146634 2015-07-06 03:56:02 -0700 ASSERTION FAILED: exec->vm().controlFlowProfiler() in functionDumpBasicBlockExecutionRanges 2015-07-06 18:19:06 -0700 1 1 1 Unclassified WebKit JavaScriptCore 528+ (Nightly build) PC Linux NEW P2 Normal --- 116980 1 rhodovan.u-szeged webkit-unassigned fpizlo saam oldest_to_newest 1107073 0 256207 rhodovan.u-szeged 2015-07-06 03:56:02 -0700 Created attachment 256207 Test case Load this test with debug or release jsc. An assertion fail will happen in debug and an immediate crash in release because of the release assert: Array(dumpBasicBlockExecutionRanges()); Backtrace: ASSERTION FAILED: exec->vm().controlFlowProfiler() ../../Source/JavaScriptCore/jsc.cpp(1156) : JSC::EncodedJSValue functionDumpBasicBlockExecutionRanges(JSC::ExecState*) 1 0x7ffff72d46db WTFCrash 2 0x428728 3 0x7fffb0fff0a8 [New Thread 0x7fffaf7fa700 (LWP 32247)] [New Thread 0x7fffafffb700 (LWP 32245)] [New Thread 0x7fffb07fc700 (LWP 32244)] [New Thread 0x7fffb0ffd700 (LWP 32243)] Program received signal SIGSEGV, Segmentation fault. 0x00007ffff72d46e0 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321 321 *(int *)(uintptr_t)0xbbadbeef = 0; (gdb) bt #0 0x00007ffff72d46e0 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321 #1 0x0000000000428728 in functionDumpBasicBlockExecutionRanges (exec=0x7fffffffca50) at ../../Source/JavaScriptCore/jsc.cpp:1156 #2 0x00007fffb0fff0a8 in ?? () #3 0x00007fffffffcab0 in ?? () #4 0x00007ffff727e8e9 in llint_entry () from webkit/WebKitBuild/Debug/lib/libjavascriptcore_efl.so.1 1107327 1 saam 2015-07-06 18:19:06 -0700 Did you run this with: JSC_enableControlFlowProfiler=1 ? If not, this assertion is doing the right thing. It makes sure the control flow profiler is enabled.a Also, this function is only used inside JSC's stress tests. 256207 2015-07-06 03:56:02 -0700 2015-07-06 03:56:02 -0700 Test case crash.js application/javascript 39 rhodovan.u-szeged QXJyYXkoZHVtcEJhc2ljQmxvY2tFeGVjdXRpb25SYW5nZXMoKSk7