Bug 87994
| Summary: | ASSERTION FAILED: m_refCount in DFG::Node:deref with patch from 87158 | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Michael Saboff <msaboff> |
| Component: | JavaScriptCore | Assignee: | Nobody <webkit-unassigned> |
| Status: | RESOLVED DUPLICATE | ||
| Severity: | Major | CC: | fpizlo, wingo |
| Priority: | P2 | ||
| Version: | 528+ (Nightly build) | ||
| Hardware: | All | ||
| OS: | All | ||
| URL: | http://paperjs.org/ | ||
| Bug Depends on: | |||
| Bug Blocks: | 87158 | ||
Michael Saboff
Built ToT with the proposed patch from https://bugs.webkit.org/show_bug.cgi?id=87158 (https://bugs.webkit.org/attachment.cgi?id=144771) and got the following crash from http://paperjs.org/
Process: WebProcess [64347]
Path: /Volumes/VOLUME/*/WebKit2.framework/WebProcess.app/Contents/MacOS/WebProcess
Identifier: com.apple.WebProcess
Version: 536+ (536.9+)
Code Type: X86-64 (Native)
Parent Process: Safari [64335]
Date/Time: 2012-05-31 11:15:03.208 -0700
OS Version: Mac OS X 10.7.3 (11D50b)
Report Version: 9
Interval Since Last Report: 87438 sec
Crashes Since Last Report: 9
Per-App Interval Since Last Report: 392548 sec
Per-App Crashes Since Last Report: 1
Anonymous UUID: 56451353-948B-4034-8CD4-811F5D9F17F7
Crashed Thread: 0 Dispatch queue: com.apple.main-thread
Exception Type: EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: KERN_INVALID_ADDRESS at 0x00000000bbadbeef
VM Regions Near 0xbbadbeef:
-->
__TEXT 000000010cd45000-000000010cd46000 [ 4K] r-x/rwx SM=COW /Volumes/VOLUME/*/WebKit2.framework/WebProcess.app/Contents/MacOS/WebProcess
Application Specific Information:
objc[64347]: garbage collection is OFF
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 com.apple.JavaScriptCore 0x000000010def3d58 JSC::DFG::Node::deref() + 88 (DFGNode.h:717)
1 com.apple.JavaScriptCore 0x000000010def3cd8 JSC::DFG::Graph::deref(unsigned int) + 88 (DFGGraph.h:114)
2 com.apple.JavaScriptCore 0x000000010def1fde JSC::DFG::Graph::deref(JSC::DFG::Edge) + 46 (DFGGraph.h:120)
3 com.apple.JavaScriptCore 0x000000010def0496 JSC::DFG::Graph::derefChildren(unsigned int) + 374 (DFGGraph.cpp:375)
4 com.apple.JavaScriptCore 0x000000010def3cf1 JSC::DFG::Graph::deref(unsigned int) + 113 (DFGGraph.h:116)
5 com.apple.JavaScriptCore 0x000000010e1ab09c JSC::DFG::CFGSimplificationPhase::removePotentiallyDeadPhiReference(unsigned int, JSC::DFG::Node&, unsigned int) + 108 (DFGCFGSimplificationPhase.cpp:426)
6 com.apple.JavaScriptCore 0x000000010e1aaff8 JSC::DFG::CFGSimplificationPhase::fixPhis(unsigned int, unsigned int) + 392 (DFGCFGSimplificationPhase.cpp:391)
7 com.apple.JavaScriptCore 0x000000010e1aadff JSC::DFG::CFGSimplificationPhase::killUnreachable(unsigned int) + 287 (DFGCFGSimplificationPhase.cpp:259)
8 com.apple.JavaScriptCore 0x000000010e1a98e2 JSC::DFG::CFGSimplificationPhase::run() + 2930 (DFGCFGSimplificationPhase.cpp:232)
9 com.apple.JavaScriptCore 0x000000010e1a8d15 bool JSC::DFG::runPhase<JSC::DFG::CFGSimplificationPhase>(JSC::DFG::Graph&) + 37 (DFGPhase.h:79)
10 com.apple.JavaScriptCore 0x000000010e1a8ce5 JSC::DFG::performCFGSimplification(JSC::DFG::Graph&) + 21 (DFGCFGSimplificationPhase.cpp:723)
11 com.apple.JavaScriptCore 0x000000010dee7674 JSC::DFG::compile(JSC::DFG::CompileMode, JSC::ExecState*, JSC::CodeBlock*, JSC::JITCode&, JSC::MacroAssemblerCodePtr*) + 596 (DFGDriver.cpp:84)
12 com.apple.JavaScriptCore 0x000000010dee7414 JSC::DFG::tryCompileFunction(JSC::ExecState*, JSC::CodeBlock*, JSC::JITCode&, JSC::MacroAssemblerCodePtr&) + 52 (DFGDriver.cpp:125)
13 com.apple.JavaScriptCore 0x000000010df7511d JSC::jitCompileFunctionIfAppropriate(JSC::ExecState*, WTF::OwnPtr<JSC::FunctionCodeBlock>&, JSC::JITCode&, JSC::MacroAssemblerCodePtr&, JSC::SharedSymbolTable*&, JSC::JITCode::JITType, JSC::JITCompilationEffort) + 237 (JITDriver.h:95)
14 com.apple.JavaScriptCore 0x000000010df75a7e JSC::prepareFunctionForExecution(JSC::ExecState*, WTF::OwnPtr<JSC::FunctionCodeBlock>&, JSC::JITCode&, JSC::MacroAssemblerCodePtr&, JSC::SharedSymbolTable*&, JSC::JITCode::JITType, JSC::CodeSpecializationKind) + 254 (ExecutionHarness.h:64)
15 com.apple.JavaScriptCore 0x000000010df718a1 JSC::FunctionExecutable::compileForCallInternal(JSC::ExecState*, JSC::ScopeChainNode*, JSC::JITCode::JITType) + 785 (Executable.cpp:554)
16 com.apple.JavaScriptCore 0x000000010df71524 JSC::FunctionExecutable::compileOptimizedForCall(JSC::ExecState*, JSC::ScopeChainNode*) + 324 (Executable.cpp:465)
17 com.apple.JavaScriptCore 0x000000010de778c9 JSC::FunctionExecutable::compileOptimizedFor(JSC::ExecState*, JSC::ScopeChainNode*, JSC::CodeSpecializationKind) + 329 (Executable.h:586)
18 com.apple.JavaScriptCore 0x000000010de70784 JSC::FunctionCodeBlock::compileOptimized(JSC::ExecState*, JSC::ScopeChainNode*) + 148 (CodeBlock.cpp:2473)
19 com.apple.JavaScriptCore 0x000000010dfcfa2a cti_optimize_from_ret + 250 (JITStubs.cpp:2070)
