Bug 72396

Summary: [ASSERT] in JSC::CodeBlock::reoptimizationRetryCounter
Product: WebKit Reporter: Xan Lopez <xan.lopez>
Component: JavaScriptCoreAssignee: Nobody <webkit-unassigned>
Status: RESOLVED DUPLICATE    
Severity: Normal CC: fpizlo, mrobinson, wingo, xan.lopez
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   

Xan Lopez
Reported 2011-11-15 10:28:29 PST
r100279, GNU/Linux x86/64. Fairly easy to reproduce clicking on the "N more tweets" thingie on twitter: Program received signal SIGSEGV, Segmentation fault. 0x00007ffff3d4445c in JSC::CodeBlock::reoptimizationRetryCounter (this=0x0) at ../../Source/JavaScriptCore/bytecode/CodeBlock.h:866 866 ASSERT(m_reoptimizationRetryCounter <= Heuristics::reoptimizationRetryCounterMax); (gdb) bt #0 0x00007ffff3d4445c in JSC::CodeBlock::reoptimizationRetryCounter (this=0x0) at ../../Source/JavaScriptCore/bytecode/CodeBlock.h:866 #1 0x00007ffff3dd554c in JSC::CodeBlock::largeFailCountThreshold (this=0xb438ed0) at ../../Source/JavaScriptCore/bytecode/CodeBlock.h:987 #2 0x00007ffff3dd3c45 in JSC::DFG::OSRExitCompiler::compileExit (this=0x7fffffffc2a0, exit=..., recovery=0x0) at ../../Source/JavaScriptCore/dfg/DFGOSRExitCompiler64.cpp:475 #3 0x00007ffff3dd646c in JSC::DFG::compileOSRExit (exec=0x7fff99ae6830) at ../../Source/JavaScriptCore/dfg/DFGOSRExitCompiler.cpp:59 #4 0x00007fff9b81b696 in ?? () #5 0x00007fffffffc330 in ?? () #6 0x00007fff88e684c0 in ?? () #7 0x0000000000000000 in ?? ()
Attachments
Add attachment proposed patch, testcase, etc.
Martin Robinson
Comment 1 2011-11-15 10:46:51 PST
Certainly related to the recent activation of the DFG JIT for GTK+.
Xan Lopez
Comment 2 2011-11-15 10:50:01 PST
(In reply to comment #1) > Certainly related to the recent activation of the DFG JIT for GTK+. More recent than that, I've been using the DFG JIT for some time already without issues. I believe this regression is a few days old only.
Andy Wingo
Comment 3 2011-11-16 01:59:00 PST
Related to bug 72292, perhaps.
Andy Wingo
Comment 4 2011-11-16 02:51:10 PST
I cannot reproduce this bug with current webkit, though I didn't reproduce it before either. Xan, please give it another go with current webkit.
Filip Pizlo
Comment 5 2011-11-16 04:03:45 PST
(In reply to comment #4) > I cannot reproduce this bug with current webkit, though I didn't reproduce it before either. Xan, please give it another go with current webkit. I'm almost certain that it's a dup of https://bugs.webkit.org/show_bug.cgi?id=72292. Crashes in exactly this code path were the main symptom of that bug. Please reopen if you can still repro. *** This bug has been marked as a duplicate of bug 72292 ***
Note You need to log in before you can comment on or make changes to this bug.