87994 2012-05-31 11:19:29 -0700 ASSERTION FAILED: m_refCount in DFG::Node:deref with patch from 87158 2012-06-06 02:28:25 -0700 1 1 1 Unclassified WebKit JavaScriptCore 528+ (Nightly build) All All RESOLVED DUPLICATE 88362 http://paperjs.org/ P2 Major --- 87158 1 msaboff webkit-unassigned fpizlo wingo oldest_to_newest 638588 0 msaboff 2012-05-31 11:19:29 -0700 Built ToT with the proposed patch from https://bugs.webkit.org/show_bug.cgi?id=87158 (https://bugs.webkit.org/attachment.cgi?id=144771) and got the following crash from http://paperjs.org/ Process: WebProcess [64347] Path: /Volumes/VOLUME/*/WebKit2.framework/WebProcess.app/Contents/MacOS/WebProcess Identifier: com.apple.WebProcess Version: 536+ (536.9+) Code Type: X86-64 (Native) Parent Process: Safari [64335] Date/Time: 2012-05-31 11:15:03.208 -0700 OS Version: Mac OS X 10.7.3 (11D50b) Report Version: 9 Interval Since Last Report: 87438 sec Crashes Since Last Report: 9 Per-App Interval Since Last Report: 392548 sec Per-App Crashes Since Last Report: 1 Anonymous UUID: 56451353-948B-4034-8CD4-811F5D9F17F7 Crashed Thread: 0 Dispatch queue: com.apple.main-thread Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_INVALID_ADDRESS at 0x00000000bbadbeef VM Regions Near 0xbbadbeef: --> __TEXT 000000010cd45000-000000010cd46000 [ 4K] r-x/rwx SM=COW /Volumes/VOLUME/*/WebKit2.framework/WebProcess.app/Contents/MacOS/WebProcess Application Specific Information: objc[64347]: garbage collection is OFF Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.JavaScriptCore 0x000000010def3d58 JSC::DFG::Node::deref() + 88 (DFGNode.h:717) 1 com.apple.JavaScriptCore 0x000000010def3cd8 JSC::DFG::Graph::deref(unsigned int) + 88 (DFGGraph.h:114) 2 com.apple.JavaScriptCore 0x000000010def1fde JSC::DFG::Graph::deref(JSC::DFG::Edge) + 46 (DFGGraph.h:120) 3 com.apple.JavaScriptCore 0x000000010def0496 JSC::DFG::Graph::derefChildren(unsigned int) + 374 (DFGGraph.cpp:375) 4 com.apple.JavaScriptCore 0x000000010def3cf1 JSC::DFG::Graph::deref(unsigned int) + 113 (DFGGraph.h:116) 5 com.apple.JavaScriptCore 0x000000010e1ab09c JSC::DFG::CFGSimplificationPhase::removePotentiallyDeadPhiReference(unsigned int, JSC::DFG::Node&, unsigned int) + 108 (DFGCFGSimplificationPhase.cpp:426) 6 com.apple.JavaScriptCore 0x000000010e1aaff8 JSC::DFG::CFGSimplificationPhase::fixPhis(unsigned int, unsigned int) + 392 (DFGCFGSimplificationPhase.cpp:391) 7 com.apple.JavaScriptCore 0x000000010e1aadff JSC::DFG::CFGSimplificationPhase::killUnreachable(unsigned int) + 287 (DFGCFGSimplificationPhase.cpp:259) 8 com.apple.JavaScriptCore 0x000000010e1a98e2 JSC::DFG::CFGSimplificationPhase::run() + 2930 (DFGCFGSimplificationPhase.cpp:232) 9 com.apple.JavaScriptCore 0x000000010e1a8d15 bool JSC::DFG::runPhase<JSC::DFG::CFGSimplificationPhase>(JSC::DFG::Graph&) + 37 (DFGPhase.h:79) 10 com.apple.JavaScriptCore 0x000000010e1a8ce5 JSC::DFG::performCFGSimplification(JSC::DFG::Graph&) + 21 (DFGCFGSimplificationPhase.cpp:723) 11 com.apple.JavaScriptCore 0x000000010dee7674 JSC::DFG::compile(JSC::DFG::CompileMode, JSC::ExecState*, JSC::CodeBlock*, JSC::JITCode&, JSC::MacroAssemblerCodePtr*) + 596 (DFGDriver.cpp:84) 12 com.apple.JavaScriptCore 0x000000010dee7414 JSC::DFG::tryCompileFunction(JSC::ExecState*, JSC::CodeBlock*, JSC::JITCode&, JSC::MacroAssemblerCodePtr&) + 52 (DFGDriver.cpp:125) 13 com.apple.JavaScriptCore 0x000000010df7511d JSC::jitCompileFunctionIfAppropriate(JSC::ExecState*, WTF::OwnPtr<JSC::FunctionCodeBlock>&, JSC::JITCode&, JSC::MacroAssemblerCodePtr&, JSC::SharedSymbolTable*&, JSC::JITCode::JITType, JSC::JITCompilationEffort) + 237 (JITDriver.h:95) 14 com.apple.JavaScriptCore 0x000000010df75a7e JSC::prepareFunctionForExecution(JSC::ExecState*, WTF::OwnPtr<JSC::FunctionCodeBlock>&, JSC::JITCode&, JSC::MacroAssemblerCodePtr&, JSC::SharedSymbolTable*&, JSC::JITCode::JITType, JSC::CodeSpecializationKind) + 254 (ExecutionHarness.h:64) 15 com.apple.JavaScriptCore 0x000000010df718a1 JSC::FunctionExecutable::compileForCallInternal(JSC::ExecState*, JSC::ScopeChainNode*, JSC::JITCode::JITType) + 785 (Executable.cpp:554) 16 com.apple.JavaScriptCore 0x000000010df71524 JSC::FunctionExecutable::compileOptimizedForCall(JSC::ExecState*, JSC::ScopeChainNode*) + 324 (Executable.cpp:465) 17 com.apple.JavaScriptCore 0x000000010de778c9 JSC::FunctionExecutable::compileOptimizedFor(JSC::ExecState*, JSC::ScopeChainNode*, JSC::CodeSpecializationKind) + 329 (Executable.h:586) 18 com.apple.JavaScriptCore 0x000000010de70784 JSC::FunctionCodeBlock::compileOptimized(JSC::ExecState*, JSC::ScopeChainNode*) + 148 (CodeBlock.cpp:2473) 19 com.apple.JavaScriptCore 0x000000010dfcfa2a cti_optimize_from_ret + 250 (JITStubs.cpp:2070) 20 com.apple.JavaScriptCore 0x000000010dfd7240 0x10ddf9000 + 1958464 21 com.apple.JavaScriptCore 0x000000010df9ee89 JSC::JITCode::execute(JSC::RegisterFile*, JSC::ExecState*, JSC::JSGlobalData*) + 105 (JITCode.h:127) 22 com.apple.JavaScriptCore 0x000000010df9b5f9 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 1721 (Interpreter.cpp:1305) 23 com.apple.JavaScriptCore 0x000000010de618f8 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 296 (CallData.cpp:39) 24 com.apple.WebCore 0x000000010f4a0d82 WebCore::JSMainThreadExecState::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 146 (JSMainThreadExecState.h:56) 25 com.apple.WebCore 0x000000010f4a0a6f WebCore::JSCallbackData::invokeCallback(JSC::JSValue, JSC::MarkedArgumentBuffer&, bool*) + 735 (JSCallbackData.cpp:78) 26 com.apple.WebCore 0x000000010f4a0776 WebCore::JSCallbackData::invokeCallback(JSC::MarkedArgumentBuffer&, bool*) + 150 (JSCallbackData.cpp:48) 27 com.apple.WebCore 0x000000010f747e17 WebCore::JSRequestAnimationFrameCallback::handleEvent(unsigned long long) + 167 (JSRequestAnimationFrameCallbackCustom.cpp:49) 28 com.apple.WebCore 0x000000010fe483ce WebCore::ScriptedAnimationController::serviceScriptedAnimations(unsigned long long) + 302 (ScriptedAnimationController.cpp:129) 29 com.apple.WebCore 0x000000010fe489bf WebCore::ScriptedAnimationController::displayRefreshFired(double) + 47 (ScriptedAnimationController.h:90) 30 com.apple.WebCore 0x000000010ee0b43c WebCore::DisplayRefreshMonitorClient::fireDisplayRefreshIfNeeded(double) + 60 (DisplayRefreshMonitor.cpp:53) 31 com.apple.WebCore 0x000000010ee0b612 WebCore::DisplayRefreshMonitor::displayDidRefresh() + 226 (DisplayRefreshMonitor.cpp:112) 32 com.apple.WebCore 0x000000010ee0b51d WebCore::DisplayRefreshMonitor::handleDisplayRefreshedNotificationOnMainThread(void*) + 29 (DisplayRefreshMonitor.cpp:75) 33 com.apple.JavaScriptCore 0x000000010e1d5545 WTF::dispatchFunctionsFromMainThread() + 293 34 com.apple.JavaScriptCore 0x000000010e1d4df5 -[JSWTFMainThreadCaller call] + 21 35 com.apple.CoreFoundation 0x00007fff8dc7975d -[NSObject performSelector:withObject:] + 61 36 com.apple.Foundation 0x00007fff8f966d94 __NSThreadPerformPerform + 214 37 com.apple.CoreFoundation 0x00007fff8dbf86e1 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17 38 com.apple.CoreFoundation 0x00007fff8dbf7f4d __CFRunLoopDoSources0 + 253 39 com.apple.CoreFoundation 0x00007fff8dc1ed39 __CFRunLoopRun + 905 40 com.apple.CoreFoundation 0x00007fff8dc1e676 CFRunLoopRunSpecific + 230 41 com.apple.HIToolbox 0x00007fff8ebe931f RunCurrentEventLoopInMode + 277 42 com.apple.HIToolbox 0x00007fff8ebf05c9 ReceiveNextEventCommon + 355 43 com.apple.HIToolbox 0x00007fff8ebf0456 BlockUntilNextEventMatchingListInMode + 62 44 com.apple.AppKit 0x00007fff88811f5d _DPSNextEvent + 659 45 com.apple.AppKit 0x00007fff88811861 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 135 46 com.apple.AppKit 0x00007fff8880e19d -[NSApplication run] + 470 47 com.apple.WebCore 0x000000010fe19dfc WebCore::RunLoop::run() + 92 (RunLoopMac.mm:37) 48 com.apple.WebKit2 0x000000010d1da008 WebKit::WebProcessMain(WebKit::CommandLine const&) + 3368 (WebProcessMainMac.mm:183) 49 com.apple.WebKit2 0x000000010d0fac38 _ZL10WebKitMainRKN6WebKit11CommandLineE + 200 (WebKitMain.cpp:50) 50 com.apple.WebKit2 0x000000010d0fab54 WebKitMain + 148 (WebKitMain.cpp:74) 51 com.apple.WebProcess 0x000000010cd45d92 main + 274 (MainMac.cpp:68) 52 com.apple.WebProcess 0x000000010cd45c74 start + 52 Thread 1:: Dispatch queue: com.apple.libdispatch-manager 0 libsystem_kernel.dylib 0x00007fff87d417e6 kevent + 10 1 libdispatch.dylib 0x00007fff8eb845be _dispatch_mgr_invoke + 923 2 libdispatch.dylib 0x00007fff8eb8314e _dispatch_mgr_thread + 54 Thread 2: 0 libsystem_kernel.dylib 0x00007fff87d41192 __workq_kernreturn + 10 1 libsystem_c.dylib 0x00007fff8ca30594 _pthread_wqthread + 758 2 libsystem_c.dylib 0x00007fff8ca31b85 start_wqthread + 13 Thread 3: 0 libsystem_kernel.dylib 0x00007fff87d41192 __workq_kernreturn + 10 1 libsystem_c.dylib 0x00007fff8ca30594 _pthread_wqthread + 758 2 libsystem_c.dylib 0x00007fff8ca31b85 start_wqthread + 13 Thread 4: 0 libsystem_kernel.dylib 0x00007fff87d41192 __workq_kernreturn + 10 1 libsystem_c.dylib 0x00007fff8ca30594 _pthread_wqthread + 758 2 libsystem_c.dylib 0x00007fff8ca31b85 start_wqthread + 13 Thread 5:: com.apple.NSURLConnectionLoader 0 libsystem_kernel.dylib 0x00007fff87d3f67a mach_msg_trap + 10 1 libsystem_kernel.dylib 0x00007fff87d3ed71 mach_msg + 73 2 com.apple.CoreFoundation 0x00007fff8dc166fc __CFRunLoopServiceMachPort + 188 3 com.apple.CoreFoundation 0x00007fff8dc1ee64 __CFRunLoopRun + 1204 4 com.apple.CoreFoundation 0x00007fff8dc1e676 CFRunLoopRunSpecific + 230 5 com.apple.Foundation 0x00007fff8f97cffb +[NSURLConnection(NSURLConnectionReallyInternal) _resourceLoadLoop:] + 