[Webkit-unassigned] [Bug 30835] REGRESSION: inspector tests crashing at JSC::TypeInfo::type()
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Oct 29 15:13:50 PDT 2009
https://bugs.webkit.org/show_bug.cgi?id=30835
Eric Seidel <eric at webkit.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|REGRESSION: |REGRESSION: inspector tests
|inspector/console-format.ht |crashing at
|ml crashed on the Leopard |JSC::TypeInfo::type()
|Debug Bot |
--- Comment #22 from Eric Seidel <eric at webkit.org> 2009-10-29 15:13:49 PDT ---
Alexey suggested I try using COLLECT_ON_EVERY_ALLOCATION from Collector.cpp.
I built a copy of WebKit with that, and ran all of the inspector/*.html tests
under DumpRenderTree. I was not able to produce a crash.
I wonder if one of the http tests is smashing memory in some way? It's strange
that all of the crashes seem to have very similar crash points:
0x00000000fffffff0
0x0000000000000001
0x0000000000000fe4
0x0000000000000002
0x00000000fffffff6
Do these values look familiar to anyone in JIT land? The crash point is
always:
0 com.apple.JavaScriptCore 0x0052bb81 JSC::TypeInfo::type() const +
9 (JSTypeInfo.h:60)
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list