[Webkit-unassigned] [Bug 20911] New: REGRESSION: Reproducible assertion failure below derefStructureIDs 64-bit JavaScriptCore

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Sep 18 01:24:33 PDT 2008 

https://bugs.webkit.org/show_bug.cgi?id=20911

           Summary: REGRESSION: Reproducible assertion failure below
                    derefStructureIDs 64-bit JavaScriptCore
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Macintosh
        OS/Version: Mac OS X 10.5
            Status: NEW
          Keywords: HasReduction, Regression
          Severity: Major
          Priority: P1
         Component: JavaScriptCore
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: mrowe at apple.com


After building jsc 64-bit:

> function f() { a } a; f()
ASSERTION FAILED: !m_deletionHasBegun
(./wtf/RefCounted.h:47 void WTF::RefCounted<T>::deref() [with T =
JSC::StructureID])

Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_INVALID_ADDRESS at address: 0x00000000bbadbeef
0x00000001000c89a6 in WTF::RefCounted<JSC::StructureID>::deref
(this=0x100000000) at RefCounted.h:47
47              ASSERT(!m_deletionHasBegun);
(gdb) bt
#0  0x00000001000c89a6 in WTF::RefCounted<JSC::StructureID>::deref
(this=0x100000000) at RefCounted.h:47
#1  0x000000010011b246 in JSC::CodeBlock::derefStructureIDs (this=0x1006175b0,
vPC=0x100617850) at JavaScriptCore/VM/CodeBlock.cpp:938
#2  0x000000010011b367 in JSC::CodeBlock::~CodeBlock (this=0x1006175b0) at
JavaScriptCore/VM/CodeBlock.cpp:898
#3  0x00000001000b42f5 in JSC::ProgramCodeBlock::~ProgramCodeBlock
(this=0x1006175b0) at CodeBlock.h:297
#4  0x00000001000b430d in JSC::ProgramCodeBlock::~ProgramCodeBlock
(this=0x1006175b0) at CodeBlock.h:297
#5  0x00000001000c3536 in WTF::deleteOwnedPtr<JSC::ProgramCodeBlock>
(ptr=0x1006175b0) at OwnPtr.h:51
#6  0x00000001000c3562 in WTF::OwnPtr<JSC::ProgramCodeBlock>::~OwnPtr
(this=0x100830c40) at OwnPtr.h:69
#7  0x00000001000c3583 in WTF::OwnPtr<JSC::ProgramCodeBlock>::~OwnPtr
(this=0x100830c40) at OwnPtr.h:69
#8  0x00000001000c3a4e in JSC::ProgramNode::~ProgramNode (this=0x100830a00) at
nodes.h:2195
#9  0x000000010003d925 in JSC::ParserRefCounted::deref (this=0x100830a00) at
nodes.cpp:107
#10 0x00000001000b9979 in WTF::RefPtr<JSC::ProgramNode>::~RefPtr
(this=0x7fff5fbff450) at RefPtr.h:50
#11 0x00000001000b9991 in WTF::RefPtr<JSC::ProgramNode>::~RefPtr
(this=0x7fff5fbff450) at RefPtr.h:50
#12 0x0000000100073c86 in JSC::Interpreter::evaluate (exec=0x100608d70,
scopeChain=@0x100608c20, sourceURL=@0x10000f650, startingLineNumber=1,
source=@0x7fff5fbff570, thisValue=0x0) at interpreter.cpp:90
#13 0x0000000100073d16 in JSC::Interpreter::evaluate (exec=0x100608d70,
scopeChain=@0x100608c20, sourceURL=@0x10000f650, startingLineNumber=1,
code=@0x7fff5fbff5d0, thisV=0x0) at interpreter.cpp:62
#14 0x0000000100001459 in runInteractive (globalObject=0x100560000) at
JavaScriptCore/kjs/Shell.cpp:381
#15 0x0000000100002aa2 in jscmain (argc=1, argv=0x7fff5fbff728,
globalData=0x100809400) at JavaScriptCore/kjs/Shell.cpp:479
#16 0x0000000100002b1b in main (argc=1, argv=0x7fff5fbff728) at
JavaScriptCore/kjs/Shell.cpp:307
(gdb) 

This results in a crash in release build that breaks most JavaScript execution
and all JSCore tests.


-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the webkit-unassigned mailing list