335 6 com.apple.Foundation 0x00007fff8f97174e -[NSThread main] + 68 7 com.apple.Foundation 0x00007fff8f9716c6 __NSThread__main__ + 1575 8 libsystem_c.dylib 0x00007fff8ca2e8bf _pthread_start + 335 9 libsystem_c.dylib 0x00007fff8ca31b75 thread_start + 13 Thread 6:: com.apple.CFSocket.private 0 libsystem_kernel.dylib 0x00007fff87d40df2 __select + 10 1 com.apple.CoreFoundation 0x00007fff8dc67cdb __CFSocketManager + 1355 2 libsystem_c.dylib 0x00007fff8ca2e8bf _pthread_start + 335 3 libsystem_c.dylib 0x00007fff8ca31b75 thread_start + 13 Thread 7:: JavaScriptCore::BlockFree 0 libsystem_kernel.dylib 0x00007fff87d40bca __psynch_cvwait + 10 1 libsystem_c.dylib 0x00007fff8ca32274 _pthread_cond_wait + 840 2 com.apple.JavaScriptCore 0x000000010e201771 WTF::ThreadCondition::timedWait(WTF::Mutex&, double) + 209 3 com.apple.JavaScriptCore 0x000000010e1a6fac JSC::BlockAllocator::waitForRelativeTimeWhileHoldingLock(double) + 92 (BlockAllocator.cpp:79) 4 com.apple.JavaScriptCore 0x000000010e1a7000 JSC::BlockAllocator::waitForRelativeTime(double) + 64 (BlockAllocator.cpp:89) 5 com.apple.JavaScriptCore 0x000000010e1a7054 JSC::BlockAllocator::blockFreeingThreadMain() + 68 (BlockAllocator.cpp:103) 6 com.apple.JavaScriptCore 0x000000010e1a6da5 JSC::BlockAllocator::blockFreeingThreadStartFunc(void*) + 21 (BlockAllocator.cpp:95) 7 com.apple.JavaScriptCore 0x000000010e2000e0 _ZN3WTFL16threadEntryPointEPv + 144 8 com.apple.JavaScriptCore 0x000000010e200bc8 _ZN3WTFL19wtfThreadEntryPointEPv + 104 9 libsystem_c.dylib 0x00007fff8ca2e8bf _pthread_start + 335 10 libsystem_c.dylib 0x00007fff8ca31b75 thread_start + 13 Thread 8:: JavaScriptCore::Marking 0 libsystem_kernel.dylib 0x00007fff87d40bca __psynch_cvwait + 10 1 libsystem_c.dylib 0x00007fff8ca32274 _pthread_cond_wait + 840 2 com.apple.JavaScriptCore 0x000000010e201640 WTF::ThreadCondition::wait(WTF::Mutex&) + 48 3 com.apple.JavaScriptCore 0x000000010e0789e8 JSC::SlotVisitor::drainFromShared(JSC::SlotVisitor::SharedDrainMode) + 1096 (MarkStack.cpp:430) 4 com.apple.JavaScriptCore 0x000000010e07857d JSC::MarkStackThreadSharedData::markingThreadMain() + 77 (MarkStack.cpp:228) 5 com.apple.JavaScriptCore 0x000000010e078ab5 JSC::MarkStackThreadSharedData::markingThreadStartFunc(void*) + 21 (MarkStack.cpp:235) 6 com.apple.JavaScriptCore 0x000000010e2000e0 _ZN3WTFL16threadEntryPointEPv + 144 7 com.apple.JavaScriptCore 0x000000010e200bc8 _ZN3WTFL19wtfThreadEntryPointEPv + 104 8 libsystem_c.dylib 0x00007fff8ca2e8bf _pthread_start + 335 9 libsystem_c.dylib 0x00007fff8ca31b75 thread_start + 13 Thread 9:: JavaScriptCore::Marking 0 libsystem_kernel.dylib 0x00007fff87d40bca __psynch_cvwait + 10 1 libsystem_c.dylib 0x00007fff8ca32274 _pthread_cond_wait + 840 2 com.apple.JavaScriptCore 0x000000010e201640 WTF::ThreadCondition::wait(WTF::Mutex&) + 48 3 com.apple.JavaScriptCore 0x000000010e0789e8 JSC::SlotVisitor::drainFromShared(JSC::SlotVisitor::SharedDrainMode) + 1096 (MarkStack.cpp:430) 4 com.apple.JavaScriptCore 0x000000010e07857d JSC::MarkStackThreadSharedData::markingThreadMain() + 77 (MarkStack.cpp:228) 5 com.apple.JavaScriptCore 0x000000010e078ab5 JSC::MarkStackThreadSharedData::markingThreadStartFunc(void*) + 21 (MarkStack.cpp:235) 6 com.apple.JavaScriptCore 0x000000010e2000e0 _ZN3WTFL16threadEntryPointEPv + 144 7 com.apple.JavaScriptCore 0x000000010e200bc8 _ZN3WTFL19wtfThreadEntryPointEPv + 104 8 libsystem_c.dylib 0x00007fff8ca2e8bf _pthread_start + 335 9 libsystem_c.dylib 0x00007fff8ca31b75 thread_start + 13 Thread 10:: JavaScriptCore::Marking 0 libsystem_kernel.dylib 0x00007fff87d40bca __psynch_cvwait + 10 1 libsystem_c.dylib 0x00007fff8ca32274 _pthread_cond_wait + 840 2 com.apple.JavaScriptCore 0x000000010e201640 WTF::ThreadCondition::wait(WTF::Mutex&) + 48 3 com.apple.JavaScriptCore 0x000000010e0789e8 JSC::SlotVisitor::drainFromShared(JSC::SlotVisitor::SharedDrainMode) + 1096 (MarkStack.cpp:430) 4 com.apple.JavaScriptCore 0x000000010e07857d JSC::MarkStackThreadSharedData::markingThreadMain() + 77 (MarkStack.cpp:228) 5 com.apple.JavaScriptCore 0x000000010e078ab5 JSC::MarkStackThreadSharedData::markingThreadStartFunc(void*) + 21 (MarkStack.cpp:235) 6 com.apple.JavaScriptCore 0x000000010e2000e0 _ZN3WTFL16threadEntryPointEPv + 144 7 com.apple.JavaScriptCore 0x000000010e200bc8 _ZN3WTFL19wtfThreadEntryPointEPv + 104 8 libsystem_c.dylib 0x00007fff8ca2e8bf _pthread_start + 335 9 libsystem_c.dylib 0x00007fff8ca31b75 thread_start + 13 Thread 11:: CVDisplayLink 0 libsystem_kernel.dylib 0x00007fff87d40bca __psynch_cvwait + 10 1 libsystem_c.dylib 0x00007fff8ca322a6 _pthread_cond_wait + 890 2 com.apple.CoreVideo 0x00007fff9203263f CVDisplayLink::waitUntil(unsigned long long) + 279 3 com.apple.CoreVideo 0x00007fff92031aa5 CVDisplayLink::runIOThread() + 559 4 com.apple.CoreVideo 0x00007fff9203185d _ZL13startIOThreadPv + 148 5 libsystem_c.dylib 0x00007fff8ca2e8bf _pthread_start + 335 6 libsystem_c.dylib 0x00007fff8ca31b75 thread_start + 13 Thread 0 crashed with X86 Thread State (64-bit): rax: 0x00000000bbadbeef rbx: 0x000000000000000a rcx: 0x00000000000cef90 rdx: 0x00007fc3a64baa30 rdi: 0x1f6442c3afbb6790 rsi: 0x00007fc3a6400000 rbp: 0x00007fff6c93fc50 rsp: 0x00007fff6c93fc40 r8: 0x0000000000000008 r9: 0x0000000000000000 r10: 0x0000000060304b86 r11: 0x00000000fffffff7 r12: 0x00000000000001d1 r13: 0x0000000116700140 r14: 0xffff000000000000 r15: 0xffff000000000002 rip: 0x000000010def3d58 rfl: 0x0000000000010246 cr2: 0x00000000bbadbeef Logical CPU: 8 Binary Images: 0x10cd45000 - 0x10cd45ff7 com.apple.WebProcess (536+ - 536.9+) <666275D2-D149-3A75-84A6-E1917D429069> /Volumes/VOLUME/*/WebKit2.framework/WebProcess.app/Contents/MacOS/WebProcess 0x10cd4b000 - 0x10cd4cfff +WebProcessShim.dylib (537.1.0 - compatibility 1.0.0) <74BE66B3-D641-30A2-A506-E4C2BC90801C> /Volumes/VOLUME/*/WebKit2.framework/WebProcess.app/Contents/MacOS/WebProcessShim.dylib 0x10cf00000 - 0x10d467fff com.apple.WebKit2 (536+ - 536.9+) <FF283980-4D66-3942-90B4-D3FB8D5CF32D> /Volumes/VOLUME/*/WebKit2.framework/WebKit2 0x10ddf9000 - 0x10e3b9ff7 com.apple.JavaScriptCore (537+ - 537.1+) <B4B4D547-43DF-3707-AD27-57003AA3AD38> /Volumes/VOLUME/*/JavaScriptCore.framework/Versions/A/JavaScriptCore 0x10ea79000 - 0x110f1dff7 com.apple.WebCore (537+ - 537.1+) <9CC06628-C927-3216-83B1-9DFE7FC54893> /Volumes/VOLUME/*/WebCore.framework/Versions/A/WebCore 0x1158d6000 - 0x1158eeff7 com.apple.WebInspector (7536 - 7536.11) <44DF3C91-10FC-3021-8F3F-8A8A9F170C0A> /Volumes/VOLUME/*/WebInspector.framework/Versions/A/WebInspector 0x115e5c000 - 0x11613bfff com.apple.WebKit (537+ - 537.1+) <F9D200AD-6048-34F0-A6BF-A8DC43AEC9E1> /Volumes/VOLUME/*/WebKit.framework/Versions/A/WebKit 0x116b10000 - 0x116fecfef com.apple.RawCamera.bundle (3.12.0 - 614) <E0F08224-8A63-BBCE-BE85-8B0BAB22A7DA> /System/Library/CoreServices/RawCamera.bundle/Contents/MacOS/RawCamera 0x117d2d000 - 0x117d5bff7 GLRendererFloat (??? - ???) <0C213C61-C08C-3B5D-85A4-EB4660AF55BF> /System/Library/Frameworks/OpenGL.framework/Resources/GLRendererFloat.bundle/GLRendererFloat 0x117e99000 - 0x118032fff GLEngine (??? - ???) <8BA26192-A4D7-362D-8B57-5FCF4B706A25> /System/Library/Frameworks/OpenGL.framework/Resources/GLEngine.bundle/GLEngine 0x118066000 - 0x11815ffff libGLProgrammability.dylib (??? - ???) <B7710703-8652-36B8-83DD-4F216FAF0730> /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLProgrammability.dylib 0x118185000 - 0x11844cfff com.apple.ATIRadeonX3000GLDriver (7.18.11 - 7.1.8) <C358C1A0-0404-30DE-A5D9-CE6C2B9676B0> /System/Library/Extensions/ATIRadeonX3000GLDriver.bundle/Contents/MacOS/ATIRadeonX3000GLDriver 0x7fff6c945000 - 0x7fff6c979baf dyld (195.6 - ???) <0CD1B35B-A28F-32DA-B72E-452EAD609613> /usr/lib/dyld 0x7fff852f3000 - 0x7fff852f8fff com.apple.OpenDirectory (10.7 - 146) <A674AB55-6E3D-39AE-9F9B-9865D0193020> /System/Library/Frameworks/OpenDirectory.framework/Versions/A/OpenDirectory 0x7fff85342000 - 0x7fff85358ff7 com.apple.ImageCapture (7.0 - 7.0) <69E6E2E1-777E-332E-8BCF-4F0611517DD0> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/ImageCapture.framework/Versions/A/ImageCapture 0x7fff85359000 - 0x7fff853cffff com.apple.ISSupport (1.9.8 - 56) <2CEE7E6B-D841-36D8-BC9F-081B33F6E501> /System/Library/PrivateFrameworks/ISSupport.framework/Versions/A/ISSupport 0x7fff853d0000 - 0x7fff853d1fff liblangid.dylib (??? - ???) <CACBE3C3-2F7B-3EED-B50E-EDB73F473B77> /usr/lib/liblangid.dylib 0x7fff8541a000 - 0x7fff85425fff com.apple.CommonAuth (2.1 - 2.0) <272CB600-6DA8-3952-97C0-5DC594DCA024> /System/Library/PrivateFrameworks/CommonAuth.framework/Versions/A/CommonAuth 0x7fff85426000 - 0x7fff85508fff com.apple.CoreServices.OSServices (478.37 - 478.37) <1DAC695E-0D0F-3AE2-974F-A173E69E67CC> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/OSServices.framework/Versions/A/OSServices 0x7fff85509000 - 0x7fff8553efff libTrueTypeScaler.dylib (??? - ???) <5AB9A51C-AD6B-3E02-B9A6-7B1447CF6134> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/Resources/libTrueTypeScaler.dylib 0x7fff8553f000 - 0x7fff85606ff7 com.apple.ColorSync (4.7.1 - 4.7.1) <EA74B067-9916-341A-9C68-6165A4656042> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ColorSync.framework/Versions/A/ColorSync 0x7fff85607000 - 0x7fff8562efff com.apple.PerformanceAnalysis (1.10 - 10) <2A058167-292E-3C3A-B1F8-49813336E068> /System/Library/PrivateFrameworks/PerformanceAnalysis.framework/Versions/A/PerformanceAnalysis 0x7fff8568a000 - 0x7fff8578cff7 com.apple.PubSub (1.0.5 - 