Bug 124371

Summary: ASSERT(divisor != 1) in JSC::DFG::SpeculativeJIT::compileArithMod
Product: WebKit Reporter: Joseph Pecoraro <joepeck>
Component: JavaScriptCoreAssignee: Nobody <webkit-unassigned>
Status: NEW    
Severity: Normal CC: fpizlo, mhahnenberg, oliver
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   

Joseph Pecoraro
Reported 2013-11-14 10:47:04 PST
At WebKit r159272. Test: (assert.js) function foo(a, b) { var h = parseFloat(a); var l = parseFloat(b); h % 1 } var result; for (var i = 0; i < 1000; ++i) result = foo(360, 100) shell> DYLD_FRAMEWORK_PATH=`pwd` ./jsc /Users/pecoraro/Desktop/assert.js ASSERTION FAILED: divisor != 1 shell> DYLD_FRAMEWORK_PATH=`pwd` ./jsc -p foo.txt /Users/pecoraro/Desktop/assert.js ASSERTION FAILED: divisor != 1 /Volumes/Data/Code/safari/OpenSource/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp(3543) : void JSC::DFG::SpeculativeJIT::compileArithMod(JSC::DFG::Node *) 1 0x1052d35d0 WTFCrash 2 0x104ed35f8 JSC::DFG::SpeculativeJIT::compileArithMod(JSC::DFG::Node*) 3 0x104f10f65 JSC::DFG::SpeculativeJIT::compile(JSC::DFG::Node*) 4 0x104ec929c JSC::DFG::SpeculativeJIT::compileCurrentBlock() 5 0x104ec9a96 JSC::DFG::SpeculativeJIT::compile() 6 0x104e5fe24 JSC::DFG::JITCompiler::compileBody() 7 0x104e61c4b JSC::DFG::JITCompiler::compileFunction() 8 0x104ebbe95 JSC::DFG::Plan::compileInThreadImpl(JSC::DFG::LongLivedState&) 9 0x104ebb672 JSC::DFG::Plan::compileInThread(JSC::DFG::LongLivedState&) 10 0x104f56274 JSC::DFG::Worklist::runThread() 11 0x104f55355 JSC::DFG::Worklist::threadFunction(void*) 12 0x105322738 WTF::threadEntryPoint(void*) 13 0x1053234e8 WTF::wtfThreadEntryPoint(void*) 14 0x7fff8fb94899 _pthread_body 15 0x7fff8fb9472a _pthread_struct_init 16 0x7fff8fb98fc9 thread_start Segmentation fault: 11 Assert was added back with: <http://trac.webkit.org/changeset/153186> <https://webkit.org/b/116793> fourthTier: clean up ArithDiv/ArithMod in the DFG
Attachments
Note You need to log in before you can comment on or make changes to this bug.