<html>
<head>
<base href="https://bugs.webkit.org/" />
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - CRASH under ~GCAwareJITStubRoutineWithExceptionHandler recording timelines with Web Inspector"
href="https://bugs.webkit.org/show_bug.cgi?id=150062">150062</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>CRASH under ~GCAwareJITStubRoutineWithExceptionHandler recording timelines with Web Inspector
</td>
</tr>
<tr>
<th>Classification</th>
<td>Unclassified
</td>
</tr>
<tr>
<th>Product</th>
<td>WebKit
</td>
</tr>
<tr>
<th>Version</th>
<td>WebKit Nightly Build
</td>
</tr>
<tr>
<th>Hardware</th>
<td>Unspecified
</td>
</tr>
<tr>
<th>OS</th>
<td>Unspecified
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>Normal
</td>
</tr>
<tr>
<th>Priority</th>
<td>P2
</td>
</tr>
<tr>
<th>Component</th>
<td>JavaScriptCore
</td>
</tr>
<tr>
<th>Assignee</th>
<td>webkit-unassigned@lists.webkit.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>joepeck@webkit.org
</td>
</tr>
<tr>
<th>CC</th>
<td>fpizlo@apple.com, ggaren@apple.com, sbarati@apple.com
</td>
</tr></table>
<p>
<div>
<pre>* SUMMARY
CRASH under ~GCAwareJITStubRoutineWithExceptionHandler recording timelines with Web Inspector
* STEPS TO REPRODUCE (nearly 100%)
1. Inspect apple.com
2. Switch to Timelines tab
3. Reload
=> inspector crashes
* CRASH
<span class="quote">> Exception Type: EXC_BAD_ACCESS (SIGSEGV)
> Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000000
>
> Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
> 0 JSC::GCAwareJITStubRoutineWithExceptionHandler::~GCAwareJITStubRoutineWithExceptionHandler() + 45 (GCAwareJITStubRoutine.cpp:118)
> 1 JSC::JITStubRoutineSet::deleteUnmarkedJettisonedStubRoutines() + 140 (Vector.h:651)
> 2 JSC::Heap::collectImpl(JSC::HeapOperation, void*, void*, int (&) [37]) + 992 (Heap.cpp:1234)
> 3 JSC::Heap::collect(JSC::HeapOperation) + 96 (Heap.cpp:1026)
> 4 JSC::JSObject::ensureLengthSlow(JSC::VM&, unsigned int) + 498 (JSObject.cpp:2477)
> 5 void JSC::JSObject::putByIndexBeyondVectorLengthWithoutAttributes<(unsigned char)8>(JSC::ExecState*, unsigned int, JSC::JSValue) + 576 (CopyWriteBarrier.h:57)
> 6 operationArrayPush + 54 (DFGOperations.cpp:530)
> 7 0 + 99460893724358
> 8 llint_entry + 23138
> 9 vmEntryToJavaScript + 299
> 10 JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) + 158 (JITCode.cpp:81)
> 11 JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::JSObject*) + 10445 (Interpreter.cpp:961)
> 12 JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) + 469 (Completion.cpp:104)
> 13 WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld&) + 284 (JSMainThreadExecState.h:62)
> 14 WebCore::ScriptController::executeScript(WTF::String const&, bool) + 320 (Ref.h:55)
> 15 WebKit::WebInspectorFrontendAPIDispatcher::evaluateExpressionOnLoad(WTF::String const&) + 56 (WebInspectorFrontendAPIDispatcher.cpp:83)
> 16 WebKit::WebInspectorFrontendAPIDispatcher::dispatchMessageAsync(WTF::String const&) + 72 (StdLibExtras.h:358)
> ...</span ></pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are the assignee for the bug.</li>
</ul>
</body>
</html>