[Webkit-unassigned] [Bug 154542] New: Debug assertion failure while loading http://kangax.github.io/compat-table/es6/.

Mon Feb 22 10:05:39 PST 2016

https://bugs.webkit.org/show_bug.cgi?id=154542

            Bug ID: 154542
           Summary: Debug assertion failure while loading
                    http://kangax.github.io/compat-table/es6/.
    Classification: Unclassified
           Product: WebKit
           Version: WebKit Local Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: mark.lam at apple.com

Just loading the kangax ES6 compatibility tests site triggers the following assertion failure on a debug build:

    Structure* InternalFunction::createSubclassStructure(ExecState* exec, JSValue newTarget, Structure* baseClass)
    {

        VM& vm = exec->vm();
        // We allow newTarget == JSValue() because the API needs to be able to create classes without having a real JS frame.
        // Since we don't allow subclassing in the API we just treat newTarget == JSValue() as newTarget == exec->callee()
        ASSERT(!newTarget || newTarget.isFunction());   // <============ Failed this assert.

        if (newTarget && newTarget != exec->callee()) {
        ...

(lldb) bt
* thread #1: tid = 0x671b, 0x00000001064aa0a7 JavaScriptCore`::WTFCrash() + 39 at Assertions.cpp:322, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0xbbadbeef)
  * frame #0: 0x00000001064aa0a7 JavaScriptCore`::WTFCrash() + 39 at Assertions.cpp:322
    frame #1: 0x0000000105ea106f JavaScriptCore`JSC::InternalFunction::createSubclassStructure(exec=0x00007fff5dd208d0, newTarget=JSValue @ 0x00007fff5dd20480, baseClass=0x000000011d658c00) + 111 at InternalFunction.cpp:87
    frame #2: 0x0000000105f50993 JavaScriptCore`JSC::constructArrayBuffer(exec=0x00007fff5dd208d0) + 339 at JSArrayBufferConstructor.cpp:99
    frame #3: 0x00000001060e82b6 JavaScriptCore`JSC::LLInt::handleHostCall(execCallee=0x00007fff5dd208d0, pc=0x000000011ed14280, callee=JSValue @ 0x00007fff5dd206a8, kind=CodeForCall) + 262 at LLIntSlowPaths.cpp:1108
    frame #4: 0x00000001060e8fda JavaScriptCore`JSC::LLInt::setUpCall(execCallee=0x00007fff5dd208d0, pc=0x000000011ed14280, kind=CodeForCall, calleeAsValue=JSValue @ 0x00007fff5dd20808, callLinkInfo=0x0000000120fa34b8) + 106 at LLIntSlowPaths.cpp:1154
    frame #5: 0x00000001060e8f56 JavaScriptCore`JSC::LLInt::genericCall(exec=0x00007fff5dd20960, pc=0x000000011ed14280, kind=CodeForCall) + 230 at LLIntSlowPaths.cpp:1238
    frame #6: 0x00000001060e5ffc JavaScriptCore`::llint_slow_path_call(exec=0x00007fff5dd20960, pc=0x000000011ed14280) + 60 at LLIntSlowPaths.cpp:1244
    frame #7: 0x00000001060f10c9 JavaScriptCore`llint_entry + 26821
    frame #8: 0x00000001060f10db JavaScriptCore`llint_entry + 26839
    frame #9: 0x00000001060f10db JavaScriptCore`llint_entry + 26839
    frame #10: 0x00000001060f10db JavaScriptCore`llint_entry + 26839
    frame #11: 0x00000001060f10db JavaScriptCore`llint_entry + 26839
    frame #12: 0x00000001060ea5ee JavaScriptCore`llintPCRangeStart + 334
    frame #13: 0x0000000105f0b58a JavaScriptCore`JSC::JITCode::execute(this=0x0000000120d86c30, vm=0x0000000117803380, protoCallFrame=0x00007fff5dd20e98) + 218 at JITCode.cpp:80
    frame #14: 0x0000000105ea5716 JavaScriptCore`JSC::Interpreter::execute(this=0x00000001179ec138, program=0x000000011c43b900, callFrame=0x000000011ce59140, thisObj=0x0000000117853f70) + 4518 at Interpreter.cpp:972
    frame #15: 0x000000010588ee20 JavaScriptCore`JSC::evaluate(exec=0x000000011ce59140, source=0x00007fff5dd22608, thisValue=JSValue @ 0x00007fff5dd222f0, returnedException=0x00007fff5dd22450) + 480 at Completion.cpp:106
    frame #16: 0x000000010588ef5e JavaScriptCore`JSC::profiledEvaluate(exec=0x000000011ce59140, reason=Other, source=0x00007fff5dd22608, thisValue=JSValue @ 0x00007fff5dd22348, returnedException=0x00007fff5dd22450) + 94 at Completion.cpp:121