20 com.apple.JavaScriptCore 0x000000010dfd7240 0x10ddf9000 + 1958464
21 com.apple.JavaScriptCore 0x000000010df9ee89 JSC::JITCode::execute(JSC::RegisterFile*, JSC::ExecState*, JSC::JSGlobalData*) + 105 (JITCode.h:127)
22 com.apple.JavaScriptCore 0x000000010df9b5f9 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 1721 (Interpreter.cpp:1305)
23 com.apple.JavaScriptCore 0x000000010de618f8 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 296 (CallData.cpp:39)
24 com.apple.WebCore 0x000000010f4a0d82 WebCore::JSMainThreadExecState::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 146 (JSMainThreadExecState.h:56)
25 com.apple.WebCore 0x000000010f4a0a6f WebCore::JSCallbackData::invokeCallback(JSC::JSValue, JSC::MarkedArgumentBuffer&, bool*) + 735 (JSCallbackData.cpp:78)
26 com.apple.WebCore 0x000000010f4a0776 WebCore::JSCallbackData::invokeCallback(JSC::MarkedArgumentBuffer&, bool*) + 150 (JSCallbackData.cpp:48)
27 com.apple.WebCore 0x000000010f747e17 WebCore::JSRequestAnimationFrameCallback::handleEvent(unsigned long long) + 167 (JSRequestAnimationFrameCallbackCustom.cpp:49)
28 com.apple.WebCore 0x000000010fe483ce WebCore::ScriptedAnimationController::serviceScriptedAnimations(unsigned long long) + 302 (ScriptedAnimationController.cpp:129)
29 com.apple.WebCore 0x000000010fe489bf WebCore::ScriptedAnimationController::displayRefreshFired(double) + 47 (ScriptedAnimationController.h:90)
30 com.apple.WebCore 0x000000010ee0b43c WebCore::DisplayRefreshMonitorClient::fireDisplayRefreshIfNeeded(double) + 60 (DisplayRefreshMonitor.cpp:53)
31 com.apple.WebCore 0x000000010ee0b612 WebCore::DisplayRefreshMonitor::displayDidRefresh() + 226 (DisplayRefreshMonitor.cpp:112)
32 com.apple.WebCore 0x000000010ee0b51d WebCore::DisplayRefreshMonitor::handleDisplayRefreshedNotificationOnMainThread(void*) + 29 (DisplayRefreshMonitor.cpp:75)
33 com.apple.JavaScriptCore 0x000000010e1d5545 WTF::dispatchFunctionsFromMainThread() + 293
34 com.apple.JavaScriptCore 0x000000010e1d4df5 -[JSWTFMainThreadCaller call] + 21
35 com.apple.CoreFoundation 0x00007fff8dc7975d -[NSObject performSelector:withObject:] + 61
36 com.apple.Foundation 0x00007fff8f966d94 __NSThreadPerformPerform + 214
37 com.apple.CoreFoundation 0x00007fff8dbf86e1 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
38 com.apple.CoreFoundation 0x00007fff8dbf7f4d __CFRunLoopDoSources0 + 253
39 com.apple.CoreFoundation 0x00007fff8dc1ed39 __CFRunLoopRun + 905
40 com.apple.CoreFoundation 0x00007fff8dc1e676 CFRunLoopRunSpecific + 230
41 com.apple.HIToolbox 0x00007fff8ebe931f RunCurrentEventLoopInMode + 277
42 com.apple.HIToolbox 0x00007fff8ebf05c9 ReceiveNextEventCommon + 355
43 com.apple.HIToolbox 0x00007fff8ebf0456 BlockUntilNextEventMatchingListInMode + 62
44 com.apple.AppKit 0x00007fff88811f5d _DPSNextEvent + 659
45 com.apple.AppKit 0x00007fff88811861 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 135
46 com.apple.AppKit 0x00007fff8880e19d -[NSApplication run] + 470
47 com.apple.WebCore 0x000000010fe19dfc WebCore::RunLoop::run() + 92 (RunLoopMac.mm:37)
48 com.apple.WebKit2 0x000000010d1da008 WebKit::WebProcessMain(WebKit::CommandLine const&) + 3368 (WebProcessMainMac.mm:183)
49 com.apple.WebKit2 0x000000010d0fac38 _ZL10WebKitMainRKN6WebKit11CommandLineE + 200 (WebKitMain.cpp:50)
50 com.apple.WebKit2 0x000000010d0fab54 WebKitMain + 148 (WebKitMain.cpp:74)
51 com.apple.WebProcess 0x000000010cd45d92 main + 274 (MainMac.cpp:68)
52 com.apple.WebProcess 0x000000010cd45c74 start + 52
Thread 1:: Dispatch queue: com.apple.libdispatch-manager
0 libsystem_kernel.dylib 0x00007fff87d417e6 kevent + 10
1 libdispatch.dylib 0x00007fff8eb845be _dispatch_mgr_invoke + 923
2 libdispatch.dylib 0x00007fff8eb8314e _dispatch_mgr_thread + 54
Thread 2:
0 libsystem_kernel.dylib 0x00007fff87d41192 __workq_kernreturn + 10
1 libsystem_c.dylib 0x00007fff8ca30594 _pthread_wqthread + 758
2 libsystem_c.dylib 0x00007fff8ca31b85 start_wqthread + 13
Thread 3:
0 libsystem_kernel.dylib 0x00007fff87d41192 __workq_kernreturn + 10
1 libsystem_c.dylib 0x00007fff8ca30594 _pthread_wqthread + 758
2 libsystem_c.dylib 0x00007fff8ca31b85 start_wqthread + 13
Thread 4:
0 libsystem_kernel.dylib 0x00007fff87d41192 __workq_kernreturn + 10
1 libsystem_c.dylib 0x00007fff8ca30594 _pthread_wqthread + 758
2 libsystem_c.dylib 0x00007fff8ca31b85 start_wqthread + 13
Thread 5:: com.apple.NSURLConnectionLoader
0 libsystem_kernel.dylib 0x00007fff87d3f67a mach_msg_trap + 10
1 libsystem_kernel.dylib 0x00007fff87d3ed71 mach_msg + 73
2 com.apple.CoreFoundation 0x00007fff8dc166fc __CFRunLoopServiceMachPort + 188
3 com.apple.CoreFoundation 0x00007fff8dc1ee64 __CFRunLoopRun + 1204
4 com.apple.CoreFoundation 0x00007fff8dc1e676 CFRunLoopRunSpecific + 230
5 com.apple.Foundation 0x00007fff8f97cffb +[NSURLConnection(NSURLConnectionReallyInternal) _resourceLoadLoop:] + 335
