From bugzilla-daemon at webkit.org Thu Aug 1 00:07:45 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 00:07:45 -0700
Subject: [Webkit-unassigned] [Bug 119347] Web Inspector: Copying JS object
output from console could be better
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=119347
--- Comment #2 from Antoine Quint 2013-08-01 00:07:30 PST ---
We could look at the properties on the logged objects and see if it is all basic types and log it as expected here.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 00:11:11 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 00:11:11 -0700
Subject: [Webkit-unassigned] [Bug 119356] [Forms: color] popover color well implementation
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=119356
Build Bot changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |buildbot at hotmail.com,
| |rniwa at webkit.org
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 00:11:14 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 00:11:14 -0700
Subject: [Webkit-unassigned] [Bug 119356] [Forms: color] popover color well implementation
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=119356
--- Comment #6 from Build Bot 2013-08-01 00:10:58 PST ---
(From update of attachment 207899)
Attachment 207899 did not pass mac-wk2-ews (mac-wk2):
Output: http://webkit-queues.appspot.com/results/1292902
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 00:13:50 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 00:13:50 -0700
Subject: [Webkit-unassigned] [Bug 119380] New: [CSSRegions] Scrolling a
fixed positioned region results in painting artifacts
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=119380
Summary: [CSSRegions] Scrolling a fixed positioned region
results in painting artifacts
Product: WebKit
Version: 528+ (Nightly build)
Platform: Unspecified
OS/Version: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: CSS
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: mihnea at adobe.com
CC: WebkitBugTracker at adobe.com
Blocks: 57312
With the following test case:
AAAAA
Test
If one scrolls up&&down the document, the content flowed in region is painted incorrectly. Adding background-color or border to the region fixes the problem.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 00:13:55 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 00:13:55 -0700
Subject: [Webkit-unassigned] [Bug 57312] [META][CSSRegions] Add regions
support in WebKit
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=57312
Mihnea Ovidenie changed:
What |Removed |Added
----------------------------------------------------------------------------
Depends on| |119380
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 00:13:58 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 00:13:58 -0700
Subject: [Webkit-unassigned] [Bug 119082] Implement canvas blending tests to
validate operators between different types of layers
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=119082
Mihai Tica changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #207729|0 |1
is obsolete| |
Attachment #207729|review- |
Flag| |
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 00:14:07 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 00:14:07 -0700
Subject: [Webkit-unassigned] [Bug 119082] Implement canvas blending tests to
validate operators between different types of layers
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=119082
Mihai Tica changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #207900| |review?
Flag| |
--- Comment #8 from Mihai Tica 2013-08-01 00:13:52 PST ---
Created an attachment (id=207900)
--> (https://bugs.webkit.org/attachment.cgi?id=207900&action=review)
Patch
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 00:15:13 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 00:15:13 -0700
Subject: [Webkit-unassigned] [Bug 119082] Implement canvas blending tests to
validate operators between different types of layers
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=119082
--- Comment #9 from Mihai Tica 2013-08-01 00:14:58 PST ---
I rewrote most of the test using the model initially used by Rik, and the one that was used for the alpha test.
Can you please take another look?
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 00:16:43 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 00:16:43 -0700
Subject: [Webkit-unassigned] [Bug 119356] [Forms: color] popover color well implementation
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=119356
--- Comment #7 from Ruth Fong 2013-08-01 00:16:27 PST ---
(From update of attachment 207899)
View in context: https://bugs.webkit.org/attachment.cgi?id=207899&action=review
> Source/WebKit2/UIProcess/WebPageProxy.cpp:2944
> +#if ENABLE(INPUT_TYPE_COLOR_POPOVER)
> + m_colorPicker = m_pageClient->createColorPicker(this, initialColor, elementRect);
> +#else
> if (!m_colorPicker)
> m_colorPicker = m_pageClient->createColorPicker(this, initialColor, elementRect);
> m_colorPicker->showColorPicker(initialColor);
> +#endif
Every time a new element is activated, the previous popover is destroyed and a new one constructed. This differs from the panel implementation; which "resets" the color picker instead of tearing it down and building a new one when it's associated to another color element. Should we standardize the implementation? (Probably yes, that where there's a more similar implementation for the color picker UIs in WebColorPickerMac.)
Disadvantage of createIfNeeded-and-show: It'd be harder to follow the createIfNeeded then show model for popover because in WKColorPopoverMac, initForFrame needs to be called to set the popover over the right color element, but it can be done (more information would have to be passed to showColorPicker, such as elementRect and m_pageClient->wkView()).
For destroy-and-create: For the panel implementation, it may be a poor UI experience (will try it out) having a picker disappear and then reappear.
> Source/WebKit2/UIProcess/mac/WebColorPickerMac.mm:103
> +#endif
The deconstructor probably shouldn't have the ASSERT. Will file a new bug to fix this.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 00:28:32 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 00:28:32 -0700
Subject: [Webkit-unassigned] [Bug 119356] [Forms: color] popover color well implementation
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=119356
Ruth Fong changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #207899|0 |1
is obsolete| |
Attachment #207899|commit-queue- |
Flag| |
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 00:28:37 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 00:28:37 -0700
Subject: [Webkit-unassigned] [Bug 119356] [Forms: color] popover color well implementation
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=119356
--- Comment #8 from Ruth Fong 2013-08-01 00:28:20 PST ---
Created an attachment (id=207901)
--> (https://bugs.webkit.org/attachment.cgi?id=207901&action=review)
Patch
fixed feature defines bug
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 00:38:49 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 00:38:49 -0700
Subject: [Webkit-unassigned] [Bug 119379] Remove return statement in void
function
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=119379
Kwang Yul Seo changed:
What |Removed |Added
----------------------------------------------------------------------------
AssignedTo|webkit-unassigned at lists.web |skyul at company100.com
|kit.org |
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 00:46:53 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 00:46:53 -0700
Subject: [Webkit-unassigned] [Bug 119356] [Forms: color] popover color well implementation
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=119356
--- Comment #9 from Benjamin Poulain 2013-08-01 00:46:37 PST ---
(From update of attachment 207901)
View in context: https://bugs.webkit.org/attachment.cgi?id=207901&action=review
Some comments:
> Source/WebKit2/UIProcess/mac/WebColorPickerMac.mm:65
> + at interface WKColorPickerMac : NSObject {
> + at protected
> +BOOL _lastChangedByUser;
> +WebColorPickerMac* _picker;
> }
> -
> -- (id)init;
> -- (void)setAndShowPicker:(WebKit::WebColorPickerMac*)picker withColor:(NSColor *)color;
> -- (void)didChooseColor:(NSColorPanel *)panel;
> +- (void)didChooseColor:(id)sender;
> - (void)invalidate;
> -
> -// Sets color to the NSColorPanel as a non user change.
> - (void)setColor:(NSColor *)color;
> + at end
>
> + at implementation WKColorPickerMac
> +- (void)didChooseColor:(id)sender { }
> +- (void)invalidate { }
> +- (void)setColor:(NSColor *)color { }
> @end
I think you should transform WKColorPickerMac to a protocol, and move the two attributes to the subclass.
WKColorPickerMac does not have ownership of _lastChangedByUser which leads to improper encapsulation. You should try to avoid inheritance as a way to share code, using encapsulation/aggregation leads to better designs.
> Source/WebKit2/UIProcess/mac/WebColorPickerMac.mm:74
> + NSPopoverColorWell* popoverWell;
You could use a RetainPtr here to avoid risking leaking this.
> Source/WebKit2/UIProcess/mac/WebColorPickerMac.mm:159
> + return self;
Indent.
> Source/WebKit2/UIProcess/mac/WebColorPickerMac.mm:167
> + [popoverWell retain];
This is odd!
> Source/WebKit2/UIProcess/mac/WebColorPickerMac.mm:177
> +}
> +
I would also add a destructor just to be safe. You could call invalidate from it, or just assert that _picker and popoverWell are nil.
> Source/WebKit2/UIProcess/mac/WebColorPickerMac.mm:183
> + [popoverWell removeFromSuperviewWithoutNeedingDisplay];
> + [popoverWell deactivate];
> + [popoverWell release];
> + _picker = nil;
I believe you also want to remove the target of the popowerWell. Otherwise, if an other reference to the object exist, you may still get called.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 00:51:24 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 00:51:24 -0700
Subject: [Webkit-unassigned] [Bug 99065] [GStreamer] Add support for Media
Source API
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=99065
--- Comment #22 from Stephane Jadaud 2013-08-01 00:51:08 PST ---
(In reply to comment #21)
> > Source/WebCore/platform/graphics/gstreamer/WebKitMediaSourceGStreamer.cpp:534
> > + KURL url(KURL(), uri);
>
> I wonder if this shouldn't be:
> KURL url(KURL(), uri + 5);
> because else the url.protocolIsInHTTPFamily() call will fail. At least on my setup it does.
You are right, I forgot to remove the test with "url.protocolIsInHTTPFamily" when GST_API_VERSION_1 is undefined.
> I have tested this on QT4.8 with qtwebkit 2.3.2 (I have patched up the media source api from webkit), gstreamer 0.10.36 and I was wondering about the following:
> When testing with youtube.com/tv the load() function is called twice, with two different blob urls. Is this normal?
I see the same thing, i don't have any explanations
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 01:05:49 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 01:05:49 -0700
Subject: [Webkit-unassigned] [Bug 119381] New: [WK2] Add USE(SOUP) guard in
WebProcess::destroyPrivateBrowsingSession
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=119381
Summary: [WK2] Add USE(SOUP) guard in
WebProcess::destroyPrivateBrowsingSession
Product: WebKit
Version: 528+ (Nightly build)
Platform: Unspecified
OS/Version: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: WebKit2
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: skyul at company100.com
The is a followup to r153355. I missed to add USE(SOUP) guard in WebProcess::destroyPrivateBrowsingSession.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 01:09:27 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 01:09:27 -0700
Subject: [Webkit-unassigned] [Bug 119381] [WK2] Add USE(SOUP) guard in
WebProcess::destroyPrivateBrowsingSession
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=119381
Kwang Yul Seo changed:
What |Removed |Added
----------------------------------------------------------------------------
AssignedTo|webkit-unassigned at lists.web |skyul at company100.com
|kit.org |
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 01:15:16 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 01:15:16 -0700
Subject: [Webkit-unassigned] [Bug 119356] [Forms: color] popover color well implementation
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=119356
Build Bot changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #207901| |commit-queue-
Flag| |
--- Comment #10 from Build Bot 2013-08-01 01:15:00 PST ---
(From update of attachment 207901)
Attachment 207901 did not pass mac-wk2-ews (mac-wk2):
Output: http://webkit-queues.appspot.com/results/1307198
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 01:29:35 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 01:29:35 -0700
Subject: [Webkit-unassigned] [Bug 119382] New: Fix problem with
find-resolved-bugs command
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=119382
Summary: Fix problem with find-resolved-bugs command
Product: WebKit
Version: 528+ (Nightly build)
Platform: Unspecified
OS/Version: Unspecified
Status: UNCONFIRMED
Severity: Normal
Priority: P2
Component: Tools / Tests
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: seokju at webkit.org
Error occurs if bugs have restricted accesses.
So this patch allow it to avoid authentication during fetching bugs for find-resolved-bugs command.
[Before]
bugs.webkit.org login: test at webit.org
bugs.webkit.org password for test at webit.org:
Store password in system keyring? [y/N]:
Logging in as test at webit.org...
Traceback (most recent call last):
File "./Tools/Scripts/webkit-patch", line 84, in
main()
File "./Tools/Scripts/webkit-patch", line 79, in main
WebKitPatch(os.path.abspath(__file__)).main()
File "/home/neocrash/git/WebKit-Qt/Tools/Scripts/webkitpy/tool/multicommandtool.py", line 305, in main
result = command.check_arguments_and_execute(options, args, self)
File "/home/neocrash/git/WebKit-Qt/Tools/Scripts/webkitpy/tool/multicommandtool.py", line 123, in check_arguments_and_execute
return self.execute(options, args, tool) or 0
File "/home/neocrash/git/WebKit-Qt/Tools/Scripts/webkitpy/tool/commands/queries.py", line 604, in execute
bug = bugzilla.fetch_bug(bugid)
File "/home/neocrash/git/WebKit-Qt/Tools/Scripts/webkitpy/common/net/bugzilla/bugzilla.py", line 455, in fetch_bug
return Bug(self.fetch_bug_dictionary(bug_id), self)
File "/home/neocrash/git/WebKit-Qt/Tools/Scripts/webkitpy/common/net/bugzilla/bugzilla.py", line 449, in fetch_bug_dictionary
self.authenticate()
File "/home/neocrash/git/WebKit-Qt/Tools/Scripts/webkitpy/common/net/bugzilla/bugzilla.py", line 526, in authenticate
raise Exception(errorMessage)
Exception: Bugzilla login failed: Invalid Username Or Password
[After]
$./Tools/Scripts/webkit-patch find-resolved-bugs LayoutTests/platform/gtk-wk2/TestExpectations
Resolved bugs in LayoutTests/platform/gtk-wk2/TestExpectations :
https://bugs.webkit.org/show_bug.cgi?id=63706
https://bugs.webkit.org/show_bug.cgi?id=85463
https://bugs.webkit.org/show_bug.cgi?id=81042
https://bugs.webkit.org/show_bug.cgi?id=97192
https://bugs.webkit.org/show_bug.cgi?id=94549
https://bugs.webkit.org/show_bug.cgi?id=42457
Not permitted bugs in LayoutTests/platform/gtk-wk2/TestExpectations :
https://bugs.webkit.org/show_bug.cgi?id=89287
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 01:31:25 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 01:31:25 -0700
Subject: [Webkit-unassigned] [Bug 119140] REGRESSION: Crash beneath
cti_vm_throw_slowpath due to invalid CallFrame pointer
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=119140
Peng Xinchao changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |xinchao.peng at samsung.com
--- Comment #19 from Peng Xinchao 2013-08-01 01:31:09 PST ---
I happened the same issue at GTK , ARM ,32bit And Disable DFG_JIT and FTL_JIT. Merge the patch , i happened other crash .
backtrace ?
