[Webkit-unassigned] [Bug 29599] New: REGRESSION (r48581): Crash in StructureStubInfo::initPutByIdTransition when reloading trac.webkit.org

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Sep 21 09:29:09 PDT 2009 

https://bugs.webkit.org/show_bug.cgi?id=29599

           Summary: REGRESSION (r48581): Crash in
                    StructureStubInfo::initPutByIdTransition when
                    reloading trac.webkit.org
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: All
               URL: http://trac.webkit.org/
        OS/Version: All
            Status: NEW
          Keywords: NeedsRadar, Regression
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: aroben at apple.com
                CC: mjs at apple.com, oliver at apple.com


To reproduce:

1. Go to http://trac.webkit.org/
2. Reload

You'll crash. Here's the backtrace:

     JavaScriptCore_debug.dll!WTF::RefCountedBase::ref()  Line 36 + 0x3 bytes  
 C++
>	JavaScriptCore_debug.dll!JSC::StructureStubInfo::initPutByIdTransition(JSC::Structure * previousStructure=0x00000000, JSC::Structure * structure=0x0ead7fe8, JSC::StructureChain * chain=0x08ae4818)  Line 116	C++
     JavaScriptCore_debug.dll!JSC::JITThunks::tryCachePutByID(JSC::ExecState *
callFrame=0x08d603b0, JSC::CodeBlock * codeBlock=0x0e77f210,
JSC::ReturnAddressPtr returnAddress={...}, JSC::JSValue baseValue={...}, const
JSC::PutPropertySlot & slot={...}, JSC::StructureStubInfo *
stubInfo=0x0e780fc8)  Line 703    C++
     JavaScriptCore_debug.dll!cti_op_put_by_id(void * * args=0x0012e4d4)  Line
1089 + 0x2f bytes    C++
     JavaScriptCore_debug.dll!@cti_op_convert_this at 4()  + 0x10f bytes    C++
     JavaScriptCore_debug.dll!JSC::JITCode::execute(JSC::RegisterFile *
registerFile=0x086a7330, JSC::ExecState * callFrame=0x08d60058,
JSC::JSGlobalData * globalData=0x0867a500, JSC::JSValue * exception=0x0867b058)
 Line 79 + 0x24 bytes    C++
     JavaScriptCore_debug.dll!JSC::Interpreter::execute(JSC::FunctionExecutable
* functionExecutable=0x08baeb40, JSC::ExecState * callFrame=0x0868f480,
JSC::JSFunction * function=0x07c529c0, JSC::JSObject * thisObj=0x07c53440,
const JSC::ArgList & args={...}, JSC::ScopeChainNode * scopeChain=0x0e1f3840,
JSC::JSValue * exception=0x0867b058)  Line 721 + 0x34 bytes    C++
     JavaScriptCore_debug.dll!JSC::JSFunction::call(JSC::ExecState *
exec=0x0868f480, JSC::JSValue thisValue={...}, const JSC::ArgList & args={...})
 Line 120 + 0x4e bytes    C++
     JavaScriptCore_debug.dll!JSC::call(JSC::ExecState * exec=0x0868f480,
JSC::JSValue functionObject={...}, JSC::CallType callType=CallTypeJS, const
JSC::CallData & callData={...}, JSC::JSValue thisValue={...}, const
JSC::ArgList & args={...})  Line 39 + 0x2b bytes    C++
     WebKit_debug.dll!WebCore::JSEventListener::handleEvent(WebCore::Event *
event=, bool isWindowEvent=)  Line 120 + 0x4d bytes    C++
     WebKit_debug.dll!WebCore::DOMWindow::handleEvent(WebCore::Event *
event=0x0ea09168, bool useCapture=false,
WTF::Vector<WTF::RefPtr<WebCore::RegisteredEventListener>,0> *
alternateListeners=[...]())  Line 1260 + 0x20 bytes    C++
    
WebKit_debug.dll!WebCore::DOMWindow::dispatchEventWithDocumentAsTarget(WTF::PassRefPtr<WebCore::Event>
e={...}, WTF::Vector<WTF::RefPtr<WebCore::RegisteredEventListener>,0> *
alternateEventListeners=[...]())  Line 1341    C++
    
WebKit_debug.dll!WebCore::DOMWindow::dispatchUnloadEvent(WTF::Vector<WTF::RefPtr<WebCore::RegisteredEventListener>,0>
* alternateEventListeners=[...]())  Line 1361    C++
    
WebKit_debug.dll!WebCore::FrameLoader::stopLoading(WebCore::UnloadEventPolicy
unloadEventPolicy=UnloadEventPolicyUnloadAndPageHide, WebCore::DatabasePolicy
databasePolicy=DatabasePolicyStop)  Line 588    C++
     WebKit_debug.dll!WebCore::FrameLoader::closeURL()  Line 650    C++
    
WebKit_debug.dll!WebCore::FrameLoader::transitionToCommitted(WTF::PassRefPtr<WebCore::CachedPage>
cachedPage={...})  Line 2952    C++
    
WebKit_debug.dll!WebCore::FrameLoader::commitProvisionalLoad(WTF::PassRefPtr<WebCore::CachedPage>
prpCachedPage={...})  Line 2883    C++
     WebKit_debug.dll!WebCore::DocumentLoader::commitIfReady()  Line 322    C++
     WebKit_debug.dll!WebCore::DocumentLoader::commitLoad(const char *
data=0x0eb48aa8, int length=1971)  Line 341    C++
     WebKit_debug.dll!WebCore::DocumentLoader::receivedData(const char *
data=0x0eb48aa8, int length=1971)  Line 355    C++
     WebKit_debug.dll!WebCore::FrameLoader::receivedData(const char *
data=0x0eb48aa8, int length=1971)  Line 2524    C++
     WebKit_debug.dll!WebCore::MainResourceLoader::addData(const char *
data=0x0eb48aa8, int length=1971, bool allAtOnce=false)  Line 144    C++
     WebKit_debug.dll!WebCore::ResourceLoader::didReceiveData(const char *
data=0x0eb48aa8, int length=1971, __int64 lengthReceived=1971, bool
allAtOnce=false)  Line 248 + 0x1b bytes    C++
     WebKit_debug.dll!WebCore::MainResourceLoader::didReceiveData(const char *
data=0x0eb48aa8, int length=1971, __int64 lengthReceived=1971, bool
allAtOnce=false)  Line 357    C++
    
WebKit_debug.dll!WebCore::ResourceLoader::didReceiveData(WebCore::ResourceHandle
* __formal=0x0eaa0ad0, const char * data=0x0eb48aa8, int length=1971, int
lengthReceived=1971)  Line 398 + 0x1f bytes    C++
     WebKit_debug.dll!WebCore::didReceiveData(_CFURLConnection *
conn=0x08d035d8, const __CFData * data=0x0e784d10, long originalLength=1971,
const void * clientInfo=0x0eaa0ad0)  Line 176 + 0x2a bytes    C++

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list