84815 2012-04-24 18:35:12 -0700 http://bellard.org/jslinux/ triggers an assertion failure in the DFG JIT 2012-04-25 12:52:43 -0700 1 1 1 Unclassified WebKit JavaScriptCore 528+ (Nightly build) Unspecified Unspecified RESOLVED FIXED http://bellard.org/jslinux/ P2 Normal --- 1 oliver fpizlo oliver oldest_to_newest 609358 0 oliver 2012-04-24 18:35:12 -0700 Go to the above url in a debug build, and i get: 0 com.apple.JavaScriptCore 0x00000001055ec130 JSC::DFG::SpeculativeJIT::forwardSpeculationCheck(JSC::DFG::ExitKind, JSC::DFG::JSValueSource, unsigned int, JSC::AbstractMacroAssembler<JSC::X86Assembler>::Jump, JSC::ValueRecovery const&) + 848 (DFGSpeculativeJIT.h:1889) 1 com.apple.JavaScriptCore 0x00000001055df197 JSC::DFG::SpeculativeJIT::compileUInt32ToNumber(JSC::DFG::Node&) + 647 (DFGSpeculativeJIT.cpp:1734) 2 com.apple.JavaScriptCore 0x00000001056045a0 JSC::DFG::SpeculativeJIT::compile(JSC::DFG::Node&) + 5696 (DFGSpeculativeJIT64.cpp:2114) 3 com.apple.JavaScriptCore 0x00000001055db550 JSC::DFG::SpeculativeJIT::compile(JSC::DFG::BasicBlock&) + 1984 (DFGSpeculativeJIT.cpp:1025) 4 com.apple.JavaScriptCore 0x00000001055dd725 JSC::DFG::SpeculativeJIT::compile() + 213 (DFGSpeculativeJIT.cpp:1256) 5 com.apple.JavaScriptCore 0x00000001055b2e3b JSC::DFG::JITCompiler::compileBody(JSC::DFG::SpeculativeJIT&) + 107 (DFGJITCompiler.cpp:81) 6 com.apple.JavaScriptCore 0x00000001055b3e15 JSC::DFG::JITCompiler::compileFunction(JSC::JITCode&, JSC::MacroAssemblerCodePtr&) + 277 (DFGJITCompiler.cpp:237) 7 com.apple.JavaScriptCore 0x00000001055a87dd JSC::DFG::compile(JSC::DFG::CompileMode, JSC::JSGlobalData&, JSC::CodeBlock*, JSC::JITCode&, JSC::MacroAssemblerCodePtr*) + 573 (DFGDriver.cpp:79) 8 com.apple.JavaScriptCore 0x00000001055a8594 JSC::DFG::tryCompileFunction(JSC::JSGlobalData&, JSC::CodeBlock*, JSC::JITCode&, JSC::MacroAssemblerCodePtr&) + 52 (DFGDriver.cpp:97) 9 com.apple.JavaScriptCore 0x000000010562378e JSC::jitCompileFunctionIfAppropriate(JSC::JSGlobalData&, WTF::OwnPtr<JSC::FunctionCodeBlock>&, JSC::JITCode&, JSC::MacroAssemblerCodePtr&, JSC::SharedSymbolTable*&, JSC::JITCode::JITType, JSC::JITCompilationEffort) + 222 (JITDriver.h:91) 10 com.apple.JavaScriptCore 0x00000001056240f6 JSC::prepareFunctionForExecution(JSC::JSGlobalData&, WTF::OwnPtr<JSC::FunctionCodeBlock>&, JSC::JITCode&, JSC::MacroAssemblerCodePtr&, JSC::SharedSymbolTable*&, JSC::JITCode::JITType, JSC::CodeSpecializationKind) + 246 (ExecutionHarness.h:64) 11 com.apple.JavaScriptCore 0x000000010561fdb2 JSC::FunctionExecutable::compileForCallInternal(JSC::ExecState*, JSC::ScopeChainNode*, JSC::JITCode::JITType) + 802 (Executable.cpp:554) 12 com.apple.JavaScriptCore 0x000000010561fa24 JSC::FunctionExecutable::compileOptimizedForCall(JSC::ExecState*, JSC::ScopeChainNode*) + 324 (Executable.cpp:465) 13 com.apple.JavaScriptCore 0x0000000105544349 JSC::FunctionExecutable::compileOptimizedFor(JSC::ExecState*, JSC::ScopeChainNode*, JSC::CodeSpecializationKind) + 329 (Executable.h:588) 14 com.apple.JavaScriptCore 0x000000010553d804 JSC::FunctionCodeBlock::compileOptimized(JSC::ExecState*, JSC::ScopeChainNode*) + 148 (CodeBlock.cpp:2302) 15 com.apple.JavaScriptCore 0x000000010567ed1a cti_optimize_from_ret + 250 (JITStubs.cpp:2075) 16 com.apple.JavaScriptCore 0x0000000105686aa0 0x1054c7000 + 1833632 17 com.apple.JavaScriptCore 0x000000010564dd19 JSC::JITCode::execute(JSC::RegisterFile*, JSC::ExecState*, JSC::JSGlobalData*) + 105 (JITCode.h:127) 18 com.apple.JavaScriptCore 0x000000010564a1df JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 1855 (Interpreter.cpp:1306) 19 com.apple.JavaScriptCore 0x000000010552f048 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 296 (CallData.cpp:39) 20 com.apple.JavaScriptCore 0x00000001056a0286 JSC::boundFunctionCall(JSC::ExecState*) + 646 (JSBoundFunction.cpp:56) 21 com.apple.JavaScriptCore 0x000000010564a4be JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 2590 (Interpreter.cpp:1335) 609954 1 138852 fpizlo 2012-04-25 12:08:02 -0700 Created attachment 138852 the patch Can I get an RS for a test case as well? 609988 2 fpizlo 2012-04-25 12:52:43 -0700 Landed in http://trac.webkit.org/changeset/115237 138852 2012-04-25 12:08:02 -0700 2012-04-25 12:11:55 -0700 the patch fixlinux_patch_1.diff text/plain 2244 fpizlo SW5kZXg6IFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9DaGFuZ2VMb2cKPT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291 cmNlL0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkocmV2aXNpb24gMTE1MjM0KQorKysgU291cmNl L0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDE0IEBA CisyMDEyLTA0LTI1ICBGaWxpcCBQaXpsbyAgPGZwaXpsb0BhcHBsZS5jb20+CisKKyAgICAgICAg aHR0cDovL2JlbGxhcmQub3JnL2pzbGludXgvIHRyaWdnZXJzIGFuIGFzc2VydGlvbiBmYWlsdXJl IGluIHRoZSBERkcgSklUCisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVn LmNnaT9pZD04NDgxNQorICAgICAgICA8cmRhcjovL3Byb2JsZW0vMTEzMTk1MTQ+CisKKyAgICAg ICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BTISkuCisKKyAgICAgICAgKiBkZmcvREZHU3BlY3Vs YXRpdmVKSVQuaDoKKyAgICAgICAgKEpTQzo6REZHOjpTcGVjdWxhdGl2ZUpJVDo6Zm9yd2FyZFNw ZWN1bGF0aW9uQ2hlY2spOgorCiAyMDEyLTA0LTI1ICBNaWNoYWVsIFNhYm9mZiAgPG1zYWJvZmZA YXBwbGUuY29tPgogCiAgICAgICAgIENsb3N1cmUgaW4gdHJ5IHt9IHdpdGggY2F0Y2ggY2FwdHVy ZXMgYWxsIGxvY2FscyBmcm9tIHRoZSBlbmNsb3NpbmcgZnVuY3Rpb24KSW5kZXg6IFNvdXJjZS9K YXZhU2NyaXB0Q29yZS9kZmcvREZHU3BlY3VsYXRpdmVKSVQuaAo9PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3Vy Y2UvSmF2YVNjcmlwdENvcmUvZGZnL0RGR1NwZWN1bGF0aXZlSklULmgJKHJldmlzaW9uIDExNTIz MykKKysrIFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9kZmcvREZHU3BlY3VsYXRpdmVKSVQuaAkod29y a2luZyBjb3B5KQpAQCAtMTg4MywxMyArMTg4MywxOSBAQCBwcml2YXRlOgogICAgICAgICB9IGVs c2UKICAgICAgICAgICAgIEFTU0VSVChzZXRMb2NhbC0+Y2hpbGQxKCkgPT0gbV9jb21waWxlSW5k ZXgpOwogICAgICAgICAKLSAgICAgICAgTm9kZSYgbmV4dE5vZGUgPSBhdChtX2ppdC5ncmFwaCgp Lm1fYmxvY2tzW21fYmxvY2tdLT5hdChzZXRMb2NhbEluZGV4SW5CbG9jayArIDEpKTsKICAgICAg ICAgQVNTRVJUKHNldExvY2FsLT5vcCgpID09IFNldExvY2FsKTsKICAgICAgICAgQVNTRVJUKHNl dExvY2FsLT5jb2RlT3JpZ2luID09IGF0KG1fY29tcGlsZUluZGV4KS5jb2RlT3JpZ2luKTsKLSAg ICAgICAgQVNTRVJUKG5leHROb2RlLmNvZGVPcmlnaW4gIT0gYXQobV9jb21waWxlSW5kZXgpLmNv ZGVPcmlnaW4pOworCisgICAgICAgIE5vZGUqIG5leHROb2RlID0gJmF0KG1faml0LmdyYXBoKCku bV9ibG9ja3NbbV9ibG9ja10tPmF0KHNldExvY2FsSW5kZXhJbkJsb2NrICsgMSkpOworICAgICAg ICBpZiAobmV4dE5vZGUtPmNvZGVPcmlnaW4gPT0gYXQobV9jb21waWxlSW5kZXgpLmNvZGVPcmln aW4pIHsKKyAgICAgICAgICAgIEFTU0VSVChuZXh0Tm9kZS0+b3AoKSA9PSBGbHVzaCk7CisgICAg ICAgICAgICBuZXh0Tm9kZSA9ICZhdChtX2ppdC5ncmFwaCgpLm1fYmxvY2tzW21fYmxvY2tdLT5h dChzZXRMb2NhbEluZGV4SW5CbG9jayArIDIpKTsKKyAgICAgICAgICAgIEFTU0VSVChuZXh0Tm9k ZS0+Y29kZU9yaWdpbiAhPSBhdChtX2NvbXBpbGVJbmRleCkuY29kZU9yaWdpbik7IC8vIGR1cGxp Y2F0ZSB0aGUgc2FtZSBhc3NlcnRpb24gYXMgYmVsb3cgc28gdGhhdCBpZiB3ZSBmYWlsLCB3ZSds bCBrbm93IHdlIGNhbWUgZG93biB0aGlzIHBhdGguCisgICAgICAgIH0KKyAgICAgICAgQVNTRVJU KG5leHROb2RlLT5jb2RlT3JpZ2luICE9IGF0KG1fY29tcGlsZUluZGV4KS5jb2RlT3JpZ2luKTsK ICAgICAgICAgCiAgICAgICAgIE9TUkV4aXQmIGV4aXQgPSBtX2ppdC5jb2RlQmxvY2soKS0+bGFz dE9TUkV4aXQoKTsKLSAgICAgICAgZXhpdC5tX2NvZGVPcmlnaW4gPSBuZXh0Tm9kZS5jb2RlT3Jp Z2luOworICAgICAgICBleGl0Lm1fY29kZU9yaWdpbiA9IG5leHROb2RlLT5jb2RlT3JpZ2luOwog ICAgICAgICBleGl0Lm1fbGFzdFNldE9wZXJhbmQgPSBzZXRMb2NhbC0+bG9jYWwoKTsKICAgICAg ICAgCiAgICAgICAgIGV4aXQudmFsdWVSZWNvdmVyeUZvck9wZXJhbmQoc2V0TG9jYWwtPmxvY2Fs KCkpID0gdmFsdWVSZWNvdmVyeTsK