1 0x400d1608 libjavascriptcoregtk-3.0.so.0(_ZN3JSC9CodeBlock14bytecodeOffsetEPNS_9ExecStateENS_16ReturnAddressPtrE+0x28b) [0x400d1608]
2 0x401290e0 libjavascriptcoregtk-3.0.so.0(_ZN3JSC8jitThrowEPNS_2VMEPNS_9ExecStateENS_7JSValueENS_16ReturnAddressPtrE+0x1b) [0x401290e0]
3 0x40144d3c libjavascriptcoregtk-3.0.so.0(JITStubThunked_vm_throw+0x1f) [0x40144d3c]
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 01:34:57 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 01:34:57 -0700
Subject: [Webkit-unassigned] [Bug 119382] Fix problem with
find-resolved-bugs command
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=119382
Seokju Kwon changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #207905| |review?
Flag| |
--- Comment #1 from Seokju Kwon 2013-08-01 01:34:42 PST ---
Created an attachment (id=207905)
--> (https://bugs.webkit.org/attachment.cgi?id=207905&action=review)
Patch
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 01:35:04 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 01:35:04 -0700
Subject: [Webkit-unassigned] [Bug 119383] New: Latest WebKit nightly builds
crash while using facebook chat
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=119383
Summary: Latest WebKit nightly builds crash while using
facebook chat
Product: WebKit
Version: 528+ (Nightly build)
Platform: Macintosh Intel
URL: http://facebook.com
OS/Version: Mac OS X 10.8
Status: UNCONFIRMED
Severity: Normal
Priority: P2
Component: JavaScriptCore
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: nastrock at gmail.com
Steps to reproduce:
1) Log on to facebook
2) Click anyone in the friends list on the right - browser crashes immediately.
I believe this is related to JS, but I'm not sure. I install updates periodically, and this crash started happening after 2013-07-29 update, still here on 6.0.5 (8536.30.1, 538+).
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 01:35:13 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 01:35:13 -0700
Subject: [Webkit-unassigned] [Bug 119140] REGRESSION: Crash beneath
cti_vm_throw_slowpath due to invalid CallFrame pointer
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=119140
--- Comment #20 from Julien Brianceau 2013-08-01 01:34:57 PST ---
(In reply to comment #17)
> That means that ctiVMThrowTrampolineSlowpath will need to be modified for those compilers to allocate the struct space on the stack and put the address in %ecx, put callFrame in %edx and then on return use the values in the stack instead of %eax:edx
Exactly. To confirm this, I've replaced the implementation of ctiVMThrowTrampolineSlowpath in Source/JavaScriptCore/jit/JITStubsX86.h like this:
asm (
".globl " SYMBOL_STRING(ctiVMThrowTrampolineSlowpath) "\n"
HIDE_SYMBOL(ctiVMThrowTrampolineSlowpath) "\n"
SYMBOL_STRING(ctiVMThrowTrampolineSlowpath) ":" "\n"
"movl %edi, %edx" "\n"
"call " LOCAL_REFERENCE(cti_vm_throw_slowpath) "\n"
// When cti_vm_throw_slowpath returns, eax has callFrame and edx has handler address
"movl (%ecx), %eax" "\n"
"movl 4(%ecx), %edx" "\n"
"jmp *%edx" "\n"
);
Results are ok:
- run-fast-jsc reports "426 tests passed, 34 tests failed, 0 tests crashed."
- run-javascriptcore-tests reports "0 regressions found. 0 tests fixed. OK."
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 01:36:04 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 01:36:04 -0700
Subject: [Webkit-unassigned] [Bug 119382] Fix problem with
find-resolved-bugs command
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=119382
WebKit Commit Bot changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |commit-queue at webkit.org,
| |dpranke at chromium.org,
| |glenn at skynav.com
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 01:37:02 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 01:37:02 -0700
Subject: [Webkit-unassigned] [Bug 119356] [Forms: color] popover color well implementation
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=119356
--- Comment #11 from Build Bot 2013-08-01 01:36:45 PST ---
(From update of attachment 207901)
Attachment 207901 did not pass mac-ews (mac):
Output: http://webkit-queues.appspot.com/results/1259019
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 01:39:23 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 01:39:23 -0700
Subject: [Webkit-unassigned] [Bug 119384] New: Crash on Facebook
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=119384
Summary: Crash on Facebook
Product: WebKit
Version: 528+ (Nightly build)
Platform: Macintosh Intel
OS/Version: Mac OS X 10.8
Status: UNCONFIRMED
Severity: Major
Priority: P2
Component: Layout and Rendering
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: georgij.michaliutin at me.com
Created an attachment (id=207906)
--> (https://bugs.webkit.org/attachment.cgi?id=207906&action=review)
Crash log
When opening chat sidebar on Facebook and clicking on a friend, it will crash.
Doesn't happen on Safari 6.0.5.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 01:44:21 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 01:44:21 -0700
Subject: [Webkit-unassigned] [Bug 119382] Fix problem with
find-resolved-bugs command
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=119382
Seokju Kwon changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |abrhm at inf.u-szeged.hu
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 01:57:30 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 01:57:30 -0700
Subject: [Webkit-unassigned] [Bug 119385] New: [GTK] Enable
ENABLE_8BIT_TEXTRUN
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=119385
Summary: [GTK] Enable ENABLE_8BIT_TEXTRUN
Product: WebKit
Version: 528+ (Nightly build)
Platform: Unspecified
OS/Version: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: WebKit Gtk
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: skyul at company100.com
Enable ENABLE_8BIT_TEXTRUN for Gtk.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 02:02:15 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 02:02:15 -0700
Subject: [Webkit-unassigned] [Bug 119080] [CSS Masking] -webkit-mask-repeat:
round does not work
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=119080
Andrei Parvu changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #207633|0 |1
is obsolete| |
Attachment #207633|review? |
Flag| |
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 02:02:25 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 02:02:25 -0700
Subject: [Webkit-unassigned] [Bug 119080] [CSS Masking] -webkit-mask-repeat:
round does not work
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=119080
Andrei Parvu changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #207907| |review?
Flag| |
--- Comment #4 from Andrei Parvu 2013-08-01 02:02:09 PST ---
Created an attachment (id=207907)
--> (https://bugs.webkit.org/attachment.cgi?id=207907&action=review)
Patch
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 02:04:37 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 02:04:37 -0700
Subject: [Webkit-unassigned] [Bug 119080] [CSS Masking] -webkit-mask-repeat:
round does not work
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=119080
--- Comment #5 from Andrei Parvu 2013-08-01 02:04:20 PST ---
This also fixes the background-repeat. I added background-repeat tests and addressed your comments.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 02:39:53 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 02:39:53 -0700
Subject: [Webkit-unassigned] [Bug 119356] [Forms: color] popover color well implementation
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=119356
--- Comment #12 from Build Bot 2013-08-01 02:39:36 PST ---
(From update of attachment 207901)
Attachment 207901 did not pass mac-ews (mac):
Output: http://webkit-queues.appspot.com/results/1311014
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 03:56:43 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 03:56:43 -0700
Subject: [Webkit-unassigned] [Bug 119137] [CSS Regions] Selecting text
through different regions flow does not match with highlight
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=119137
--- Comment #11 from Javier Fernandez 2013-08-01 03:56:26 PST ---
(In reply to comment #10)
> (From update of attachment 207639 [details])
> View in context: https://bugs.webkit.org/attachment.cgi?id=207639&action=review
>
> > Source/WebCore/editing/FrameSelection.cpp:307
> > + if (atDifferentFlowThread(s.base(), s.extent()))
> > + return;
> > +
>
> This is not the right place to fix this. We need to do this inside VisibleSelection::validate probably right before or right after we call adjustSelectionToAvoidCrossingShadowBoundaries.
The purpose of this patch is to avoid setting a new VisibleSelection instance to the FrameSelection if it's incompatible in terms of RenderFlow. For the shake of clarity, I've taken the assumption that only selections starting and ending in the same FlowThread, or both outside, are allowed. On the other hand, that's the current behaviour after the fix for the bug #105641. This patch keep that behaviour form the rendering point of view, but at the same time targeting also the issues related to the selected content.
Getting back to your suggestion of implementing this in the VisibleSelection::validate(), this method is intended for adjusting the new Selection to fit in some validation rules. It's not necessary to adjust the new selection, since the one already set before in the FrameSelection instance is correct.
If done at validation() we should move back the extent Position to the last one FlowThread compatible, which it would require to explore the DOM. This could have also an impact on performance, even more considering validate(9 is called a lot of times, overall, when selection is performed by user gestures.
After all this, do you still think VisibleSelection::validate() is the right place to put this logic ?
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 04:00:07 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 04:00:07 -0700
Subject: [Webkit-unassigned] [Bug 113571] Implement DOMFutures
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=113571
Christophe Dumez changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |NEW
AssignedTo|dchris at gmail.com |webkit-unassigned at lists.web
| |kit.org
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 04:01:02 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 04:01:02 -0700
Subject: [Webkit-unassigned] [Bug 119388] New: [rendering] Implement
PaintInfo interfaces
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=119388
Summary: [rendering] Implement PaintInfo interfaces
Product: WebKit
Version: 528+ (Nightly build)
Platform: All
OS/Version: All
Status: UNCONFIRMED
Severity: Normal
Priority: P2
Component: WebCore Misc.
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: savagobr at yahoo.com
PaintInfo is a struct used all around in rendering.
There is a FIXME that dates way back to August 2011 to implement interfaces on it.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 04:01:35 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 04:01:35 -0700
Subject: [Webkit-unassigned] [Bug 113571] Implement DOMFutures
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=113571
Christophe Dumez changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |WONTFIX
--- Comment #17 from Christophe Dumez 2013-08-01 04:01:17 PST ---
Promises should now be implemented, not futures.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 05:17:47 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 05:17:47 -0700
Subject: [Webkit-unassigned] [Bug 119078] [GTK] [EFL] Enable tiled shadow
blur for the inset shadows.
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=119078
--- Comment #3 from Alejandro G. Castro 2013-08-01 05:17:31 PST ---
(In reply to comment #2)
> (From update of attachment 207444 [details])
> View in context: https://bugs.webkit.org/attachment.cgi?id=207444&action=review
>
> Nice. Just a couple suggestions before landing.
>
> > Source/WebCore/platform/graphics/cairo/GraphicsContextCairo.cpp:1054
> > + if (!roundedHoleRect.radii().isZero())
> > + path.addRoundedRect(roundedHoleRect);
> > + else
> > + path.addRect(roundedHoleRect.rect());
>
> I wonder if this optimization should go into Path.cpp eventually?
>
Good point, not sure, I can check it in a follow-up patch.
> > Source/WebCore/platform/graphics/cairo/GraphicsContextCairo.cpp:1061
> > + setFillRule(RULE_EVENODD);
> > + setFillColor(color, colorSpace);
>
> I think that instead of setting the fill rule and color for the GraphicsContext you should just set them for the Cairo context. That way you can use cairo_save/cairo_restore, instead of oldFillRule and oldFillColor.
>
Yep, it sounds better option.
> > Source/WebCore/platform/graphics/cairo/GraphicsContextCairo.cpp:1065
> > + ShadowBlur& shadow = platformContext()->shadowBlur();
> > + shadow.drawInsetShadow(this, rect, roundedHoleRect.rect(), roundedHoleRect.radii());
>
> I think you can avoid the temporary and move this code to the very start of the method after the early return.
Ok,
Thanks for the review.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 05:25:53 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 05:25:53 -0700
Subject: [Webkit-unassigned] [Bug 119391] New: REGRESSION(FTL): Fix sh4
implementation of ctiVMThrowTrampolineSlowpath
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=119391
Summary: REGRESSION(FTL): Fix sh4 implementation of
ctiVMThrowTrampolineSlowpath
Product: WebKit
Version: 528+ (Nightly build)
Platform: Unspecified
OS/Version: Unspecified
Status: UNCONFIRMED
Severity: Normal
Priority: P2
Component: JavaScriptCore
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: jbrianceau at nds.com
ctiVMThrowTrampolineSlowpath implementation is not correct for sh4 architecture and crashes.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 05:31:32 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 05:31:32 -0700
Subject: [Webkit-unassigned] [Bug 118894] [CSS blending]
Background-blend-mode doesn't apply for an SVG image with css border-style
or padding property set
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=118894
Horia Olaru changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |olaru at adobe.com
--- Comment #1 from Horia Olaru 2013-08-01 05:31:16 PST ---
I tested this with the current nightly: Version 6.0.5 (8536.30.1, 538+)
I can reproduce this only using border-style. If I take out the border, and leave only the padding, background blending works.
Also,the bug reproduces even without the padding added.
This only seems to reproduce with data uri svg images. I could not reproduce it with a local file svg (url).
It is probably worth checking if this reproduces with data uri non-svg images.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 05:39:01 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 05:39:01 -0700
Subject: [Webkit-unassigned] [Bug 119080] [CSS Masking] -webkit-mask-repeat:
round does not work
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=119080
Dirk Schulze changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #207907|review? |review+, commit-queue+
Flag| |
--- Comment #6 from Dirk Schulze 2013-08-01 05:38:46 PST ---
(From update of attachment 207907)
r=me.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 05:43:06 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 05:43:06 -0700
Subject: [Webkit-unassigned] [Bug 119392] New: [Qt] REGRESSION(r) Two pixel
result fail after r153522
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=119392
Summary: [Qt] REGRESSION(r) Two pixel result fail after r153522
Product: WebKit
Version: 528+ (Nightly build)
Platform: Unspecified
OS/Version: Unspecified
Status: NEW
Keywords: Qt
Severity: Normal
Priority: P2
Component: Tools / Tests
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: zarvai at inf.u-szeged.hu
CC: allan.jensen at digia.com, jocelyn.turcotte at digia.com,
kadam at inf.u-szeged.hu, abrhm at inf.u-szeged.hu
Blocks: 79666,119263
Created an attachment (id=207915)
--> (https://bugs.webkit.org/attachment.cgi?id=207915&action=review)
svg results
There are many results that look much better :-) Those are updated in r153579.