6 com.apple.Foundation 0x00007fff8f97174e -[NSThread main] + 68
7 com.apple.Foundation 0x00007fff8f9716c6 __NSThread__main__ + 1575
8 libsystem_c.dylib 0x00007fff8ca2e8bf _pthread_start + 335
9 libsystem_c.dylib 0x00007fff8ca31b75 thread_start + 13
Thread 6:: com.apple.CFSocket.private
0 libsystem_kernel.dylib 0x00007fff87d40df2 __select + 10
1 com.apple.CoreFoundation 0x00007fff8dc67cdb __CFSocketManager + 1355
2 libsystem_c.dylib 0x00007fff8ca2e8bf _pthread_start + 335
3 libsystem_c.dylib 0x00007fff8ca31b75 thread_start + 13
Thread 7:: JavaScriptCore::BlockFree
0 libsystem_kernel.dylib 0x00007fff87d40bca __psynch_cvwait + 10
1 libsystem_c.dylib 0x00007fff8ca32274 _pthread_cond_wait + 840
2 com.apple.JavaScriptCore 0x000000010e201771 WTF::ThreadCondition::timedWait(WTF::Mutex&, double) + 209
3 com.apple.JavaScriptCore 0x000000010e1a6fac JSC::BlockAllocator::waitForRelativeTimeWhileHoldingLock(double) + 92 (BlockAllocator.cpp:79)
4 com.apple.JavaScriptCore 0x000000010e1a7000 JSC::BlockAllocator::waitForRelativeTime(double) + 64 (BlockAllocator.cpp:89)
5 com.apple.JavaScriptCore 0x000000010e1a7054 JSC::BlockAllocator::blockFreeingThreadMain() + 68 (BlockAllocator.cpp:103)
6 com.apple.JavaScriptCore 0x000000010e1a6da5 JSC::BlockAllocator::blockFreeingThreadStartFunc(void*) + 21 (BlockAllocator.cpp:95)
7 com.apple.JavaScriptCore 0x000000010e2000e0 _ZN3WTFL16threadEntryPointEPv + 144
8 com.apple.JavaScriptCore 0x000000010e200bc8 _ZN3WTFL19wtfThreadEntryPointEPv + 104
9 libsystem_c.dylib 0x00007fff8ca2e8bf _pthread_start + 335
10 libsystem_c.dylib 0x00007fff8ca31b75 thread_start + 13
Thread 8:: JavaScriptCore::Marking
0 libsystem_kernel.dylib 0x00007fff87d40bca __psynch_cvwait + 10
1 libsystem_c.dylib 0x00007fff8ca32274 _pthread_cond_wait + 840
2 com.apple.JavaScriptCore 0x000000010e201640 WTF::ThreadCondition::wait(WTF::Mutex&) + 48
3 com.apple.JavaScriptCore 0x000000010e0789e8 JSC::SlotVisitor::drainFromShared(JSC::SlotVisitor::SharedDrainMode) + 1096 (MarkStack.cpp:430)
4 com.apple.JavaScriptCore 0x000000010e07857d JSC::MarkStackThreadSharedData::markingThreadMain() + 77 (MarkStack.cpp:228)
5 com.apple.JavaScriptCore 0x000000010e078ab5 JSC::MarkStackThreadSharedData::markingThreadStartFunc(void*) + 21 (MarkStack.cpp:235)
6 com.apple.JavaScriptCore 0x000000010e2000e0 _ZN3WTFL16threadEntryPointEPv + 144
7 com.apple.JavaScriptCore 0x000000010e200bc8 _ZN3WTFL19wtfThreadEntryPointEPv + 104
8 libsystem_c.dylib 0x00007fff8ca2e8bf _pthread_start + 335
9 libsystem_c.dylib 0x00007fff8ca31b75 thread_start + 13
Thread 9:: JavaScriptCore::Marking
0 libsystem_kernel.dylib 0x00007fff87d40bca __psynch_cvwait + 10
1 libsystem_c.dylib 0x00007fff8ca32274 _pthread_cond_wait + 840
2 com.apple.JavaScriptCore 0x000000010e201640 WTF::ThreadCondition::wait(WTF::Mutex&) + 48
3 com.apple.JavaScriptCore 0x000000010e0789e8 JSC::SlotVisitor::drainFromShared(JSC::SlotVisitor::SharedDrainMode) + 1096 (MarkStack.cpp:430)
4 com.apple.JavaScriptCore 0x000000010e07857d JSC::MarkStackThreadSharedData::markingThreadMain() + 77 (MarkStack.cpp:228)
5 com.apple.JavaScriptCore 0x000000010e078ab5 JSC::MarkStackThreadSharedData::markingThreadStartFunc(void*) + 21 (MarkStack.cpp:235)
6 com.apple.JavaScriptCore 0x000000010e2000e0 _ZN3WTFL16threadEntryPointEPv + 144
7 com.apple.JavaScriptCore 0x000000010e200bc8 _ZN3WTFL19wtfThreadEntryPointEPv + 104
8 libsystem_c.dylib 0x00007fff8ca2e8bf _pthread_start + 335
9 libsystem_c.dylib 0x00007fff8ca31b75 thread_start + 13
Thread 10:: JavaScriptCore::Marking
0 libsystem_kernel.dylib 0x00007fff87d40bca __psynch_cvwait + 10
1 libsystem_c.dylib 0x00007fff8ca32274 _pthread_cond_wait + 840
2 com.apple.JavaScriptCore 0x000000010e201640 WTF::ThreadCondition::wait(WTF::Mutex&) + 48
3 com.apple.JavaScriptCore 0x000000010e0789e8 JSC::SlotVisitor::drainFromShared(JSC::SlotVisitor::SharedDrainMode) + 1096 (MarkStack.cpp:430)
4 com.apple.JavaScriptCore 0x000000010e07857d JSC::MarkStackThreadSharedData::markingThreadMain() + 77 (MarkStack.cpp:228)
5 com.apple.JavaScriptCore 0x000000010e078ab5 JSC::MarkStackThreadSharedData::markingThreadStartFunc(void*) + 21 (MarkStack.cpp:235)
6 com.apple.JavaScriptCore 0x000000010e2000e0 _ZN3WTFL16threadEntryPointEPv + 144
7 com.apple.JavaScriptCore 0x000000010e200bc8 _ZN3WTFL19wtfThreadEntryPointEPv + 104
8 libsystem_c.dylib 0x00007fff8ca2e8bf _pthread_start + 335
9 libsystem_c.dylib 0x00007fff8ca31b75 thread_start + 13
Thread 11:: CVDisplayLink
0 libsystem_kernel.dylib 0x00007fff87d40bca __psynch_cvwait + 10
1 libsystem_c.dylib 0x00007fff8ca322a6 _pthread_cond_wait + 890
2 com.apple.CoreVideo 0x00007fff9203263f CVDisplayLink::waitUntil(unsigned long long) + 279
3 com.apple.CoreVideo 0x00007fff92031aa5 CVDisplayLink::runIOThread() + 559
4 com.apple.CoreVideo 0x00007fff9203185d _ZL13startIOThreadPv + 148
5 libsystem_c.dylib 0x00007fff8ca2e8bf _pthread_start + 335