65.28) <98BFFA0E-6E32-3779-9594-B0629EFF1B6E> /System/Library/Frameworks/PubSub.framework/Versions/A/PubSub 0x7fff863bc000 - 0x7fff863ceff7 libz.1.dylib (1.2.5 - compatibility 1.0.0) <30CBEF15-4978-3DED-8629-7109880A19D4> /usr/lib/libz.1.dylib 0x7fff863e4000 - 0x7fff8645fff7 com.apple.print.framework.PrintCore (7.1 - 366.1) <3F140DEB-9F87-3672-97CC-F983752581AC> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/PrintCore.framework/Versions/A/PrintCore 0x7fff86460000 - 0x7fff86513fff com.apple.CoreText (220.11.0 - ???) <0322442E-0530-37E8-A7D6-AEFD909F0AFE> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreText.framework/Versions/A/CoreText 0x7fff868ad000 - 0x7fff868bbfff com.apple.NetAuth (1.0 - 3.0) <F384FFFD-70F6-3B1C-A886-F5B446E456E7> /System/Library/PrivateFrameworks/NetAuth.framework/Versions/A/NetAuth 0x7fff868bc000 - 0x7fff868bffff com.apple.help (1.3.2 - 42) <AB67588E-7227-3993-927F-C9E6DAC507FD> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Help.framework/Versions/A/Help 0x7fff868c0000 - 0x7fff868e4fff com.apple.RemoteViewServices (1.3 - 44) <21D7A0E7-6699-37AB-AE6C-BF69AF3D61C2> /System/Library/PrivateFrameworks/RemoteViewServices.framework/Versions/A/RemoteViewServices 0x7fff86c88000 - 0x7fff86c88fff libkeymgr.dylib (23.0.0 - compatibility 1.0.0) <61EFED6A-A407-301E-B454-CD18314F0075> /usr/lib/system/libkeymgr.dylib 0x7fff86c89000 - 0x7fff86c8ffff libGFXShared.dylib (??? - ???) <B95E9B22-AE68-3E48-8733-00CCCA08D50E> /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGFXShared.dylib 0x7fff86c90000 - 0x7fff86cb0fff libPng.dylib (??? - ???) <F4D84592-C450-3076-88E9-8E6517C7EF33> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libPng.dylib 0x7fff86e66000 - 0x7fff86f0afef com.apple.ink.framework (1.3.2 - 110) <F69DBD44-FEC8-3C14-8131-CC0245DBBD42> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Ink.framework/Versions/A/Ink 0x7fff86f0b000 - 0x7fff87018fff libJP2.dylib (??? - ???) <F2B34A61-75F0-3BFE-A309-EE0DF4AF9E37> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libJP2.dylib 0x7fff8701e000 - 0x7fff87125fe7 libsqlite3.dylib (9.6.0 - compatibility 9.0.0) <EE02BB01-64C9-304D-9719-A35F5CD6D04C> /usr/lib/libsqlite3.dylib 0x7fff87126000 - 0x7fff87126fff com.apple.Carbon (153 - 153) <895C2BF2-1666-3A59-A669-311B1F4F368B> /System/Library/Frameworks/Carbon.framework/Versions/A/Carbon 0x7fff871b8000 - 0x7fff871c3ff7 libc++abi.dylib (14.0.0 - compatibility 1.0.0) <8FF3D766-D678-36F6-84AC-423C878E6D14> /usr/lib/libc++abi.dylib 0x7fff87265000 - 0x7fff8726afff libpam.2.dylib (3.0.0 - compatibility 3.0.0) <D952F17B-200A-3A23-B9B2-7C1F7AC19189> /usr/lib/libpam.2.dylib 0x7fff87277000 - 0x7fff8727afff libCoreVMClient.dylib (??? - ???) <E034C772-4263-3F48-B083-25A758DD6228> /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libCoreVMClient.dylib 0x7fff8727b000 - 0x7fff87284ff7 libsystem_notify.dylib (80.1.0 - compatibility 1.0.0) <A4D651E3-D1C6-3934-AD49-7A104FD14596> /usr/lib/system/libsystem_notify.dylib 0x7fff87285000 - 0x7fff87424fff com.apple.QuartzCore (1.7 - 270.2) <F2CCDEFB-DE43-3E32-B242-A22C82617186> /System/Library/Frameworks/QuartzCore.framework/Versions/A/QuartzCore 0x7fff87425000 - 0x7fff87436ff7 SyndicationUI (??? - ???) <31B8E697-A12A-3389-87A9-823CBE515686> /System/Library/PrivateFrameworks/SyndicationUI.framework/Versions/A/SyndicationUI 0x7fff87484000 - 0x7fff874fafff com.apple.CoreSymbolication (2.2 - 73.2) <126415E3-3A35-315B-B4B7-507CDBED0D58> /System/Library/PrivateFrameworks/CoreSymbolication.framework/Versions/A/CoreSymbolication 0x7fff8792e000 - 0x7fff8796efff libtidy.A.dylib (??? - ???) <E500CDB9-C010-3B1A-B995-774EE64F39BE> /usr/lib/libtidy.A.dylib 0x7fff8796f000 - 0x7fff8798efff libresolv.9.dylib (46.1.0 - compatibility 1.0.0) <0635C52D-DD53-3721-A488-4C6E95607A74> /usr/lib/libresolv.9.dylib 0x7fff87bd7000 - 0x7fff87bf4ff7 com.apple.openscripting (1.3.3 - ???) <A64205E6-D3C5-3E12-B1A0-72243151AF7D> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/OpenScripting.framework/Versions/A/OpenScripting 0x7fff87c69000 - 0x7fff87c6efff libcache.dylib (47.0.0 - compatibility 1.0.0) <B7757E2E-5A7D-362E-AB71-785FE79E1527> /usr/lib/system/libcache.dylib 0x7fff87d2a000 - 0x7fff87d4afff libsystem_kernel.dylib (1699.22.73 - compatibility 1.0.0) <69F2F501-72D8-3B3B-8357-F4418B3E1348> /usr/lib/system/libsystem_kernel.dylib 0x7fff87d4b000 - 0x7fff87d56ff7 com.apple.speech.recognition.framework (4.0.19 - 4.0.19) <7ADAAF5B-1D78-32F2-9FFF-D2E3FBB41C2B> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/SpeechRecognition.framework/Versions/A/SpeechRecognition 0x7fff87d65000 - 0x7fff87d79ff7 com.apple.LangAnalysis (1.7.0 - 1.7.0) <04C31EF0-912A-3004-A08F-CEC27030E0B2> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/LangAnalysis.framework/Versions/A/LangAnalysis 0x7fff87d7a000 - 0x7fff87e86fff libcrypto.0.9.8.dylib (44.0.0 - compatibility 0.9.8) <3A8E1F89-5E26-3C8B-B538-81F5D61DBF8A> /usr/lib/libcrypto.0.9.8.dylib 0x7fff87e87000 - 0x7fff87ed5fff libauto.dylib (??? - ???) <D8AC8458-DDD0-3939-8B96-B6CED81613EF> /usr/lib/libauto.dylib 0x7fff87ed6000 - 0x7fff88149fff com.apple.CoreImage (7.93 - 1.0.1) <0B7D855E-A2B6-3C14-A242-2CF2165C6E7E> /System/Library/Frameworks/QuartzCore.framework/Versions/A/Frameworks/CoreImage.framework/Versions/A/CoreImage 0x7fff88159000 - 0x7fff8815aff7 libsystem_blocks.dylib (53.0.0 - compatibility 1.0.0) <8BCA214A-8992-34B2-A8B9-B74DEACA1869> /usr/lib/system/libsystem_blocks.dylib 0x7fff88183000 - 0x7fff882dcfff com.apple.audio.toolbox.AudioToolbox (1.7.2 - 1.7.2) <0AD8197C-1BA9-30CD-98F1-4CA2C6559BA8> /System/Library/Frameworks/AudioToolbox.framework/Versions/A/AudioToolbox 0x7fff882dd000 - 0x7fff882efff7 libbsm.0.dylib (??? - ???) <349BB16F-75FA-363F-8D98-7A9C3FA90A0D> /usr/lib/libbsm.0.dylib 0x7fff882f5000 - 0x7fff8831efff libJPEG.dylib (??? - ???) <64D079F9-256A-323B-A837-84628B172F21> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libJPEG.dylib 0x7fff8831f000 - 0x7fff8835efff com.apple.AE (527.7 - 527.7) <B82F7ABC-AC8B-3507-B029-969DD5CA813D> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/AE.framework/Versions/A/AE 0x7fff8835f000 - 0x7fff883f5ff7 libvMisc.dylib (325.4.0 - compatibility 1.0.0) <642D8D54-F9F5-3FBB-A96C-EEFE94C6278B> /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libvMisc.dylib 0x7fff8844a000 - 0x7fff884e4ff7 com.apple.SearchKit (1.4.0 - 1.4.0) <4E70C394-773E-3A4B-A93C-59A88ABA9509> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/SearchKit.framework/Versions/A/SearchKit 0x7fff88809000 - 0x7fff8940dfff com.apple.AppKit (6.7.3 - 1138.32) <A9EB81C6-C519-3F29-89F1-42C3E8930281> /System/Library/Frameworks/AppKit.framework/Versions/C/AppKit 0x7fff894ed000 - 0x7fff89545fff libTIFF.dylib (??? - ???) <DD797FBE-9B63-3785-A9EA-0321D113538B> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libTIFF.dylib 0x7fff89546000 - 0x7fff89562ff7 com.apple.GenerationalStorage (1.0 - 126.1) <509F52ED-E54B-3FEF-B3C2-759387B826E6> /System/Library/PrivateFrameworks/GenerationalStorage.framework/Versions/A/GenerationalStorage 0x7fff8964c000 - 0x7fff89695ff7 com.apple.framework.CoreWLAN (2.1.2 - 212.1) <B254CC2C-F1A4-3A87-96DE-B6A4113D2811> /System/Library/Frameworks/CoreWLAN.framework/Versions/A/CoreWLAN 0x7fff89716000 - 0x7fff8971cfff libmacho.dylib (800.0.0 - compatibility 1.0.0) <D86F63EC-D2BD-32E0-8955-08B5EAFAD2CC> /usr/lib/system/libmacho.dylib 0x7fff8980e000 - 0x7fff89813fff libGIF.dylib (??? - ???) <393E2DB5-9479-39A6-A75A-B5F20B852532> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libGIF.dylib 0x7fff8a54b000 - 0x7fff8a773fe7 com.apple.CoreData (104.1 - 358.13) <F1DA3110-C4DF-3F0A-A057-AEE78DE8C99D> /System/Library/Frameworks/CoreData.framework/Versions/A/CoreData 0x7fff8a7de000 - 0x7fff8a83efff libvDSP.dylib (325.4.0 - compatibility 1.0.0) <3A7521E6-5510-3FA7-AB65-79693A7A5839> /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libvDSP.dylib 0x7fff8a83f000 - 0x7fff8accffff com.apple.Safari.framework (7534 - 7534.54.16) <87A0EB0F-A7E2-325A-A4C6-CDD208088E4E> /System/Library/PrivateFrameworks/Safari.framework/Versions/A/Safari 0x7fff8acd0000 - 0x7fff8acd6fff com.apple.DiskArbitration (2.4.1 - 2.4.1) <CEA34337-63DE-302E-81AA-10D717E1F699> /System/Library/Frameworks/DiskArbitration.framework/Versions/A/DiskArbitration 0x7fff8ad44000 - 0x7fff8ad49ff7 libsystem_network.dylib (??? - ???) <5DE7024E-1D2D-34A2-80F4-08326331A75B> /usr/lib/system/libsystem_network.dylib 0x7fff8adac000 - 0x7fff8adc3fff com.apple.MultitouchSupport.framework (220.62.1 - 220.62.1) <3F8C015B-88AC-370F-B39D-B4665FB7616A> /System/Library/PrivateFrameworks/MultitouchSupport.framework/Versions/A/MultitouchSupport 0x7fff8adc4000 - 0x7fff8adfffff libsystem_info.dylib (??? - ???) <35F90252-2AE1-32C5-8D34-782C614D9639> /usr/lib/system/libsystem_info.dylib 0x7fff8ae00000 - 0x7fff8ae06fff IOSurface (??? - ???) <06FA3FDD-E6D5-391F-B60D-E98B169DAB1B> /System/Library/Frameworks/IOSurface.framework/Versions/A/IOSurface 0x7fff8af41000 - 0x7fff8af76fff com.apple.securityinterface (5.0 - 55007) <D46E73F4-D8E9-3F53-A083-B9D71ED74492> /System/Library/Frameworks/SecurityInterface.framework/Versions/A/SecurityInterface 0x7fff8af77000 - 0x7fff8afb8fff com.apple.QD (3.40 - ???) <47674D2C-BE88-388E-B1B0-03F08BFFE5FD> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/QD.framework/Versions/A/QD 0x7fff8b04b000 - 0x7fff8b04dfff libCVMSPluginSupport.dylib (??? - ???) <B2FC6EC0-1A0C-3482-A3C9-D08446E8713A> /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libCVMSPluginSupport.dylib 0x7fff8b061000 - 0x7fff8b645fff