Also there are two test that seem to be fail after changing scale values:
svg/custom/image-rescale.svg
svg/custom/image-small-width-height.svg
Results are attached to the bug.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 05:43:09 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 05:43:09 -0700
Subject: [Webkit-unassigned] [Bug 79666] [Qt] Meta bug to fix regressions
cause layout test failures
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=79666
Zoltan Arvai changed:
What |Removed |Added
----------------------------------------------------------------------------
Depends on| |119392
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 05:44:05 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 05:44:05 -0700
Subject: [Webkit-unassigned] [Bug 119392] [Qt] REGRESSION(r) Two pixel
result fail after r153522
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=119392
--- Comment #1 from Zoltan Arvai 2013-08-01 05:43:50 PST ---
Created an attachment (id=207916)
--> (https://bugs.webkit.org/attachment.cgi?id=207916&action=review)
image-rescale-actual
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 05:44:38 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 05:44:38 -0700
Subject: [Webkit-unassigned] [Bug 119392] [Qt] REGRESSION(r) Two pixel
result fail after r153522
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=119392
--- Comment #2 from Zoltan Arvai 2013-08-01 05:44:23 PST ---
Created an attachment (id=207917)
--> (https://bugs.webkit.org/attachment.cgi?id=207917&action=review)
image-small-width-height-actual
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 05:46:21 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 05:46:21 -0700
Subject: [Webkit-unassigned] [Bug 119393] New: [CSS Regions] Margins are not
correctly computed in regions with mixed widths
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=119393
Summary: [CSS Regions] Margins are not correctly computed in
regions with mixed widths
Product: WebKit
Version: 528+ (Nightly build)
Platform: Unspecified
OS/Version: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: Layout and Rendering
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: simon.pena at samsung.com
CC: mihnea at adobe.com
Blocks: 57312
Created an attachment (id=207918)
--> (https://bugs.webkit.org/attachment.cgi?id=207918&action=review)
LayoutTest proposal
(This shares the same preconditions as bug #74131)
If you have an element in a region with a percentage margin, and the region is followed by another region with a larger width, the size and margin calculations are using the widest region in the flow, then moving and clipping for display in the first region. As a result, using getComputedStyle to retrieve these margins fails, giving the original values which used the widest region in the flow.
I created a test, starting from the one attached in bug #74131 and modifying it to incorporate the logic from http://trac.webkit.org/browser/trunk/LayoutTests/fast/css/getComputedStyle/getComputedStyle-margin-percentage.html. It can be seen how the test passes once we remove the second region with the larger width.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 05:46:25 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 05:46:25 -0700
Subject: [Webkit-unassigned] [Bug 57312] [META][CSSRegions] Add regions
support in WebKit
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=57312
Simon Pena changed:
What |Removed |Added
----------------------------------------------------------------------------
Depends on| |119393
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 05:54:22 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 05:54:22 -0700
Subject: [Webkit-unassigned] [Bug 119391] REGRESSION(FTL): Fix sh4
implementation of ctiVMThrowTrampolineSlowpath
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=119391
--- Comment #1 from Julien Brianceau 2013-08-01 05:54:06 PST ---
Created an attachment (id=207919)
--> (https://bugs.webkit.org/attachment.cgi?id=207919&action=review)
ctiVMThrowTrampolineSlowpath fix for sh4 architecture.
According to the run-javascriptcore-tests script, sh4 port seems to be equivalent to what is was before FTL merge with this patch.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 05:58:16 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 05:58:16 -0700
Subject: [Webkit-unassigned] [Bug 119391] REGRESSION(FTL): Fix sh4
implementation of ctiVMThrowTrampolineSlowpath
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=119391
Julien Brianceau changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |oliver at apple.com
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 05:58:23 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 05:58:23 -0700
Subject: [Webkit-unassigned] [Bug 119391] REGRESSION(FTL): Fix sh4
implementation of ctiVMThrowTrampolineSlowpath
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=119391
Julien Brianceau changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |fpizlo at apple.com
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 05:58:41 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 05:58:41 -0700
Subject: [Webkit-unassigned] [Bug 119391] REGRESSION(FTL): Fix sh4
implementation of ctiVMThrowTrampolineSlowpath
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=119391
Julien Brianceau changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #207919| |review?, commit-queue?
Flag| |
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 06:02:46 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 06:02:46 -0700
Subject: [Webkit-unassigned] [Bug 119080] [CSS Masking] -webkit-mask-repeat:
round does not work
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=119080
WebKit Commit Bot changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #207907|review+, commit-queue+ |
Flag| |
--- Comment #7 from WebKit Commit Bot 2013-08-01 06:02:31 PST ---
(From update of attachment 207907)
Clearing flags on attachment: 207907
Committed r153582:
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 06:02:51 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 06:02:51 -0700
Subject: [Webkit-unassigned] [Bug 119080] [CSS Masking] -webkit-mask-repeat:
round does not work
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=119080
WebKit Commit Bot changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |RESOLVED
Resolution| |FIXED
--- Comment #8 from WebKit Commit Bot 2013-08-01 06:02:35 PST ---
All reviewed patches have been landed. Closing bug.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 06:02:52 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 06:02:52 -0700
Subject: [Webkit-unassigned] [Bug 95389] Master bug: Implementing CSS Masking
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=95389
Bug 95389 depends on bug 119080, which changed state.
Bug 119080 Summary: [CSS Masking] -webkit-mask-repeat: round does not work
https://bugs.webkit.org/show_bug.cgi?id=119080
What |Old Value |New Value
----------------------------------------------------------------------------
Resolution| |FIXED
Status|UNCONFIRMED |RESOLVED
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 06:04:03 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 06:04:03 -0700
Subject: [Webkit-unassigned] [Bug 119391] REGRESSION(FTL): Fix sh4
implementation of ctiVMThrowTrampolineSlowpath
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=119391
Csaba Osztrogonac changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #207919|review?, commit-queue? |review+, commit-queue+
Flag| |
--- Comment #2 from Csaba Osztrogonac 2013-08-01 06:03:48 PST ---
(From update of attachment 207919)
rs=me
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 06:04:57 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 06:04:57 -0700
Subject: [Webkit-unassigned] [Bug 119391] REGRESSION(FTL): Fix sh4
implementation of ctiVMThrowTrampolineSlowpath
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=119391
WebKit Commit Bot changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |commit-queue at webkit.org
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 06:05:40 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 06:05:40 -0700
Subject: [Webkit-unassigned] [Bug 119395] New: JavaScript crash.
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=119395
Summary: JavaScript crash.
Product: WebKit
Version: 528+ (Nightly build)
Platform: Unspecified
OS/Version: Unspecified
Status: UNCONFIRMED
Severity: Normal
Priority: P2
Component: JavaScriptCore
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: peavo at outlook.com
I'm getting a crash (NULL pointer access violation) in JavaScriptCore.
This is the stacktrace:
JavaScriptCore.dll!JSC::JSCell::methodTable() Line 157 C++
JavaScriptCore.dll!JSC::errorDescriptionForValue(JSC::ExecState * exec, JSC::JSValue v) Line 112 + 0xe bytes C++
JavaScriptCore.dll!JSC::createError(JSC::ExecState * exec, JSC::JSObject * (JSC::ExecState *, const WTF::String &)* errorFactory, JSC::JSValue value, const WTF::String & message) Line 117 + 0x24 bytes C++
JavaScriptCore.dll!JSC::createNotAnObjectError(JSC::ExecState * exec, JSC::JSValue value) Line 141 + 0x28 bytes C++
JavaScriptCore.dll!JSC::JSValue::synthesizePrototype(JSC::ExecState * exec) Line 111 + 0xe bytes C++
JavaScriptCore.dll!JSC::JSValue::get(JSC::ExecState * exec, unsigned int propertyName, JSC::PropertySlot & slot) Line 660 C++
JavaScriptCore.dll!JSC::getByVal(JSC::ExecState * callFrame, JSC::JSValue baseValue, JSC::JSValue subscript, JSC::ReturnAddressPtr returnAddress) Line 1542 C++
JavaScriptCore.dll!cti_op_get_by_val_generic(void * * args) Line 1603 C++
0c192fce()
JavaScriptCore.dll!JSC::JITCode::execute(JSC::JSStack * stack, JSC::ExecState * callFrame, JSC::VM * vm) Line 46 + 0x20 bytes C++
JavaScriptCore.dll!JSC::Interpreter::execute(JSC::ProgramExecutable * program, JSC::ExecState * callFrame, JSC::JSObject * thisObj) Line 856 + 0x2d bytes C++
JavaScriptCore.dll!JSC::evaluate(JSC::ExecState * exec, const JSC::SourceCode & source, JSC::JSValue thisValue, JSC::JSValue * returnedException) Line 85 C++
WebKit.dll!WebCore::JSMainThreadExecState::evaluate(JSC::ExecState * exec, const JSC::SourceCode & source, JSC::JSValue thisValue, JSC::JSValue * exception) Line 74 + 0x1b bytes C++
WebKit.dll!WebCore::ScriptController::evaluateInWorld(const WebCore::ScriptSourceCode & sourceCode, WebCore::DOMWrapperWorld * world) Line 142 + 0x34 bytes C++
WebKit.dll!WebCore::ScriptController::evaluate(const WebCore::ScriptSourceCode & sourceCode) Line 158 + 0x40 bytes C++
WebKit.dll!WebCore::ScriptElement::executeScript(const WebCore::ScriptSourceCode & sourceCode) Line 316 + 0x16 bytes C++
WebKit.dll!WebCore::ScriptRunner::timerFired(WebCore::Timer * timer) Line 121 + 0x2a5 bytes C++
WebKit.dll!WebCore::Timer::fired() Line 114 + 0xb bytes C++
WebKit.dll!WebCore::ThreadTimers::sharedTimerFiredInternal() Line 132 C++
WebKit.dll!WebCore::TimerWindowWndProc(HWND__ * hWnd, unsigned int message, unsigned int wParam, long lParam) Line 111 C++
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 06:11:10 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 06:11:10 -0700
Subject: [Webkit-unassigned] [Bug 119395] JavaScript crash.
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=119395
peavo at outlook.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #207921| |review?
Flag| |
--- Comment #1 from peavo at outlook.com 2013-08-01 06:10:55 PST ---
Created an attachment (id=207921)
--> (https://bugs.webkit.org/attachment.cgi?id=207921&action=review)
Patch
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 06:11:50 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 06:11:50 -0700
Subject: [Webkit-unassigned] [Bug 119395] JavaScript crash.
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=119395
peavo at outlook.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #207921| |commit-queue?
Flag| |
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 06:12:16 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 06:12:16 -0700
Subject: [Webkit-unassigned] [Bug 119395] JavaScript crash.
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=119395
peavo at outlook.com changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |oliver at apple.com
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 06:14:17 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 06:14:17 -0700
Subject: [Webkit-unassigned] [Bug 119395] JavaScript crash.
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=119395
peavo at outlook.com changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |ggaren at apple.com,
| |mhahnenberg at apple.com
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 06:20:56 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 06:20:56 -0700
Subject: [Webkit-unassigned] [Bug 119396] New: Constant REPEATABLE Crashes,
Repeatable STEPS every time included
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=119396
Summary: Constant REPEATABLE Crashes, Repeatable STEPS every
time included
Product: WebKit
Version: 528+ (Nightly build)
Platform: Macintosh
OS/Version: All
Status: UNCONFIRMED
Severity: Blocker
Priority: P1
Component: WebCore Misc.
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: courtkizer at gmail.com
For the last two weeks of nightly builds constant crashing when clicking links. The one below is repeatable. Login to Facebook. Double click a buddy on the right side as if you were going to message them Webkit will instantly crash. This is not a Facebook only bug, it's happening all the time. Something you changed in Webkit is breaking and making it completely unusable.
I find it really hard to believe something like this wouldn't get caught in unit testing.
