[Webkit-unassigned] [Bug 125942] New: COLLECT_ON_EVERY_ALLOCATION makes any script execution crash with an assertion in DelayedReleaseScope constructor

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Dec 18 13:35:21 PST 2013 

https://bugs.webkit.org/show_bug.cgi?id=125942

           Summary: COLLECT_ON_EVERY_ALLOCATION makes any script execution
                    crash with an assertion in DelayedReleaseScope
                    constructor
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Unspecified
        OS/Version: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: ap at webkit.org
                CC: ggaren at apple.com, mhahnenberg at apple.com


Regression tests just crash before running any JS when COLLECT_ON_EVERY_ALLOCATION is enabled:

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   com.apple.JavaScriptCore          0x0000000100f7deaa WTFCrash + 42 (Assertions.cpp:341)
1   com.apple.JavaScriptCore          0x0000000100c2048a JSC::DelayedReleaseScope::DelayedReleaseScope(JSC::MarkedSpace&) + 106 (DelayedReleaseScope.h:41)
2   com.apple.JavaScriptCore          0x0000000100c1675d JSC::DelayedReleaseScope::DelayedReleaseScope(JSC::MarkedSpace&) + 29 (DelayedReleaseScope.h:43)
3   com.apple.JavaScriptCore          0x0000000100c13c3c JSC::Heap::collectAllGarbage() + 60 (Heap.cpp:730)
4   com.apple.JavaScriptCore          0x0000000100db842d JSC::MarkedAllocator::allocateSlowCase(unsigned long) + 141 (MarkedAllocator.cpp:85)
5   com.apple.WebCore                 0x0000000102ac61df JSC::MarkedAllocator::allocate(unsigned long) + 79 (MarkedAllocator.h:91)
6   com.apple.WebCore                 0x0000000102ac6079 JSC::MarkedSpace::allocateWithImmortalStructureDestructor(unsigned long) + 41 (MarkedSpace.h:224)
7   com.apple.WebCore                 0x0000000102ac6006 JSC::Heap::allocateWithImmortalStructureDestructor(unsigned long) + 118 (Heap.h:420)
8   com.apple.WebCore                 0x0000000102ac5f1c void* JSC::allocateCell<JSC::Structure>(JSC::Heap&, unsigned long) + 252 (JSCellInlines.h:97)
9   com.apple.WebCore                 0x0000000102ac5a8f void* JSC::allocateCell<JSC::Structure>(JSC::Heap&) + 31 (JSCellInlines.h:109)
10  com.apple.WebCore                 0x0000000102ac580f JSC::Structure::create(JSC::VM&, JSC::JSGlobalObject*, JSC::JSValue, JSC::TypeInfo const&, JSC::ClassInfo const*, unsigned char, unsigned int) + 191 (StructureInlines.h:39)
11  com.apple.WebCore                 0x000000010409f788 WebCore::JSDOMWindowShell::createStructure(JSC::VM&, JSC::JSValue) + 104 (JSDOMWindowShell.h:62)

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list