Bug 78153

Summary:

Assertion failure under JSC::DFG::AbstractState::execute loading economist.com

Product:

WebKit

Reporter:

Antti Koivisto <koivisto>

Component:

JavaScriptCore

Assignee:

Nobody <webkit-unassigned>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

fpizlo, oliver, webkit.review.bot

Priority:

Keywords:

InRadar

Version:

528+ (Nightly build)

Hardware:

Unspecified

OS:

Unspecified

URL:

http://www.economist.com

Attachments:

Description	Flags
the patch	oliver: review+

Antti Koivisto

Reported 2012-02-08 14:07:53 PST

Loading economist.com with ToT debug build I get ASSERTION FAILED: node.op == ValueAdd /Users/antti/webkit/OpenSource/Source/JavaScriptCore/dfg/DFGAbstractState.cpp(279) : bool JSC::DFG::AbstractState::execute(NodeIndex) 1 0x102ad3c26 JSC::DFG::AbstractState::execute(unsigned int) 2 0x102b331f9 JSC::DFG::Propagator::performBlockCFA(JSC::DFG::AbstractState&, unsigned int) 3 0x102b33139 JSC::DFG::Propagator::performForwardCFA(JSC::DFG::AbstractState&) 4 0x102b330b7 JSC::DFG::Propagator::globalCFA() 5 0x102b32ac6 JSC::DFG::Propagator::fixpoint() 6 0x102b32934 JSC::DFG::propagate(JSC::DFG::Graph&, JSC::JSGlobalData*, JSC::CodeBlock*) 7 0x102b0dfac JSC::DFG::compile(JSC::DFG::CompileMode, JSC::JSGlobalData&, JSC::CodeBlock*, JSC::JITCode&, JSC::MacroAssemblerCodePtr*) 8 0x102b0ddc4 JSC::DFG::tryCompileFunction(JSC::JSGlobalData&, JSC::CodeBlock*, JSC::JITCode&, JSC::MacroAssemblerCodePtr&) 9 0x102ba01b6 JSC::jitCompileFunctionIfAppropriate(JSC::JSGlobalData&, WTF::OwnPtr<JSC::FunctionCodeBlock>&, JSC::JITCode&, JSC::MacroAssemblerCodePtr&, JSC::SharedSymbolTable*&, JSC::JITCode::JITType) 10 0x102b9c357 JSC::FunctionExecutable::compileForCallInternal(JSC::ExecState*, JSC::ScopeChainNode*, JSC::JITCode::JITType) 11 0x102b9bf14 JSC::FunctionExecutable::compileOptimizedForCall(JSC::ExecState*, JSC::ScopeChainNode*) 12 0x102aa3c11 JSC::FunctionExecutable::compileOptimizedFor(JSC::ExecState*, JSC::ScopeChainNode*, JSC::CodeSpecializationKind) 13 0x102a9de0b JSC::FunctionCodeBlock::compileOptimized(JSC::ExecState*, JSC::ScopeChainNode*) 14 0x102c03a6d cti_optimize_from_ret 15 0x102c0c4d0 jscGeneratedNativeCode 16 0x102bcf879 JSC::JITCode::execute(JSC::RegisterFile*, JSC::ExecState*, JSC::JSGlobalData*) 17 0x102bcb7de JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::ScopeChainNode*, JSC::JSObject*) 18 0x102ab8612 JSC::evaluate(JSC::ExecState*, JSC::ScopeChainNode*, JSC::SourceCode const&, JSC::JSValue, JSC::JSValue*) 19 0x1042315b1 WebCore::JSMainThreadExecState::evaluate(JSC::ExecState*, JSC::ScopeChainNode*, JSC::SourceCode const&, JSC::JSValue, JSC::JSValue*) 20 0x10498699f WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld*) 21 0x104986b04 WebCore::ScriptController::evaluate(WebCore::ScriptSourceCode const&) 22 0x10499d803 WebCore::ScriptElement::executeScript(WebCore::ScriptSourceCode const&) 23 0x10499db37 WebCore::ScriptElement::execute(WebCore::CachedScript*) 24 0x1049adbcd WebCore::ScriptRunner::timerFired(WebCore::Timer<WebCore::ScriptRunner>*) 25 0x1049b1a63 WebCore::Timer<WebCore::ScriptRunner>::fired() 26 0x104c00ee7 WebCore::ThreadTimers::sharedTimerFiredInternal() 27 0x104c00cb9 WebCore::ThreadTimers::sharedTimerFired() 28 0x104a08123 _ZN7WebCoreL10timerFiredEP16__CFRunLoopTimerPv 29 0x7fff9332bc24 __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ 30 0x7fff9332b776 __CFRunLoopDoTimer 31 0x7fff9330c001 __CFRunLoopRun