SCREENSHOT:
http://kzr.me/image/2r1R0d2Z1F1Q
ERRROR MESSAGES:
Process: WebProcess [20387]
Path: /Applications/WebKit.app/Contents/Frameworks/10.8/WebKit2.framework/WebProcess.app/Contents/MacOS/WebProcess
Identifier: com.apple.WebProcess
Version: 538+ (538.1+)
Code Type: X86-64 (Native)
Parent Process: ??? [1]
User ID: 502
Date/Time: 2013-08-01 09:13:25.162 -0400
OS Version: Mac OS X 10.8.4 (12E55)
Report Version: 10
Sleep/Wake UUID: A7494A97-3BA6-41BC-893C-192BDF670B1A
Interval Since Last Report: 8348 sec
Crashes Since Last Report: 20
Per-App Interval Since Last Report: 639 sec
Per-App Crashes Since Last Report: 2
Anonymous UUID: BD895012-4E85-784A-0CA0-643812312DB2
Crashed Thread: 0 Dispatch queue: com.apple.main-thread
Exception Type: EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000018
VM Regions Near 0x18:
-->
__TEXT 000000010d609000-000000010d60a000 [ 4K] r-x/rwx SM=COW /Applications/WebKit.app/Contents/Frameworks/10.8/WebKit2.framework/WebProcess.app/Contents/MacOS/WebProcess
Application Specific Information:
Bundle controller class:
BrowserBundleController
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 com.apple.WebCore 0x000000010ea37a5c WebCore::SpaceSplitString::spaceSplitStringContainsValue(WTF::String const&, char const*, unsigned int, bool) + 60
1 com.apple.WebCore 0x000000010e2d1ca7 WebCore::HTMLAnchorElement::parseAttribute(WebCore::QualifiedName const&, WTF::AtomicString const&) + 423
2 com.apple.WebCore 0x000000010e1ee2ea WebCore::Element::attributeChanged(WebCore::QualifiedName const&, WTF::AtomicString const&, WebCore::Element::AttributeModificationReason) + 42
3 com.apple.WebCore 0x000000010e1f23f8 WebCore::Element::didRemoveAttribute(WebCore::QualifiedName const&) + 40
4 com.apple.WebCore 0x000000010e1ebfb9 WebCore::Element::removeAttributeInternal(unsigned int, WebCore::Element::SynchronizationOfLazyAttribute) + 329
5 com.apple.WebCore 0x000000010e1f26c5 WebCore::Element::removeAttribute(WTF::AtomicString const&) + 149
6 com.apple.WebCore 0x000000010e531bd6 WebCore::jsElementPrototypeFunctionRemoveAttribute(JSC::ExecState*) + 326
7 ??? 0x0000298842a01045 0 + 45665210077253
8 com.apple.JavaScriptCore 0x000000010dc0a771 JSC::JITCode::execute(JSC::JSStack*, JSC::ExecState*, JSC::VM*) + 49
9 com.apple.JavaScriptCore 0x000000010dbf04aa JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 650
10 com.apple.JavaScriptCore 0x000000010dad8475 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 69
11 com.apple.JavaScriptCore 0x000000010dc4006e JSC::boundFunctionCall(JSC::ExecState*) + 558
12 ??? 0x0000298842a01045 0 + 45665210077253
13 com.apple.JavaScriptCore 0x000000010dc0a771 JSC::JITCode::execute(JSC::JSStack*, JSC::ExecState*, JSC::VM*) + 49
14 com.apple.JavaScriptCore 0x000000010dbf0bdf JSC::Interpreter::execute(JSC::CallFrameClosure&) + 287
15 com.apple.JavaScriptCore 0x000000010dab66de JSC::arrayProtoFuncForEach(JSC::ExecState*) + 1118
16 ??? 0x0000298842a01045 0 + 45665210077253
17 com.apple.JavaScriptCore 0x000000010dc0a771 JSC::JITCode::execute(JSC::JSStack*, JSC::ExecState*, JSC::VM*) + 49
18 com.apple.JavaScriptCore 0x000000010dbf04aa JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 650
19 com.apple.JavaScriptCore 0x000000010dad8475 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 69
20 com.apple.JavaScriptCore 0x000000010dc4006e JSC::boundFunctionCall(JSC::ExecState*) + 558
21 ??? 0x0000298842a01045 0 + 45665210077253
22 com.apple.JavaScriptCore 0x000000010dc0a771 JSC::JITCode::execute(JSC::JSStack*, JSC::ExecState*, JSC::VM*) + 49
23 com.apple.JavaScriptCore 0x000000010dbf04aa JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 650
24 com.apple.JavaScriptCore 0x000000010dad8475 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 69
25 com.apple.JavaScriptCore 0x000000010dc4006e JSC::boundFunctionCall(JSC::ExecState*) + 558
26 ??? 0x0000298842a01045 0 + 45665210077253
27 com.apple.JavaScriptCore 0x000000010dc0a771 JSC::JITCode::execute(JSC::JSStack*, JSC::ExecState*, JSC::VM*) + 49
28 com.apple.JavaScriptCore 0x000000010dbf04aa JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 650
29 com.apple.JavaScriptCore 0x000000010dad8475 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 69
30 com.apple.JavaScriptCore 0x000000010dc4006e JSC::boundFunctionCall(JSC::ExecState*) + 558
31 ??? 0x0000298842a01045 0 + 45665210077253
32 com.apple.JavaScriptCore 0x000000010dc0a771 JSC::JITCode::execute(JSC::JSStack*, JSC::ExecState*, JSC::VM*) + 49
33 com.apple.JavaScriptCore 0x000000010dbf04aa JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 650
34 com.apple.JavaScriptCore 0x000000010dad8475 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 69
35 com.apple.JavaScriptCore 0x000000010dc4006e JSC::boundFunctionCall(JSC::ExecState*) + 558
36 ??? 0x0000298842a01045 0 + 45665210077253
37 com.apple.JavaScriptCore 0x000000010dc0a771 JSC::JITCode::execute(JSC::JSStack*, JSC::ExecState*, JSC::VM*) + 49
38 com.apple.JavaScriptCore 0x000000010dbf04aa JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 650
39 com.apple.JavaScriptCore 0x000000010dad8475 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 69
40 com.apple.JavaScriptCore 0x000000010dc4006e JSC::boundFunctionCall(JSC::ExecState*) + 558
41 ??? 0x0000298842a01045 0 + 45665210077253
42 com.apple.JavaScriptCore 0x000000010dc0a771 JSC::JITCode::execute(JSC::JSStack*, JSC::ExecState*, JSC::VM*) + 49
43 com.apple.JavaScriptCore 0x000000010dbf04aa JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 650
44 com.apple.JavaScriptCore 0x000000010dad8475 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 69
45 com.apple.WebCore 0x000000010e545c0c WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext*, WebCore::Event*) + 908
46 com.apple.WebCore 0x000000010e21618c WebCore::EventTarget::fireEventListeners(WebCore::Event*, WebCore::EventTargetData*, WTF::Vector&) + 364
47 com.apple.WebCore 0x000000010e215ea6 WebCore::EventTarget::fireEventListeners(WebCore::Event*) + 390
48 com.apple.WebCore 0x000000010e7fc833 WebCore::Node::handleLocalEvents(WebCore::Event*) + 67
49 com.apple.WebCore 0x000000010e1fe5e7 WebCore::EventContext::handleLocalEvents(WebCore::Event*) const + 87
50 com.apple.WebCore 0x000000010e1ff508 WebCore::EventDispatcher::dispatchEventAtBubbling(WebCore::WindowEventContext&) + 56
51 com.apple.WebCore 0x000000010e1ff3f1 WebCore::EventDispatcher::dispatch() + 753
52 com.apple.WebCore 0x000000010e7e9a6f WebCore::MouseEventDispatchMediator::dispatchEvent(WebCore::EventDispatcher*) const + 159
53 com.apple.WebCore 0x000000010e1fe7fc WebCore::EventDispatcher::dispatchEvent(WebCore::Node*, WTF::PassRefPtr) + 124
54 com.apple.WebCore 0x000000010e7fcf35 WebCore::Node::dispatchMouseEvent(WebCore::PlatformMouseEvent const&, WTF::AtomicString const&, int, WebCore::Node*) + 133
55 com.apple.WebCore 0x000000010e205f6b WebCore::EventHandler::dispatchMouseEvent(WTF::AtomicString const&, WebCore::Node*, bool, int, WebCore::PlatformMouseEvent const&, bool) + 107
56 com.apple.WebCore 0x000000010e207a0e WebCore::EventHandler::handleMouseReleaseEvent(WebCore::PlatformMouseEvent const&) + 1198
57 com.apple.WebKit2 0x000000010d738dac WebKit::handleMouseEvent(WebKit::WebMouseEvent const&, WebKit::WebPage*, bool) + 419
58 com.apple.WebKit2 0x000000010d738bcd WebKit::WebPage::mouseEvent(WebKit::WebMouseEvent const&) + 221
59 com.apple.WebKit2 0x000000010d74c18c void CoreIPC::handleMessage(CoreIPC::MessageDecoder&, WebKit::WebPage*, void (WebKit::WebPage::*)(WebKit::WebMouseEvent const&)) + 83
60 com.apple.WebKit2 0x000000010d67f277 CoreIPC::MessageReceiverMap::dispatchMessage(CoreIPC::Connection*, CoreIPC::MessageDecoder&) + 137
61 com.apple.WebKit2 0x000000010d787c9c WebKit::WebProcess::didReceiveMessage(CoreIPC::Connection*, CoreIPC::MessageDecoder&) + 34
62 com.apple.WebKit2 0x000000010d65476b CoreIPC::Connection::dispatchMessage(WTF::PassOwnPtr) + 105
63 com.apple.WebKit2 0x000000010d6562b6 CoreIPC::Connection::dispatchOneMessage() + 106
64 com.apple.WebCore 0x000000010e9d5091 WebCore::RunLoop::performWork() + 129
65 com.apple.WebCore 0x000000010e9d5652 WebCore::RunLoop::performWork(void*) + 34
66 com.apple.CoreFoundation 0x00007fff8eb76b31 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
67 com.apple.CoreFoundation 0x00007fff8eb76455 __CFRunLoopDoSources0 + 245
68 com.apple.CoreFoundation 0x00007fff8eb997f5 __CFRunLoopRun + 789
69 com.apple.CoreFoundation 0x00007fff8eb990e2 CFRunLoopRunSpecific + 290
70 com.apple.HIToolbox 0x00007fff8fecfeb4 RunCurrentEventLoopInMode + 209
71 com.apple.HIToolbox 0x00007fff8fecfc52 ReceiveNextEventCommon + 356
72 com.apple.HIToolbox 0x00007fff8fecfae3 BlockUntilNextEventMatchingListInMode + 62
73 com.apple.AppKit 0x00007fff88021533 _DPSNextEvent + 685
74 com.apple.AppKit 0x00007fff88020df2 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 128
75 com.apple.AppKit 0x00007fff880181a3 -[NSApplication run] + 517
76 com.apple.WebCore 0x000000010e9d5cd2 WebCore::RunLoop::run() + 82
77 com.apple.WebKit2 0x000000010d6f65b7 int WebKit::ChildProcessMain(int, char**) + 579
78 com.apple.WebProcess 0x000000010d609e23 main + 337
79 libdyld.dylib 0x00007fff8792f7e1 start + 1
Thread 1:: Dispatch queue: com.apple.libdispatch-manager
0 libsystem_kernel.dylib 0x00007fff8fd04d16 kevent + 10
1 libdispatch.dylib 0x00007fff898e3dea _dispatch_mgr_invoke + 883
2 libdispatch.dylib 0x00007fff898e39ee _dispatch_mgr_thread + 54
Thread 2:
0 libsystem_kernel.dylib 0x00007fff8fd046d6 __workq_kernreturn + 10
1 libsystem_c.dylib 0x00007fff8f983f4c _pthread_workq_return + 25
2 libsystem_c.dylib 0x00007fff8f983d13 _pthread_wqthread + 412
3 libsystem_c.dylib 0x00007fff8f96e1d1 start_wqthread + 13
Thread 3:: JavaScriptCore::BlockFree
0 libsystem_kernel.dylib 0x00007fff8fd040fa __psynch_cvwait + 10
1 libsystem_c.dylib 0x00007fff8f985fe9 _pthread_cond_wait + 869
2 com.apple.JavaScriptCore 0x000000010ddb05c6 WTF::ThreadCondition::timedWait(WTF::Mutex&, double) + 118
3 com.apple.JavaScriptCore 0x000000010dabe59b JSC::BlockAllocator::blockFreeingThreadMain() + 123
4 com.apple.JavaScriptCore 0x000000010ddaf8df WTF::wtfThreadEntryPoint(void*) + 15
5 libsystem_c.dylib 0x00007fff8f9817a2 _pthread_start + 327
6 libsystem_c.dylib 0x00007fff8f96e1e1 thread_start + 13
Thread 4:: JavaScriptCore::Marking
0 libsystem_kernel.dylib 0x00007fff8fd040fa __psynch_cvwait + 10
1 libsystem_c.dylib 0x00007fff8f985fe9 _pthread_cond_wait + 869
2 com.apple.JavaScriptCore 0x000000010dbe23db JSC::GCThread::waitForNextPhase() + 123
3 com.apple.JavaScriptCore 0x000000010dbe249f JSC::GCThread::gcThreadMain() + 143
4 com.apple.JavaScriptCore 0x000000010ddaf8df WTF::wtfThreadEntryPoint(void*) + 15
5 libsystem_c.dylib 0x00007fff8f9817a2 _pthread_start + 327
6 libsystem_c.dylib 0x00007fff8f96e1e1 thread_start + 13
Thread 5:: JavaScriptCore::Marking
0 libsystem_kernel.dylib 0x00007fff8fd040fa __psynch_cvwait + 10
1 libsystem_c.dylib 0x00007fff8f985fe9 _pthread_cond_wait + 869
2 com.apple.JavaScriptCore 0x000000010dbe23db JSC::GCThread::waitForNextPhase() + 123
3 com.apple.JavaScriptCore 0x000000010dbe249f JSC::GCThread::gcThreadMain() + 143
4 com.apple.JavaScriptCore 0x000000010ddaf8df WTF::wtfThreadEntryPoint(void*) + 15
5 libsystem_c.dylib 0x00007fff8f9817a2 _pthread_start + 327
6 libsystem_c.dylib 0x00007fff8f96e1e1 thread_start + 13
Thread 6:: JavaScriptCore::Marking
0 libsystem_kernel.dylib 0x00007fff8fd040fa __psynch_cvwait + 10
1 libsystem_c.dylib 0x00007fff8f985fe9 _pthread_cond_wait + 869
2 com.apple.JavaScriptCore 0x000000010dbe23db JSC::GCThread::waitForNextPhase() + 123
3 com.apple.JavaScriptCore 0x000000010dbe249f JSC::GCThread::gcThreadMain() + 143
4 com.apple.JavaScriptCore 0x000000010ddaf8df WTF::wtfThreadEntryPoint(void*) + 15
5 libsystem_c.dylib 0x00007fff8f9817a2 _pthread_start + 327
6 libsystem_c.dylib 0x00007fff8f96e1e1 thread_start + 13
Thread 7:: JavaScriptCore::Marking
0 libsystem_kernel.dylib 0x00007fff8fd040fa __psynch_cvwait + 10
1 libsystem_c.dylib 0x00007fff8f985fe9 _pthread_cond_wait + 869
2 com.apple.JavaScriptCore 0x000000010dbe23db JSC::GCThread::waitForNextPhase() + 123
3 com.apple.JavaScriptCore 0x000000010dbe249f JSC::GCThread::gcThreadMain() + 143
4 com.apple.JavaScriptCore 0x000000010ddaf8df WTF::wtfThreadEntryPoint(void*) + 15
5 libsystem_c.dylib 0x00007fff8f9817a2 _pthread_start + 327
6 libsystem_c.dylib 0x00007fff8f96e1e1 thread_start + 13
Thread 8:: JavaScriptCore::Marking
0 libsystem_kernel.dylib 0x00007fff8fd040fa __psynch_cvwait + 10
