Bug 112067

Summary: Crash beneath operationCreateInlinedArguments running fast/js/dfg-create-inlined-arguments-in-closure-inline.html (32-bit only)
Product: WebKit Reporter: Michael Saboff <msaboff>
Component: JavaScriptCoreAssignee: Michael Saboff <msaboff>
Status: RESOLVED FIXED    
Severity: Normal Keywords: InRadar
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   
Attachments:
Description Flags
Patch ggaren: review+

Michael Saboff
Reported 2013-03-11 14:31:43 PDT
If you run run-webkit-tests --32-bit --debug fast/js, you will get a crash in running fast/js/dfg-create-inlined-arguments-in-closure-inline with a traceback like: ASSERTION FAILED: isCell() /Volumes/Data/src/webkit/Source/JavaScriptCore/runtime/JSCJSValueInlines.h(298) : JSC::JSCell *JSC::JSValue::asCell() const 1 0xfc657 JSC::JSValue::asCell() const 2 0x107a41 JSC::asObject(JSC::JSValue) 3 0x10c805 JSC::Register::function() const 4 0x109acc JSC::ExecState::callee() const 5 0x1dbc7c JSC::InlineCallFrame::calleeForCallFrame(JSC::ExecState*) const 6 0x2b8b8c JSC::Arguments::finishCreation(JSC::ExecState*, JSC::InlineCallFrame*) 7 0x2b7032 JSC::Arguments::create(JSC::JSGlobalData&, JSC::ExecState*, JSC::InlineCallFrame*) 8 0x2b1c6d operationCreateInlinedArguments 9 0x14bbb3e 10 0x3be164 JSC::JITCode::execute(JSC::JSStack*, JSC::ExecState*, JSC::JSGlobalData*) 11 0x3ba5be JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::JSObject*) 12 0x1e50df JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, JSC::JSValue*) 13 0x8d6a9 functionLoad(JSC::ExecState*) 14 0x14ba68f 15 0x3be164 JSC::JITCode::execute(JSC::JSStack*, JSC::ExecState*, JSC::JSGlobalData*) 16 0x3ba5be JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::JSObject*) 17 0x1e50df JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, JSC::JSValue*) 18 0x8c61e runInteractive(GlobalObject*) 19 0x8b6cc jscmain(int, char**) 20 0x8b4a7 main 21 0x93901725 start It appears that we aren't setting the tag for the inline callee. <rdar://problem/13095042>
Attachments
Patch (1.56 KB, patch)
2013-03-11 14:44 PDT, Michael Saboff 		ggaren: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Michael Saboff
Comment 1 2013-03-11 14:44:02 PDT
Created attachment 192565 [details] Patch
Geoffrey Garen
Comment 2 2013-03-11 14:45:52 PDT
Comment on attachment 192565 [details] Patch r=me
Michael Saboff
Comment 3 2013-03-11 15:38:45 PDT
Committed r145417: <http://trac.webkit.org/changeset/145417>
Note You need to log in before you can comment on or make changes to this bug.