6 libsystem_c.dylib 0x00007fff8ca31b75 thread_start + 13
Thread 0 crashed with X86 Thread State (64-bit):
rax: 0x00000000bbadbeef rbx: 0x000000000000000a rcx: 0x00000000000cef90 rdx: 0x00007fc3a64baa30
rdi: 0x1f6442c3afbb6790 rsi: 0x00007fc3a6400000 rbp: 0x00007fff6c93fc50 rsp: 0x00007fff6c93fc40
r8: 0x0000000000000008 r9: 0x0000000000000000 r10: 0x0000000060304b86 r11: 0x00000000fffffff7
r12: 0x00000000000001d1 r13: 0x0000000116700140 r14: 0xffff000000000000 r15: 0xffff000000000002
rip: 0x000000010def3d58 rfl: 0x0000000000010246 cr2: 0x00000000bbadbeef
Logical CPU: 8
Binary Images:
0x10cd45000 - 0x10cd45ff7 com.apple.WebProcess (536+ - 536.9+) <666275D2-D149-3A75-84A6-E1917D429069> /Volumes/VOLUME/*/WebKit2.framework/WebProcess.app/Contents/MacOS/WebProcess
0x10cd4b000 - 0x10cd4cfff +WebProcessShim.dylib (537.1.0 - compatibility 1.0.0) <74BE66B3-D641-30A2-A506-E4C2BC90801C> /Volumes/VOLUME/*/WebKit2.framework/WebProcess.app/Contents/MacOS/WebProcessShim.dylib
0x10cf00000 - 0x10d467fff com.apple.WebKit2 (536+ - 536.9+) <FF283980-4D66-3942-90B4-D3FB8D5CF32D> /Volumes/VOLUME/*/WebKit2.framework/WebKit2
0x10ddf9000 - 0x10e3b9ff7 com.apple.JavaScriptCore (537+ - 537.1+) <B4B4D547-43DF-3707-AD27-57003AA3AD38> /Volumes/VOLUME/*/JavaScriptCore.framework/Versions/A/JavaScriptCore
0x10ea79000 - 0x110f1dff7 com.apple.WebCore (537+ - 537.1+) <9CC06628-C927-3216-83B1-9DFE7FC54893> /Volumes/VOLUME/*/WebCore.framework/Versions/A/WebCore
0x1158d6000 - 0x1158eeff7 com.apple.WebInspector (7536 - 7536.11) <44DF3C91-10FC-3021-8F3F-8A8A9F170C0A> /Volumes/VOLUME/*/WebInspector.framework/Versions/A/WebInspector
0x115e5c000 - 0x11613bfff com.apple.WebKit (537+ - 537.1+) <F9D200AD-6048-34F0-A6BF-A8DC43AEC9E1> /Volumes/VOLUME/*/WebKit.framework/Versions/A/WebKit
0x116b10000 - 0x116fecfef com.apple.RawCamera.bundle (3.12.0 - 614) <E0F08224-8A63-BBCE-BE85-8B0BAB22A7DA> /System/Library/CoreServices/RawCamera.bundle/Contents/MacOS/RawCamera
0x117d2d000 - 0x117d5bff7 GLRendererFloat (??? - ???) <0C213C61-C08C-3B5D-85A4-EB4660AF55BF> /System/Library/Frameworks/OpenGL.framework/Resources/GLRendererFloat.bundle/GLRendererFloat
0x117e99000 - 0x118032fff GLEngine (??? - ???) <8BA26192-A4D7-362D-8B57-5FCF4B706A25> /System/Library/Frameworks/OpenGL.framework/Resources/GLEngine.bundle/GLEngine
0x118066000 - 0x11815ffff libGLProgrammability.dylib (??? - ???) <B7710703-8652-36B8-83DD-4F216FAF0730> /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLProgrammability.dylib
0x118185000 - 0x11844cfff com.apple.ATIRadeonX3000GLDriver (7.18.11 - 7.1.8) <C358C1A0-0404-30DE-A5D9-CE6C2B9676B0> /System/Library/Extensions/ATIRadeonX3000GLDriver.bundle/Contents/MacOS/ATIRadeonX3000GLDriver
0x7fff6c945000 - 0x7fff6c979baf dyld (195.6 - ???) <0CD1B35B-A28F-32DA-B72E-452EAD609613> /usr/lib/dyld
0x7fff852f3000 - 0x7fff852f8fff com.apple.OpenDirectory (10.7 - 146) <A674AB55-6E3D-39AE-9F9B-9865D0193020> /System/Library/Frameworks/OpenDirectory.framework/Versions/A/OpenDirectory
0x7fff85342000 - 0x7fff85358ff7 com.apple.ImageCapture (7.0 - 7.0) <69E6E2E1-777E-332E-8BCF-4F0611517DD0> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/ImageCapture.framework/Versions/A/ImageCapture
0x7fff85359000 - 0x7fff853cffff com.apple.ISSupport (1.9.8 - 56) <2CEE7E6B-D841-36D8-BC9F-081B33F6E501> /System/Library/PrivateFrameworks/ISSupport.framework/Versions/A/ISSupport
0x7fff853d0000 - 0x7fff853d1fff liblangid.dylib (??? - ???) <CACBE3C3-2F7B-3EED-B50E-EDB73F473B77> /usr/lib/liblangid.dylib
0x7fff8541a000 - 0x7fff85425fff com.apple.CommonAuth (2.1 - 2.0) <272CB600-6DA8-3952-97C0-5DC594DCA024> /System/Library/PrivateFrameworks/CommonAuth.framework/Versions/A/CommonAuth
0x7fff85426000 - 0x7fff85508fff com.apple.CoreServices.OSServices (478.37 - 478.37) <1DAC695E-0D0F-3AE2-974F-A173E69E67CC> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/OSServices.framework/Versions/A/OSServices
0x7fff85509000 - 0x7fff8553efff libTrueTypeScaler.dylib (??? - ???) <5AB9A51C-AD6B-3E02-B9A6-7B1447CF6134> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/Resources/libTrueTypeScaler.dylib
0x7fff8553f000 - 0x7fff85606ff7 com.apple.ColorSync (4.7.1 - 4.7.1) <EA74B067-9916-341A-9C68-6165A4656042> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ColorSync.framework/Versions/A/ColorSync
0x7fff85607000 - 0x7fff8562efff com.apple.PerformanceAnalysis (1.10 - 10) <2A058167-292E-3C3A-B1F8-49813336E068> /System/Library/PrivateFrameworks/PerformanceAnalysis.framework/Versions/A/PerformanceAnalysis
0x7fff8568a000 - 0x7fff8578cff7 com.apple.PubSub (1.0.5 - 65.28) <98BFFA0E-6E32-3779-9594-B0629EFF1B6E> /System/Library/Frameworks/PubSub.framework/Versions/A/PubSub
0x7fff863bc000 - 0x7fff863ceff7 libz.1.dylib (1.2.5 - compatibility 1.0.0) <30CBEF15-4978-3DED-8629-7109880A19D4> /usr/lib/libz.1.dylib