1 libsystem_c.dylib 0x00007fff8f985fe9 _pthread_cond_wait + 869
2 com.apple.JavaScriptCore 0x000000010dbe23db JSC::GCThread::waitForNextPhase() + 123
3 com.apple.JavaScriptCore 0x000000010dbe249f JSC::GCThread::gcThreadMain() + 143
4 com.apple.JavaScriptCore 0x000000010ddaf8df WTF::wtfThreadEntryPoint(void*) + 15
5 libsystem_c.dylib 0x00007fff8f9817a2 _pthread_start + 327
6 libsystem_c.dylib 0x00007fff8f96e1e1 thread_start + 13
Thread 9:: JavaScriptCore::Marking
0 libsystem_kernel.dylib 0x00007fff8fd040fa __psynch_cvwait + 10
1 libsystem_c.dylib 0x00007fff8f985fe9 _pthread_cond_wait + 869
2 com.apple.JavaScriptCore 0x000000010dbe23db JSC::GCThread::waitForNextPhase() + 123
3 com.apple.JavaScriptCore 0x000000010dbe249f JSC::GCThread::gcThreadMain() + 143
4 com.apple.JavaScriptCore 0x000000010ddaf8df WTF::wtfThreadEntryPoint(void*) + 15
5 libsystem_c.dylib 0x00007fff8f9817a2 _pthread_start + 327
6 libsystem_c.dylib 0x00007fff8f96e1e1 thread_start + 13
Thread 10:: WebCore: Scrolling
0 libsystem_kernel.dylib 0x00007fff8fd02686 mach_msg_trap + 10
1 libsystem_kernel.dylib 0x00007fff8fd01c42 mach_msg + 70
2 com.apple.CoreFoundation 0x00007fff8eb94233 __CFRunLoopServiceMachPort + 195
3 com.apple.CoreFoundation 0x00007fff8eb99916 __CFRunLoopRun + 1078
4 com.apple.CoreFoundation 0x00007fff8eb990e2 CFRunLoopRunSpecific + 290
5 com.apple.CoreFoundation 0x00007fff8eba7dd1 CFRunLoopRun + 97
6 com.apple.WebCore 0x000000010ea0141e WebCore::ScrollingThread::initializeRunLoop() + 254
7 com.apple.JavaScriptCore 0x000000010ddaf8df WTF::wtfThreadEntryPoint(void*) + 15
8 libsystem_c.dylib 0x00007fff8f9817a2 _pthread_start + 327
9 libsystem_c.dylib 0x00007fff8f96e1e1 thread_start + 13
Thread 11:: com.apple.NSURLConnectionLoader
0 libsystem_kernel.dylib 0x00007fff8fd02686 mach_msg_trap + 10
1 libsystem_kernel.dylib 0x00007fff8fd01c42 mach_msg + 70
2 com.apple.CoreFoundation 0x00007fff8eb94233 __CFRunLoopServiceMachPort + 195
3 com.apple.CoreFoundation 0x00007fff8eb99916 __CFRunLoopRun + 1078
4 com.apple.CoreFoundation 0x00007fff8eb990e2 CFRunLoopRunSpecific + 290
5 com.apple.Foundation 0x00007fff8a035546 +[NSURLConnection(Loader) _resourceLoadLoop:] + 356
6 com.apple.Foundation 0x00007fff8a093562 __NSThread__main__ + 1345
7 libsystem_c.dylib 0x00007fff8f9817a2 _pthread_start + 327
8 libsystem_c.dylib 0x00007fff8f96e1e1 thread_start + 13
Thread 12:: com.apple.CFSocket.private
0 libsystem_kernel.dylib 0x00007fff8fd04322 __select + 10
1 com.apple.CoreFoundation 0x00007fff8ebd8f46 __CFSocketManager + 1302
2 libsystem_c.dylib 0x00007fff8f9817a2 _pthread_start + 327
3 libsystem_c.dylib 0x00007fff8f96e1e1 thread_start + 13
Thread 13:: JSC Compilation Thread
0 libsystem_kernel.dylib 0x00007fff8fd040fa __psynch_cvwait + 10
1 libsystem_c.dylib 0x00007fff8f985fe9 _pthread_cond_wait + 869
2 com.apple.JavaScriptCore 0x000000010dbd492b JSC::DFG::Worklist::runThread() + 747
3 com.apple.JavaScriptCore 0x000000010ddaf8df WTF::wtfThreadEntryPoint(void*) + 15
4 libsystem_c.dylib 0x00007fff8f9817a2 _pthread_start + 327
5 libsystem_c.dylib 0x00007fff8f96e1e1 thread_start + 13
Thread 14:
0 libsystem_kernel.dylib 0x00007fff8fd046d6 __workq_kernreturn + 10
1 libsystem_c.dylib 0x00007fff8f983f4c _pthread_workq_return + 25
2 libsystem_c.dylib 0x00007fff8f983d13 _pthread_wqthread + 412
3 libsystem_c.dylib 0x00007fff8f96e1d1 start_wqthread + 13
Thread 15:
0 libsystem_kernel.dylib 0x00007fff8fd046d6 __workq_kernreturn + 10
1 libsystem_c.dylib 0x00007fff8f983f4c _pthread_workq_return + 25
2 libsystem_c.dylib 0x00007fff8f983d13 _pthread_wqthread + 412
3 libsystem_c.dylib 0x00007fff8f96e1d1 start_wqthread + 13
Thread 16:
0 libsystem_kernel.dylib 0x00007fff8fd046d6 __workq_kernreturn + 10
1 libsystem_c.dylib 0x00007fff8f983f4c _pthread_workq_return + 25
2 libsystem_c.dylib 0x00007fff8f983d13 _pthread_wqthread + 412
3 libsystem_c.dylib 0x00007fff8f96e1d1 start_wqthread + 13
Thread 17:
0 libsystem_kernel.dylib 0x00007fff8fd046d6 __workq_kernreturn + 10
1 libsystem_c.dylib 0x00007fff8f983f4c _pthread_workq_return + 25
2 libsystem_c.dylib 0x00007fff8f983d13 _pthread_wqthread + 412
3 libsystem_c.dylib 0x00007fff8f96e1d1 start_wqthread + 13
Thread 18:
0 libsystem_kernel.dylib 0x00007fff8fd046d6 __workq_kernreturn + 10
1 libsystem_c.dylib 0x00007fff8f983f4c _pthread_workq_return + 25
2 libsystem_c.dylib 0x00007fff8f983d13 _pthread_wqthread + 412
3 libsystem_c.dylib 0x00007fff8f96e1d1 start_wqthread + 13
Thread 19:
0 libsystem_kernel.dylib 0x00007fff8fd046d6 __workq_kernreturn + 10
1 libsystem_c.dylib 0x00007fff8f983f4c _pthread_workq_return + 25
2 libsystem_c.dylib 0x00007fff8f983d13 _pthread_wqthread + 412
3 libsystem_c.dylib 0x00007fff8f96e1d1 start_wqthread + 13
Thread 20:
0 libsystem_kernel.dylib 0x00007fff8fd046d6 __workq_kernreturn + 10
1 libsystem_c.dylib 0x00007fff8f983f4c _pthread_workq_return + 25
2 libsystem_c.dylib 0x00007fff8f983d13 _pthread_wqthread + 412
3 libsystem_c.dylib 0x00007fff8f96e1d1 start_wqthread + 13
Thread 0 crashed with X86 Thread State (64-bit):
rax: 0x0000000000000000 rbx: 0x000000000000000a rcx: 0x0000000000000001 rdx: 0x0000000000000000
rdi: 0x000000010de6b218 rsi: 0x000000010ece8524 rbp: 0x00007fff525f32b0 rsp: 0x00007fff525f3270
r8: 0x0000000000000000 r9: 0x0000000112a8d728 r10: 0x0000000117d2d908 r11: 0x000000010fbbd040
r12: 0x000000011a748f00 r13: 0x000000011a74cf00 r14: 0x000000010ece8524 r15: 0x000000011a748a10
rip: 0x000000010ea37a5c rfl: 0x0000000000010246 cr2: 0x0000000000000018
Logical CPU: 6
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 06:22:11 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 06:22:11 -0700
Subject: [Webkit-unassigned] [Bug 118893] Rendering offset for a circle with
feBlend applied
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=118893
Dirk Schulze changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |NEW
CC| |krit at webkit.org
Ever Confirmed|0 |1
--- Comment #4 from Dirk Schulze 2013-08-01 06:21:55 PST ---
feImage seems to be responsible for the mis match http://jsfiddle.net/qZuru/
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 06:27:43 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 06:27:43 -0700
Subject: [Webkit-unassigned] [Bug 119140] REGRESSION: Crash beneath
cti_vm_throw_slowpath due to invalid CallFrame pointer
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=119140
Simon Hausmann changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |hausmann at webkit.org
--- Comment #21 from Simon Hausmann 2013-08-01 06:27:26 PST ---
(In reply to comment #17)
> (In reply to comment #16)
> > Julien and I discovered the problem here:
> >
> > ExceptionHandler __attribute__ ((fastcall)) cti_vm_throw_slowpath(CallFrame* callFrame);
> >
> > On some compilers, returning a struct causes the compiler to allocate the first register as the "pointer to return value".
>
> Makes sense. I was looking at the disassembly that Julien posted and the use of %ecx was throwing me. The first arg (callFrame) was in %edx.
>
> That means that ctiVMThrowTrampolineSlowpath will need to be modified for those compilers to allocate the struct space on the stack and put the address in %ecx, put callFrame in %edx and then on return use the values in the stack instead of %eax:edx
>
> Did you determine any predefined macros that say the compiler is doing this?
I believe that is the standard System V ABI on x86, which is implemented by Linux, Mac OS X (not that 32-bit matters here I suppose :) and other Unixy variants . See also "Functions Returning Structures or Unions" in http://sco.com/developers/devspecs/abi386-4.pdf
The invisible pointer-to-returned-structure argument that's normally on the stack indeed moves into the first register then.
On Windows on the other hand the structure in this case (which is 8 bytes) is returned in an eax:edx pair, if it fits
( http://msdn.microsoft.com/en-us/library/984x0h58.aspx )
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 06:28:01 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 06:28:01 -0700
Subject: [Webkit-unassigned] [Bug 119391] REGRESSION(FTL): Fix sh4
implementation of ctiVMThrowTrampolineSlowpath
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=119391
WebKit Commit Bot changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #207919|review+, commit-queue+ |
Flag| |
--- Comment #3 from WebKit Commit Bot 2013-08-01 06:27:46 PST ---
(From update of attachment 207919)
Clearing flags on attachment: 207919
Committed r153583:
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 06:28:03 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 06:28:03 -0700
Subject: [Webkit-unassigned] [Bug 119391] REGRESSION(FTL): Fix sh4
implementation of ctiVMThrowTrampolineSlowpath
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=119391
WebKit Commit Bot changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |RESOLVED
Resolution| |FIXED
--- Comment #4 from WebKit Commit Bot 2013-08-01 06:27:47 PST ---
All reviewed patches have been landed. Closing bug.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 07:08:02 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 07:08:02 -0700
Subject: [Webkit-unassigned] [Bug 115248] [CSSRegions] Min/max-width should
support values other than length
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=115248
--- Comment #9 from Anton Obzhirov 2013-08-01 07:07:47 PST ---
(In reply to comment #7)
> I have created a simple fiddle here: http://jsfiddle.net/chrisjg/q7nhQ/
>
> example HTML
>
>
> -----------------
>
> example CSS
>
> nav {
> font-size: 16px;
> letter-spacing: -0.5px;
> list-style: none outside none;
> }
> .nav, nav ul {
> display: table;
> margin: 0;
> width: 100%;
> }
> .nav {
> float: left;
> left: 0;
> position: relative;
> list-style: none outside none;
> margin-bottom: 1.42857rem;
> margin-left: 0;
> width: 400px;
> }
>
> li {
> border: 1px solid black;
> display: table-cell;
> height: 34px;
> min-width: 25%;
> text-align: center;
> vertical-align: middle;
> }
>
> -------
> The important bits are
> .nav display: table;
> li display: table-cell;
> li min-width: 25%;
>
> It should result in 4 equally sized boxes,
> as in the firefox screenshot I have attached. But in chrome it auto-sizes each box to fit the content - as in the chrome screenshot I also attached.
>
> Hope this helps.
>
> Chris.
Hi,
Checked the example html now - I think it is probably intended for another bug or new bug should be created for this. From what I see it doesn't use CSS regions. Chris, could you confirm that - may be I am missing something.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 07:14:43 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 07:14:43 -0700
Subject: [Webkit-unassigned] [Bug 118893] Rendering offset for a circle with
feImage applied
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=118893
Mirela changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|Rendering offset for a |Rendering offset for a
|circle with feBlend applied |circle with feImage applied
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 07:28:12 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 07:28:12 -0700
Subject: [Webkit-unassigned] [Bug 99352] [GTK] [WebKit2] Add an
'authenticate' signal to WebKitWebView
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=99352
Brian Holt changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #207731|0 |1
is obsolete| |
Attachment #207731|review-, commit-queue- |
Flag| |
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 07:28:24 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 07:28:24 -0700
Subject: [Webkit-unassigned] [Bug 99352] [GTK] [WebKit2] Add an
'authenticate' signal to WebKitWebView
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=99352
Brian Holt changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #207922| |review?, commit-queue?
Flag| |
--- Comment #48 from Brian Holt 2013-08-01 07:28:08 PST ---
Created an attachment (id=207922)
--> (https://bugs.webkit.org/attachment.cgi?id=207922&action=review)
Rebased to master, addressed all comments and improved unit test
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 07:41:23 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 07:41:23 -0700
Subject: [Webkit-unassigned] [Bug 109422] [Qt] Add Page Visibility API
support
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=109422
Benjamin Dupont changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #207923| |review?, commit-queue?
