[Webkit-unassigned] [Bug 135822] New: REGRESSION: Web Inspector crashes in JSC::repatchCall under requestAnimationFrame when capturing an execution
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Aug 11 17:30:19 PDT 2014
https://bugs.webkit.org/show_bug.cgi?id=135822
Summary: REGRESSION: Web Inspector crashes in JSC::repatchCall
under requestAnimationFrame when capturing an
execution
Product: WebKit
Version: 528+ (Nightly build)
Platform: Unspecified
URL: http://www.nihilogic.dk/labs/tetris/
OS/Version: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: JavaScriptCore
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: burg at cs.washington.edu
CC: timothy at apple.com, ggaren at apple.com,
joepeck at webkit.org, mark.lam at apple.com,
sbarati at apple.com
Steps to reproduce:
1. Use an engineering build which has WEB_REPLAY enabled.
2. Navigate to the page
3. Open the web inspector
4. Open the timelines sidebar panel
5. Right-click on the navigation bar and select "Show Replay Controls"
6. Press the recording button (centered)
After recording for a few (5-10) seconds, the inspector crashes.
This is very reproducible on this page. I am currently trying to narrow down the reproduction steps, as it is probably triggered by the timelines overview, not anything specific to WEB_REPLAY. I will update this bug if a debug build/lldb hits any useful asserts.
Stack trace:
1 0x1119bba6a JSC::repatchCall(JSC::RepatchBuffer&, JSC::CodeLocationCall, JSC::FunctionPtr)
2 0x1119ba7e8 JSC::repatchIn(JSC::ExecState*, JSC::JSCell*, JSC::Identifier const&, bool, JSC::PropertySlot const&, JSC::StructureStubInfo&)
3 0x11181efa9 operationInOptimize
4 0x3b491b3df194
5 0x1118f64f9 callToJavaScript
6 0x111803093 JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*)
7 0x1117e86ea JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)
8 0x1115cc55e JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)
9 0x1117b1f39 JSC::callGetter(JSC::ExecState*, JSC::JSValue, JSC::JSValue)
10 0x11181ddcd operationGetById
11 0x3b491b416934
12 0x3b491b45ae57
13 0x3b491b492882
14 0x3b491b48e66e
15 0x3b491b36a8c7
16 0x1118f64f9 callToJavaScript
17 0x111803093 JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*)
18 0x1117e86ea JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)
19 0x1115cc55e JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)
20 0x11184c33b JSC::boundFunctionCall(JSC::ExecState*)
21 0x1118f6697 callToNativeFunction
22 0x1117e8730 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)
23 0x1115cc5af JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, JSC::JSValue*)
24 0x11235ab14 WebCore::JSCallbackData::invokeCallback(JSC::JSValue, JSC::MarkedArgumentBuffer&, bool*)
25 0x1125491cf WebCore::JSRequestAnimationFrameCallback::handleEvent(double)
26 0x11292e387 WebCore::ScriptedAnimationController::serviceScriptedAnimations(double)
27 0x111fda27b WebCore::DisplayRefreshMonitor::displayDidRefresh()
28 0x111a50b94 WTF::dispatchFunctionsFromMainThread()
29 0x7fff9390d13e __NSThreadPerformPerform
30 0x7fff96b0e5b1 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__
31 0x7fff96affc62 __CFRunLoopDoSources0
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list