Bug 160027

Summary: Crash in JSC::speculationFromCell
Product: WebKit Reporter: Alejandro Reimondo <aleReimondo>
Component: JavaScriptCoreAssignee: Nobody <webkit-unassigned>
Status: RESOLVED CONFIGURATION CHANGED    
Severity: Critical CC: ap
Priority: P2    
Version: Other   
Hardware: iPhone / iPad   
OS: iOS 9.3   
Attachments:
Description Flags
Crash report when running iPad Pro, iOS 10.0 (Beta) none

Alejandro Reimondo
Reported 2016-07-21 09:52:10 PDT
Created attachment 284222 [details] Crash report when running iPad Pro, iOS 10.0 (Beta) Summary: Reading a file (~3Mb) in a loop, can result in an EXC_BAD_ACCESS or memory full. Expected Results: The test should evaluate an arbitrary number of times without issue. Actual Results: Memory appears to be corrupted causing EXC_BAD_ACCESS or silent crash and memory full. A crash report file is attached. Steps to reproduce: Download the coco8 Xcode project (from http://u8.smalltalking.net/profile/aleReimondo/coco8/coco8.zip ) Open coco8/coco8.xcodeproj with Xcode 7.3 or 8(Beta). Run the application on an iPhone 6s, iPad Pro or iPad 4. Tap the link ("Read Sample.txt file") in the welcome page. This will cause the application to crash. Notes: The test script generate a Sample.txt file of aprox. 3mb and read the file contents 100 times. Configuration: Xcode 8.0 beta (8S128d), iPhone 6s iOS 9.3.2 (13F69) It can also be reproduced with iPhone 5s, iPad 4, iPad Pro with iOS 8.x, 9.x and 10.0 (Beta)
Attachments
Crash report when running iPad Pro, iOS 10.0 (Beta) (36.63 KB, application/octet-stream)
2016-07-21 09:52 PDT, Alejandro Reimondo 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Alejandro Reimondo
Comment 1 2016-07-21 11:03:53 PDT
More details, similar crash situations, and simpler projects can be found at http://alereimondo.no-ip.org/U8/232
Alexey Proskuryakov
Comment 2 2018-12-20 16:22:00 PST
Thank you for the report! Crashes in speculationFromCell are unfortunately just symptoms of garbage collection bugs occurring elsewhere. There were so many changes in related code (including several to fix speculationFromCell crashes specifically) that this old report is not actionable.
Note You need to log in before you can comment on or make changes to this bug.