[Webkit-unassigned] [Bug 127582] New: ASSERT(!m_markedSpace.m_currentDelayedReleaseScope) reloading page in inspector

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Jan 24 13:41:25 PST 2014 

https://bugs.webkit.org/show_bug.cgi?id=127582

           Summary: ASSERT(!m_markedSpace.m_currentDelayedReleaseScope)
                    reloading page in inspector
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Unspecified
        OS/Version: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: joepeck at webkit.org
                CC: mark.lam at apple.com


Seeing an ASSERT reloading a page with the inspector.

* STEPS TO REPRODUCE
1. Inspect <http://bogojoker.com/shell/>
2. Set some breakpoints in easySlider.min.js that should trigger on load
3. Reload the page
  => ASSERT


(lldb) f
frame #0: 0x000000010830685a JavaScriptCore`WTFCrash + 42 at Assertions.cpp:333
   330             globalHook();
   331     
   332         WTFReportBacktrace();
-> 333         *(int *)(uintptr_t)0xbbadbeef = 0;
   334         // More reliable, but doesn't say BBADBEEF.
   335     #if COMPILER(CLANG)
   336         __builtin_trap();

(lldb) up
frame #1: 0x0000000107f97a4a JavaScriptCore`JSC::DelayedReleaseScope::DelayedReleaseScope(this=0x00007fff5efe4290, markedSpace=0x00007fc39c82bad8) + 106 at DelayedReleaseScope.h:41
   38          DelayedReleaseScope(MarkedSpace& markedSpace)
   39              : m_markedSpace(markedSpace)
   40          {
-> 41              ASSERT(!m_markedSpace.m_currentDelayedReleaseScope);
   42              m_markedSpace.m_currentDelayedReleaseScope = this;
   43          }
   44      

(lldb) p *m_markedSpace.m_currentDelayedReleaseScope
(JSC::DelayedReleaseScope) $1 = {
  m_markedSpace = 0x00007fc39c82bad8
  m_delayedReleaseObjects = { size = 0, capacity = 0 } {
    m_size = 0
    m_capacity = 0
    m_buffer = 0x0000000000000000
  }
}

