Bug 106459

Summary: [Qt] New fast/js/dfg-create-inlined-arguments-in-closure-inline.html asserts on 32 bit
Product: WebKit Reporter: Csaba Osztrogonác <ossy>
Component: JavaScriptCoreAssignee: Nobody <webkit-unassigned>
Status: RESOLVED INVALID    
Severity: Normal CC: fpizlo, hausmann, mhahnenberg, ossy
Priority: P2 Keywords: Qt, QtTriaged
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 79668, 106329    

Description Csaba Osztrogonác 2013-01-09 08:19:57 PST 
fast/js/dfg-create-inlined-arguments-in-closure-inline.html introduced in 
http://trac.webkit.org/changeset/139109, but asserts on 32 bit Qt Debug.

Here is a detailed GDB backtrace:
Program received signal SIGSEGV, Segmentation fault.
0xf4e69bc2 in JSC::JSValue::asCell (this=0xffffb690) at /mnt/raptor3/slaves/qt-linux-32-debug/build/Source/JavaScriptCore/runtime/JSValueInlines.h:295
295             ASSERT(isCell());
(gdb) bt
#0  0xf4e69bc2 in JSC::JSValue::asCell (this=0xffffb690) at /mnt/raptor3/slaves/qt-linux-32-debug/build/Source/JavaScriptCore/runtime/JSValueInlines.h:295
#1  0xf4efed60 in JSC::asObject (value=...) at /mnt/raptor3/slaves/qt-linux-32-debug/build/Source/JavaScriptCore/runtime/JSObject.h:1160
#2  0xf4f06b5a in JSC::Register::function (this=0xf12000e8) at /mnt/raptor3/slaves/qt-linux-32-debug/build/Source/JavaScriptCore/runtime/JSObject.h:1538
#3  0xf4f068d0 in JSC::ExecState::callee (this=0xf1200108) at /mnt/raptor3/slaves/qt-linux-32-debug/build/Source/JavaScriptCore/interpreter/CallFrame.h:43
#4  0xf633bef6 in JSC::InlineCallFrame::calleeForCallFrame (this=0x8188cf4, exec=0xf12000b8) at /mnt/raptor3/slaves/qt-linux-32-debug/build/Source/JavaScriptCore/bytecode/CodeOrigin.cpp:81
#5  0xf6433a82 in JSC::Arguments::finishCreation (this=0xf0f5f210, callFrame=0xf12000b8, inlineCallFrame=0x8188cf4) at /mnt/raptor3/slaves/qt-linux-32-debug/build/Source/JavaScriptCore/runtime/Arguments.h:262
#6  0xf64335ef in JSC::Arguments::create (globalData=..., callFrame=0xf12000b8, inlineCallFrame=0x8188cf4) at /mnt/raptor3/slaves/qt-linux-32-debug/build/Source/JavaScriptCore/runtime/Arguments.h:53
#7  0xf642e709 in operationCreateInlinedArguments (exec=0xf12000b8, inlineCallFrame=0x8188cf4) at /mnt/raptor3/slaves/qt-linux-32-debug/build/Source/JavaScriptCore/dfg/DFGOperations.cpp:1334
#8  0xf170bc0e in ?? ()
#9  0xf64bdf5b in JSC::JITCode::execute (this=0xf0feed74, stack=0x80d0750, callFrame=0xf1200058, globalData=0x80d38c0) at /mnt/raptor3/slaves/qt-linux-32-debug/build/Source/JavaScriptCore/jit/JITCode.h:134
#10 0xf64bb7a2 in JSC::Interpreter::execute (this=0x80d0748, program=0xf0feed60, callFrame=0xf11ffb9c, thisObj=0xf174ffe0) at /mnt/raptor3/slaves/qt-linux-32-debug/build/Source/JavaScriptCore/interpreter/Interpreter.cpp:983
#11 0xf65a1ec3 in JSC::evaluate (exec=0xf11ffb9c, source=..., thisValue=..., returnedException=0xffffc34c) at /mnt/raptor3/slaves/qt-linux-32-debug/build/Source/JavaScriptCore/runtime/Completion.cpp:75
#12 0xf4f5e60b in WebCore::JSMainThreadExecState::evaluate (exec=0xf11ffb9c, source=..., thisValue=..., exception=0xffffc34c) at /mnt/raptor3/slaves/qt-linux-32-debug/build/Source/WebCore/bindings/js/JSMainThreadExecState.h:77
#13 0xf4f7dde6 in WebCore::ScriptController::evaluateInWorld (this=0x80cb914, sourceCode=..., world=0x80d8c70) at /mnt/raptor3/slaves/qt-linux-32-debug/build/Source/WebCore/bindings/js/ScriptController.cpp:141
#14 0xf4f7def4 in WebCore::ScriptController::evaluate (this=0x80cb914, sourceCode=...) at /mnt/raptor3/slaves/qt-linux-32-debug/build/Source/WebCore/bindings/js/ScriptController.cpp:158
#15 0xf52864f2 in WebCore::ScriptElement::executeScript (this=0x810a244, sourceCode=...) at /mnt/raptor3/slaves/qt-linux-32-debug/build/Source/WebCore/dom/ScriptElement.cpp:304
#16 0xf54334a6 in WebCore::HTMLScriptRunner::executePendingScriptAndDispatchEvent (this=0x8116f98, pendingScript=...) at /mnt/raptor3/slaves/qt-linux-32-debug/build/Source/WebCore/html/parser/HTMLScriptRunner.cpp:139
#17 0xf543331b in WebCore::HTMLScriptRunner::executeParsingBlockingScript (this=0x8116f98) at /mnt/raptor3/slaves/qt-linux-32-debug/build/Source/WebCore/html/parser/HTMLScriptRunner.cpp:118
#18 0xf543380d in WebCore::HTMLScriptRunner::executeParsingBlockingScripts (this=0x8116f98) at /mnt/raptor3/slaves/qt-linux-32-debug/build/Source/WebCore/html/parser/HTMLScriptRunner.cpp:190
#19 0xf54339c7 in WebCore::HTMLScriptRunner::executeScriptsWaitingForLoad (this=0x8116f98, cachedScript=0x812f7e8) at /mnt/raptor3/slaves/qt-linux-32-debug/build/Source/WebCore/html/parser/HTMLScriptRunner.cpp:199
