[Webkit-unassigned] [Bug 150062] New: CRASH under ~GCAwareJITStubRoutineWithExceptionHandler recording timelines with Web Inspector

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Oct 12 16:35:30 PDT 2015 

https://bugs.webkit.org/show_bug.cgi?id=150062

            Bug ID: 150062
           Summary: CRASH under ~GCAwareJITStubRoutineWithExceptionHandler
                    recording timelines with Web Inspector
    Classification: Unclassified
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: joepeck at webkit.org
                CC: fpizlo at apple.com, ggaren at apple.com, sbarati at apple.com

* SUMMARY
CRASH under ~GCAwareJITStubRoutineWithExceptionHandler recording timelines with Web Inspector

* STEPS TO REPRODUCE (nearly 100%)
1. Inspect apple.com
2. Switch to Timelines tab
3. Reload
  => inspector crashes

* CRASH

> Exception Type:        EXC_BAD_ACCESS (SIGSEGV)
> Exception Codes:       KERN_INVALID_ADDRESS at 0x0000000000000000
> 
> Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
> 0   JSC::GCAwareJITStubRoutineWithExceptionHandler::~GCAwareJITStubRoutineWithExceptionHandler() + 45 (GCAwareJITStubRoutine.cpp:118)
> 1   JSC::JITStubRoutineSet::deleteUnmarkedJettisonedStubRoutines() + 140 (Vector.h:651)
> 2   JSC::Heap::collectImpl(JSC::HeapOperation, void*, void*, int (&) [37]) + 992 (Heap.cpp:1234)
> 3   JSC::Heap::collect(JSC::HeapOperation) + 96 (Heap.cpp:1026)
> 4   JSC::JSObject::ensureLengthSlow(JSC::VM&, unsigned int) + 498 (JSObject.cpp:2477)
> 5   void JSC::JSObject::putByIndexBeyondVectorLengthWithoutAttributes<(unsigned char)8>(JSC::ExecState*, unsigned int, JSC::JSValue) + 576 (CopyWriteBarrier.h:57)
> 6   operationArrayPush + 54 (DFGOperations.cpp:530)
> 7   0 + 99460893724358
> 8   llint_entry + 23138
> 9   vmEntryToJavaScript + 299
> 10  JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) + 158 (JITCode.cpp:81)
> 11  JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::JSObject*) + 10445 (Interpreter.cpp:961)
> 12  JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) + 469 (Completion.cpp:104)
> 13  WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld&) + 284 (JSMainThreadExecState.h:62)
> 14  WebCore::ScriptController::executeScript(WTF::String const&, bool) + 320 (Ref.h:55)
> 15  WebKit::WebInspectorFrontendAPIDispatcher::evaluateExpressionOnLoad(WTF::String const&) + 56 (WebInspectorFrontendAPIDispatcher.cpp:83)
> 16  WebKit::WebInspectorFrontendAPIDispatcher::dispatchMessageAsync(WTF::String const&) + 72 (StdLibExtras.h:358)
> ...

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20151012/5146c7a9/attachment.html>

More information about the webkit-unassigned mailing list