[Webkit-unassigned] [Bug 16909] Amazon.com crash
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Jan 17 17:34:08 PST 2008
http://bugs.webkit.org/show_bug.cgi?id=16909
------- Comment #5 from cwzwarich at uwaterloo.ca 2008-01-17 17:34 PDT -------
Created an attachment (id=18518)
--> (http://bugs.webkit.org/attachment.cgi?id=18518&action=view)
ExecState activity log
Tearing off every ActivationImp as soon as it is created fixes the crash, which
suggests that the problem is due to a missed reference to an ActivationImp from
an ExecState that should be explicitly mark()'d but isn't. Tearing off the
activation puts a pointer into the GC heap in m_activation, which is caught by
the conservative collector.
Maciej suggested I log ExecState creations, deletions, and markings so that we
can check for anything suspicious. I've attached such a log from a session that
crashed.
--
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list