0x7fff863e4000 - 0x7fff8645fff7 com.apple.print.framework.PrintCore (7.1 - 366.1) <3F140DEB-9F87-3672-97CC-F983752581AC> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/PrintCore.framework/Versions/A/PrintCore
0x7fff86460000 - 0x7fff86513fff com.apple.CoreText (220.11.0 - ???) <0322442E-0530-37E8-A7D6-AEFD909F0AFE> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreText.framework/Versions/A/CoreText
0x7fff868ad000 - 0x7fff868bbfff com.apple.NetAuth (1.0 - 3.0) <F384FFFD-70F6-3B1C-A886-F5B446E456E7> /System/Library/PrivateFrameworks/NetAuth.framework/Versions/A/NetAuth
0x7fff868bc000 - 0x7fff868bffff com.apple.help (1.3.2 - 42) <AB67588E-7227-3993-927F-C9E6DAC507FD> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Help.framework/Versions/A/Help
0x7fff868c0000 - 0x7fff868e4fff com.apple.RemoteViewServices (1.3 - 44) <21D7A0E7-6699-37AB-AE6C-BF69AF3D61C2> /System/Library/PrivateFrameworks/RemoteViewServices.framework/Versions/A/RemoteViewServices
0x7fff86c88000 - 0x7fff86c88fff libkeymgr.dylib (23.0.0 - compatibility 1.0.0) <61EFED6A-A407-301E-B454-CD18314F0075> /usr/lib/system/libkeymgr.dylib
0x7fff86c89000 - 0x7fff86c8ffff libGFXShared.dylib (??? - ???) <B95E9B22-AE68-3E48-8733-00CCCA08D50E> /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGFXShared.dylib
0x7fff86c90000 - 0x7fff86cb0fff libPng.dylib (??? - ???) <F4D84592-C450-3076-88E9-8E6517C7EF33> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libPng.dylib
0x7fff86e66000 - 0x7fff86f0afef com.apple.ink.framework (1.3.2 - 110) <F69DBD44-FEC8-3C14-8131-CC0245DBBD42> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Ink.framework/Versions/A/Ink
0x7fff86f0b000 - 0x7fff87018fff libJP2.dylib (??? - ???) <F2B34A61-75F0-3BFE-A309-EE0DF4AF9E37> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libJP2.dylib
0x7fff8701e000 - 0x7fff87125fe7 libsqlite3.dylib (9.6.0 - compatibility 9.0.0) <EE02BB01-64C9-304D-9719-A35F5CD6D04C> /usr/lib/libsqlite3.dylib
0x7fff87126000 - 0x7fff87126fff com.apple.Carbon (153 - 153) <895C2BF2-1666-3A59-A669-311B1F4F368B> /System/Library/Frameworks/Carbon.framework/Versions/A/Carbon
0x7fff871b8000 - 0x7fff871c3ff7 libc++abi.dylib (14.0.0 - compatibility 1.0.0) <8FF3D766-D678-36F6-84AC-423C878E6D14> /usr/lib/libc++abi.dylib
0x7fff87265000 - 0x7fff8726afff libpam.2.dylib (3.0.0 - compatibility 3.0.0) <D952F17B-200A-3A23-B9B2-7C1F7AC19189> /usr/lib/libpam.2.dylib
0x7fff87277000 - 0x7fff8727afff libCoreVMClient.dylib (??? - ???) <E034C772-4263-3F48-B083-25A758DD6228> /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libCoreVMClient.dylib
0x7fff8727b000 - 0x7fff87284ff7 libsystem_notify.dylib (80.1.0 - compatibility 1.0.0) <A4D651E3-D1C6-3934-AD49-7A104FD14596> /usr/lib/system/libsystem_notify.dylib
0x7fff87285000 - 0x7fff87424fff com.apple.QuartzCore (1.7 - 270.2) <F2CCDEFB-DE43-3E32-B242-A22C82617186> /System/Library/Frameworks/QuartzCore.framework/Versions/A/QuartzCore
0x7fff87425000 - 0x7fff87436ff7 SyndicationUI (??? - ???) <31B8E697-A12A-3389-87A9-823CBE515686> /System/Library/PrivateFrameworks/SyndicationUI.framework/Versions/A/SyndicationUI
0x7fff87484000 - 0x7fff874fafff com.apple.CoreSymbolication (2.2 - 73.2) <126415E3-3A35-315B-B4B7-507CDBED0D58> /System/Library/PrivateFrameworks/CoreSymbolication.framework/Versions/A/CoreSymbolication
0x7fff8792e000 - 0x7fff8796efff libtidy.A.dylib (??? - ???) <E500CDB9-C010-3B1A-B995-774EE64F39BE> /usr/lib/libtidy.A.dylib
0x7fff8796f000 - 0x7fff8798efff libresolv.9.dylib (46.1.0 - compatibility 1.0.0) <0635C52D-DD53-3721-A488-4C6E95607A74> /usr/lib/libresolv.9.dylib
0x7fff87bd7000 - 0x7fff87bf4ff7 com.apple.openscripting (1.3.3 - ???) <A64205E6-D3C5-3E12-B1A0-72243151AF7D> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/OpenScripting.framework/Versions/A/OpenScripting
0x7fff87c69000 - 0x7fff87c6efff libcache.dylib (47.0.0 - compatibility 1.0.0) <B7757E2E-5A7D-362E-AB71-785FE79E1527> /usr/lib/system/libcache.dylib
0x7fff87d2a000 - 0x7fff87d4afff libsystem_kernel.dylib (1699.22.73 - compatibility 1.0.0) <69F2F501-72D8-3B3B-8357-F4418B3E1348> /usr/lib/system/libsystem_kernel.dylib
0x7fff87d4b000 - 0x7fff87d56ff7 com.apple.speech.recognition.framework (4.0.19 - 4.0.19) <7ADAAF5B-1D78-32F2-9FFF-D2E3FBB41C2B> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/SpeechRecognition.framework/Versions/A/SpeechRecognition
0x7fff87d65000 - 0x7fff87d79ff7 com.apple.LangAnalysis (1.7.0 - 1.7.0) <04C31EF0-912A-3004-A08F-CEC27030E0B2> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/LangAnalysis.framework/Versions/A/LangAnalysis
0x7fff87d7a000 - 0x7fff87e86fff libcrypto.0.9.8.dylib (44.0.0 - compatibility 0.9.8) <3A8E1F89-5E26-3C8B-B538-81F5D61DBF8A> /usr/lib/libcrypto.0.9.8.dylib
0x7fff87e87000 - 0x7fff87ed5fff libauto.dylib (??? - ???) <D8AC8458-DDD0-3939-8B96-B6CED81613EF> /usr/lib/libauto.dylib