    frame #17: 0x000000010a4d8c8b WebCore`WebCore::JSMainThreadExecState::profiledEvaluate(exec=0x000000011ce59140, reason=Other, source=0x00007fff5dd22608, thisValue=JSValue @ 0x00007fff5dd223d0, returnedException=0x00007fff5dd22450) + 75 at JSMainThreadExecState.h:80
    frame #18: 0x000000010a4d6806 WebCore`WebCore::ScriptController::evaluateInWorld(this=0x00000001179f5770, sourceCode=0x00007fff5dd22600, world=0x00000001179fb090, exceptionDetails=0x0000000000000000) + 326 at ScriptController.cpp:164
    frame #19: 0x000000010a4d696c WebCore`WebCore::ScriptController::evaluate(this=0x00000001179f5770, sourceCode=0x00007fff5dd22600, exceptionDetails=0x0000000000000000) + 76 at ScriptController.cpp:180
    frame #20: 0x000000010a4e5d6b WebCore`WebCore::ScriptElement::executeScript(this=0x00000001219f9e40, sourceCode=0x00007fff5dd22600) + 491 at ScriptElement.cpp:314
    frame #21: 0x000000010a4e4c53 WebCore`WebCore::ScriptElement::prepareScript(this=0x00000001219f9e40, scriptStartPosition=0x00007fff5dd228b8, supportLegacyTypes=DisallowLegacyTypeInTypeAttribute) + 1731 at ScriptElement.cpp:245
    frame #22: 0x000000010921ecbc WebCore`WebCore::HTMLScriptRunner::runScript(this=0x000000011c51e3a8, script=0x00000001219f9e40, scriptStartPosition=0x00007fff5dd228b8) + 364 at HTMLScriptRunner.cpp:302
    frame #23: 0x000000010921eaca WebCore`WebCore::HTMLScriptRunner::execute(this=0x000000011c51e3a8, scriptElement=PassRefPtr<WebCore::Element> @ 0x00007fff5dd228a8, scriptStartPosition=0x00007fff5dd228b8) + 138 at HTMLScriptRunner.cpp:175
    frame #24: 0x0000000109142bb1 WebCore`WebCore::HTMLDocumentParser::runScriptsForPausedTreeBuilder(this=0x000000011d671e40) + 289 at HTMLDocumentParser.cpp:195
    frame #25: 0x0000000109142cc1 WebCore`WebCore::HTMLDocumentParser::canTakeNextToken(this=0x000000011d671e40, mode=AllowYield, session=0x00007fff5dd22a98) + 177 at HTMLDocumentParser.cpp:213
    frame #26: 0x000000010914202f WebCore`WebCore::HTMLDocumentParser::pumpTokenizer(this=0x000000011d671e40, mode=AllowYield) + 399 at HTMLDocumentParser.cpp:252
    frame #27: 0x00000001091429ef WebCore`WebCore::HTMLDocumentParser::resumeParsingAfterYield(this=0x000000011d671e40) + 47 at HTMLDocumentParser.cpp:183
    frame #28: 0x00000001092050a8 WebCore`WebCore::HTMLParserScheduler::continueNextChunkTimerFired(this=0x00000001179c7c80) + 152 at HTMLParserScheduler.cpp:114
    frame #29: 0x0000000109206998 WebCore`void std::__1::__invoke_void_return_wrapper<void>::__call<std::__1::__bind<void (WebCore::HTMLParserScheduler::*&)(), WebCore::HTMLParserScheduler*>&>(std::__1::__bind<void (WebCore::HTMLParserScheduler::*&)(), WebCore::HTMLParserScheduler*>&&&) [inlined] decltype(__f=0x00000001179c7ce8, __a0=0x00000001179c7cf8)).*fp(std::__1::forward<>(fp1))) std::__1::__invoke<void (WebCore::HTMLParserScheduler::*&)(), WebCore::HTMLParserScheduler*&, void>(void (WebCore::HTMLParserScheduler::*&&&)(), WebCore::HTMLParserScheduler*&&&) + 248 at __functional_base:382
    frame #30: 0x0000000109206912 WebCore`void std::__1::__invoke_void_return_wrapper<void>::__call<std::__1::__bind<void (WebCore::HTMLParserScheduler::*&)(), WebCore::HTMLParserScheduler*>&>(std::__1::__bind<void (WebCore::HTMLParserScheduler::*&)(), WebCore::HTMLParserScheduler*>&&&) [inlined] std::__1::__bind_return<void (WebCore::HTMLParserScheduler::*)(), std::__1::tuple<WebCore::HTMLParserScheduler*>, std::__1::tuple<>, _is_valid_bind_return<void (WebCore::HTMLParserScheduler::*)(), std::__1::tuple<WebCore::HTMLParserScheduler*>, std::__1::tuple<> >::value>::type std::__1::__apply_functor<void (__f=0x00000001179c7ce8, __bound_args=0x00000001179c7cf8, (null)=__tuple_indices<0> @ 0x00007fff5dd22df0, __args=0x00007fff5dd22db0)(), std::__1::tuple<WebCore::HTMLParserScheduler*>, 0ul, std::__1::tuple<> >(void (WebCore::HTMLParserScheduler::*&)(), std::__1::tuple<WebCore::HTMLParserScheduler*>&, std::__1::__tuple_indices<0ul>, std::__1::tuple<>&&) + 40 at functional:2060
