Bug 121648

Summary:

REGRESSION(r156047): WebCore hangs inside JSC::toInt32(double)

Product:

WebKit

Reporter:

Ryosuke Niwa <rniwa>

Component:

JavaScriptCore

Assignee:

Filip Pizlo <fpizlo>

Status:

RESOLVED FIXED

Severity:

Critical

CC:

barraclough, fpizlo, ggaren, oliver, slewis

Priority:

Keywords:

InRadar, Regression

Version:

528+ (Nightly build)

Hardware:

Unspecified

OS:

Unspecified

Bug Depends on:

121064

Bug Blocks:

Attachments:

Description	Flags
the patch	mhahnenberg: review+

Description Ryosuke Niwa 2013-09-19 17:16:13 PDT

e.g.

Running Time	Self		Symbol Name
15006.0ms   44.2%	15006.0	 	JSC::toInt32(double)
3067.0ms    9.0%	0.0	 	 <Unknown Address>
2214.0ms    6.5%	0.0	 	 0x3465719f9a52
2214.0ms    6.5%	0.0	 	  JSC::JITCode::execute(JSC::JSStack*, JSC::ExecState*, JSC::VM*)
2214.0ms    6.5%	0.0	 	   JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)
2214.0ms    6.5%	0.0	 	    JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)
2214.0ms    6.5%	0.0	 	     WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext*, WebCore::Event*)
2214.0ms    6.5%	0.0	 	      WebCore::EventTarget::fireEventListeners(WebCore::Event*, WebCore::EventTargetData*, WTF::Vector<WebCore::RegisteredEventListener, 1ul, WTF::CrashOnOverflow>&)

Comment 1 Ryosuke Niwa 2013-09-19 17:18:29 PDT

<rdar://problem/15024481>

Comment 2 Filip Pizlo 2013-09-20 17:00:45 PDT

Created attachment 212246 [details]
the patch

Comment 3 Mark Hahnenberg 2013-09-20 17:04:22 PDT

Comment on attachment 212246 [details]
the patch

r=me

Comment 4 Filip Pizlo 2013-09-20 17:06:28 PDT

Landed in http://trac.webkit.org/changeset/156212