0x7fff87ed6000 - 0x7fff88149fff com.apple.CoreImage (7.93 - 1.0.1) <0B7D855E-A2B6-3C14-A242-2CF2165C6E7E> /System/Library/Frameworks/QuartzCore.framework/Versions/A/Frameworks/CoreImage.framework/Versions/A/CoreImage
0x7fff88159000 - 0x7fff8815aff7 libsystem_blocks.dylib (53.0.0 - compatibility 1.0.0) <8BCA214A-8992-34B2-A8B9-B74DEACA1869> /usr/lib/system/libsystem_blocks.dylib
0x7fff88183000 - 0x7fff882dcfff com.apple.audio.toolbox.AudioToolbox (1.7.2 - 1.7.2) <0AD8197C-1BA9-30CD-98F1-4CA2C6559BA8> /System/Library/Frameworks/AudioToolbox.framework/Versions/A/AudioToolbox
0x7fff882dd000 - 0x7fff882efff7 libbsm.0.dylib (??? - ???) <349BB16F-75FA-363F-8D98-7A9C3FA90A0D> /usr/lib/libbsm.0.dylib
0x7fff882f5000 - 0x7fff8831efff libJPEG.dylib (??? - ???) <64D079F9-256A-323B-A837-84628B172F21> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libJPEG.dylib
0x7fff8831f000 - 0x7fff8835efff com.apple.AE (527.7 - 527.7) <B82F7ABC-AC8B-3507-B029-969DD5CA813D> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/AE.framework/Versions/A/AE
0x7fff8835f000 - 0x7fff883f5ff7 libvMisc.dylib (325.4.0 - compatibility 1.0.0) <642D8D54-F9F5-3FBB-A96C-EEFE94C6278B> /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libvMisc.dylib
0x7fff8844a000 - 0x7fff884e4ff7 com.apple.SearchKit (1.4.0 - 1.4.0) <4E70C394-773E-3A4B-A93C-59A88ABA9509> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/SearchKit.framework/Versions/A/SearchKit
0x7fff88809000 - 0x7fff8940dfff com.apple.AppKit (6.7.3 - 1138.32) <A9EB81C6-C519-3F29-89F1-42C3E8930281> /System/Library/Frameworks/AppKit.framework/Versions/C/AppKit
0x7fff894ed000 - 0x7fff89545fff libTIFF.dylib (??? - ???) <DD797FBE-9B63-3785-A9EA-0321D113538B> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libTIFF.dylib
0x7fff89546000 - 0x7fff89562ff7 com.apple.GenerationalStorage (1.0 - 126.1) <509F52ED-E54B-3FEF-B3C2-759387B826E6> /System/Library/PrivateFrameworks/GenerationalStorage.framework/Versions/A/GenerationalStorage
0x7fff8964c000 - 0x7fff89695ff7 com.apple.framework.CoreWLAN (2.1.2 - 212.1) <B254CC2C-F1A4-3A87-96DE-B6A4113D2811> /System/Library/Frameworks/CoreWLAN.framework/Versions/A/CoreWLAN
0x7fff89716000 - 0x7fff8971cfff libmacho.dylib (800.0.0 - compatibility 1.0.0) <D86F63EC-D2BD-32E0-8955-08B5EAFAD2CC> /usr/lib/system/libmacho.dylib
0x7fff8980e000 - 0x7fff89813fff libGIF.dylib (??? - ???) <393E2DB5-9479-39A6-A75A-B5F20B852532> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libGIF.dylib
0x7fff8a54b000 - 0x7fff8a773fe7 com.apple.CoreData (104.1 - 358.13) <F1DA3110-C4DF-3F0A-A057-AEE78DE8C99D> /System/Library/Frameworks/CoreData.framework/Versions/A/CoreData
0x7fff8a7de000 - 0x7fff8a83efff libvDSP.dylib (325.4.0 - compatibility 1.0.0) <3A7521E6-5510-3FA7-AB65-79693A7A5839> /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libvDSP.dylib
0x7fff8a83f000 - 0x7fff8accffff com.apple.Safari.framework (7534 - 7534.54.16) <87A0EB0F-A7E2-325A-A4C6-CDD208088E4E> /System/Library/PrivateFrameworks/Safari.framework/Versions/A/Safari
0x7fff8acd0000 - 0x7fff8acd6fff com.apple.DiskArbitration (2.4.1 - 2.4.1) <CEA34337-63DE-302E-81AA-10D717E1F699> /System/Library/Frameworks/DiskArbitration.framework/Versions/A/DiskArbitration
0x7fff8ad44000 - 0x7fff8ad49ff7 libsystem_network.dylib (??? - ???) <5DE7024E-1D2D-34A2-80F4-08326331A75B> /usr/lib/system/libsystem_network.dylib
0x7fff8adac000 - 0x7fff8adc3fff com.apple.MultitouchSupport.framework (220.62.1 - 220.62.1) <3F8C015B-88AC-370F-B39D-B4665FB7616A> /System/Library/PrivateFrameworks/MultitouchSupport.framework/Versions/A/MultitouchSupport
0x7fff8adc4000 - 0x7fff8adfffff libsystem_info.dylib (??? - ???) <35F90252-2AE1-32C5-8D34-782C614D9639> /usr/lib/system/libsystem_info.dylib
0x7fff8ae00000 - 0x7fff8ae06fff IOSurface (??? - ???) <06FA3FDD-E6D5-391F-B60D-E98B169DAB1B> /System/Library/Frameworks/IOSurface.framework/Versions/A/IOSurface
0x7fff8af41000 - 0x7fff8af76fff com.apple.securityinterface (5.0 - 55007) <D46E73F4-D8E9-3F53-A083-B9D71ED74492> /System/Library/Frameworks/SecurityInterface.framework/Versions/A/SecurityInterface
0x7fff8af77000 - 0x7fff8afb8fff com.apple.QD (3.40 - ???) <47674D2C-BE88-388E-B1B0-03F08BFFE5FD> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/QD.framework/Versions/A/QD
0x7fff8b04b000 - 0x7fff8b04dfff libCVMSPluginSupport.dylib (??? - ???) <B2FC6EC0-1A0C-3482-A3C9-D08446E8713A> /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libCVMSPluginSupport.dylib
0x7fff8b061000 - 0x7fff8b645fff libBLAS.dylib (??? - ???) <C34F6D88-187F-33DC-8A68-C0C9D1FA36DF> /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libBLAS.dylib
0x7fff8b646000 - 0x7fff8b646fff com.apple.Accelerate (1.7 - Accelerate 1.7) <82DDF6F5-FBC3-323D-B71D-CF7ABC5CF568> /System/Library/Frameworks/Accelerate.framework/Versions/A/Accelerate
0x7fff8b647000 - 0x7fff8b664fff libxpc.dylib (77.18.0 - compatibility 1.0.0) <26C05F31-E809-3B47-AF42-1460971E3AC3> /usr/lib/system/libxpc.dylib
