylib 0x0000000105cb1012 WebCore::ScriptController::evaluate(WebCore::ScriptSourceCode const&) + 44 (ScriptController.cpp:165) 5 libwebkitgtk-1.0.0.dylib 0x0000000105e2849e WebCore::ScriptElement::executeScript(WebCore::ScriptSourceCode const&) + 476 (ScriptElement.cpp:301) 6 libwebkitgtk-1.0.0.dylib 0x0000000105e296de WebCore::ScriptElement::prepareScript(WTF::TextPosition const&, WebCore::ScriptElement::LegacyTypeSupport) + 1094 (ScriptElement.cpp:241) 7 libwebkitgtk-1.0.0.dylib 0x0000000105f8ecb5 WebCore::HTMLScriptRunner::runScript(WebCore::Element*, WTF::TextPosition const&) + 373 (ScriptElement.h:58) 8 libwebkitgtk-1.0.0.dylib 0x0000000105f8f669 WebCore::HTMLScriptRunner::execute(WTF::PassRefPtr<WebCore::Element>, WTF::TextPosition const&) + 47 (RefPtr.h:58) 9 libwebkitgtk-1.0.0.dylib 0x0000000105f863f3 WebCore::HTMLDocumentParser::runScriptsForPausedTreeBuilder() + 87 (PassRefPtr.h:67) 10 libwebkitgtk-1.0.0.dylib 0x0000000105f8649a WebCore::HTMLDocumentParser::canTakeNextToken(WebCore::HTMLDocumentParser::SynchronousMode, WebCore::PumpSession&) + 88 (HTMLDocumentParser.cpp:218) 11 libwebkitgtk-1.0.0.dylib 0x0000000105f866a6 WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode) + 338 (HTMLDocumentParser.cpp:254) 12 libwebkitgtk-1.0.0.dylib 0x0000000105f86ae8 WebCore::HTMLDocumentParser::append(WebCore::SegmentedString const&) + 246 (HTMLDocumentParser.cpp:173) 13 libwebkitgtk-1.0.0.dylib 0x0000000105dc0e85 WebCore::DecodedDataDocumentParser::appendBytes(WebCore::DocumentWriter*, char const*, unsigned long) + 137 (SegmentedString.h:138) 14 libwebkitgtk-1.0.0.dylib 0x000000010608a8d6 WebCore::DocumentLoader::commitData(char const*, unsigned long) + 414 (DocumentLoader.cpp:356) 15 libwebkitgtk-1.0.0.dylib 0x0000000105b6fd8e WebKit::FrameLoaderClient::committedLoad(WebCore::DocumentLoader*, char const*, int) + 54 (DocumentLoader.h:77) 16 libwebkitgtk-1.0.0.dylib 0x000000010608aba6 WebCore::DocumentLoader::commitLoad(char const*, int) + 152 (DocumentLoader.cpp:322) 17 libwebkitgtk-1.0.0.dylib 0x00000001060be33a WebCore::ResourceLoader::didReceiveData(char const*, int, long long, bool) + 54 (ResourceLoader.cpp:281) 18 libwebkitgtk-1.0.0.dylib 0x00000001060b7164 WebCore::MainResourceLoader::didReceiveData(char const*, int, long long, bool) + 104 (RefCounted.h:134) 19 libwebkitgtk-1.0.0.dylib 0x00000001060bddbe WebCore::ResourceLoader::didReceiveData(WebCore::ResourceHandle*, char const*, int, int) + 130 (InspectorInstrumentation.h:1063) 20 libwebkitgtk-1.0.0.dylib 0x00000001061c8780 WebCore::readCallback(_GObject*, _GAsyncResult*, void*) + 336 (ResourceHandleSoup.cpp:967) 21 libgio-2.0.0.dylib 0x000000010b2f9a4a async_ready_callback_wrapper + 122 22 libgio-2.0.0.dylib 0x000000010b30cd62 g_simple_async_result_complete + 178 23 libgio-2.0.0.dylib 0x000000010b30cca9 complete_in_idle_cb + 9 24 libglib-2.0.0.dylib 0x000000010b54da88 g_main_context_dispatch + 328 25 libglib-2.0.0.dylib 0x000000010b54fb9e g_main_context_iterate + 510 26 libglib-2.0.0.dylib 0x000000010b55113f g_main_loop_run + 287 27 libgtk-x11-2.0.0.dylib 0x0000000108b2d10f gtk_main + 191 28 epiphany 0x00000001059a43eb main + 1979 29 libdyld.dylib 0x00007fff8a1337e1 start + 1
Attachments
epiphany crash report (52.48 KB, text/plain)
2012-10-18 10:37 PDT, Jeremy Huddleston Sequoia 		no flags
Details
midori crash report (54.02 KB, text/plain)
2012-10-18 10:37 PDT, Jeremy Huddleston Sequoia 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Jeremy Huddleston Sequoia
Comment 1 2012-10-18 10:37:16 PDT
Created attachment 169434 [details] epiphany crash report
Jeremy Huddleston Sequoia
Comment 2 2012-10-18 10:37:32 PDT
Created attachment 169435 [details] midori crash report
Jeremy Huddleston Sequoia
Comment 3 2012-10-18 10:38:52 PDT
webkit-gtk-1.10.0 was built with: $ ./configure --prefix=/opt/local --with-gtk=2.0 --disable-webkit2 --disable-introspection --enable-link-prefetch --enable-image-resizer --enable-media-statistics --enable-media-stream --enable-svg --enable-geolocation --enable-webgl --enable-page-visibility-api --enable-datagrid --enable-mathml --enable-web-timing --enable-mhtml --enable-microdata --enable-mutation-observers --with-font-backend=pango --enable-video-track
Jeremy Huddleston Sequoia
Comment 4 2012-10-28 03:00:50 PDT
1.10.1 is also unusable due to this issue.
Kalev Lember
Comment 5 2012-10-28 03:03:05 PDT
Does it crash with both 32 bit and 64 bit builds?
Jeremy Huddleston Sequoia
Comment 6 2012-10-28 03:10:56 PDT
I've only tried 64bit. Most of my dependencies are built 64bit-only. I'll try building 32bit if you think this might be an LP64 issue.
Kalev Lember
Comment 7 2012-10-28 03:35:52 PDT
Oh I was actually thinking it might be a 32-bit issue. What about disabling JIT in the build, does that fix it? Passing --disable-jit to configure should do it.
Jeremy Huddleston Sequoia
Comment 8 2012-10-28 13:24:56 PDT
Yeah, with jit support disabled, this does not crash.
Jeremy Huddleston Sequoia
Comment 9 2013-01-18 15:54:28 PST
This does not happen on 1.11.4
Note You need to log in before you can comment on or make changes to this bug.