[Webkit-unassigned] [Bug 60580] Assertion failure in JSC::Structure::typeInfo when reloading weather.com video page

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue May 10 14:58:07 PDT 2011 

https://bugs.webkit.org/show_bug.cgi?id=60580





--- Comment #12 from Adam Roben (:aroben) <aroben at apple.com>  2011-05-10 14:58:07 PST ---
Here's the backtrace from another time I reproduced it:


>	JavaScriptCore.dll!JSC::Structure::typeInfo()  Line 101 + 0x43 bytes	C++
     JavaScriptCore.dll!JSC::JSCell::fastGetOwnPropertySlot(JSC::ExecState * exec=0x06a00238, const JSC::Identifier & propertyName={...}, JSC::PropertySlot & slot={...})  Line 510 + 0xf bytes    C++
     JavaScriptCore.dll!JSC::JSObject::getPropertySlot(JSC::ExecState * exec=0x06a00238, const JSC::Identifier & propertyName={...}, JSC::PropertySlot & slot={...})  Line 521 + 0x14 bytes    C++
     JavaScriptCore.dll!JSC::JSObject::hasProperty(JSC::ExecState * exec=0x06a00238, const JSC::Identifier & propertyName={...})  Line 208    C++
     WebKit.dll!WebCore::runtimeObjectCustomGetOwnPropertySlot(JSC::ExecState * exec=0x06a00238, const JSC::Identifier & propertyName={...}, JSC::PropertySlot & slot={...}, WebCore::JSHTMLElement * element=0x0d3c3768)  Line 119 + 0x10 bytes    C++
     WebKit.dll!WebCore::JSHTMLObjectElement::getOwnPropertySlotDelegate(JSC::ExecState * exec=0x06a00238, const JSC::Identifier & propertyName={...}, JSC::PropertySlot & slot={...})  Line 38 + 0x15 bytes    C++
     WebKit.dll!WebCore::JSHTMLObjectElement::getOwnPropertySlot(JSC::ExecState * exec=0x06a00238, const JSC::Identifier & propertyName={...}, JSC::PropertySlot & slot={...})  Line 181 + 0x14 bytes    C++
     JavaScriptCore.dll!JSC::JSCell::fastGetOwnPropertySlot(JSC::ExecState * exec=0x06a00238, const JSC::Identifier & propertyName={...}, JSC::PropertySlot & slot={...})  Line 512 + 0x1b bytes    C++
     JavaScriptCore.dll!cti_op_get_by_val(void * * args=0x0012c1d0)  Line 2353 + 0x1b bytes    C++
     JavaScriptCore.dll!@cti_op_create_this at 4()  + 0x1cf bytes    C++
     JavaScriptCore.dll!JSC::JITCode::execute(JSC::RegisterFile * registerFile=0x03dcaf94, JSC::ExecState * callFrame=0x06a00090, JSC::JSGlobalData * globalData=0x03d2fe50)  Line 77 + 0x22 bytes    C++
     JavaScriptCore.dll!JSC::Interpreter::execute(JSC::EvalExecutable * eval=0x0c200700, JSC::ExecState * callFrame=0x06a00038, JSC::JSObject * thisObj=0x0a940128, int globalRegisterOffset=18, JSC::ScopeChainNode * scopeChain=0x0d9a08c8)  Line 1138 + 0x2b bytes    C++
     JavaScriptCore.dll!JSC::Interpreter::callEval(JSC::ExecState * callFrame=0x06a00038, JSC::RegisterFile * registerFile=0x03dcaf94, JSC::Register * argv=0x06a00050, int argc=2, int registerOffset=11)  Line 412 + 0x6c bytes    C++
     JavaScriptCore.dll!cti_op_call_eval(void * * args=0x0012c4c8)  Line 3210    C++
     JavaScriptCore.dll!@cti_op_create_this at 4()  + 0x1cf bytes    C++
     JavaScriptCore.dll!JSC::JITCode::execute(JSC::RegisterFile * registerFile=0x03dcaf94, JSC::ExecState * callFrame=0x06a00038, JSC::JSGlobalData * globalData=0x03d2fe50)  Line 77 + 0x22 bytes    C++
     JavaScriptCore.dll!JSC::Interpreter::execute(JSC::ProgramExecutable * program=0x0c2006a8, JSC::ExecState * callFrame=0x0e880ba0, JSC::ScopeChainNode * scopeChain=0x0d9a08c8, JSC::JSObject * thisObj=0x0e880b28)  Line 767 + 0x25 bytes    C++
     JavaScriptCore.dll!JSC::evaluate(JSC::ExecState * exec=0x0e880ba0, JSC::ScopeChainNode * scopeChain=0x0d9a08c8, const JSC::SourceCode & source={...}, JSC::JSValue thisValue={...})  Line 66    C++
     WebKit.dll!WebKit::NPRuntimeObjectMap::evaluate(NPObject * npObject=0x0b9debf0, const WTF::String & scriptString={try { __flash__toXML(eval("if (typeof(onTemplateLoaded) != \"undefined\") onTemplateLoaded('myExperience');")) ; } catch (e) { "<undefined/>"; }}, _NPVariant * result=0x0012c7d4)  Line 196 + 0x4f bytes    C++
     WebKit.dll!WebKit::PluginView::evaluate(NPObject * npObject=0x0b9debf0, const WTF::String & scriptString={try { __flash__toXML(eval("if (typeof(onTemplateLoaded) != \"undefined\") onTemplateLoaded('myExperience');")) ; } catch (e) { "<undefined/>"; }}, _NPVariant * result=0x0012c7d4, bool allowPopups=false)  Line 983 + 0x1a bytes    C++
     WebKit.dll!WebKit::NetscapePlugin::evaluate(NPObject * npObject=0x0b9debf0, const WTF::String & scriptString={try { __flash__toXML(eval("if (typeof(onTemplateLoaded) != \"undefined\") onTemplateLoaded('myExperience');")) ; } catch (e) { "<undefined/>"; }}, _NPVariant * result=0x0012c7d4)  Line 215 + 0x2c bytes    C++
     WebKit.dll!WebKit::NPN_Evaluate(_NPP * npp=0x0d3498b4, NPObject * npObject=0x0b9debf0, _NPString * script=0x0012c7e4, _NPVariant * result=0x0012c7d4)  Line 681 + 0x1b bytes    C++
     NPSWF32.dll!1652e947()     
     [Frames below may be incorrect and/or missing, no symbols loaded for NPSWF32.dll]    