0x7fff8b676000 - 0x7fff8b678fff libquarantine.dylib (36.2.0 - compatibility 1.0.0) <48656562-FF20-3B55-9F93-407ACA7341C0> /usr/lib/system/libquarantine.dylib
0x7fff8b679000 - 0x7fff8b67efff libcompiler_rt.dylib (6.0.0 - compatibility 1.0.0) <98ECD5F6-E85C-32A5-98CD-8911230CB66A> /usr/lib/system/libcompiler_rt.dylib
0x7fff8b6b8000 - 0x7fff8b796fff com.apple.ImageIO.framework (3.1.1 - 3.1.1) <DB530A63-8ECF-3B53-AC9A-1692A5397E2F> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/ImageIO
0x7fff8b797000 - 0x7fff8b79efff com.apple.NetFS (4.0 - 4.0) <B9F41443-679A-31AD-B0EB-36557DAF782B> /System/Library/Frameworks/NetFS.framework/Versions/A/NetFS
0x7fff8b7e6000 - 0x7fff8b9e8fff libicucore.A.dylib (46.1.0 - compatibility 1.0.0) <38CD6ED3-C8E4-3CCD-89AC-9C3198803101> /usr/lib/libicucore.A.dylib
0x7fff8b9e9000 - 0x7fff8b9e9fff com.apple.CoreServices (53 - 53) <043C8026-8EDD-3241-B090-F589E24062EF> /System/Library/Frameworks/CoreServices.framework/Versions/A/CoreServices
0x7fff8b9ea000 - 0x7fff8b9f0ff7 libunwind.dylib (30.0.0 - compatibility 1.0.0) <1E9C6C8C-CBE8-3F4B-A5B5-E03E3AB53231> /usr/lib/system/libunwind.dylib
0x7fff8be54000 - 0x7fff8bfbbff7 com.apple.CFNetwork (520.3.2 - 520.3.2) <516B611D-E53E-3467-9211-3C5B86ABA865> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CFNetwork.framework/Versions/A/CFNetwork
0x7fff8bfec000 - 0x7fff8c040ff7 com.apple.ScalableUserInterface (1.0 - 1) <1873D7BE-2272-31A1-8F85-F70C4D706B3B> /System/Library/Frameworks/QuartzCore.framework/Versions/A/Frameworks/ScalableUserInterface.framework/Versions/A/ScalableUserInterface
0x7fff8c043000 - 0x7fff8c044fff libDiagnosticMessagesClient.dylib (??? - ???) <3DCF577B-F126-302B-BCE2-4DB9A95B8598> /usr/lib/libDiagnosticMessagesClient.dylib
0x7fff8c04e000 - 0x7fff8c0befff com.apple.datadetectorscore (3.0 - 179.4) <B4C6417F-296C-31C1-BB94-980BFCDC9175> /System/Library/PrivateFrameworks/DataDetectorsCore.framework/Versions/A/DataDetectorsCore
0x7fff8c0dc000 - 0x7fff8c102ff7 com.apple.framework.familycontrols (3.0 - 300) <DC06CF3A-2F10-3867-9498-CADAE30D0CE4> /System/Library/PrivateFrameworks/FamilyControls.framework/Versions/A/FamilyControls
0x7fff8c103000 - 0x7fff8c165ff7 com.apple.Symbolication (1.3 - 91) <B072970E-9EC1-3495-A1FA-D344C6E74A13> /System/Library/PrivateFrameworks/Symbolication.framework/Versions/A/Symbolication
0x7fff8c1b8000 - 0x7fff8c1bcff7 com.apple.CommonPanels (1.2.5 - 94) <0BB2C436-C9D5-380B-86B5-E355A7711259> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/CommonPanels.framework/Versions/A/CommonPanels
0x7fff8c24a000 - 0x7fff8c24afff com.apple.ApplicationServices (41 - 41) <03F3FA8F-8D2A-3AB6-A8E3-40B001116339> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/ApplicationServices
0x7fff8c257000 - 0x7fff8c2dcff7 com.apple.Heimdal (2.1 - 2.0) <3758B442-6175-32B8-8C17-D8ABDD589BF9> /System/Library/PrivateFrameworks/Heimdal.framework/Versions/A/Heimdal
0x7fff8c2dd000 - 0x7fff8c2ddfff com.apple.audio.units.AudioUnit (1.7.2 - 1.7.2) <04C10813-CCE5-3333-8C72-E8E35E417B3B> /System/Library/Frameworks/AudioUnit.framework/Versions/A/AudioUnit
0x7fff8c9ba000 - 0x7fff8c9d0fff libGL.dylib (??? - ???) <6A473BF9-4D35-34C6-9F8B-86B68091A9AF> /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGL.dylib
0x7fff8c9e0000 - 0x7fff8cabdfef libsystem_c.dylib (763.12.0 - compatibility 1.0.0) <FF69F06E-0904-3C08-A5EF-536FAFFFDC22> /usr/lib/system/libsystem_c.dylib
0x7fff8cafc000 - 0x7fff8cafdff7 libsystem_sandbox.dylib (??? - ???) <5087ADAD-D34D-3844-9D04-AFF93CED3D92> /usr/lib/system/libsystem_sandbox.dylib
0x7fff8cafe000 - 0x7fff8cb29ff7 com.apple.CoreServicesInternal (113.12 - 113.12) <C37DAC1A-35D2-30EC-9112-5EEECED5C461> /System/Library/PrivateFrameworks/CoreServicesInternal.framework/Versions/A/CoreServicesInternal
0x7fff8cb2a000 - 0x7fff8cb92ff7 com.apple.audio.CoreAudio (4.0.2 - 4.0.2) <DFD8F4DE-3B45-3A2E-9CBE-FD8D5DD30923> /System/Library/Frameworks/CoreAudio.framework/Versions/A/CoreAudio
0x7fff8cb93000 - 0x7fff8cbc0ff7 com.apple.opencl (1.50.69 - 1.50.69) <687265AF-E9B6-3537-89D7-7C12EB38193D> /System/Library/Frameworks/OpenCL.framework/Versions/A/OpenCL
0x7fff8cc73000 - 0x7fff8cda9fff com.apple.vImage (5.1 - 5.1) <A08B7582-67BC-3EED-813A-4833645964A7> /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vImage.framework/Versions/A/vImage
0x7fff8ce27000 - 0x7fff8ce79ff7 libGLU.dylib (??? - ???) <3C9153A0-8499-3DC0-AAA4-9FA6E488BE13> /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLU.dylib
0x7fff8cec1000 - 0x7fff8ced8fff com.apple.CFOpenDirectory (10.7 - 144) <9709423E-8484-3B26-AAE8-EF58D1B8FB3F> /System/Library/Frameworks/OpenDirectory.framework/Versions/A/Frameworks/CFOpenDirectory.framework/Versions/A/CFOpenDirectory
0x7fff8ced9000 - 0x7fff8cedaff7 libremovefile.dylib (21.1.0 - compatibility 1.0.0) <739E6C83-AA52-3C6C-A680-B37FE2888A04> /usr/lib/system/libremovefile.dylib