Flag| |
--- Comment #50 from Benjamin Dupont 2013-08-01 07:41:07 PST ---
Created an attachment (id=207923)
--> (https://bugs.webkit.org/attachment.cgi?id=207923&action=review)
New QWebPage API (with test): void QWebPage::setVisibilityState(QWebPage::PageVisibilityState state)
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 08:04:05 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 08:04:05 -0700
Subject: [Webkit-unassigned] [Bug 109422] [Qt] Add Page Visibility API
support
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=109422
Benjamin Dupont changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #207923|0 |1
is obsolete| |
Attachment #207923|review?, commit-queue? |
Flag| |
--- Comment #51 from Benjamin Dupont 2013-08-01 08:03:48 PST ---
(From update of attachment 207923)
I must remove webkit suffix (eg. webkitHidden -> hidden) from the test...
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 08:10:03 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 08:10:03 -0700
Subject: [Webkit-unassigned] [Bug 109422] [Qt] Add Page Visibility API
support
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=109422
Benjamin Dupont changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #207926| |review?, commit-queue?
Flag| |
--- Comment #52 from Benjamin Dupont 2013-08-01 08:09:46 PST ---
Created an attachment (id=207926)
--> (https://bugs.webkit.org/attachment.cgi?id=207926&action=review)
New QWebPage API (with test): void QWebPage::setVisibilityState(QWebPage::PageVisibilityState state) (2)
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 08:11:05 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 08:11:05 -0700
Subject: [Webkit-unassigned] [Bug 119078] [GTK] [EFL] Enable tiled shadow
blur for the inset shadows.
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=119078
Alejandro G. Castro changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #207444|0 |1
is obsolete| |
Attachment #207927| |review?
Flag| |
--- Comment #4 from Alejandro G. Castro 2013-08-01 08:10:49 PST ---
Created an attachment (id=207927)
--> (https://bugs.webkit.org/attachment.cgi?id=207927&action=review)
Proposed patch
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 08:11:30 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 08:11:30 -0700
Subject: [Webkit-unassigned] [Bug 119078] [GTK] [EFL] Enable tiled shadow
blur for the inset shadows.
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=119078
Alejandro G. Castro changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #207444|review+ |
Flag| |
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 08:20:05 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 08:20:05 -0700
Subject: [Webkit-unassigned] [Bug 119140] REGRESSION: Crash beneath
cti_vm_throw_slowpath due to invalid CallFrame pointer
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=119140
--- Comment #22 from Julien Brianceau 2013-08-01 08:19:49 PST ---
(In reply to comment #20)
> Results are ok:
> - run-fast-jsc reports "426 tests passed, 34 tests failed, 0 tests crashed."
> - run-javascriptcore-tests reports "0 regressions found. 0 tests fixed. OK."
Please note that results are ok for release builds ONLY (thanks to Zan who finds that debug builds were still KO with this).
(In reply to comment #21)
> I believe that is the standard System V ABI on x86, which is implemented by Linux, Mac OS X (not that 32-bit matters here I suppose :) and other Unixy variants . See also "Functions Returning Structures or Unions" in http://sco.com/developers/devspecs/abi386-4.pdf
>
> The invisible pointer-to-returned-structure argument that's normally on the stack indeed moves into the first register then.
>
> On Windows on the other hand the structure in this case (which is 8 bytes) is returned in an eax:edx pair, if it fits
> ( http://msdn.microsoft.com/en-us/library/984x0h58.aspx )
Thanks a lot for the documentation :) So this is not a compiler issue.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 08:26:13 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 08:26:13 -0700
Subject: [Webkit-unassigned] [Bug 119356] [Forms: color] popover color well implementation
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=119356
--- Comment #13 from Ruth Fong 2013-08-01 08:25:57 PST ---
(From update of attachment 207901)
View in context: https://bugs.webkit.org/attachment.cgi?id=207901&action=review
>> Source/WebKit2/UIProcess/mac/WebColorPickerMac.mm:65
>> @end
>
> I think you should transform WKColorPickerMac to a protocol, and move the two attributes to the subclass.
>
> WKColorPickerMac does not have ownership of _lastChangedByUser which leads to improper encapsulation. You should try to avoid inheritance as a way to share code, using encapsulation/aggregation leads to better designs.
Moving the private variables makes sense.
I like WKColorPickerMac as a base class because that way m_colorPickerUI can be of type WKColorPickerMac and I can maintain more abstraction in WebColorPickerMac.
>> Source/WebKit2/UIProcess/mac/WebColorPickerMac.mm:74
>> + NSPopoverColorWell* popoverWell;
>
> You could use a RetainPtr here to avoid risking leaking this.
Got it.
>> Source/WebKit2/UIProcess/mac/WebColorPickerMac.mm:177
>> +
>
> I would also add a destructor just to be safe. You could call invalidate from it, or just assert that _picker and popoverWell are nil.
Got it.
>> Source/WebKit2/UIProcess/mac/WebColorPickerMac.mm:183
>> + _picker = nil;
>
> I believe you also want to remove the target of the popowerWell. Otherwise, if an other reference to the object exist, you may still get called.
Got it.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 08:27:37 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 08:27:37 -0700
Subject: [Webkit-unassigned] [Bug 119140] REGRESSION: Crash beneath
cti_vm_throw_slowpath due to invalid CallFrame pointer
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=119140
--- Comment #23 from Julien Brianceau 2013-08-01 08:27:21 PST ---
Created an attachment (id=207928)
--> (https://bugs.webkit.org/attachment.cgi?id=207928&action=review)
Fix for X86 32-bit (release and debug builds). DO NOT COMMIT
Do not commit this patch. It fixes X86 32-bit builds (release and debug), but will break all other architectures (X86_64, sh4, ARM etc ...): each architecture dependent function ctiVMThrowTrampolineSlowpath must be adapated with this patch.
JSC experts, do you think this kind of patch is a good way to fix the issue? If so, I'll make changes for the architectures I know (X86_64 and sh4) and submit a new patch.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 08:40:11 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 08:40:11 -0700
Subject: [Webkit-unassigned] [Bug 119140] REGRESSION: Crash beneath
cti_vm_throw_slowpath due to invalid CallFrame pointer
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=119140
--- Comment #24 from Michael Saboff 2013-08-01 08:39:55 PST ---
(In reply to comment #21)
> (In reply to comment #17)
> > (In reply to comment #16)
> > > Julien and I discovered the problem here:
> > >
> > > ExceptionHandler __attribute__ ((fastcall)) cti_vm_throw_slowpath(CallFrame* callFrame);
> > >
> > > On some compilers, returning a struct causes the compiler to allocate the first register as the "pointer to return value".
> >
> > Makes sense. I was looking at the disassembly that Julien posted and the use of %ecx was throwing me. The first arg (callFrame) was in %edx.
> >
> > That means that ctiVMThrowTrampolineSlowpath will need to be modified for those compilers to allocate the struct space on the stack and put the address in %ecx, put callFrame in %edx and then on return use the values in the stack instead of %eax:edx
> >
> > Did you determine any predefined macros that say the compiler is doing this?
>
> I believe that is the standard System V ABI on x86, which is implemented by Linux, Mac OS X (not that 32-bit matters here I suppose :) and other Unixy variants . See also "Functions Returning Structures or Unions" in http://sco.com/developers/devspecs/abi386-4.pdf
>
> The invisible pointer-to-returned-structure argument that's normally on the stack indeed moves into the first register then.
>
> On Windows on the other hand the structure in this case (which is 8 bytes) is returned in an eax:edx pair, if it fits
> ( http://msdn.microsoft.com/en-us/library/984x0h58.aspx )
Clang on MacOSX also passes an 8 byte structure in eax:edx. That is why this isn't an issue on 32 bit Mac builds.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 08:40:34 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 08:40:34 -0700
Subject: [Webkit-unassigned] [Bug 119140] REGRESSION: Crash beneath
cti_vm_throw_slowpath due to invalid CallFrame pointer
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=119140
--- Comment #25 from Michael Saboff 2013-08-01 08:40:17 PST ---
(In reply to comment #23)
> Created an attachment (id=207928)
--> (https://bugs.webkit.org/attachment.cgi?id=207928&action=review) [details]
> Fix for X86 32-bit (release and debug builds). DO NOT COMMIT
>
> Do not commit this patch. It fixes X86 32-bit builds (release and debug), but will break all other architectures (X86_64, sh4, ARM etc ...): each architecture dependent function ctiVMThrowTrampolineSlowpath must be adapated with this patch.
>
> JSC experts, do you think this kind of patch is a good way to fix the issue? If so, I'll make changes for the architectures I know (X86_64 and sh4) and submit a new patch.
We do not want to commit the patch. It uses whatever ecx contains without allocating memory, thus trashing whatever ecx points to. This patch could be fixed to allocate that space on the stack.
The other approach is to return the two 32 bit values as one 64 bit value just like and encoded JSValue. This is in keeping with the X86 32 bit ABI. I plan on posting such a patch this morning.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 08:45:52 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 08:45:52 -0700
Subject: [Webkit-unassigned] [Bug 119395] JavaScript crash.
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=119395
Geoffrey Garen changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #207921|review? |review-
Flag| |
--- Comment #2 from Geoffrey Garen 2013-08-01 08:45:37 PST ---
(From update of attachment 207921)
Can you provide a test case for this?
I don't think checking isEmpty() here is right. Generally, JSValue() is not a valid value to use in the JIT or to pass to a runtime function. It's like a null pointer.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 09:18:58 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 09:18:58 -0700
Subject: [Webkit-unassigned] [Bug 119140] REGRESSION: Crash beneath
cti_vm_throw_slowpath due to invalid CallFrame pointer
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=119140
--- Comment #26 from Julien Brianceau 2013-08-01 09:18:42 PST ---
(In reply to comment #25)
>
> We do not want to commit the patch. It uses whatever ecx contains without allocating memory, thus trashing whatever ecx points to. This patch could be fixed to allocate that space on the stack.
ecx is used as it was before: the first argument containing callFrame through fastcall. Memory for struct is reserved on stack (subl $8) and put in edx, the second argument through fastcall.
> The other approach is to return the two 32 bit values as one 64 bit value just like and encoded JSValue. This is in keeping with the X86 32 bit ABI. I plan on posting such a patch this morning.
I'm fine with this approach, provided we fix this bug :) Thanks in advance for your patch !
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 09:19:10 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 09:19:10 -0700
Subject: [Webkit-unassigned] [Bug 119140] REGRESSION: Crash beneath
cti_vm_throw_slowpath due to invalid CallFrame pointer
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=119140
Julien Brianceau changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #207928|0 |1
is obsolete| |
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 09:30:31 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 09:30:31 -0700
Subject: [Webkit-unassigned] [Bug 119298] JSOESTextureHalfFloat not
generated on Windows
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=119298
Alex Christensen changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #207793| |commit-queue+
Flag| |
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 09:42:55 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 09:42:55 -0700
Subject: [Webkit-unassigned] [Bug 36084] baseline of inline-block is not
bottom margin edge for overflow other than visible
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=36084
Christian Biesinger changed:
What |Removed |Added
----------------------------------------------------------------------------
Keywords| |BlinkMergeCandidate
CC| |cbiesinger at chromium.org
--- Comment #4 from Christian Biesinger 2013-08-01 09:42:40 PST ---
https://codereview.chromium.org/21414002/
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 09:52:53 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 09:52:53 -0700
Subject: [Webkit-unassigned] [Bug 119298] JSOESTextureHalfFloat not
generated on Windows
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=119298
WebKit Commit Bot changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #207793|review+, commit-queue+ |
Flag| |
--- Comment #3 from WebKit Commit Bot 2013-08-01 09:52:38 PST ---
(From update of attachment 207793)
Clearing flags on attachment: 207793
Committed r153588:
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 09:52:56 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 09:52:56 -0700
Subject: [Webkit-unassigned] [Bug 119298] JSOESTextureHalfFloat not
generated on Windows
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=119298
WebKit Commit Bot changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |RESOLVED
Resolution| |FIXED
--- Comment #4 from WebKit Commit Bot 2013-08-01 09:52:40 PST ---
All reviewed patches have been landed. Closing bug.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 10:02:06 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 10:02:06 -0700
Subject: [Webkit-unassigned] [Bug 119356] [Forms: color] popover color well implementation
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=119356
--- Comment #14 from Brady Eidson 2013-08-01 10:01:50 PST ---
(From update of attachment 207901)
View in context: https://bugs.webkit.org/attachment.cgi?id=207901&action=review
> Source/WebKit2/UIProcess/WebPageProxy.cpp:1008
> +#if ENABLE(INPUT_TYPE_COLOR) && ENABLE(INPUT_TYPE_COLOR_POPOVER)
This preprocessor statement is unnecessary.
Enabling INPUT_TYPE_COLOR_POPOVER without enabling INPUT_TYPE_COLOR is an invalid build config.
I think each place you use this macro it should just be the INPUT_TYPE_COLOR_POPOVER clause by itself.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 10:47:31 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 10:47:31 -0700
Subject: [Webkit-unassigned] [Bug 119174] doesn't
correctly handle the "size" attribute
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=119174
Antoine Quint changed:
What |Removed |Added
----------------------------------------------------------------------------
AssignedTo|webkit-unassigned at lists.web |graouts at apple.com
|kit.org |
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 10:48:09 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 10:48:09 -0700
Subject: [Webkit-unassigned] [Bug 119402] New: [cmake] Extra compiler flags
should be passed for all target
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=119402
Summary: [cmake] Extra compiler flags should be passed for all
target
Product: WebKit
Version: 528+ (Nightly build)
Platform: Unspecified
OS/Version: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: Text
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: ossy at webkit.org
Blocks: 119266
It seems extra compiler flags isn't passed for all target now.