libBLAS.dylib (??? - ???) <C34F6D88-187F-33DC-8A68-C0C9D1FA36DF> /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libBLAS.dylib 0x7fff8b646000 - 0x7fff8b646fff com.apple.Accelerate (1.7 - Accelerate 1.7) <82DDF6F5-FBC3-323D-B71D-CF7ABC5CF568> /System/Library/Frameworks/Accelerate.framework/Versions/A/Accelerate 0x7fff8b647000 - 0x7fff8b664fff libxpc.dylib (77.18.0 - compatibility 1.0.0) <26C05F31-E809-3B47-AF42-1460971E3AC3> /usr/lib/system/libxpc.dylib 0x7fff8b676000 - 0x7fff8b678fff libquarantine.dylib (36.2.0 - compatibility 1.0.0) <48656562-FF20-3B55-9F93-407ACA7341C0> /usr/lib/system/libquarantine.dylib 0x7fff8b679000 - 0x7fff8b67efff libcompiler_rt.dylib (6.0.0 - compatibility 1.0.0) <98ECD5F6-E85C-32A5-98CD-8911230CB66A> /usr/lib/system/libcompiler_rt.dylib 0x7fff8b6b8000 - 0x7fff8b796fff com.apple.ImageIO.framework (3.1.1 - 3.1.1) <DB530A63-8ECF-3B53-AC9A-1692A5397E2F> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/ImageIO 0x7fff8b797000 - 0x7fff8b79efff com.apple.NetFS (4.0 - 4.0) <B9F41443-679A-31AD-B0EB-36557DAF782B> /System/Library/Frameworks/NetFS.framework/Versions/A/NetFS 0x7fff8b7e6000 - 0x7fff8b9e8fff libicucore.A.dylib (46.1.0 - compatibility 1.0.0) <38CD6ED3-C8E4-3CCD-89AC-9C3198803101> /usr/lib/libicucore.A.dylib 0x7fff8b9e9000 - 0x7fff8b9e9fff com.apple.CoreServices (53 - 53) <043C8026-8EDD-3241-B090-F589E24062EF> /System/Library/Frameworks/CoreServices.framework/Versions/A/CoreServices 0x7fff8b9ea000 - 0x7fff8b9f0ff7 libunwind.dylib (30.0.0 - compatibility 1.0.0) <1E9C6C8C-CBE8-3F4B-A5B5-E03E3AB53231> /usr/lib/system/libunwind.dylib 0x7fff8be54000 - 0x7fff8bfbbff7 com.apple.CFNetwork (520.3.2 - 520.3.2) <516B611D-E53E-3467-9211-3C5B86ABA865> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CFNetwork.framework/Versions/A/CFNetwork 0x7fff8bfec000 - 0x7fff8c040ff7 com.apple.ScalableUserInterface (1.0 - 1) <1873D7BE-2272-31A1-8F85-F70C4D706B3B> /System/Library/Frameworks/QuartzCore.framework/Versions/A/Frameworks/ScalableUserInterface.framework/Versions/A/ScalableUserInterface 0x7fff8c043000 - 0x7fff8c044fff libDiagnosticMessagesClient.dylib (??? - ???) <3DCF577B-F126-302B-BCE2-4DB9A95B8598> /usr/lib/libDiagnosticMessagesClient.dylib 0x7fff8c04e000 - 0x7fff8c0befff com.apple.datadetectorscore (3.0 - 179.4) <B4C6417F-296C-31C1-BB94-980BFCDC9175> /System/Library/PrivateFrameworks/DataDetectorsCore.framework/Versions/A/DataDetectorsCore 0x7fff8c0dc000 - 0x7fff8c102ff7 com.apple.framework.familycontrols (3.0 - 300) <DC06CF3A-2F10-3867-9498-CADAE30D0CE4> /System/Library/PrivateFrameworks/FamilyControls.framework/Versions/A/FamilyControls 0x7fff8c103000 - 0x7fff8c165ff7 com.apple.Symbolication (1.3 - 91) <B072970E-9EC1-3495-A1FA-D344C6E74A13> /System/Library/PrivateFrameworks/Symbolication.framework/Versions/A/Symbolication 0x7fff8c1b8000 - 0x7fff8c1bcff7 com.apple.CommonPanels (1.2.5 - 94) <0BB2C436-C9D5-380B-86B5-E355A7711259> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/CommonPanels.framework/Versions/A/CommonPanels 0x7fff8c24a000 - 0x7fff8c24afff com.apple.ApplicationServices (41 - 41) <03F3FA8F-8D2A-3AB6-A8E3-40B001116339> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/ApplicationServices 0x7fff8c257000 - 0x7fff8c2dcff7 com.apple.Heimdal (2.1 - 2.0) <3758B442-6175-32B8-8C17-D8ABDD589BF9> /System/Library/PrivateFrameworks/Heimdal.framework/Versions/A/Heimdal 0x7fff8c2dd000 - 0x7fff8c2ddfff com.apple.audio.units.AudioUnit (1.7.2 - 1.7.2) <04C10813-CCE5-3333-8C72-E8E35E417B3B> /System/Library/Frameworks/AudioUnit.framework/Versions/A/AudioUnit 0x7fff8c9ba000 - 0x7fff8c9d0fff libGL.dylib (??? - ???) <6A473BF9-4D35-34C6-9F8B-86B68091A9AF> /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGL.dylib 0x7fff8c9e0000 - 0x7fff8cabdfef libsystem_c.dylib (763.12.0 - compatibility 1.0.0) <FF69F06E-0904-3C08-A5EF-536FAFFFDC22> /usr/lib/system/libsystem_c.dylib 0x7fff8cafc000 - 0x7fff8cafdff7 libsystem_sandbox.dylib (??? - ???) <5087ADAD-D34D-3844-9D04-AFF93CED3D92> /usr/lib/system/libsystem_sandbox.dylib 0x7fff8cafe000 - 0x7fff8cb29ff7 com.apple.CoreServicesInternal (113.12 - 113.12) <C37DAC1A-35D2-30EC-9112-5EEECED5C461> /System/Library/PrivateFrameworks/CoreServicesInternal.framework/Versions/A/CoreServicesInternal 0x7fff8cb2a000 - 0x7fff8cb92ff7 com.apple.audio.CoreAudio (4.0.2 - 4.0.2) <DFD8F4DE-3B45-3A2E-9CBE-FD8D5DD30923> /System/Library/Frameworks/CoreAudio.framework/Versions/A/CoreAudio 0x7fff8cb93000 - 0x7fff8cbc0ff7 com.apple.opencl (1.50.69 - 1.50.69) <687265AF-E9B6-3537-89D7-7C12EB38193D> /System/Library/Frameworks/OpenCL.framework/Versions/A/OpenCL 0x7fff8cc73000 - 0x7fff8cda9fff com.apple.vImage (5.1 - 5.1) <A08B7582-67BC-3EED-813A-4833645964A7> /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vImage.framework/Versions/A/vImage 0x7fff8ce27000 - 0x7fff8ce79ff7 libGLU.dylib (??? - ???) <3C9153A0-8499-3DC0-AAA4-9FA6E488BE13> /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLU.dylib 0x7fff8cec1000 - 0x7fff8ced8fff com.apple.CFOpenDirectory (10.7 - 144) <9709423E-8484-3B26-AAE8-EF58D1B8FB3F> /System/Library/Frameworks/OpenDirectory.framework/Versions/A/Frameworks/CFOpenDirectory.framework/Versions/A/CFOpenDirectory 0x7fff8ced9000 - 0x7fff8cedaff7 libremovefile.dylib (21.1.0 - compatibility 1.0.0) <739E6C83-AA52-3C6C-A680-B37FE2888A04> /usr/lib/system/libremovefile.dylib 0x7fff8cedb000 - 0x7fff8cf1eff7 libRIP.A.dylib (600.0.0 - compatibility 64.0.0) <85D00F5C-43ED-33A9-80B4-72EB0EAE3E25> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libRIP.A.dylib 0x7fff8cf1f000 - 0x7fff8cf1ffff com.apple.vecLib (3.7 - vecLib 3.7) <9A58105C-B36E-35B5-812C-4ED693F2618F> /System/Library/Frameworks/vecLib.framework/Versions/A/vecLib 0x7fff8cf20000 - 0x7fff8cf62fff com.apple.corelocation (330.12 - 330.12) <CFDF7694-382A-30A8-8347-505BA0CAF312> /System/Library/Frameworks/CoreLocation.framework/Versions/A/CoreLocation 0x7fff8cfec000 - 0x7fff8d056ff7 com.apple.framework.IOKit (2.0 - ???) <EEEB42FD-E3E1-3A94-A771-B1993B694F17> /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit 0x7fff8d143000 - 0x7fff8dad37a7 com.apple.CoreGraphics (1.600.0 - ???) <177D9BAD-72C9-3ADF-A391-5B88C5EE623F> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/CoreGraphics 0x7fff8dad4000 - 0x7fff8db58ff7 com.apple.ApplicationServices.ATS (317.5.0 - ???) <C2B254F0-6ED8-3313-9CFC-9ACD519C8A9E> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/ATS 0x7fff8db59000 - 0x7fff8db67ff7 libkxld.dylib (??? - ???) <65BE345D-6618-3D1A-9E2B-255E629646AA> /usr/lib/system/libkxld.dylib 0x7fff8db7d000 - 0x7fff8dbaafe7 libSystem.B.dylib (159.1.0 - compatibility 1.0.0) <7BEBB139-50BB-3112-947A-F4AA168F991C> /usr/lib/libSystem.B.dylib 0x7fff8dbab000 - 0x7fff8dbadff7 com.apple.print.framework.Print (7.1 - 247.1) <8A4925A5-BAA3-373C-9B5D-03E0270C6B12> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Print.framework/Versions/A/Print 0x7fff8dbae000 - 0x7fff8dbe1ff7 com.apple.GSS (2.1 - 2.0) <57AD81CE-6320-38C9-9B66-0E5A4DEA898A> /System/Library/Frameworks/GSS.framework/Versions/A/GSS 0x7fff8dbe6000 - 0x7fff8ddbafff com.apple.CoreFoundation (6.7.1 - 635.19) <57B77925-9065-38C9-A05B-02F4F9ED007C> /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation 0x7fff8de13000 - 0x7fff8de67ff7 libFontRegistry.dylib (??? - ???) <F98926EF-FFA0-37C5-824C-02E436E21DD1> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/Resources/libFontRegistry.dylib 0x7fff8de68000 - 0x7fff8df6aff7 libxml2.2.dylib (10.3.0 - compatibility 10.0.0) <D46F371D-6422-31B7-BCE0-D80713069E0E> /usr/lib/libxml2.2.dylib 0x7fff8df6b000 - 0x7fff8df6dfff com.apple.TrustEvaluationAgent (2.0 - 1) <1F31CAFF-C1C6-33D3-94E9-11B721761DDF> /System/Library/PrivateFrameworks/TrustEvaluationAgent.framework/Versions/A/TrustEvaluationAgent 0x7fff8dfbf000 - 0x7fff8dfbffff com.apple.Accelerate.vecLib (3.7 - vecLib 3.7) <C06A140F-6114-3B8B-B080-E509303145B8> /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/vecLib 0x7fff8dfc0000 - 0x7fff8dfc1fff libunc.dylib (24.0.0 - compatibility 1.0.0) <C67B3B14-866C-314F-87FF-8025BEC2CAAC> /usr/lib/system/libunc.dylib 0x7fff8e34e000 - 0x7fff8e379ff7 libxslt.1.dylib (3.24.0 - compatibility 3.0.0) <8051A3FC-7385-3EA9-9634-78FC616C3E94> /usr/lib/libxslt.1.dylib 0x7fff8e37a000 - 0x7fff8e381fff libcopyfile.dylib (85.1.0 - compatibility 1.0.0) <172B1985-F24A-34E9-8D8B-A2403C9A0399> /usr/lib/system/libcopyfile.dylib 0x7fff8eb81000 - 0x7fff8eb8ffff libdispatch.dylib (187.7.0 - compatibility 1.0.0) <712AAEAC-AD90-37F7-B71F-293FF8AE8723> /usr/lib/system/libdispatch.dylib 0x7fff8eba6000 - 0x7fff8ebe6ff7 libcups.2.dylib (2.9.0 - compatibility 2.0.0) <29DE948E-38C4-3CC5-B528-40C691380607> /usr/lib/libcups.2.dylib 0x7fff8ebe7000 - 0x7fff8ef11ff7 com.apple.HIToolbox (1.8 - ???) <D6A0D513-4893-35B4-9FFE-865FF419F2C2> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox 0x7fff8f6a8000 - 0x7fff8f6b5fff libCSync.A.dylib (600.0.0 - compatibility 64.0.0) <CBA71562-050B-3515-92B7-8BC1E2EEEF2A> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCSync.A.dylib 0x7fff8f6df000 - 0x7fff8f6e9ff7 liblaunch.dylib (392.18.0 - compatibility 1.0.0) <39EF04F2-7F0C-3435-B785-BF283727FFBD> /usr/lib/system/liblaunch.dylib 0x7fff8f917000 - 0x7fff8fc30ff7 com.apple.Foundation (6.7.1 - 833.24) <6D4E6F93-64EF-3D41-AE80-2BB10E2E6323> /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation 0x7fff8fc36000 - 0x7fff8fc42ff7 com.apple.CrashReporterSupport (10.7.3 - 349) <5EB46C20-5ED2-37EE-A033-4B3B355059FA> /System/Library/PrivateFrameworks/CrashReporterSupport.framework/Versions/A/CrashReporterSupport 