#20 0xf5426ab3 in WebCore::HTMLDocumentParser::notifyFinished (this=0x8129108, cachedResource=0x812f7e8) at /mnt/raptor3/slaves/qt-linux-32-debug/build/Source/WebCore/html/parser/HTMLDocumentParser.cpp:521
#21 0xf55a17f8 in WebCore::CachedResource::checkNotify (this=0x812f7e8) at /mnt/raptor3/slaves/qt-linux-32-debug/build/Source/WebCore/loader/cache/CachedResource.cpp:336
#22 0xf55ac0af in WebCore::CachedScript::data (this=0x812f7e8, data=..., allDataReceived=true) at /mnt/raptor3/slaves/qt-linux-32-debug/build/Source/WebCore/loader/cache/CachedScript.cpp:90
#23 0xf5605383 in WebCore::SubresourceLoader::didFinishLoading (this=0x812fb80, finishTime=0) at /mnt/raptor3/slaves/qt-linux-32-debug/build/Source/WebCore/loader/SubresourceLoader.cpp:276
#24 0xf55fb63f in WebCore::ResourceLoader::didFinishLoading (this=0x812fb80, finishTime=0) at /mnt/raptor3/slaves/qt-linux-32-debug/build/Source/WebCore/loader/ResourceLoader.cpp:457
#25 0xf5a6de45 in WebCore::QNetworkReplyHandler::finish (this=0x812ff10) at /mnt/raptor3/slaves/qt-linux-32-debug/build/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:511
#26 0xf5a6cab5 in WebCore::QNetworkReplyHandlerCallQueue::flush (this=0x812ff34) at /mnt/raptor3/slaves/qt-linux-32-debug/build/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:250
#27 0xf5a6c7fe in WebCore::QNetworkReplyHandlerCallQueue::push (this=0x812ff34, method=0xf5a6dc86 <WebCore::QNetworkReplyHandler::finish()>)
    at /mnt/raptor3/slaves/qt-linux-32-debug/build/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:216
#28 0xf5a6d6e4 in WebCore::QNetworkReplyWrapper::didReceiveFinished (this=0x8130b28) at /mnt/raptor3/slaves/qt-linux-32-debug/build/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:404
#29 0xf5a6ff1c in WebCore::QNetworkReplyWrapper::qt_static_metacall (_o=0x8130b28, _c=QMetaObject::InvokeMetaMethod, _id=1, _a=0xffffc89c) at .moc/release-shared/moc_QNetworkReplyHandler.cpp:173
#30 0xf3c28b23 in QMetaObject::activate(QObject*, int, int, void**) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#31 0xf3c2952a in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#32 0xf42e8a57 in QNetworkReply::finished() () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Network.so.5
#33 0xf42e8cc0 in ?? () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Network.so.5
#34 0xf3c226f7 in QMetaCallEvent::placeMetaCall(QObject*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#35 0xf3c2303d in QObject::event(QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#36 0xf45a2a6c in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Widgets.so.5
#37 0xf45a9152 in QApplication::notify(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Widgets.so.5
#38 0xf3bfb95b in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#39 0xf3c008da in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#40 0xf3c00ebd in QCoreApplication::sendPostedEvents(QObject*, int) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#41 0xf3c4c144 in ?? () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#42 0xf7a64305 in g_main_context_dispatch () from /lib/libglib-2.0.so.0
#43 0xf7a67fe8 in ?? () from /lib/libglib-2.0.so.0
#44 0xf7a681c8 in g_main_context_iteration () from /lib/libglib-2.0.so.0
#45 0xf3c4bbe3 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#46 0xf1a88267 in ?? () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/plugins/platforms/libxcb.so
#47 0xf3bf9f59 in QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#48 0xf3bfa927 in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#49 0xf3c00f79 in QCoreApplication::exec() () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#50 0xf3eabca7 in QGuiApplication::exec() () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Gui.so.5
#51 0xf45a1d77 in QApplication::exec() () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Widgets.so.5
#52 0x0806f6e1 in main (argc=2, argv=0xffffd434) at /mnt/raptor3/slaves/qt-linux-32-debug/build/Tools/DumpRenderTree/qt/DumpRenderTreeMain.cpp:203
Comment 1 Csaba Osztrogonác 2013-01-14 04:27:54 PST 
I skipped it on Qt to paint the 32 bit debug bot green - https://trac.webkit.org/changeset/139604. Please unskip it with the proper fix.
Comment 2 Csaba Osztrogonác 2013-01-15 02:37:34 PST 
ping?
Comment 3 Jocelyn Turcotte 2014-02-03 03:24:21 PST 
=== Bulk closing of Qt bugs ===

If you believe that this bug report is still relevant for a non-Qt port of webkit.org, please re-open it and remove [Qt] from the summary.

If you believe that this is still an important QtWebKit bug, please fill a new report at https://bugreports.qt-project.org and add a link to this issue. See http://qt-project.org/wiki/ReportingBugsInQt for additional guidelines.