I found it when I tried to add back c++11 features and EFL build
failed - https://bugs.webkit.org/show_bug.cgi?id=119266
I'm going to collect which targets are still missing and try to fix.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 10:48:14 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 10:48:14 -0700
Subject: [Webkit-unassigned] [Bug 119140] REGRESSION: Crash beneath
cti_vm_throw_slowpath due to invalid CallFrame pointer
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=119140
Michael Saboff changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #207937| |review?
Flag| |
--- Comment #27 from Michael Saboff 2013-08-01 10:47:57 PST ---
Created an attachment (id=207937)
--> (https://bugs.webkit.org/attachment.cgi?id=207937&action=review)
Patch
I tested this with MacOSX 32 bit build by running JS tests and examining the disassembly to verify that edx:eax are used for return values. I also compiled this for ARM and verified via disassembly that r1:r0 are used for the return value.
Maintainers of other platforms should verify this solves the issue for them as well before the patch is committed.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 10:53:03 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 10:53:03 -0700
Subject: [Webkit-unassigned] [Bug 119403] New: Crashing Test:
fast/forms/color/input-color-onchange-event.html
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=119403
Summary: Crashing Test:
fast/forms/color/input-color-onchange-event.html
Product: WebKit
Version: 528+ (Nightly build)
Platform: Unspecified
OS/Version: Unspecified
Status: UNCONFIRMED
Severity: Normal
Priority: P2
Component: Forms
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: ruthiecftg at gmail.com
CC: beidson at apple.com, jonlee at apple.com, graouts at apple.com
Crashing on mac-wk1 because is not implemented yet on WK1 (https://bugs.webkit.org/show_bug.cgi?id=119094).
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 10:53:40 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 10:53:40 -0700
Subject: [Webkit-unassigned] [Bug 119403] Crashing Test:
fast/forms/color/input-color-onchange-event.html
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=119403
Ruth Fong changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |ruthiecftg at gmail.com,
| |webkit-bug-importer at group.a
| |pple.com
--- Comment #1 from Ruth Fong 2013-08-01 10:53:25 PST ---
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 10:54:01 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 10:54:01 -0700
Subject: [Webkit-unassigned] [Bug 119403] Crashing Test:
fast/forms/color/input-color-onchange-event.html
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=119403
Radar WebKit Bug Importer changed:
What |Removed |Added
----------------------------------------------------------------------------
Keywords| |InRadar
--- Comment #2 from Radar WebKit Bug Importer 2013-08-01 10:53:46 PST ---
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 10:54:04 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 10:54:04 -0700
Subject: [Webkit-unassigned] [Bug 119140] REGRESSION: Crash beneath
cti_vm_throw_slowpath due to invalid CallFrame pointer
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=119140
--- Comment #28 from Csaba Osztrogonac 2013-08-01 10:53:48 PST ---
(In reply to comment #27)
> Created an attachment (id=207937)
--> (https://bugs.webkit.org/attachment.cgi?id=207937&action=review) [details]
> Patch
>
> I tested this with MacOSX 32 bit build by running JS tests and examining the disassembly to verify that edx:eax are used for return values. I also compiled this for ARM and verified via disassembly that r1:r0 are used for the return value.
>
> Maintainers of other platforms should verify this solves the issue for them as well before the patch is committed.
Thanks for the fix, I'll check it on x86 and ARM soon with GCC.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 10:59:32 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 10:59:32 -0700
Subject: [Webkit-unassigned] [Bug 119403] Crashing Test:
fast/forms/color/input-color-onchange-event.html
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=119403
Ruth Fong changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #207938| |review?
Flag| |
--- Comment #3 from Ruth Fong 2013-08-01 10:59:16 PST ---
Created an attachment (id=207938)
--> (https://bugs.webkit.org/attachment.cgi?id=207938&action=review)
Patch
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 11:20:14 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 11:20:14 -0700
Subject: [Webkit-unassigned] [Bug 119403] Crashing Test:
fast/forms/color/input-color-onchange-event.html
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=119403
--- Comment #4 from Tim Horton 2013-08-01 11:19:59 PST ---
(From update of attachment 207938)
View in context: https://bugs.webkit.org/attachment.cgi?id=207938&action=review
> LayoutTests/platform/mac-wk2/TestExpectations:118
> +fast/forms/color/input-color-onchange-event.html [ Pass ]
There's a section down at the bottom titled "Features that are not supported in WebKit1, so skipped in mac/TestExpectations then re-enabled here". Please put this there. Also check if there's something similar for the other one.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 11:23:43 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 11:23:43 -0700
Subject: [Webkit-unassigned] [Bug 119403] Crashing Test:
fast/forms/color/input-color-onchange-event.html
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=119403
Tim Horton changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |thorton at apple.com
--- Comment #5 from Tim Horton 2013-08-01 11:23:28 PST ---
(In reply to comment #1)
>
We're using this one ^^.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 11:26:59 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 11:26:59 -0700
Subject: [Webkit-unassigned] [Bug 119403] Crashing Test:
fast/forms/color/input-color-onchange-event.html
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=119403
Antoine Quint changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #207938|review? |review+, commit-queue+
Flag| |
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 11:27:16 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 11:27:16 -0700
Subject: [Webkit-unassigned] [Bug 119403] Crashing Test:
fast/forms/color/input-color-onchange-event.html
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=119403
WebKit Commit Bot changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #207938|review+ |review-
Flag| |
--- Comment #6 from WebKit Commit Bot 2013-08-01 11:27:00 PST ---
(From update of attachment 207938)
Rejecting attachment 207938 from review queue.
graouts at apple.com does not have reviewer permissions according to http://trac.webkit.org/browser/trunk/Tools/Scripts/webkitpy/common/config/contributors.json.
- If you do not have reviewer rights please read http://webkit.org/coding/contributing.html for instructions on how to use bugzilla flags.
- If you have reviewer rights please correct the error in Tools/Scripts/webkitpy/common/config/contributors.json by adding yourself to the file (no review needed). The commit-queue restarts itself every 2 hours. After restart the commit-queue will correctly respect your reviewer rights.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 11:28:14 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 11:28:14 -0700
Subject: [Webkit-unassigned] [Bug 119403] Crashing Test:
fast/forms/color/input-color-onchange-event.html
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=119403
Tim Horton changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #207938|commit-queue+ |commit-queue-
Flag| |
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 11:30:35 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 11:30:35 -0700
Subject: [Webkit-unassigned] [Bug 119403] Crashing Test:
fast/forms/color/input-color-onchange-event.html
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=119403
Ruth Fong changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #207938|0 |1
is obsolete| |
--- Comment #7 from Ruth Fong 2013-08-01 11:30:19 PST ---
Created an attachment (id=207940)
--> (https://bugs.webkit.org/attachment.cgi?id=207940&action=review)
Patch
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 11:31:56 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 11:31:56 -0700
Subject: [Webkit-unassigned] [Bug 119403] Crashing Test:
fast/forms/color/input-color-onchange-event.html
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=119403
Ruth Fong changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #207940|0 |1
is obsolete| |
--- Comment #8 from Ruth Fong 2013-08-01 11:31:41 PST ---
Created an attachment (id=207941)
--> (https://bugs.webkit.org/attachment.cgi?id=207941&action=review)
Patch
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 11:33:39 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 11:33:39 -0700
Subject: [Webkit-unassigned] [Bug 119403] Crashing Test:
fast/forms/color/input-color-onchange-event.html
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=119403
Ruth Fong changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #207941| |review?, commit-queue?
Flag| |
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 11:33:54 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 11:33:54 -0700
Subject: [Webkit-unassigned] [Bug 119403] Crashing Test:
fast/forms/color/input-color-onchange-event.html
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=119403
Tim Horton changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #207941|review?, commit-queue? |review+, commit-queue+
Flag| |
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 11:35:01 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 11:35:01 -0700
Subject: [Webkit-unassigned] [Bug 119403] Crashing Test:
fast/forms/color/input-color-onchange-event.html
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=119403
WebKit Commit Bot changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |commit-queue at webkit.org
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 11:41:22 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 11:41:22 -0700
Subject: [Webkit-unassigned] [Bug 119140] REGRESSION: Crash beneath
cti_vm_throw_slowpath due to invalid CallFrame pointer
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=119140
--- Comment #29 from Csaba Osztrogonac 2013-08-01 11:41:05 PST ---
(In reply to comment #27)
> Created an attachment (id=207937)
--> (https://bugs.webkit.org/attachment.cgi?id=207937&action=review) [details]
> Patch
>
> I tested this with MacOSX 32 bit build by running JS tests and examining the disassembly to verify that edx:eax are used for return values. I also compiled this for ARM and verified via disassembly that r1:r0 are used for the return value.
>
> Maintainers of other platforms should verify this solves the issue for them as well before the patch is committed.
I tested it on x86/GCC/QtWebKit in release and debug mode too and
run-javascriptore-tests pass without any fail, and there are only
7 crashes on fast/js:
Regressions: Unexpected crashes (7)
fast/js/create-lots-of-workers.html [ Crash ]
fast/js/dfg-string-out-of-bounds-check-structure.html [ Crash ]
fast/js/dfg-string-out-of-bounds-cse.html [ Crash ]
fast/js/dfg-string-out-of-bounds-negative-check-structure.html [ Crash ]
fast/js/dfg-string-out-of-bounds-negative-proto-value.html [ Crash ]
fast/js/regress/string-get-by-val-out-of-bounds-insane.html [ Crash ]
fast/js/regress/string-get-by-val-out-of-bounds.html [ Crash ]
But it seems, it is a different bug, I'm going to file a new bug report about it.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 11:49:00 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 11:49:00 -0700
Subject: [Webkit-unassigned] [Bug 119356] [Forms: color] popover color well implementation
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=119356
Ruth Fong changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #207901|0 |1
is obsolete| |
Attachment #207901|commit-queue- |
Flag| |
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 11:49:06 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 11:49:06 -0700
Subject: [Webkit-unassigned] [Bug 119356] [Forms: color] popover color well implementation
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=119356
--- Comment #15 from Ruth Fong 2013-08-01 11:48:48 PST ---
Created an attachment (id=207942)
--> (https://bugs.webkit.org/attachment.cgi?id=207942&action=review)
Patch
uses WKSI, which hasn't been updated yet
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 11:56:53 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 11:56:53 -0700
Subject: [Webkit-unassigned] [Bug 119405] New: REGRESSION(FTL merge):
Assertion fail on 32 bit with enabled DFG JIT
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=119405
Summary: REGRESSION(FTL merge): Assertion fail on 32 bit with
enabled DFG JIT
Product: WebKit
Version: 528+ (Nightly build)
Platform: Unspecified
OS/Version: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: JavaScriptCore
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: ossy at webkit.org
Depends on: 119140
STDERR: ASSERTION FAILED: currentLowest != NUM_REGS && currentSpillOrder != SpillHintInvalid
STDERR: /home/webkitbuildbot/oszi/WebKit/Source/JavaScriptCore/dfg/DFGRegisterBank.h(136) : JSC::DFG::RegisterBank::RegID JSC::DFG::RegisterBank::allocate(JSC::VirtualRegister&) [with BankInfo = JSC::DFG::GPRInfo, JSC::DFG::RegisterBank::RegID = JSC::X86Registers::RegisterID]
Program terminated with signal 11, Segmentation fault.