0x7fff8fc43000 - 0x7fff8fc50ff7 libbz2.1.0.dylib (1.0.5 - compatibility 1.0.0) <8EDE3492-D916-37B2-A066-3E0F054411FD> /usr/lib/libbz2.1.0.dylib 0x7fff8fc51000 - 0x7fff8fc60ff7 libxar-nossl.dylib (??? - ???) <A6ABBFB9-E4ED-38AD-BBBB-F9958B9CEFB5> /usr/lib/libxar-nossl.dylib 0x7fff8fc61000 - 0x7fff8fd66fff libFontParser.dylib (??? - ???) <0920DA16-2066-33E6-BF95-AD4B0F3C22B0> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/Resources/libFontParser.dylib 0x7fff8fd67000 - 0x7fff8fd7aff7 libCRFSuite.dylib (??? - ???) <034D4DAA-63F0-35E4-BCEF-338DD7A453DD> /usr/lib/libCRFSuite.dylib 0x7fff8fdd3000 - 0x7fff8fddaff7 com.apple.CommerceCore (1.0 - 17) <AA783B87-48D4-3CA6-8FF6-0316396022F4> /System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Frameworks/CommerceCore.framework/Versions/A/CommerceCore 0x7fff8ff8a000 - 0x7fff90451fff FaceCoreLight (1.4.7 - compatibility 1.0.0) <E9D2A69C-6E81-358C-A162-510969F91490> /System/Library/PrivateFrameworks/FaceCoreLight.framework/Versions/A/FaceCoreLight 0x7fff90452000 - 0x7fff90452fff com.apple.Cocoa (6.6 - ???) <021D4214-9C23-3CD8-AFB2-F331697A4508> /System/Library/Frameworks/Cocoa.framework/Versions/A/Cocoa 0x7fff9046e000 - 0x7fff90476fff libsystem_dnssd.dylib (??? - ???) <7749128E-D0C5-3832-861C-BC9913F774FA> /usr/lib/system/libsystem_dnssd.dylib 0x7fff90477000 - 0x7fff9047bfff libCGXType.A.dylib (600.0.0 - compatibility 64.0.0) <37517279-C92E-3217-B49A-838198B48787> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCGXType.A.dylib 0x7fff9047c000 - 0x7fff904fffef com.apple.Metadata (10.7.0 - 627.28) <1C14033A-69C9-3757-B24D-5583AEAC2CBA> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/Metadata.framework/Versions/A/Metadata 0x7fff90500000 - 0x7fff90530ff7 com.apple.DictionaryServices (1.2.1 - 158.2) <3FC86118-7553-38F7-8916-B329D2E94476> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/DictionaryServices.framework/Versions/A/DictionaryServices 0x7fff90531000 - 0x7fff90535fff libmathCommon.A.dylib (2026.0.0 - compatibility 1.0.0) <FF83AFF7-42B2-306E-90AF-D539C51A4542> /usr/lib/system/libmathCommon.A.dylib 0x7fff90536000 - 0x7fff90818fff com.apple.security (7.0 - 55110) <252F9E04-FF8A-3EA7-A38E-51DD0653663C> /System/Library/Frameworks/Security.framework/Versions/A/Security 0x7fff90819000 - 0x7fff90842ff7 com.apple.framework.Apple80211 (7.1.2 - 712.1) <B4CD34B3-D555-38D2-8FF8-E3C6A93B94EB> /System/Library/PrivateFrameworks/Apple80211.framework/Versions/A/Apple80211 0x7fff9084f000 - 0x7fff9085efff libxar.1.dylib (??? - ???) <58B07AA0-BC12-36E3-94FC-C252719A1BDF> /usr/lib/libxar.1.dylib 0x7fff9085f000 - 0x7fff908d2fff libstdc++.6.dylib (52.0.0 - compatibility 7.0.0) <6BDD43E4-A4B1-379E-9ED5-8C713653DFF2> /usr/lib/libstdc++.6.dylib 0x7fff908d3000 - 0x7fff908d6fff libRadiance.dylib (??? - ???) <CD89D70D-F177-3BAE-8A26-644EA7D5E28E> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libRadiance.dylib 0x7fff908d7000 - 0x7fff90d04fff libLAPACK.dylib (??? - ???) <4F2E1055-2207-340B-BB45-E4F16171EE0D> /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libLAPACK.dylib 0x7fff90d29000 - 0x7fff90d2cff7 com.apple.securityhi (4.0 - 1) <B37B8946-BBD4-36C1-ABC6-18EDBC573F03> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/SecurityHI.framework/Versions/A/SecurityHI 0x7fff90d2d000 - 0x7fff90d79ff7 com.apple.SystemConfiguration (1.11.2 - 1.11) <A14F3583-9CC0-397D-A50E-17217075953F> /System/Library/Frameworks/SystemConfiguration.framework/Versions/A/SystemConfiguration 0x7fff90d7a000 - 0x7fff90e6ffff libiconv.2.dylib (7.0.0 - compatibility 7.0.0) <5C40E880-0706-378F-B864-3C2BD922D926> /usr/lib/libiconv.2.dylib 0x7fff90e70000 - 0x7fff90ee5ff7 libc++.1.dylib (19.0.0 - compatibility 1.0.0) <C0EFFF1B-0FEB-3F99-BE54-506B35B555A9> /usr/lib/libc++.1.dylib 0x7fff90ee6000 - 0x7fff90f88ff7 com.apple.securityfoundation (5.0 - 55107) <6C2E7362-CB11-3CBD-BB1C-348E4B10F25A> /System/Library/Frameworks/SecurityFoundation.framework/Versions/A/SecurityFoundation 0x7fff912fa000 - 0x7fff9139afff com.apple.LaunchServices (480.27.1 - 480.27.1) <4DC96C1E-6FDE-305E-9718-E4C5C1341F56> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/LaunchServices.framework/Versions/A/LaunchServices 0x7fff91401000 - 0x7fff914e5e5f libobjc.A.dylib (228.0.0 - compatibility 1.0.0) <871E688B-CF57-3BC7-80D6-F6476DFF109B> /usr/lib/libobjc.A.dylib 0x7fff9151a000 - 0x7fff91559ff7 libGLImage.dylib (??? - ???) <348729DC-BC44-3744-B249-9DFA6498344A> /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLImage.dylib 0x7fff9155a000 - 0x7fff91876ff7 com.apple.CoreServices.CarbonCore (960.20 - 960.20) <C45CA09E-8867-3D67-BB2E-48D2E6B0D78C> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CarbonCore.framework/Versions/A/CarbonCore 0x7fff91cec000 - 0x7fff91cfcff7 com.apple.opengl (1.7.6 - 1.7.6) <C168883D-9BC5-3C38-9937-42852D719718> /System/Library/Frameworks/OpenGL.framework/Versions/A/OpenGL 0x7fff91cfd000 - 0x7fff91d12fff com.apple.speech.synthesis.framework (4.0.74 - 4.0.74) <C061ECBB-7061-3A43-8A18-90633F943295> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/SpeechSynthesis.framework/Versions/A/SpeechSynthesis 0x7fff91ee2000 - 0x7fff91f06fff com.apple.Kerberos (1.0 - 1) <1F826BCE-DA8F-381D-9C4C-A36AA0EA1CB9> /System/Library/Frameworks/Kerberos.framework/Versions/A/Kerberos 0x7fff91f07000 - 0x7fff91f49ff7 libcommonCrypto.dylib (55010.0.0 - compatibility 1.0.0) <A5B9778E-11C3-3F61-B740-1F2114E967FB> /usr/lib/system/libcommonCrypto.dylib 0x7fff91fd4000 - 0x7fff9202fff7 com.apple.HIServices (1.11 - ???) <DE8FA7FA-0A41-35D9-8473-5104F81DA934> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/HIServices.framework/Versions/A/HIServices 0x7fff92030000 - 0x7fff92058ff7 com.apple.CoreVideo (1.7 - 70.1) <98F917B2-FB53-3EA3-B548-7E97B38309A7> /System/Library/Frameworks/CoreVideo.framework/Versions/A/CoreVideo 0x7fff92059000 - 0x7fff92172fff com.apple.DesktopServices (1.6.2 - 1.6.2) <6B83172E-F539-3AF8-A76D-1F9EA357B076> /System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Versions/A/DesktopServicesPriv 0x7fff92173000 - 0x7fff921d9ff7 com.apple.coreui (1.2.1 - 165.3) <378C9221-ADE6-36D9-9944-F33AE6904E4F> /System/Library/PrivateFrameworks/CoreUI.framework/Versions/A/CoreUI 0x7fff921da000 - 0x7fff921dbfff libdnsinfo.dylib (395.6.0 - compatibility 1.0.0) <718A135F-6349-354A-85D5-430B128EFD57> /usr/lib/system/libdnsinfo.dylib 0x7fff921eb000 - 0x7fff921effff libdyld.dylib (195.5.0 - compatibility 1.0.0) <F1903B7A-D3FF-3390-909A-B24E09BAD1A5> /usr/lib/system/libdyld.dylib 0x7fff921f0000 - 0x7fff9222afe7 com.apple.DebugSymbols (2.1 - 87) <ED2B177C-4146-3715-91DF-D99A8ED5449A> /System/Library/PrivateFrameworks/DebugSymbols.framework/Versions/A/DebugSymbols External Modification Summary: Calls made by other processes targeting this process: task_for_pid: 2 thread_create: 0 thread_set_state: 0 Calls made by this process: task_for_pid: 0 thread_create: 0 thread_set_state: 0 Calls made by all processes on this machine: task_for_pid: 3171153 thread_create: 21 thread_set_state: 644845 VM Region Summary: ReadOnly portion of Libraries: Total=282.9M resident=243.1M(86%) swapped_out_or_unallocated=39.9M(14%) Writable regions: Total=1.2G written=25.0M(2%) resident=50.2M(4%) swapped_out=0K(0%) unallocated=1.1G(96%) REGION TYPE VIRTUAL =========== ======= CG shared images 1216K CoreAnimation 8312K CoreGraphics 16K CoreServices 3704K IOKit 19.9M IOKit (reserved) 512K reserved VM address space (unallocated) JS JIT generated code 256.0M JS JIT generated code (reserved) 768.0M reserved VM address space (unallocated) JS VM register file 4096K JS garbage collector 5440K MALLOC 126.4M MALLOC guard page 48K Memory tag=242 12K OpenGL GLSL 1372K OpenGL GLSL (reserved) 128K reserved VM address space (unallocated) SQLite page cache 288K STACK GUARD 56.0M Stack 13.1M VM_ALLOCATE 320K __CI_BITMAP 80K __DATA 16.6M __IMAGE 528K __LINKEDIT 120.4M __RC_CAMERAS 244K __TEXT 162.5M __UNICODE 544K mapped file 19.1M shared memory 524K =========== ======= TOTAL 1.5G TOTAL, minus reserved VM space 816.3M Model: MacPro5,1, BootROM MP51.007F.B03, 12 processors, 6-Core Intel Xeon, 2.66 GHz, 24 GB, SMC 1.39f11 Graphics: ATI Radeon HD 5770, ATI Radeon HD 5770, PCIe, 1024 MB Memory Module: DIMM 1, 4 GB, DDR3 ECC, 1333 MHz, 0x80AD, 0x484D54333531553742465238432D48392020 Memory Module: DIMM 2, 4 GB, DDR3 ECC, 1333 MHz, 0x80AD, 0x484D54333531553742465238432D48392020 Memory Module: DIMM 3, 4 GB, DDR3 ECC, 1333 MHz, 0x80AD, 0x484D54333531553742465238432D48392020 Memory Module: DIMM 5, 4 GB, DDR3 ECC, 1333 MHz, 0x80AD, 0x484D54333531553742465238432D48392020 Memory Module: DIMM 6, 4 GB, DDR3 ECC, 1333 MHz, 0x80AD, 0x484D54333531553742465238432D48392020 Memory Module: DIMM 7, 4 GB, DDR3 ECC, 1333 MHz, 0x80AD, 0x484D54333531553742465238432D48392020 AirPort: spairport_wireless_card_type_airport_extreme (0x14E4, 0x8E), Broadcom BCM43xx 1.0 (5.100.98.75.19) Bluetooth: Version 4.0.3f12, 2 service, 18 devices, 1 incoming serial ports Network Service: Ethernet 1, Ethernet, en0 Network Service: AirPort, AirPort, en2 PCI Card: ATI Radeon HD 5770, sppci_displaycontroller, Slot-1 Serial ATA Device: HL-DT-ST DVD-RW GH61N Serial ATA Device: APPLE SSD TS512C, 500.28 GB USB Device: hub_device, apple_vendor_id, 0x9136, 0xfd300000 / 11 USB Device: iPad, apple_vendor_id, 0x12a2, 0xfd330000 / 18 USB Device: USB-PS/2 Trackball, 0x046d (Logitech Inc.), 0xc401, 0xfd310000 / 19 USB Device: Keyboard Hub, apple_vendor_id, 0x1006, 0xfd320000 / 16 USB Device: Apple Keyboard, apple_vendor_id, 0x0220, 0xfd322000 / 17 USB Device: hub_device, apple_vendor_id, 0x9137, 0xfd340000 / 12 USB Device: Display iSight, apple_vendor_id, 0x8508, 0xfd342000 / 15 USB Device: Apple LED Cinema Display, apple_vendor_id, 0x9236, 0xfd343000 / 14 USB Device: Display Audio, apple_vendor_id, 0x2912, 0xfd341000 / 13 USB Device: BRCM2046 Hub, 0x0a5c (Broadcom Corp.), 0x4500, 0x5a100000 / 2 USB Device: Bluetooth USB Host Controller, apple_vendor_id, 0x8215, 0x5a110000 / 5 FireWire Device: built-in_hub, 800mbit_speed 641507 1 wingo 2012-06-05 07:12:03 -0700 I can indeed reproduce this bug. 641531 2 wingo 2012-06-05 07:39:42 -0700 BT with arguments: Program received signal SIGSEGV, Segmentation fault. 