Bug 68222

To reproduce: 1. Go to https://trac.webkit.org/ You'll hit this assertion in DFG::SpeculativeJIT::compile: ASSERT(m_bytecodeIndexForOSR != nextNode.codeOrigin.bytecodeIndex() || (!m_bytecodeIndexForOSR && !nextNode.codeOrigin.bytecodeIndex())); (gdb) p nextNode $1 = ('JSC::DFG::Node' &) @0x7fff5fbfae54: { op = JSC::DFG::JSConstant, codeOrigin = { m_bytecodeIndex = 39 }, children = { fixed = { child1 = 4294967295, child2 = 4294967295, child3 = 4294967295 }, variable = { firstChild = 4294967295, numChildren = 4294967295 } }, m_virtualRegister = 5, m_refCount = 1, m_opInfo = 0, m_opInfo2 = 1606392048 } Here's the backtrace: #0 0x0000000101cc515e in JSC::DFG::SpeculativeJIT::compile(JSC::DFG::Node&) at /Users/aroben/dev/WebKit/OpenSource/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:778 #1 0x0000000101ccb875 in JSC::DFG::SpeculativeJIT::compile(JSC::DFG::BasicBlock&) () #2 0x0000000101ccbdbf in JSC::DFG::SpeculativeJIT::compile() () #3 0x0000000101c9f36f in JSC::DFG::JITCompiler::compileBody() () #4 0x0000000101ca0426 in JSC::DFG::JITCompiler::compileFunction(JSC::JITCode&, JSC::MacroAssemblerCodePtr&) () #5 0x0000000101bdcde1 in JSC::DFG::compile(JSC::DFG::CompileMode, JSC::ExecState*, JSC::ExecState*, JSC::CodeBlock*, JSC::JITCode&, JSC::MacroAssemblerCodePtr*) () #6 0x0000000101bdcc6b in JSC::DFG::tryCompileFunction(JSC::ExecState*, JSC::ExecState*, JSC::CodeBlock*, JSC::JITCode&, JSC::MacroAssemblerCodePtr&) () #7 0x0000000101cdfb07 in JSC::FunctionExecutable::compileForCallInternal(JSC::ExecState*, JSC::ScopeChainNode*, JSC::ExecState*, JSC::JITCode::JITType) () #8 0x0000000101bfb344 in JSC::FunctionExecutable::compileForCall(JSC::ExecState*, JSC::ScopeChainNode*, JSC::ExecState*) () #9 0x0000000101cbdde3 in JSC::FunctionExecutable::compileFor(JSC::ExecState*, JSC::ScopeChainNode*, JSC::CodeSpecializationKind) () #10 0x0000000101d3cab3 in JSC::lazyLinkFor(JSC::JITStackFrame&, JSC::CodeSpecializationKind) () #11 0x0000000101d30c4c in cti_vm_lazyLinkCall () #12 0x0000000101d3a9e0 in jscGeneratedNativeCode () #13 0x0000000101cfd2a9 in JSC::JITCode::execute(JSC::RegisterFile*, JSC::ExecState*, JSC::JSGlobalData*) () #14 0x0000000101cf6302 in JSC::Interpreter::execute(JSC::EvalExecutable*, JSC::ExecState*, JSC::JSValue, int, JSC::ScopeChainNode*) () #15 0x0000000101cf5999 in JSC::Interpreter::callEval(JSC::ExecState*, JSC::RegisterFile*, JSC::Register*, int, int) () #16 0x0000000101d37e05 in cti_op_call_eval () #17 0x0000000101d3a9e0 in jscGeneratedNativeCode () #18 0x0000000101cfd2a9 in JSC::JITCode::execute(JSC::RegisterFile*, JSC::ExecState*, JSC::JSGlobalData*) () #19 0x0000000101cf9098 in JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::ScopeChainNode*, JSC::JSObject*) () #20 0x0000000101c5cb1f in JSC::evaluate(JSC::ExecState*, JSC::ScopeChainNode*, JSC::SourceCode const&, JSC::JSValue, JSC::JSValue*) () #21 0x00000001053794d1 in WebCore::JSMainThreadExecState::evaluate(JSC::ExecState*, JSC::ScopeChainNode*, JSC::SourceCode const&, JSC::JSValue, JSC::JSValue*) () #22 0x0000000105a05552 in WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld*) at /Users/aroben/dev/WebKit/OpenSource/Source/WebCore/bindings/js/ScriptController.cpp:144 #23 0x0000000105a056a9 in WebCore::ScriptController::evaluate(WebCore::ScriptSourceCode const&) () #24 0x0000000105a1b113 in WebCore::ScriptElement::executeScript(WebCore::ScriptSourceCode const&) () #25 0x0000000104fb2d45 in WebCore::HTMLScriptRunner::executePendingScriptAndDispatchEvent(WebCore::PendingScript&) () #26 0x0000000104fb2b6a in WebCore::HTMLScriptRunner::executeParsingBlockingScript() () #27 0x0000000104fb347a in WebCore::HTMLScriptRunner::executeParsingBlockingScripts() () #28 0x0000000104fb3609 in WebCore::HTMLScriptRunner::executeScriptsWaitingForLoad(WebCore::CachedResource*) () #29 0x0000000104f3a35c in WebCore::HTMLDocumentParser::notifyFinished(WebCore::CachedResource*) () #30 0x0000000104f3a3fc in non-virtual thunk to WebCore::HTMLDocumentParser::notifyFinished(WebCore::CachedResource*) () #31 0x000000010495951d in WebCore::CachedResource::checkNotify() () #32 0x000000010497177d in WebCore::CachedScript::data(WTF::PassRefPtr<WebCore::SharedBuffer>, bool) () #33 0x000000010496ffc9 in WebCore::CachedResourceRequest::didFinishLoading(WebCore::SubresourceLoader*, double) () #34 0x0000000105aea8f8 in WebCore::SubresourceLoader::didFinishLoading(double) () #35 0x00000001059cc2dc in WebCore::ResourceLoader::didFinishLoading(WebCore::ResourceHandle*, double) () #36 0x00000001059c8ba7 in -[WebCoreResourceHandleAsDelegate connectionDidFinishLoading:] ()