Attachments
the patch (7.33 KB, patch) 2012-02-14 11:17 PST, Filip Pizlo	oliver: review+	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Filip Pizlo

Comment 1 2012-02-14 10:14:02 PST

Fascinating! Sorry I'm looking at this just now, I've been AFK for a week. Do you recall what revision it was? No worries if not. Will try to repro on current ToT.

Antti Koivisto

Comment 2 2012-02-14 10:26:22 PST

This still occurs for me with the current ToT.

Filip Pizlo

Comment 3 2012-02-14 10:28:59 PST

(In reply to comment #2) > This still occurs for me with the current ToT. Great, thanks

Filip Pizlo

Comment 4 2012-02-14 10:56:39 PST

<rdar://problem/10861712>

Filip Pizlo

Comment 5 2012-02-14 10:57:09 PST

Fix is easy. Patch forthcoming.

Filip Pizlo

Comment 6 2012-02-14 11:17:35 PST

Created attachment 126999 [details] the patch

Filip Pizlo

Comment 7 2012-02-14 13:26:51 PST

Landed in http://trac.webkit.org/changeset/107732

WebKit Review Bot

Comment 8 2012-02-15 01:24:27 PST

Attachment 126999 [details] did not pass style-queue: Failed to run "['Tools/Scripts/update-webkit']" exit_code: 9 Updating OpenSource First, rewinding head to replay your work on top of it... Applying: [Mac][Win][WK2] Switch to RFC 6455 protocol for WebSockets Using index info to reconstruct a base tree... <stdin>:1578: trailing whitespace. <stdin>:1647: trailing whitespace. <stdin>:1657: trailing whitespace. <stdin>:1672: trailing whitespace. return 0; <stdin>:1674: trailing whitespace. warning: squelched 7 whitespace errors warning: 12 lines add whitespace errors. Falling back to patching base and 3-way merge... warning: too many files (created: 168753 deleted: 3), skipping inexact rename detection Auto-merging LayoutTests/ChangeLog CONFLICT (content): Merge conflict in LayoutTests/ChangeLog Auto-merging LayoutTests/platform/wk2/Skipped Auto-merging Source/WebCore/ChangeLog Auto-merging Source/WebCore/css/CSSCalculationValue.cpp Auto-merging Source/WebCore/css/CSSCalculationValue.h Auto-merging Source/WebCore/css/CSSParser.cpp Auto-merging Source/WebKit/mac/ChangeLog CONFLICT (content): Merge conflict in Source/WebKit/mac/ChangeLog Auto-merging Source/WebKit2/ChangeLog CONFLICT (content): Merge conflict in Source/WebKit2/ChangeLog Auto-merging Tools/ChangeLog CONFLICT (content): Merge conflict in Tools/ChangeLog Failed to merge in the changes. Patch failed at 0001 [Mac][Win][WK2] Switch to RFC 6455 protocol for WebSockets When you have resolved this problem run "git rebase --continue". If you would prefer to skip this patch, instead run "git rebase --skip". To restore the original branch and stop rebasing run "git rebase --abort". rebase refs/remotes/origin/master: command returned error: 1 Died at Tools/Scripts/update-webkit line 164. If any of these errors are false positives, please file a bug against check-webkit-style.

Note You need to log in before you can comment on or make changes to this bug.