#0 0xf59e9618 in WTFCrash () at /home/webkitbuildbot/oszi/WebKit/Source/WTF/wtf/Assertions.cpp:339
339 *(int *)(uintptr_t)0xbbadbeef = 0;
(gdb)
(gdb) bt
#0 0xf59e9618 in WTFCrash () at /home/webkitbuildbot/oszi/WebKit/Source/WTF/wtf/Assertions.cpp:339
#1 0xf57f53b6 in JSC::DFG::RegisterBank::allocate(JSC::VirtualRegister&) ()
at /home/webkitbuildbot/oszi/WebKit/Source/WTF/wtf/PrintStream.h:59
#2 0xf57f0368 in JSC::DFG::SpeculativeJIT::allocate() () at /home/webkitbuildbot/oszi/WebKit/Source/WTF/wtf/PrintStream.h:59
#3 0xf57d5ff3 in JSC::DFG::GPRTemporary::GPRTemporary (this=0xfff8ee64, jit=0x83094f0)
at /home/webkitbuildbot/oszi/WebKit/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:1214
#4 0xf57da30f in JSC::DFG::SpeculativeJIT::compileGetByValOnString (this=0x83094f0, node=0xeb8b04ac)
at /home/webkitbuildbot/oszi/WebKit/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:2137
#5 0xf58118c8 in JSC::DFG::SpeculativeJIT::compile(JSC::DFG::Node*) ()
at /home/webkitbuildbot/oszi/WebKit/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp:2665
#6 0xf57d878e in JSC::DFG::SpeculativeJIT::compileCurrentBlock (this=0x83094f0)
at /home/webkitbuildbot/oszi/WebKit/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:1804
#7 0xf57d8e38 in JSC::DFG::SpeculativeJIT::compile (this=0x83094f0) at /home/webkitbuildbot/oszi/WebKit/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:1918
#8 0xf579d2e0 in JSC::DFG::JITCompiler::compileBody (this=0xfff91454) at /home/webkitbuildbot/oszi/WebKit/Source/JavaScriptCore/dfg/DFGJITCompiler.cpp:117
#9 0xf579ed95 in JSC::DFG::JITCompiler::compileFunction (this=0xfff91454)
at /home/webkitbuildbot/oszi/WebKit/Source/JavaScriptCore/dfg/DFGJITCompiler.cpp:382
#10 0xf57c2649 in JSC::DFG::Plan::compileInThreadImpl (this=0x83285b0, longLivedState=0x827f790)
at /home/webkitbuildbot/oszi/WebKit/Source/JavaScriptCore/dfg/DFGPlan.cpp:256
#11 0xf57c214e in JSC::DFG::Plan::compileInThread (this=0x83285b0, longLivedState=0x827f790)
at /home/webkitbuildbot/oszi/WebKit/Source/JavaScriptCore/dfg/DFGPlan.cpp:113
#12 0xf578524d in JSC::DFG::compile (compileMode=CompileFunction, exec=0xe9d001f8, codeBlock=0x83035f8, jitCode=0xec23ea9c,
jitCodeWithArityCheck=0xec23eaa4, osrEntryBytecodeIndex=) at /home/webkitbuildbot/oszi/WebKit/Source/JavaScriptCore/dfg/DFGDriver.cpp:128
#13 0xf57852f2 in JSC::DFG::tryCompileFunction (exec=0xe9d001f8, codeBlock=0x83035f8, jitCode=0xec23ea9c, jitCodeWithArityCheck=0xec23eaa4,
bytecodeIndex=) at /home/webkitbuildbot/oszi/WebKit/Source/JavaScriptCore/dfg/DFGDriver.cpp:139
#14 0xf5933125 in JSC::jitCompileFunctionIfAppropriateImpl(JSC::ExecState*, JSC::FunctionCodeBlock*, WTF::RefPtr&, JSC::MacroAssemblerCodePtr&, JSC::JITCode::JITType, unsigned int, JSC::JITCompilationEffort) () at /home/webkitbuildbot/oszi/WebKit/Source/JavaScriptCore/bytecode/SpeculatedType.h:272
#15 0xf593346b in JSC::prepareFunctionForExecutionImpl(JSC::ExecState*, JSC::FunctionCodeBlock*, WTF::RefPtr&, JSC::MacroAssemblerCodePtr&, JSC::JITCode::JITType, unsigned int, JSC::CodeSpecializationKind) () at /home/webkitbuildbot/oszi/WebKit/Source/JavaScriptCore/bytecode/SpeculatedType.h:272
#16 0xf59334ad in JSC::prepareFunctionForExecution(JSC::ExecState*, WTF::RefPtr&, JSC::FunctionCodeBlock*, WTF::RefPtr&, JSC::MacroAssemblerCodePtr&, int&, JSC::JITCode::JITType, unsigned int, JSC::CodeSpecializationKind) ()
at /home/webkitbuildbot/oszi/WebKit/Source/JavaScriptCore/bytecode/SpeculatedType.h:272
#17 0xf59318c2 in JSC::FunctionExecutable::compileForCallInternal (this=0xec23ea88, exec=0xe9d001f8, scope=0xedc9fa38, jitType=DFGJIT, result=0xfff91db4,
bytecodeIndex=) at /home/webkitbuildbot/oszi/WebKit/Source/JavaScriptCore/runtime/Executable.cpp:561
#18 0xf5931185 in JSC::FunctionExecutable::compileOptimizedForCall (this=0xec23ea88, exec=0xe9d001f8, scope=0xedc9fa38, result=0xfff91db4,
bytecodeIndex=) at /home/webkitbuildbot/oszi/WebKit/Source/JavaScriptCore/runtime/Executable.cpp:480
#19 0xf567a218 in JSC::FunctionExecutable::compileOptimizedFor(JSC::ExecState*, JSC::JSScope*, JSC::CompilationResult&, unsigned int, JSC::CodeSpecializationKind) () at /home/webkitbuildbot/oszi/WebKit/Source/WTF/wtf/PrintStream.h:59
#20 0xf5674f9a in JSC::FunctionCodeBlock::compileOptimized (this=0x8314ff8, exec=0xe9d001f8, scope=0xedc9fa38, result=0xfff91db4,
bytecodeIndex=) at /home/webkitbuildbot/oszi/WebKit/Source/JavaScriptCore/bytecode/CodeBlock.cpp:2730
#21 0xf588492d in cti_optimize (args=0xfff91e10) at /home/webkitbuildbot/oszi/WebKit/Source/JavaScriptCore/jit/JITStubs.cpp:1044
#22 0xf5881c61 in JSC::tryCacheGetByID (callFrame=0xee619460, codeBlock=0x827d76c, returnAddress=..., baseValue=..., propertyName=0x8274780,
slot=0xfff91e98, stubInfo=0xf584e076) at /home/webkitbuildbot/oszi/WebKit/Source/JavaScriptCore/jit/JITStubs.cpp:274
#23 0xfff91e2c in ?? ()
#24 0xf586392a in JSC::JITCode::execute (this=0x8320a00, stack=0x827d76c, callFrame=0xe9d001a0, vm=0x8274780)
at /home/webkitbuildbot/oszi/WebKit/Source/JavaScriptCore/jit/JITCode.cpp:46
#25 0xf584d40f in JSC::Interpreter::execute (this=0x827d760, eval=0xec23e9d8, callFrame=0xe9d00148, thisValue=..., scope=0xeb83cd50)
at /home/webkitbuildbot/oszi/WebKit/Source/JavaScriptCore/interpreter/Interpreter.cpp:1208
#26 0xf584849d in JSC::eval (callFrame=0xe9d00148) at /home/webkitbuildbot/oszi/WebKit/Source/JavaScriptCore/interpreter/Interpreter.cpp:148
#27 0xf588875e in cti_op_call_eval (args=0xfff92900) at /home/webkitbuildbot/oszi/WebKit/Source/JavaScriptCore/jit/JITStubs.cpp:1965
#28 0xf5881c61 in JSC::tryCacheGetByID (callFrame=0xef986fc0, codeBlock=0x827d76c, returnAddress=..., baseValue=..., propertyName=0x8274780,
slot=0xfff92988, stubInfo=0xf584e1d4) at /home/webkitbuildbot/oszi/WebKit/Source/JavaScriptCore/jit/JITStubs.cpp:274
#29 0xe9d00058 in ?? ()
#30 0xf586392a in JSC::JITCode::execute (this=0x831b0e8, stack=0x827d76c, callFrame=0xe9d00058, vm=0x8274780)
at /home/webkitbuildbot/oszi/WebKit/Source/JavaScriptCore/jit/JITCode.cpp:46
#31 0xf584bb7e in JSC::Interpreter::execute (this=0x827d760, program=0xec23eae0, callFrame=0xedc9fa8c, thisObj=0xedcdffd8)
at /home/webkitbuildbot/oszi/WebKit/Source/JavaScriptCore/interpreter/Interpreter.cpp:856
#32 0xf5925768 in JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, JSC::JSValue*) ()
at /home/webkitbuildbot/oszi/WebKit/Source/JavaScriptCore/runtime/Completion.cpp:83
#33 0xf435e490 in WebCore::JSMainThreadExecState::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, JSC::JSValue*) ()
at /home/webkitbuildbot/oszi/WebKit/Source/WTF/wtf/PassOwnArrayPtr.h:83
#34 0xf437b621 in WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld*) ()
---Type to continue, or q to quit---
at /home/webkitbuildbot/oszi/WebKit/Source/WTF/wtf/PassOwnArrayPtr.h:83
#35 0xf437b71a in WebCore::ScriptController::evaluate(WebCore::ScriptSourceCode const&) ()
at /home/webkitbuildbot/oszi/WebKit/Source/WTF/wtf/PassOwnArrayPtr.h:83
#36 0xf462e936 in WebCore::ScriptElement::executeScript(WebCore::ScriptSourceCode const&) ()
at /home/webkitbuildbot/oszi/WebKit/Source/WTF/wtf/PassOwnArrayPtr.h:83
#37 0xf47bfbcf in WebCore::HTMLScriptRunner::executePendingScriptAndDispatchEvent(WebCore::PendingScript&) ()
at /home/webkitbuildbot/oszi/WebKit/Source/WTF/wtf/PassOwnArrayPtr.h:83
#38 0xf47bfa44 in WebCore::HTMLScriptRunner::executeParsingBlockingScript() () at /home/webkitbuildbot/oszi/WebKit/Source/WTF/wtf/PassOwnArrayPtr.h:83
#39 0xf47bfedb in WebCore::HTMLScriptRunner::executeParsingBlockingScripts() () at /home/webkitbuildbot/oszi/WebKit/Source/WTF/wtf/PassOwnArrayPtr.h:83
#40 0xf47c003e in WebCore::HTMLScriptRunner::executeScriptsWaitingForLoad(WebCore::CachedResource*) ()
at /home/webkitbuildbot/oszi/WebKit/Source/WTF/wtf/PassOwnArrayPtr.h:83
#41 0xf47b1f17 in WebCore::HTMLDocumentParser::notifyFinished(WebCore::CachedResource*) ()
at /home/webkitbuildbot/oszi/WebKit/Source/WTF/wtf/PassOwnArrayPtr.h:83
#42 0xf49005c9 in WebCore::CachedResource::checkNotify (this=0x82e2f80)
at /home/webkitbuildbot/oszi/WebKit/Source/WebCore/loader/cache/CachedResource.cpp:369
#43 0xf49006b1 in WebCore::CachedResource::finishLoading (this=0x82e2f80)
at /home/webkitbuildbot/oszi/WebKit/Source/WebCore/loader/cache/CachedResource.cpp:385
#44 0xf49081b4 in WebCore::CachedScript::finishLoading(WebCore::ResourceBuffer*) () at /home/webkitbuildbot/oszi/WebKit/Source/WTF/wtf/PageBlock.h:72
#45 0xf4959af0 in WebCore::SubresourceLoader::didFinishLoading (this=0x82e3320, finishTime=0)
at /home/webkitbuildbot/oszi/WebKit/Source/WebCore/loader/SubresourceLoader.cpp:282
#46 0xf4950ee1 in WebCore::ResourceLoader::didFinishLoading(WebCore::ResourceHandle*, double) ()
at /home/webkitbuildbot/oszi/WebKit/Source/WTF/wtf/PageBlock.h:72
#47 0xf4d9a0b8 in WebCore::QNetworkReplyHandler::finish() () at /usr/include/c++/4.6/bits/stl_algobase.h:218
#48 0xf4d98da0 in WebCore::QNetworkReplyHandlerCallQueue::flush() () at /usr/include/c++/4.6/bits/stl_algobase.h:218
#49 0xf4d98aec in WebCore::QNetworkReplyHandlerCallQueue::push(void (WebCore::QNetworkReplyHandler::*)()) () at /usr/include/c++/4.6/bits/stl_algobase.h:218
#50 0xf4d999a8 in WebCore::QNetworkReplyWrapper::didReceiveFinished() () at /usr/include/c++/4.6/bits/stl_algobase.h:218
#51 0xf4d9c09c in WebCore::QNetworkReplyWrapper::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) ()
at /usr/include/c++/4.6/bits/stl_algobase.h:218
#52 0xf2f8b9ad in QMetaObject::activate(QObject*, int, int, void**) () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Core.so.5
#53 0xf2f8c3cb in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Core.so.5
#54 0xf3679fd5 in QNetworkReply::finished() () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Network.so.5
#55 0xf367a250 in ?? () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Network.so.5
#56 0xf2f89b53 in QMetaCallEvent::placeMetaCall(QObject*) () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Core.so.5
#57 0xf2f8d062 in QObject::event(QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Core.so.5
#58 0xf37c0e34 in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Widgets.so.5
#59 0xf37c4844 in QApplication::notify(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Widgets.so.5
#60 0xf2f62eee in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Core.so.5
#61 0xf2f650b4 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Core.so.5
#62 0xf2f6560c in QCoreApplication::sendPostedEvents(QObject*, int) () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Core.so.5
#63 0xf2fb02c4 in ?? () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Core.so.5
#64 0xf224bcda in g_main_context_dispatch () from /lib/i386-linux-gnu/libglib-2.0.so.0
#65 0xf224c0e5 in ?? () from /lib/i386-linux-gnu/libglib-2.0.so.0
#66 0xf224c1c1 in g_main_context_iteration () from /lib/i386-linux-gnu/libglib-2.0.so.0
#67 0xf2fb06d8 in QEventDispatcherGlib::processEvents(QFlags) () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Core.so.5
#68 0xef9cf036 in ?? () from /usr/local/Trolltech/Qt5/Qt-5.0.1/plugins/platforms/libqxcb.so
#69 0xf2f61726 in QEventLoop::processEvents(QFlags) () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Core.so.5
#70 0xf2f61b64 in QEventLoop::exec(QFlags) () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Core.so.5
#71 0xf2f656b2 in QCoreApplication::exec() () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Core.so.5
#72 0xf3218984 in QGuiApplication::exec() () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Gui.so.5
#73 0xf37bbfe4 in QApplication::exec() () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Widgets.so.5
#74 0x0807b8db in main () at /usr/include/c++/4.6/bits/move.h:83
#75 0xf2a7e4d3 in __libc_start_main () from /lib/i386-linux-gnu/libc.so.6
#76 0x080599d1 in _start ()
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 11:56:55 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 11:56:55 -0700
Subject: [Webkit-unassigned] [Bug 119140] REGRESSION: Crash beneath
cti_vm_throw_slowpath due to invalid CallFrame pointer
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=119140
Csaba Osztrogonac changed:
What |Removed |Added
----------------------------------------------------------------------------
Blocks| |119405
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 11:57:32 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 11:57:32 -0700
Subject: [Webkit-unassigned] [Bug 119403] Crashing Test:
fast/forms/color/input-color-onchange-event.html
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=119403
WebKit Commit Bot changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #207941|review+, commit-queue+ |
Flag| |
--- Comment #9 from WebKit Commit Bot 2013-08-01 11:57:17 PST ---
(From update of attachment 207941)
Clearing flags on attachment: 207941
Committed r153594:
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
From bugzilla-daemon at webkit.org Thu Aug 1 11:57:35 2013
From: bugzilla-daemon at webkit.org (bugzilla-daemon at webkit.org)
Date: Thu, 1 Aug 2013 11:57:35 -0700
Subject: [Webkit-unassigned] [Bug 119403] Crashing Test:
fast/forms/color/input-color-onchange-event.html
In-Reply-To:
References:
Message-ID:
https://bugs.webkit.org/show_bug.cgi?id=119403
WebKit Commit Bot changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |RESOLVED
Resolution| |FIXED
--- Comment #10 from WebKit Commit Bot