0x00007ffff205e9b5 in JSC::DFG::Node::deref (this=0x11c1550) at ../../Source/JavaScriptCore/dfg/DFGNode.h:728 728 ASSERT(m_refCount); (gdb) bt #0 0x00007ffff205e9b5 in JSC::DFG::Node::deref (this=0x11c1550) at ../../Source/JavaScriptCore/dfg/DFGNode.h:728 #1 0x00007ffff205eb12 in JSC::DFG::Graph::deref (this=0x7fffffffb5e0, nodeIndex=864) at ../../Source/JavaScriptCore/dfg/DFGGraph.h:114 #2 0x00007ffff205eb55 in JSC::DFG::Graph::deref (this=0x7fffffffb5e0, nodeUse=...) at ../../Source/JavaScriptCore/dfg/DFGGraph.h:119 #3 0x00007ffff209eb2b in JSC::DFG::Graph::derefChildren (this=0x7fffffffb5e0, op=864) at ../../Source/JavaScriptCore/dfg/DFGGraph.cpp:375 #4 0x00007ffff205eb27 in JSC::DFG::Graph::deref (this=0x7fffffffb5e0, nodeIndex=864) at ../../Source/JavaScriptCore/dfg/DFGGraph.h:115 #5 0x00007ffff208891d in JSC::DFG::CFGSimplificationPhase::removePotentiallyDeadPhiReference (this=0x7fffffffb560, myNodeIndex=864, phiNode=..., edgeIndex=0) at ../../Source/JavaScriptCore/dfg/DFGCFGSimplificationPhase.cpp:425 #6 0x00007ffff2088799 in JSC::DFG::CFGSimplificationPhase::fixPhis (this=0x7fffffffb560, sourceBlockIndex=10, destinationBlockIndex=10) at ../../Source/JavaScriptCore/dfg/DFGCFGSimplificationPhase.cpp:392 #7 0x00007ffff20880a9 in JSC::DFG::CFGSimplificationPhase::killUnreachable (this=0x7fffffffb560, blockIndex=10) at ../../Source/JavaScriptCore/dfg/DFGCFGSimplificationPhase.cpp:259 #8 0x00007ffff2087f40 in JSC::DFG::CFGSimplificationPhase::run (this=0x7fffffffb560) at ../../Source/JavaScriptCore/dfg/DFGCFGSimplificationPhase.cpp:239 #9 0x00007ffff2089ffa in JSC::DFG::runPhase<JSC::DFG::CFGSimplificationPhase> (graph=...) at ../../Source/JavaScriptCore/dfg/DFGPhase.h:82 #10 0x00007ffff20870ab in JSC::DFG::performCFGSimplification (graph=...) at ../../Source/JavaScriptCore/dfg/DFGCFGSimplificationPhase.cpp:723 #11 0x00007ffff20980c6 in JSC::DFG::compile (compileMode=JSC::DFG::CompileFunction, exec=0x7fff9b1f9140, codeBlock=0x1173b20, jitCode=..., jitCodeWithArityCheck=0x7fff9b010b68) at ../../Source/JavaScriptCore/dfg/DFGDriver.cpp:84 #12 0x00007ffff2097744 in JSC::DFG::tryCompileFunction (exec=0x7fff9b1f9140, codeBlock=0x1173b20, jitCode=..., jitCodeWithArityCheck=...) at ../../Source/JavaScriptCore/dfg/DFGDriver.cpp:128 #13 0x00007ffff2216909 in JSC::jitCompileFunctionIfAppropriate (exec=0x7fff9b1f9140, codeBlock=..., jitCode=..., jitCodeWithArityCheck=..., symbolTable=@0x7fff9b010bd8: 0x10c2ad0, jitType=JSC::JITCode::DFGJIT, effort=JSC::JITCompilationCanFail) at ../../Source/JavaScriptCore/jit/JITDriver.h:95 #14 0x00007ffff2216bbe in JSC::prepareFunctionForExecution (exec=0x7fff9b1f9140, codeBlock=..., jitCode=..., jitCodeWithArityCheck=..., symbolTable=@0x7fff9b010bd8: 0x10c2ad0, jitType=JSC::JITCode::DFGJIT, kind=JSC::CodeForCall) at ../../Source/JavaScriptCore/runtime/ExecutionHarness.h:64 #15 0x00007ffff2214a42 in JSC::FunctionExecutable::compileForCallInternal (this=0x7fff9b010b20, exec=0x7fff9b1f9140, scopeChainNode=0x7fff9ad8cfc0, jitType=JSC::JITCode::DFGJIT) at ../../Source/JavaScriptCore/runtime/Executable.cpp:554 #16 0x00007ffff2213e93 in JSC::FunctionExecutable::compileOptimizedForCall (this=0x7fff9b010b20, exec=0x7fff9b1f9140, scopeChainNode=0x7fff9ad8cfc0) at ../../Source/JavaScriptCore/runtime/Executable.cpp:465 #17 0x00007ffff1fe3317 in JSC::FunctionExecutable::compileOptimizedFor (this=0x7fff9b010b20, exec=0x7fff9b1f9140, scopeChainNode=0x7fff9ad8cfc0, kind=JSC::CodeForCall) at ../../Source/JavaScriptCore/runtime/Executable.h:586 #18 0x00007ffff1fdfe0b in JSC::FunctionCodeBlock::compileOptimized (this=0x10c4060, exec=0x7fff9b1f9140, scopeChainNode=0x7fff9ad8cfc0) at ../../Source/JavaScriptCore/bytecode/CodeBlock.cpp:2473 #19 0x00007ffff216d865 in JSC::cti_optimize_from_ret (args=0x7fffffffd9c0) at ../../Source/JavaScriptCore/jit/JITStubs.cpp:2070 #20 0x00007ffff2169bbc in JSC::JITThunks::tryCacheGetByID (callFrame=0x7fffffffd8d0, codeBlock=0x7fff9b010b20, returnAddress=..., baseValue=..., propertyName=..., slot=..., stubInfo=0x7fff98a8e880) at ../../Source/JavaScriptCore/jit/JITStubs.cpp:970 The function being optimized is pretty large: #12 0x00007ffff2097744 in JSC::DFG::tryCompileFunction (exec=0x7fff9b1f9140, codeBlock=0x1173b20, jitCode=..., jitCodeWithArityCheck=...) at ../../Source/JavaScriptCore/dfg/DFGDriver.cpp:128 128 return compile(CompileFunction, exec, codeBlock, jitCode, &jitCodeWithArityCheck); (gdb) call codeBlock->dump(exec) 1261 m_instructions; 10088 bytes at 0x1173b20 (FunctionCode); 1 parameter(s); 31 callee register(s); 16 variable(s) [ 0] enter [ 1] convert_this r-7 [ 4] get_by_id r0, r-7, _segments(@id0) llint() [ 13] get_by_id r1, r0, length(@id1) llint() [ 22] mov r2, r1 [ 25] jnlesseq r1, Int32: 2(@k0), 6(->31) [ 29] ret Undefined(@k1) [ 31] get_by_id r16, r-7, _closed(@id2) llint() [ 40] jfalse r16, 79(->119) [ 43] get_global_var r19, 0 [ 47] method_check [ 47] get_by_id r16, r19, min(@id3) llint() [ 57] mov r18, r1 [ 60] mov r17, Int32: 4(@k2) [ 63] call r16, 3, 26 llint(not set) [ 69] op_call_put_result r3 [ 72] mov r16, r2 [ 75] get_global_var r20, 0 [ 79] method_check [ 79] get_by_id r17, r20, min(@id3) llint() [ 89] mov r19, r1 [ 92] mov r18, r3 [ 95] call r17, 3, 27 llint(not set) [ 101] op_call_put_result r17 [ 104] mul r17, r17, Int32: 2(@k0) [ 109] add r16, r16, r17 [ 114] mov r2, r16 [ 117] jmp 5(->122) [ 119] mov r3, Int32: 0(@k3) [ 122] new_array r4, r0, 0 [ 126] mov r5, Int32: 0(@k3) [ 129] jnless r5, r1, 37(->166) [ 133] loop_hint [ 134] mov r16, r4 [ 137] add r17, r5, r3 [ 142] get_by_val r18, r0, r5 [ 147] get_by_id r18, r18, _point(@id4) llint(struct = 0x7fff98aac660 (offset = 0)) [ 156] put_by_val r16, r17, r18 [ 160] pre_inc r5 [ 162] loop_if_less r5, r1, -29(->133) [ 166] get_by_id r16, r-7, _closed(@id2) llint() [ 175] jfalse r16, 84(->259) [ 178] mov r5, Int32: 0(@k3) [ 181] jnless r5, r3, 76(->257) [ 185] loop_hint [ 186] mov r16, r4 [ 189] mov r17, r5 [ 192] add r18, r5, r1 [ 197] sub r18, r18, r3 [ 202] get_by_val r18, r0, r18 [ 207] get_by_id r18, r18, _point(@id4) llint() [ 216] put_by_val r16, r17, r18 [ 220] mov r16, r4 [ 223] add r18, r5, r1 [ 228] add r17, r18, r3 [ 233] get_by_val r18, r0, r5 [ 238] get_by_id r18, r18, _point(@id4) llint() [ 247] put_by_val r16, r17, r18 [ 251] pre_inc r5 [ 253] loop_if_less r5, r3, -68(->185) [ 257] jmp 4(->261) [ 259] pre_dec r2 [ 261] new_array r6, r0, 0 [ 265] mov r5, Int32: 1(@k4) [ 268] sub r16, r2, Int32: 1(@k4) [ 273] jnless r5, r16, 74(->347) [ 277] loop_hint [ 278] mov r16, r6 [ 281] mov r17, r5 [ 284] get_by_val r18, r4, r5 [ 289] get_by_id r18, r18, _x(@id5) llint(struct = 0x7fff9ad5e320 (offset = 0)) [ 298] mul r18, Int32: 4(@k2), r18 [ 303] add r19, r5, Int32: 1(@k4) [ 308] get_by_val r19, r4, r19 [ 313] get_by_id r19, r19, _x(@id5) llint(struct = 0x7fff9ad5e320 (offset = 0)) [ 322] mul r19, Int32: 2(@k0), r19 [ 327] add r18, r18, r19 [ 332] put_by_val r16, r17, r18 [ 336] pre_inc r5 [ 338] sub r16, r2, Int32: 1(@k4) [ 343] loop_if_less r5, r16, -66(->277) [ 347] mov r16, r6 [ 350] mov r17, Int32: 0(@k3) [ 353] get_by_val r18, r4, Int32: 0(@k3) [ 358] get_by_id r18, r18, _x(@id5) llint(struct = 0x7fff9ad5e320 (offset = 0)) [ 367] get_by_val r19, r4, Int32: 1(@k4) [ 372] get_by_id r19, r19, _x(@id5) llint(struct = 0x7fff9ad5e320 (offset = 0)) [ 381] mul r19, Int32: 2(@k0), r19 [ 386] add r18, r18, r19 [ 391] put_by_val r16, r17, r18 [ 395] mov r16, r6 [ 398] sub r17, r2, Int32: 1(@k4) [ 403] sub r18, r2, Int32: 1(@k4) [ 408] get_by_val r18, r4, r18 [ 413] get_by_id r18, r18, _x(@id5) llint(struct = 0x7fff9ad5e320 (offset = 0)) [ 422] mul r18, Int32: 3(@k5), r18 [ 427] put_by_val r16, r17, r18 [ 431] get_scoped_var r16, 3, 0 [ 436] mov r18, Undefined(@k1) [ 439] mov r17, r6 [ 442] call r16, 2, 25 llint(0x7fff9ada97e0, exec 0x7fff9b010ce0) [ 448] op_call_put_result r7 [ 451] mov r5, Int32: 1(@k4) [ 454] sub r16, r2, Int32: 1(@k4) [ 459] jnless r5, r16, 74(->533) [ 463] loop_hint [ 464] mov r16, r6 [ 467] mov r17, r5 [ 470] get_by_val r18, r4, r5 [ 475] get_by_id r18, r18, _y(@id6) llint(struct = 0x7fff9ad5e320 (offset = 1)) [ 484] mul r18, Int32: 4(@k2), r18 [ 489] add r19, r5, Int32: 1(@k4) [ 494] get_by_val r19, r4, r19 [ 499] get_by_id r19, r19, _y(@id6) llint(struct = 0x7fff9ad5e320 (offset = 1)) [ 508] mul r19, Int32: 2(@k0), r19 [ 513] add r18, r18, r19 [ 518] put_by_val r16, r17, r18 [ 522] pre_inc r5 [ 524] sub r16, r2, Int32: 1(@k4) [ 529] loop_if_less r5, r16, -66(->463) [ 533] mov r16, r6 [ 536] mov r17, Int32: 0(@k3) [ 539] get_by_val r18, r4, Int32: 0(@k3) [ 544] get_by_id r18, r18, _y(@id6) llint(struct = 0x7fff9ad5e320 (offset = 1)) [ 553] get_by_val r19, r4, Int32: 1(@k4) [ 558] get_by_id r19, r19, _y(@id6) llint(struct = 0x7fff9ad5e320 (offset = 1)) [ 567] mul r19, Int32: 2(@k0), r19 [ 572] add r18, r18, r19 [ 577] put_by_val r16, r17, r18 [ 581] mov r16, r6 [ 584] sub r17, r2, Int32: 1(@k4) [ 589] sub r18, r2, Int32: 1(@k4) [ 594] get_by_val r18, r4, r18 [ 599] get_by_id r18, r18, _y(@id6) llint(struct = 0x7fff9ad5e320 (offset = 1)) [ 608] mul r18, Int32: 3(@k5), r18 [ 613] put_by_val r16, r17, r18 [ 617] get_scoped_var r16, 3, 0 [ 622] mov r18, Undefined(@k1) [ 625] mov r17, r6 [ 628] call r16, 2, 25 llint(0x7fff9ada97e0, exec 0x7fff9b010ce0) [ 634] op_call_put_result r8 [ 637] get_by_id r16, r-7, _closed(@id2) llint() [ 646] jfalse r16, 184(->830) [ 649] mov r5, Int32: 0(@k3) [ 652] mov r9, r1 [ 655] jnless r5, r3, 173(->828) [ 659] loop_hint [ 660] div r10, r5, r3 [ 665] sub r11, Int32: 1(@k4), r10 [ 670] mov r16, r7 [ 673] mov r17, r9 [ 676] get_by_val r18, r7, r5 [ 681] mul r18, r18, r10 [ 686] get_by_val r19, r7, r9 [ 691] mul r19, r19, r11 [ 696] add r18, r18, r19 [ 701] put_by_val r16, r17, r18 [ 705] mov r16, r8 [ 708] mov r17, r9 [ 711] get_by_val r18, r8, r5 [ 716] mul r18, r18, r10 [ 721] get_by_val r19, r8, r9 [ 726] mul r19, r19, r11 [ 731] add r18, r18, r19 [ 736] put_by_val r16, r17, r18 [ 740] add r12, r5, r3 [ 745] add r13, r9, r3 [ 750] mov r16, r7 [ 753] mov r17, r13 [ 756] get_by_val r18, r7, r12 [ 761] mul r18, r18, r11 [ 766] get_by_val r19, r7, r13 [ 771] mul r19, r19, r10 [ 776] add r18, r18, r19 [ 781] put_by_val r16, r17, r18 [ 785] mov r16, r8 [ 788] mov r17, r13 [ 791] get_by_val r18, r8, r12 [ 796] mul r18, r18, r11 [ 801] get_by_val r19, r8, r13 [ 806] mul r19, r19, r10 [ 811] add r18, r18, r19 [ 816] put_by_val r16, r17, r18 [ 820] pre_inc r5 [ 822] pre_inc r9 [ 824] loop_if_less r5, r3, -165(->659) [ 828] pre_dec r2 [ 830] mov r14, Null(@k6) [ 833] mov r5, r3 [ 836] sub r16, r2, r3 [ 841] jnlesseq r5, r16, 339(->1180) [ 845] loop_hint [ 846] sub r16, r5, r3 [ 851] get_by_val r15, r0, r16 [ 856] jfalse r14, 53(->909) [ 859] mov r18, r15 [ 862] method_check [ 862] get_by_id r16, r18, setHandleIn(@id7) llint() [ 872] mov r20, r14 [ 875] method_check [ 875] get_by_id r17, r20, subtract(@id8) llint() [ 885] get_by_id r19, r15, _point(@id4) llint(struct = 0x7fff98aac660 (offset = 0)) [ 894] call r17, 2, 27 llint(0x7fff9afd9120, exec 0x7fffa0084320) [ 900] op_call_put_result r17 [ 903] call r16, 2, 25 llint(0x7fff9ae61b00, exec 0x7fff9b034400) [ 909] jnless r5, r2, 260(->1169) [ 913] mov r18, r15 [ 916] method_check [ 916] get_by_id r16, r18, setHandleOut(@id9) llint() [ 926] get_scoped_var r21, 6, 1 [ 931] get_by_val r23, r7, r5 [ 936] get_by_val r22, r8, r5 [ 941] construct r21, 3, 31 llint(0x7fff9afd7f20, exec 0x7fff9b013440) [ 947] op_call_put_result r20 [ 950] method_check [ 950] get_by_id r17, r20, subtract(@id8) llint() [ 960] get_by_id r19, r15, _point(@id4) llint(struct = 0x7fff98aac660 (offset = 0)) [ 969] call r17, 2, 27 llint(0x7fff9afd9120, exec 0x7fffa0084320) [ 975] op_call_put_result r17 [ 978] call r16, 2, 25 llint(0x7fff9ae61a40, exec 0x7fff9b034240) [ 984] sub r16, r2, Int32: 1(@k4) [ 989] jnless r5, r16, 98(->1087) [ 993] get_scoped_var r16, 6, 1 [ 998] add r20, r5, Int32: 1(@k4) [1003] get_by_val r20, r4, r20 [1008] get_by_id r20, r20, _x(@id5) llint(struct = 0x7fff9ad5e320 (offset = 0)) [1017] mul r20, Int32: 2(@k0), r20 [1022] add r21, r5, Int32: 1(@k4) [1027] get_by_val r21, r7, r21 [1032] sub r18, r20, r21 [1037] add r20, r5, Int32: 1(@k4) [1042] get_by_val r20, r4, r20 [1047] get_by_id r20, r20, _y(@id6) llint(struct = 0x7fff9ad5e320 (offset = 1)) [1056] mul r20, Int32: 2(@k0), r20 [1061] add r21, r5, Int32: 1(@k4) [1066] get_by_val r21, r8, r21 [1071] sub r17, r20, r21 [1076] construct r16, 3, 26 llint(0x7fff9afd7f20, exec 0x7fff9b013440) [1082] op_call_put_result r14 [1085] jmp 84(->1169) [1087] get_scoped_var r16, 6, 1 [1092] get_by_val r20, r4, r2 [1097] get_by_id r20, r20, _x(@id5) llint(struct = 0x7fff9ad5e320 (offset = 0)) [1106] sub r21, r2, Int32: 1(@k4) [1111] get_by_val r21, r7, r21 [1116] add r20, r20, r21 [1121] div r18, r20, Int32: 2(@k0) [1126] get_by_val r20, r4, r2 [1131] get_by_id r20, r20, _y(@id6) llint(struct = 0x7fff9ad5e320 (offset = 1)) [1140] sub r21, r2, Int32: 1(@k4) [1145] get_by_val r21, r8, r21 [1150] add r20, r20, r21 [1155] div r17, r20, Int32: 2(@k0) [1160] construct r16, 3, 26 llint(0x7fff9afd7f20, exec 0x7fff9b013440) [1166] op_call_put_result r14 [1169] pre_inc r5 [1171] sub r16, r2, r3 [1176] loop_if_lesseq r5, r16, -331(->845) [1180] get_by_id r16, r-7, _closed(@id2) llint() [1189] jfalse r16, 70(->1259) [1192] jfalse r14, 67(->1259) [1195] get_by_id r16, r-7, _segments(@id0) llint() [1204] get_by_val r15, r16, Int32: 0(@k3) [1209] mov r18, r15 [1212] method_check [1212] get_by_id r16, r18, setHandleIn(@id7) llint() [1222] mov r20, r14 [1225] method_check [1225] get_by_id r17, r20, subtract(@id8) llint() [1235] get_by_id r19, r15, _point(@id4) llint() [1244] call r17, 2, 27 llint(not set) [1250] op_call_put_result r17 [1253] call r16, 2, 25 llint(not set) [1259] ret Undefined(@k1) Identifiers: id0 = _segments id1 = length id2 = _closed id3 = min id4 = _point id5 = _x id6 = _y id7 = setHandleIn id8 = subtract id9 = setHandleOut Constants: k0 = Int32: 2 k1 = Undefined k2 = Int32: 4 k3 = Int32: 0 k4 = Int32: 1 k5 = Int32: 3 k6 = Null k7 = False k8 = Double: 4010000000000000, 4.000000 k9 = Double: 4000000000000000, 2.000000 k10 = Double: 4008000000000000, 3.000000 641533 3 wingo 2012-06-05 07:41:23 -0700 The suspicious thing to me is this: #6 0x00007ffff2088799 in JSC::DFG::CFGSimplificationPhase::fixPhis (this=0x7fffffffb560, sourceBlockIndex=10, destinationBlockIndex=10) at ../../Source/JavaScriptCore/dfg/DFGCFGSimplificationPhase.cpp:392 That the source and destination block indexes are the same. I wonder if this case is handled correctly. Still investigating. 641542 4 wingo 2012-06-05 07:46:35 -0700 For the record, the dataflow dump output for block 10. Block #10 (bc#185): (skipped) (OSR target) Predecessors: Phi Nodes: 123: < 1:-> Phi(, r4(HK<Array>)) predicting Array, double ratio 0.000000 126: < 1:-> Phi(, r5(VC<Int32>)) predicting Int, double ratio 0.000000 129: < 1:-> Phi(, r1(HG<Int32>)) predicting Int, double ratio 0.000000 133: < 1:-> Phi(, r3(BL<Int32>)) predicting Int, double ratio 0.000000 138: < 1:-> Phi(, r0(KI<Array>)) predicting Array, double ratio 0.000000 864: skipped < 0:-> Phi(@864, , r2(CB<Int32>)) 897: < 1:-> Phi(@897, , arg0(GL<Final>)) predicting Final, double ratio 0.000000 159: skipped < 0:-> Phi(@126, , r5(VC<Int32>)) 164: skipped < 0:-> Phi(@133, , r3(BL<Int32>)) 813: skipped < 0:-> Phi(@138, , r0(KI<Array>)) 846: skipped < 0:-> Phi(@129, , r1(HG<Int32>)) 856: skipped < 0:-> Phi(@123, , r4(HK<Array>)) 863: skipped < 0:-> Phi(@864, , r2(CB<Int32>)) 896: skipped < 0:-> Phi(@897, , arg0(GL<Final>)) vars before: <empty> var links: @897 : @139 @130 @864 @134 @124 @127 - - - - - - - - - - - - - - - - - - - - - - - - - 122: <!0:-> Phantom(MustGenerate) 124: < 2:-> GetLocal(@123, ResultJS|UsedAsNum|NeedsNegZero|CanExit, r4(HK<Array>)) predicting Array, double ratio 0.000000 125: skipped < 0:-> SetLocal(@124<Array>, r16(GC)) 127: < 6:-> GetLocal(@126, ResultJS|UsedAsNum|NeedsNegZero|UsedAsInt|CanExit, r5(VC<Int32>)) predicting Int, double ratio 0.000000 128: skipped < 0:-> SetLocal(@127<Int32>, r17(IC)) 130: < 2:-> GetLocal(@129, ResultJS|UsedAsNum|NeedsNegZero|UsedAsInt|CanExit, r1(HG<Int32>)) predicting Int, double ratio 0.000000 131: <!1:-> ValueAdd(@127<Int32>, @130<Int32>, ResultJS|MustGenerate|MightClobber|UsedAsNum|NeedsNegZero|UsedAsInt|CanExit) 132: skipped < 0:-> SetLocal(@131<Int32>, r18(KC)) 134: < 3:-> GetLocal(@133, ResultJS|UsedAsNum|NeedsNegZero|UsedAsInt|CanExit, r3(BL<Int32>)) predicting Int, double ratio 0.000000 135: <!2:-> ArithSub(@131<Int32>, @134<Int32>, ResultNumber|MustGenerate|UsedAsNum|NeedsNegZero|UsedAsInt|CanExit) 136: skipped < 0:-> SetLocal(@135<Int32>, r18(MC)) 137: <!0:-> ForceOSRExit(MustGenerate|CanExit) 139: < 4:-> GetLocal(@138, ResultJS|UsedAsNum|NeedsNegZero|CanExit, r0(KI<Array>)) predicting Array, double ratio 0.000000 140: <!1:-> GetIndexedPropertyStorage(@139<Array>, @135<Int32>, ResultStorage|MustGenerate|CanExit) 141: <!1:-> GetByVal(@139<Array>, @135<Int32>, @140<Other>, ResultJS|MustGenerate|MightClobber|UsedAsNum|NeedsNegZero|CanExit) predicting None 142: skipped < 0:-> SetLocal(@141, r18(OC)) 143: <!1:-> GetById(@141, ResultJS|MustGenerate|ClobbersWorld|UsedAsNum|NeedsNegZero|CanExit, id4{_point}) predicting None 144: skipped < 0:-> SetLocal(@143, r18(PC)) 145: <!0:-> PutByVal(@124<Array>, @127<Int32>, @143, MustGenerate|ClobbersWorld|CanExit) 146: skipped < 0:-> SetLocal(@124<Array>, r16(QC)) 147: <!1:-> ValueAdd(@127<Int32>, @130<Int32>, ResultJS|MustGenerate|MightClobber|UsedAsNum|UsedAsInt|CanExit) 148: skipped < 0:-> SetLocal(@147<Int32>, r18(RC)) 149: <!1:-> ValueAdd(@147<Int32>, @134<Int32>, ResultJS|MustGenerate|MightClobber|UsedAsNum|UsedAsInt|CanExit) 150: skipped < 0:-> SetLocal(@149<Int32>, r17(SC)) 151: <!0:-> ForceOSRExit(MustGenerate|CanExit) 152: <!1:-> GetIndexedPropertyStorage(@139<Array>, @127<Int32>, ResultStorage|MustGenerate|CanExit) 153: <!1:-> GetByVal(@139<Array>, @127<Int32>, @152<Other>, ResultJS|MustGenerate|MightClobber|UsedAsNum|NeedsNegZero|CanExit) predicting None 154: skipped < 0:-> SetLocal(@153, r18(TC)) 155: <!1:-> GetById(@153, ResultJS|MustGenerate|ClobbersWorld|UsedAsNum|NeedsNegZero|CanExit, id4{_point}) predicting None 156: skipped < 0:-> SetLocal(@155, r18(UC)) 157: <!0:-> PutByVal(@124<Array>, @149<Int32>, @155, MustGenerate|ClobbersWorld|CanExit) 158: <!0:-> Phantom(MustGenerate) 160: skipped < 0:-> GetLocal(@126, ResultJS|UsedAsNum|NeedsNegZero|UsedAsInt|CanExit, r5(VC<Int32>)) 161: < 1:-> JSConstant(ResultJS|UsedAsNum|NeedsNegZero|UsedAsInt, $4 = Int32: 1) 162: <!1:-> ArithAdd(@127<Int32>, @161<Int32>, ResultNumber|MustGenerate|UsedAsNum|NeedsNegZero|UsedAsInt|CanExit) 163: skipped < 0:-> SetLocal(@162<Int32>, r5(VC<Int32>)) 165: skipped < 0:-> GetLocal(@133, ResultJS|UsedAsNum|NeedsNegZero|CanExit, r3(BL<Int32>)) 166: <!1:-> CompareLess(@162<Int32>, @134<Int32>, ResultBoolean|MustGenerate|MightClobber|UsedAsNum|NeedsNegZero|CanExit) 167: <!0:-> Branch(@166<Boolean>, MustGenerate|CanExit, T:#10, F:#12) vars after: <empty> var links: @897 : @139 @130 @864 @134 @124 @163 - - - - - - - - - - @146 @150 @156 - - - - - - - - - - - - 641582 5 wingo 2012-06-05 08:25:53 -0700 Interestingly, earlier in the CFG simplification phase, the phi node in question (864) had a refcount of 2. Simplifying some other part of the graph removed one of the references. Then block 10 became unreachable, and we go to kill its phi uses. The only remaining use of 864 is itself, and thus the refcount drops to 0, and the graph goes to unref its children, including itself, but its refcount is already 0, and hence this assertion. 