<many NPSWF32.dll frames omitted>

     NPSWF32.dll!1653262b()     
     WebKit.dll!WTF::removeIterator<unsigned __int64,std::pair<unsigned __int64,RunLoop::TimerBase *>,WTF::PairFirstExtractor<std::pair<unsigned __int64,RunLoop::TimerBase *> >,WTF::IntHash<unsigned __int64>,WTF::PairHashTraits<WTF::HashTraits<unsigned __int64>,WTF::HashTraits<RunLoop::TimerBase *> >,WTF::HashTraits<unsigned __int64> >(WTF::HashTableConstIterator<unsigned __int64,std::pair<unsigned __int64,RunLoop::TimerBase *>,WTF::PairFirstExtractor<std::pair<unsigned __int64,RunLoop::TimerBase *> >,WTF::IntHash<unsigned __int64>,WTF::PairHashTraits<WTF::HashTraits<unsigned __int64>,WTF::HashTraits<RunLoop::TimerBase *> >,WTF::HashTraits<unsigned __int64> > * it=0x00070cf4)  Line 1116 + 0xf bytes    C++
     user32.dll!_InternalCallWinProc at 20()  + 0x28 bytes    
     user32.dll!_UserCallWinProcCheckWow at 32()  + 0xb7 bytes    
     user32.dll!_DispatchMessageWorker at 8()  + 0xdc bytes    
     user32.dll!_DispatchMessageW at 4()  + 0xf bytes    
     WebKit.dll!RunLoop::run()  Line 78 + 0xc bytes    C++
     WebKit.dll!WebKit::WebProcessMain(const WebKit::CommandLine & commandLine={...})  Line 82    C++
     WebKit.dll!WebKitMain(const WebKit::CommandLine & commandLine={...})  Line 48 + 0x9 bytes    C++
     WebKit.dll!WebKitMain(HINSTANCE__ * hInstance=0x00400000, HINSTANCE__ * hPrevInstance=0x00000000, wchar_t * lpstrCmdLine=0x0002114c, int nCmdShow=10)  Line 172 + 0x9 bytes    C++
     WebKit2WebProcess.exe!wWinMain(HINSTANCE__ * hInstance=0x00400000, HINSTANCE__ * hPrevInstance=0x00000000, wchar_t * lpstrCmdLine=0x0002114c, int nCmdShow=10)  Line 66 + 0x18 bytes    C++
     WebKit2WebProcess.exe!__tmainCRTStartup()  Line 589 + 0x1c bytes    C
     kernel32.dll!_BaseProcessStart at 4()  + 0x23 bytes    

This seems to indicate that there is no reentrancy involved.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list