50253 2010-11-30 11:18:00 -0800 Hit ASSERT(m_state == ParsingState) after clicking on ad at macnn.com 2011-02-15 17:09:06 -0800 1 1 1 Unclassified WebKit DOM 528+ (Nightly build) PC OS X 10.5 RESOLVED FIXED http://macnn.com P2 Normal --- 41115 1 simon.fraser abarth abarth andersca ap eric kbr pfeldman simon.fraser tonyg vsevik oldest_to_newest 315178 0 simon.fraser 2010-11-30 11:18:00 -0800 I hit: ASSERTION FAILED: m_state == ParsingState (/Volumes/InternalData/Development/webkit/OpenSource/WebCore/dom/DocumentParser.cpp:56 virtual void WebCore::DocumentParser::prepareToStopParsing()) after loading macnn.com (with all ads visible), and clicking on the annoying Capital One ad in the right sidebar (in the "macnn sponsor" box). The ad is flash that expands leftwards. Stack is #0 0x0000000102ed2867 in WebCore::DocumentParser::prepareToStopParsing (this=0x10792b800) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/dom/DocumentParser.cpp:56 #1 0x00000001030f363e in WebCore::HTMLDocumentParser::prepareToStopParsing (this=0x10792b800) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/html/parser/HTMLDocumentParser.cpp:144 #2 0x00000001030f2910 in WebCore::HTMLDocumentParser::attemptToEnd (this=0x10792b800) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/html/parser/HTMLDocumentParser.cpp:344 #3 0x00000001030f2948 in WebCore::HTMLDocumentParser::finish (this=0x10792b800) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/html/parser/HTMLDocumentParser.cpp:372 #4 0x0000000102e8f6c0 in WebCore::Document::finishParsing (this=0x107971a00) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/dom/Document.cpp:2257 #5 0x0000000102ed6660 in WebCore::DocumentWriter::endIfNotLoadingMainResource (this=0x1078b8648) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/loader/DocumentWriter.cpp:221 #6 0x0000000102e976a6 in WebCore::Document::close (this=0x107971a00) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/dom/Document.cpp:2054 #7 0x0000000103352e54 in WebCore::jsHTMLDocumentPrototypeFunctionClose (exec=0x13345a098) at /Volumes/InternalData/Development/webkit/OpenSource/WebKitBuild/Debug/DerivedSources/WebCore/JSHTMLDocument.cpp:411 #8 0x000055dc8ec001b8 in ?? () #9 0x00000001018e4fb9 in JSC::JITCode::execute (this=0x131055798, registerFile=0x1077fa838, callFrame=0x13345a040, globalData=0x1078e1c00) at JITCode.h:77 #10 0x00000001018dfd5d in JSC::Interpreter::executeCall (this=0x1077fa820, callFrame=0x107760168, function=0x12f74e1c0, callType=JSC::CallTypeJS, callData=@0x7fff5fbfdcf0, thisValue={m_ptr = 0x12edc0000}, args=@0x7fff5fbfdce0) at /Volumes/InternalData/Development/webkit/OpenSource/JavaScriptCore/interpreter/Interpreter.cpp:849 #11 0x00000001018998b0 in JSC::call (exec=0x107760168, functionObject={m_ptr = 0x12f74e1c0}, callType=JSC::CallTypeJS, callData=@0x7fff5fbfdcf0, thisValue={m_ptr = 0x12edc0000}, args=@0x7fff5fbfdce0) at /Volumes/InternalData/Development/webkit/OpenSource/JavaScriptCore/runtime/CallData.cpp:38 #12 0x000000010328b493 in WebCore::JSMainThreadExecState::call (exec=0x107760168, functionObject={m_ptr = 0x12f74e1c0}, callType=JSC::CallTypeJS, callData=@0x7fff5fbfdcf0, thisValue={m_ptr = 0x12edc0000}, args=@0x7fff5fbfdce0) at JSMainThreadExecState.h:48 #13 0x000000010376188f in WebCore::ScheduledAction::executeFunctionInContext (this=0x12c1e81d0, globalObject=0x12edc2a80, thisValue={m_ptr = 0x12edc0000}, context=0x107971a68) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/bindings/js/ScheduledAction.cpp:106 #14 0x0000000103761dba in WebCore::ScheduledAction::execute (this=0x12c1e81d0, document=0x107971a00) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/bindings/js/ScheduledAction.cpp:128 #15 0x0000000103761e94 in WebCore::ScheduledAction::execute (this=0x12c1e81d0, context=0x107971a68) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/bindings/js/ScheduledAction.cpp:76 #16 0x0000000102f8205d in WebCore::DOMTimer::fired (this=0x139a40f50) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/page/DOMTimer.cpp:131 #17 0x00000001038e4462 in WebCore::ThreadTimers::sharedTimerFiredInternal (this=0x1077a7c00) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/platform/ThreadTimers.cpp:112 #18 0x00000001038e45f1 in WebCore::ThreadTimers::sharedTimerFired () at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/platform/ThreadTimers.cpp:90 #19 0x00000001037ba291 in WebCore::timerFired () at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/platform/mac/SharedTimerMac.mm:166 315512 1 ap 2010-11-30 21:36:04 -0800 Not a "compatibility regression", but it's probably useful to have this block bug 41115. 315542 2 abarth 2010-11-30 22:37:40 -0800 This assert might be bogus. This is Eric's area. 315543 3 eric 2010-11-30 22:40:54 -0800 Well, the quesiton is why is it ever valid to call it twice. :) But I don't know. The code changed a bunch with TonyG's rewrite. I'd have to stare at this in a debugger. 315909 4 simon.fraser 2010-12-01 15:46:32 -0800 I just hit this on http://venturebeat.com/2010/11/05/why-apple-cant-beat-android/?obref=obinsite too. 319130 5 ap 2010-12-08 16:50:49 -0800 I've just hit this on dailymotion.com. 319210 6 abarth 2010-12-08 19:18:51 -0800 I was going to assign this to myself, but I did that already apparently. 338499 7 abarth 2011-01-21 21:38:55 -0800 *** Bug 52929 has been marked as a duplicate of this bug. *** 351279 8 pfeldman 2011-02-15 08:18:23 -0800 *** Bug 54462 has been marked as a duplicate of this bug. *** 351280 9 pfeldman 2011-02-15 08:19:45 -0800 https://bugs.webkit.org/show_bug.cgi?id=54462 has a nice stack trace and a scenario on how to repro it on XML+XSLT -> HTML scenario. 351568 10 abarth 2011-02-15 14:18:48 -0800 Looking now. 351741 11 abarth 2011-02-15 17:00:28 -0800 Fixed one of the dups. Continuing to investigate. 351748 12 abarth 2011-02-15 17:09:06 -0800 None of these reproduce any more. I suspect some of them are Bug 54462 and some are another related bug I fixed recently. Please re-open if you can reproduce now that Bug 54462 is fixed.