641604 6 wingo 2012-06-05 08:51:59 -0700 If my analysis is right, I'm not sure what the right fix is. One can easily have arbitrarily long cycles that could exhibit similar behaviour. This patch fixes the immediate symptom: diff --git a/Source/JavaScriptCore/dfg/DFGCFGSimplificationPhase.cpp b/Source/JavaScriptCore/dfg/DFGCFGSimplificationPhase.cpp index 0f0a225..84286d3 100644 --- a/Source/JavaScriptCore/dfg/DFGCFGSimplificationPhase.cpp +++ b/Source/JavaScriptCore/dfg/DFGCFGSimplificationPhase.cpp @@ -365,6 +365,10 @@ private: void fixPhis(BlockIndex sourceBlockIndex, BlockIndex destinationBlockIndex) { + if (sourceBlockIndex == destinationBlockIndex) { + // No need to kill off phis referenced from our own block. + return; + } BasicBlock* sourceBlock = m_graph.m_blocks[sourceBlockIndex].get(); BasicBlock* destinationBlock = m_graph.m_blocks[destinationBlockIndex].get(); if (!destinationBlock) { However I get other problems on paperjs.org, including a segfault in meta balls: Program received signal SIGSEGV, Segmentation fault. 0x00007ffff1facd86 in JSC::JSCell::classInfo (this=0x0) at ../../Source/JavaScriptCore/runtime/JSCell.h:195 195 return m_classInfo; (gdb) bt #0 0x00007ffff1facd86 in JSC::JSCell::classInfo (this=0x0) at ../../Source/JavaScriptCore/runtime/JSCell.h:195 #1 0x00007ffff1faed96 in JSC::JSCell::methodTable (this=0x0) at ../../Source/JavaScriptCore/runtime/JSObject.h:536 #2 0x00007ffff20ad801 in JSC::JSValue::get (this=0x7fffffffcde0, exec=0x7fff96f963b0, propertyName=0, slot=...) at ../../Source/JavaScriptCore/runtime/JSObject.h:843 #3 0x00007ffff20ad755 in JSC::JSValue::get (this=0x7fffffffcde0, exec=0x7fff96f963b0, propertyName=0) at ../../Source/JavaScriptCore/runtime/JSObject.h:830 #4 0x00007ffff20aae9b in JSC::DFG::operationGetArgumentByVal (exec=0x7fff96f963b0, argumentsRegister=1, index=0) at ../../Source/JavaScriptCore/dfg/DFGOperations.cpp:1108 #5 0x00007fffa3a3107f in ?? () And voronoi prints out this on the console, many times: ** Message: console message: http://jonathanpuckey.com/static/rhill-voronoi-core.js @284: TypeError: 'null' is not an object Michael, can you reproduce any of these? Filip, do you have any thoughts here? 641856 7 fpizlo 2012-06-05 13:43:57 -0700 (In reply to comment #6) > If my analysis is right, I'm not sure what the right fix is. One can easily have arbitrarily long cycles that could exhibit similar behavior. Here's one answer, which is correct in general but incorrect in this particular case (see below, for the correct, but less general, answer): you call call Graph::collectGarbage(), which will reset all ref counts based on a tracing GC over the graph. > > This patch fixes the immediate symptom: > > diff --git a/Source/JavaScriptCore/dfg/DFGCFGSimplificationPhase.cpp b/Source/JavaScriptCore/dfg/DFGCFGSimplificationPhase.cpp > index 0f0a225..84286d3 100644 > --- a/Source/JavaScriptCore/dfg/DFGCFGSimplificationPhase.cpp > +++ b/Source/JavaScriptCore/dfg/DFGCFGSimplificationPhase.cpp > @@ -365,6 +365,10 @@ private: > > void fixPhis(BlockIndex sourceBlockIndex, BlockIndex destinationBlockIndex) > { > + if (sourceBlockIndex == destinationBlockIndex) { > + // No need to kill off phis referenced from our own block. > + return; > + } > BasicBlock* sourceBlock = m_graph.m_blocks[sourceBlockIndex].get(); > BasicBlock* destinationBlock = m_graph.m_blocks[destinationBlockIndex].get(); > if (!destinationBlock) { That's probably wrong, since you'll end up with Phi references to code that was deleted, which ought to almost certainly lead to hilarity. > > However I get other problems on paperjs.org, including a segfault in meta balls: > > > Program received signal SIGSEGV, Segmentation fault. > 0x00007ffff1facd86 in JSC::JSCell::classInfo (this=0x0) at ../../Source/JavaScriptCore/runtime/JSCell.h:195 > 195 return m_classInfo; > (gdb) bt > #0 0x00007ffff1facd86 in JSC::JSCell::classInfo (this=0x0) at ../../Source/JavaScriptCore/runtime/JSCell.h:195 > #1 0x00007ffff1faed96 in JSC::JSCell::methodTable (this=0x0) at ../../Source/JavaScriptCore/runtime/JSObject.h:536 > #2 0x00007ffff20ad801 in JSC::JSValue::get (this=0x7fffffffcde0, exec=0x7fff96f963b0, propertyName=0, slot=...) at ../../Source/JavaScriptCore/runtime/JSObject.h:843 > #3 0x00007ffff20ad755 in JSC::JSValue::get (this=0x7fffffffcde0, exec=0x7fff96f963b0, propertyName=0) at ../../Source/JavaScriptCore/runtime/JSObject.h:830 > #4 0x00007ffff20aae9b in JSC::DFG::operationGetArgumentByVal (exec=0x7fff96f963b0, argumentsRegister=1, index=0) at ../../Source/JavaScriptCore/dfg/DFGOperations.cpp:1108 > #5 0x00007fffa3a3107f in ?? () > > And voronoi prints out this on the console, many times: > > ** Message: console message: http://jonathanpuckey.com/static/rhill-voronoi-core.js @284: TypeError: 'null' is not an object That may well be a different bug. I'll look into it. > > Michael, can you reproduce any of these? Filip, do you have any thoughts here? Now for the (hopefully) correct answer. The problem was that fixPhis() was being used in two subtly different cases, but was assuming that it was only being used in one of them and did wrong things for the other case. Case #1, or the Jettisoned Block case: Consider the control flow graph consisting of blocks A, B, C. A initially has a branch to B and C based on some predicate (B if true, C if false). But constant folding proves this predicate to be true, leading to C being jettisoned. We then call fixPhis() with A as the source block and C as the destination block. In this case, A is a reachable block, and C may or may not be reachable (note that other reachable blocks could still jump to C). Regardless of whether or not C is reachable at this point (we don't need to know), we need to ensure that any Phis in C no longer refer to A's nodes, since A is no longer a predecessor of C. In the process of removing those Phi references, we must ensure that the thing that the Phi points to gets deref'd. Note it's also possible to have blocks A and B, where A branches to either A or B - i.e. a loop. Then A will potentially have Phi loops. But it will only have *live* Phi loops if the variables for those Phis are used outside of the loop. Hence, we will not encounter this infinite deref'ing because the Phi's ref counts will never hit zero. Case #2, or the Unreachable Block case: Consider the control flow graph consisting of blocks A, B, C, D. A initially had a branch to B and C based on some predicate (B if true, C if false). But constant folding proves this predicate to be true, leading to C being jettisoned. Initially we do case #1 above, but then we have more work to do: assume that there are no longer any other jumps to C, making C unreachable. This means that D will have Phi functions that refer into C; these must now be fixed up, since C is no longer a predecessor of D since C is unreachable. In this case we call fixPhis() with C as the source block and D as the destination block. But unlike case #1, the source block (C) is unreachable. Hence, although we need to remove references into C from D, we don't need to do any deref's. This is because all of C is going away anyway. It will cease to exist. Its ref counts don't matter. There's no point in getting them right. In this case it is certainly possible for there to be a dead cycle, and deref'ing this dead cycle will lead to infinite recursion and horror and badness. (Though the infinite recursion would be caught by an ASSERT.) It is possible to fix that by calling collectGarbage(). But we don't need to do any of that, because the ref counts of C's nodes are irrelevant - all that matters is that D just doesn't refer into C anymore. So, in short: the fix is to make fixPhis() deref only if the destination Phi is shouldGenerate() *and* if the source block is reachable. I'm testing this fix right now. 641902 8 fpizlo 2012-06-05 14:40:38 -0700 OK, I think I've fixed it. There don't appear to be any other issues. *** This bug has been marked as a duplicate of bug 88362 *** 642299 9 wingo 2012-06-06 02:28:25 -0700 Thanks for looking at it, and thanks for the explanation too!