(lldb) bt
* thread #1: tid = 0x1b8a01, 0x000000010830685a JavaScriptCore`WTFCrash + 42 at Assertions.cpp:333, queue = 'com.apple.main-thread, stop reason = EXC_BAD_ACCESS (code=1, address=0xbbadbeef)
    frame #0: 0x000000010830685a JavaScriptCore`WTFCrash + 42 at Assertions.cpp:333
    frame #1: 0x0000000107f97a4a JavaScriptCore`JSC::DelayedReleaseScope::DelayedReleaseScope(this=0x00007fff5efe4290, markedSpace=0x00007fc39c82bad8) + 106 at DelayedReleaseScope.h:41
    frame #2: 0x0000000107f8cf3d JavaScriptCore`JSC::DelayedReleaseScope::DelayedReleaseScope(this=0x00007fff5efe4290, markedSpace=0x00007fc39c82bad8) + 29 at DelayedReleaseScope.h:43
    frame #3: 0x0000000108135427 JavaScriptCore`JSC::MarkedSpace::resumeAllocating(this=0x00007fc39c82bad8) + 87 at MarkedSpace.cpp:216
    frame #4: 0x0000000108135ba3 JavaScriptCore`JSC::MarkedSpace::didFinishIterating(this=0x00007fc39c82bad8) + 83 at MarkedSpace.cpp:349
    frame #5: 0x0000000107f88ecc JavaScriptCore`JSC::Heap::didFinishIterating(this=0x00007fc39c82b818) + 28 at Heap.cpp:427
    frame #6: 0x0000000107d63618 JavaScriptCore`JSC::HeapIterationScope::~HeapIterationScope(this=0x00007fff5efe4358) + 24 at HeapIterationScope.h:52
    frame #7: 0x0000000107d52345 JavaScriptCore`JSC::HeapIterationScope::~HeapIterationScope(this=0x00007fff5efe4358) + 21 at HeapIterationScope.h:51
    frame #8: 0x0000000107d4fbfb JavaScriptCore`JSC::Debugger::clearDebuggerRequests(this=0x00007fc398f264e0, globalObject=0x000000011283c470) + 155 at Debugger.cpp:525
    frame #9: 0x0000000107d4fac6 JavaScriptCore`JSC::Debugger::detach(this=0x00007fc398f264e0, globalObject=0x000000011283c470) + 198 at Debugger.cpp:193
    frame #10: 0x000000010802ff0f JavaScriptCore`JSC::JSGlobalObject::~JSGlobalObject(this=0x000000011283c470) + 63 at JSGlobalObject.cpp:167
    frame #11: 0x000000010a06db05 WebCore`WebCore::JSDOMGlobalObject::~JSDOMGlobalObject(this=0x000000011283c470) + 85 at JSDOMGlobalObject.h:44
    frame #12: 0x000000010a0f1661 WebCore`WebCore::JSDOMWindowBase::~JSDOMWindowBase(this=0x000000011283c470) + 49 at JSDOMWindowBase.h:37
    frame #13: 0x000000010a0ee095 WebCore`WebCore::JSDOMWindowBase::~JSDOMWindowBase(this=0x000000011283c470) + 21 at JSDOMWindowBase.h:37
    frame #14: 0x000000010a0ed335 WebCore`WebCore::JSDOMWindowBase::destroy(cell=0x000000011283c470) + 21 at JSDOMWindowBase.cpp:84
    frame #15: 0x0000000107f8ae16 JavaScriptCore`JSC::Heap::FinalizerOwner::finalize(this=0x00007fc39c835bb0, handle=Handle<JSC::Unknown> at 0x00007fff5efe44f0, context=0x000000010a0ed320) + 70 at Heap.cpp:1024
    frame #16: 0x00000001082b2a3d JavaScriptCore`JSC::WeakBlock::finalize(this=0x00000001047bd000, weakImpl=0x00000001047bdf60) + 189 at WeakSetInlines.h:52
    frame #17: 0x00000001082b23fe JavaScriptCore`JSC::WeakBlock::sweep(this=0x00000001047bd000) + 158 at WeakBlock.cpp:76
    frame #18: 0x00000001082b9b00 JavaScriptCore`JSC::WeakSet::sweep(this=0x0000000112830448) + 64 at WeakSet.cpp:47
    frame #19: 0x0000000108132f4d JavaScriptCore`JSC::MarkedBlock::sweep(this=0x0000000112830000, sweepMode=SweepOnly) + 109 at MarkedBlock.cpp:109
    frame #20: 0x0000000107f9e489 JavaScriptCore`JSC::IncrementalSweeper::sweepNextBlock(this=0x00007fc39ab477f0) + 137 at IncrementalSweeper.cpp:100
    frame #21: 0x0000000107f9e37a JavaScriptCore`JSC::IncrementalSweeper::doSweep(this=0x00007fc39ab477f0, sweepBeginTime=85259.169231679) + 106 at IncrementalSweeper.cpp:78
    frame #22: 0x0000000107f9e302 JavaScriptCore`JSC::IncrementalSweeper::doWork(this=0x00007fc39ab477f0) + 34 at IncrementalSweeper.cpp:71
    frame #23: 0x0000000107f9a472 JavaScriptCore`JSC::HeapTimer::timerDidFire(timer=0x00007fc39ab47890, context=0x00007fc39ab46280) + 338 at HeapTimer.cpp:97
    frame #24: 0x00007fff95ff8564 CoreFoundation`__CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 20
    frame #25: 0x00007fff95ff809f CoreFoundation`__CFRunLoopDoTimer + 1151
    frame #26: 0x00007fff960695aa CoreFoundation`__CFRunLoopDoTimers + 298
    frame #27: 0x00007fff95fb38e5 CoreFoundation`__CFRunLoopRun + 1525
    frame #28: 0x00007fff95fb30b5 CoreFoundation`CFRunLoopRunSpecific + 309
    frame #29: 0x00007fff8c2c7a0d HIToolbox`RunCurrentEventLoopInMode + 226
    frame #30: 0x00007fff8c2c77b7 HIToolbox`ReceiveNextEventCommon + 479
    frame #31: 0x00007fff8c2c75bc HIToolbox`_BlockUntilNextEventMatchingListInModeWithFilter + 65
    frame #32: 0x00007fff926ad6de AppKit`_DPSNextEvent + 1434
    frame #33: 0x00007fff926acd2b AppKit`-[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 122
    frame #34: 0x00007fff926a0e2c AppKit`-[NSApplication run] + 553
    frame #35: 0x00007fff9268bbf3 AppKit`NSApplicationMain + 940
    frame #36: 0x00007fff8dd1fc0f XPCService`_xpc_main + 385
    frame #37: 0x00007fff93840bde libxpc.dylib`xpc_main + 399
    frame #38: 0x0000000100c19365 com.apple.WebKit.WebContent.Development`main(argc=1, argv=0x00007fff5efe7130) + 37 at XPCServiceMain.Development.mm:166
    frame #39: 0x00007fff8bdae5fd libdyld.dylib`start + 1

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list