Bug 146634

Summary: ASSERTION FAILED: exec->vm().controlFlowProfiler() in functionDumpBasicBlockExecutionRanges
Product: WebKit Reporter: Renata Hodovan <rhodovan.u-szeged>
Component: JavaScriptCoreAssignee: Nobody <webkit-unassigned>
Status: NEW    
Severity: Normal CC: fpizlo, saam
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: PC   
OS: Linux   
Bug Depends on:    
Bug Blocks: 116980    
Attachments:
Description Flags
Test case none

Renata Hodovan
Reported 2015-07-06 03:56:02 PDT
Created attachment 256207 [details] Test case Load this test with debug or release jsc. An assertion fail will happen in debug and an immediate crash in release because of the release assert: Array(dumpBasicBlockExecutionRanges()); Backtrace: ASSERTION FAILED: exec->vm().controlFlowProfiler() ../../Source/JavaScriptCore/jsc.cpp(1156) : JSC::EncodedJSValue functionDumpBasicBlockExecutionRanges(JSC::ExecState*) 1 0x7ffff72d46db WTFCrash 2 0x428728 3 0x7fffb0fff0a8 [New Thread 0x7fffaf7fa700 (LWP 32247)] [New Thread 0x7fffafffb700 (LWP 32245)] [New Thread 0x7fffb07fc700 (LWP 32244)] [New Thread 0x7fffb0ffd700 (LWP 32243)] Program received signal SIGSEGV, Segmentation fault. 0x00007ffff72d46e0 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321 321 *(int *)(uintptr_t)0xbbadbeef = 0; (gdb) bt #0 0x00007ffff72d46e0 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321 #1 0x0000000000428728 in functionDumpBasicBlockExecutionRanges (exec=0x7fffffffca50) at ../../Source/JavaScriptCore/jsc.cpp:1156 #2 0x00007fffb0fff0a8 in ?? () #3 0x00007fffffffcab0 in ?? () #4 0x00007ffff727e8e9 in llint_entry () from webkit/WebKitBuild/Debug/lib/libjavascriptcore_efl.so.1
Attachments
Test case (39 bytes, application/javascript)
2015-07-06 03:56 PDT, Renata Hodovan 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Saam Barati
Comment 1 2015-07-06 18:19:06 PDT
Did you run this with: JSC_enableControlFlowProfiler=1 ? If not, this assertion is doing the right thing. It makes sure the control flow profiler is enabled.a Also, this function is only used inside JSC's stress tests.
Note You need to log in before you can comment on or make changes to this bug.