    frame #31: 0x00000001092068ea WebCore`void std::__1::__invoke_void_return_wrapper<void>::__call<std::__1::__bind<void (WebCore::HTMLParserScheduler::*&)(), WebCore::HTMLParserScheduler*>&>(std::__1::__bind<void (WebCore::HTMLParserScheduler::*&)(), WebCore::HTMLParserScheduler*>&&&) [inlined] std::__1::__bind_return<void (WebCore::HTMLParserScheduler::*)(), std::__1::tuple<WebCore::HTMLParserScheduler*>, std::__1::tuple<>, _is_valid_bind_return<void (WebCore::HTMLParserScheduler::*)(), std::__1::tuple<WebCore::HTMLParserScheduler*>, std::__1::tuple<> >::value>::type std::__1::__bind<void (this=0x00000001179c7ce8)(), WebCore::HTMLParserScheduler*>::operator()<>() + 31 at functional:2123
    frame #32: 0x00000001092068cb WebCore`void std::__1::__invoke_void_return_wrapper<void>::__call<std::__1::__bind<void (WebCore::HTMLParserScheduler::*&)(), WebCore::HTMLParserScheduler*>&>(std::__1::__bind<void (WebCore::HTMLParserScheduler::*&)(), WebCore::HTMLParserScheduler*>&&&) [inlined] decltype(__f=0x00000001179c7ce8)(), WebCore::HTMLParserScheduler*>&>(fp)(std::__1::forward<>(fp0))) std::__1::__invoke<std::__1::__bind<void (WebCore::HTMLParserScheduler::*&)(), WebCore::HTMLParserScheduler*>&>(std::__1::__bind<void (WebCore::HTMLParserScheduler::*&)(), WebCore::HTMLParserScheduler*>&&&) + 11 at __functional_base:415
    frame #33: 0x00000001092068c0 WebCore`void std::__1::__invoke_void_return_wrapper<void>::__call<std::__1::__bind<void (__args=0x00000001179c7ce8)(), WebCore::HTMLParserScheduler*>&>(std::__1::__bind<void (WebCore::HTMLParserScheduler::*&)(), WebCore::HTMLParserScheduler*>&&&) + 32 at __functional_base:440
    frame #34: 0x000000010920686c WebCore`std::__1::__function::__func<std::__1::__bind<void (WebCore::HTMLParserScheduler::*&)(), WebCore::HTMLParserScheduler*>, std::__1::allocator<std::__1::__bind<void (WebCore::HTMLParserScheduler::*&)(), WebCore::HTMLParserScheduler*> >, void ()>::operator(this=0x00000001179c7ce0)() + 44 at functional:1407
    frame #35: 0x00000001085a9c3a WebCore`std::__1::function<void ()>::operator(this=0x00000001179c7ce0)() const + 26 at functional:1793
    frame #36: 0x00000001085a9b5c WebCore`WebCore::Timer::fired(this=0x00000001179c7ca0) + 28 at Timer.h:133
    frame #37: 0x000000010a9c528a WebCore`WebCore::ThreadTimers::sharedTimerFiredInternal(this=0x00000001179b1618) + 394 at ThreadTimers.cpp:121
    frame #38: 0x000000010a9c64d1 WebCore`WebCore::ThreadTimers::setSharedTimer(this=0x000000010bb456f8)::$_0::operator()() const + 33 at ThreadTimers.cpp:73
    frame #39: 0x000000010a9c649d WebCore`void std::__1::__invoke_void_return_wrapper<void>::__call<WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0&>(WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0&&&) [inlined] decltype(__f=0x000000010bb456f8)::$_0&>(fp)(std::__1::forward<>(fp0))) std::__1::__invoke<WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0&>(WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0&&&) + 45 at __functional_base:415
    frame #40: 0x000000010a9c648c WebCore`void std::__1::__invoke_void_return_wrapper<void>::__call<WebCore::ThreadTimers::setSharedTimer(__args=0x000000010bb456f8)::$_0&>(WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0&&&) + 28 at __functional_base:440
    frame #41: 0x000000010a9c643c WebCore`std::__1::__function::__func<WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0, std::__1::allocator<WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0>, void ()>::operator(this=0x000000010bb456f0)() + 44 at functional:1407
    frame #42: 0x00000001085a9c3a WebCore`std::__1::function<void ()>::operator(this=0x000000010bb456f0)() const + 26 at functional:1793
    frame #43: 0x0000000109d2dd2f WebCore`WebCore::MainThreadSharedTimer::fired(this=0x000000010bb456e0) + 111 at MainThreadSharedTimer.cpp:52
    frame #44: 0x0000000109d2e229 WebCore`WebCore::timerFired((null)=0x00007f9632d38930, (null)=0x0000000000000000) + 41 at MainThreadSharedTimerCF.cpp:74
    ...

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160222/1158b7b6/attachment.html>