0x7fff8cedb000 - 0x7fff8cf1eff7 libRIP.A.dylib (600.0.0 - compatibility 64.0.0) <85D00F5C-43ED-33A9-80B4-72EB0EAE3E25> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libRIP.A.dylib
0x7fff8cf1f000 - 0x7fff8cf1ffff com.apple.vecLib (3.7 - vecLib 3.7) <9A58105C-B36E-35B5-812C-4ED693F2618F> /System/Library/Frameworks/vecLib.framework/Versions/A/vecLib
0x7fff8cf20000 - 0x7fff8cf62fff com.apple.corelocation (330.12 - 330.12) <CFDF7694-382A-30A8-8347-505BA0CAF312> /System/Library/Frameworks/CoreLocation.framework/Versions/A/CoreLocation
0x7fff8cfec000 - 0x7fff8d056ff7 com.apple.framework.IOKit (2.0 - ???) <EEEB42FD-E3E1-3A94-A771-B1993B694F17> /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit
0x7fff8d143000 - 0x7fff8dad37a7 com.apple.CoreGraphics (1.600.0 - ???) <177D9BAD-72C9-3ADF-A391-5B88C5EE623F> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/CoreGraphics
0x7fff8dad4000 - 0x7fff8db58ff7 com.apple.ApplicationServices.ATS (317.5.0 - ???) <C2B254F0-6ED8-3313-9CFC-9ACD519C8A9E> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/ATS
0x7fff8db59000 - 0x7fff8db67ff7 libkxld.dylib (??? - ???) <65BE345D-6618-3D1A-9E2B-255E629646AA> /usr/lib/system/libkxld.dylib
0x7fff8db7d000 - 0x7fff8dbaafe7 libSystem.B.dylib (159.1.0 - compatibility 1.0.0) <7BEBB139-50BB-3112-947A-F4AA168F991C> /usr/lib/libSystem.B.dylib
0x7fff8dbab000 - 0x7fff8dbadff7 com.apple.print.framework.Print (7.1 - 247.1) <8A4925A5-BAA3-373C-9B5D-03E0270C6B12> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Print.framework/Versions/A/Print
0x7fff8dbae000 - 0x7fff8dbe1ff7 com.apple.GSS (2.1 - 2.0) <57AD81CE-6320-38C9-9B66-0E5A4DEA898A> /System/Library/Frameworks/GSS.framework/Versions/A/GSS
0x7fff8dbe6000 - 0x7fff8ddbafff com.apple.CoreFoundation (6.7.1 - 635.19) <57B77925-9065-38C9-A05B-02F4F9ED007C> /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation
0x7fff8de13000 - 0x7fff8de67ff7 libFontRegistry.dylib (??? - ???) <F98926EF-FFA0-37C5-824C-02E436E21DD1> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/Resources/libFontRegistry.dylib
0x7fff8de68000 - 0x7fff8df6aff7 libxml2.2.dylib (10.3.0 - compatibility 10.0.0) <D46F371D-6422-31B7-BCE0-D80713069E0E> /usr/lib/libxml2.2.dylib
0x7fff8df6b000 - 0x7fff8df6dfff com.apple.TrustEvaluationAgent (2.0 - 1) <1F31CAFF-C1C6-33D3-94E9-11B721761DDF> /System/Library/PrivateFrameworks/TrustEvaluationAgent.framework/Versions/A/TrustEvaluationAgent
0x7fff8dfbf000 - 0x7fff8dfbffff com.apple.Accelerate.vecLib (3.7 - vecLib 3.7) <C06A140F-6114-3B8B-B080-E509303145B8> /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/vecLib
0x7fff8dfc0000 - 0x7fff8dfc1fff libunc.dylib (24.0.0 - compatibility 1.0.0) <C67B3B14-866C-314F-87FF-8025BEC2CAAC> /usr/lib/system/libunc.dylib
0x7fff8e34e000 - 0x7fff8e379ff7 libxslt.1.dylib (3.24.0 - compatibility 3.0.0) <8051A3FC-7385-3EA9-9634-78FC616C3E94> /usr/lib/libxslt.1.dylib
0x7fff8e37a000 - 0x7fff8e381fff libcopyfile.dylib (85.1.0 - compatibility 1.0.0) <172B1985-F24A-34E9-8D8B-A2403C9A0399> /usr/lib/system/libcopyfile.dylib
0x7fff8eb81000 - 0x7fff8eb8ffff libdispatch.dylib (187.7.0 - compatibility 1.0.0) <712AAEAC-AD90-37F7-B71F-293FF8AE8723> /usr/lib/system/libdispatch.dylib
0x7fff8eba6000 - 0x7fff8ebe6ff7 libcups.2.dylib (2.9.0 - compatibility 2.0.0) <29DE948E-38C4-3CC5-B528-40C691380607> /usr/lib/libcups.2.dylib
0x7fff8ebe7000 - 0x7fff8ef11ff7 com.apple.HIToolbox (1.8 - ???) <D6A0D513-4893-35B4-9FFE-865FF419F2C2> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox
0x7fff8f6a8000 - 0x7fff8f6b5fff libCSync.A.dylib (600.0.0 - compatibility 64.0.0) <CBA71562-050B-3515-92B7-8BC1E2EEEF2A> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCSync.A.dylib
0x7fff8f6df000 - 0x7fff8f6e9ff7 liblaunch.dylib (392.18.0 - compatibility 1.0.0) <39EF04F2-7F0C-3435-B785-BF283727FFBD> /usr/lib/system/liblaunch.dylib
0x7fff8f917000 - 0x7fff8fc30ff7 com.apple.Foundation (6.7.1 - 833.24) <6D4E6F93-64EF-3D41-AE80-2BB10E2E6323> /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation
0x7fff8fc36000 - 0x7fff8fc42ff7 com.apple.CrashReporterSupport (10.7.3 - 349) <5EB46C20-5ED2-37EE-A033-4B3B355059FA> /System/Library/PrivateFrameworks/CrashReporterSupport.framework/Versions/A/CrashReporterSupport
0x7fff8fc43000 - 0x7fff8fc50ff7 libbz2.1.0.dylib (1.0.5 - compatibility 1.0.0) <8EDE3492-D916-37B2-A066-3E0F054411FD> /usr/lib/libbz2.1.0.dylib
0x7fff8fc51000 - 0x7fff8fc60ff7 libxar-nossl.dylib (??? - ???) <A6ABBFB9-E4ED-38AD-BBBB-F9958B9CEFB5> /usr/lib/libxar-nossl.dylib
0x7fff8fc61000 - 0x7fff8fd66fff libFontParser.dylib (??? - ???) <0920DA16-2066-33E6-BF95-AD4B0F3C22B0> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/Resources/libFontParser.dylib
0x7fff8fd67000 - 0x7fff8fd7aff7 libCRFSuite.dylib (??? - ???) <034D4DAA-63F0-35E4-BCEF-338DD7A453DD> /usr/lib/libCRFSuite.dylib
0x7fff8fdd3000 - 0x7fff8fddaff7 com.apple.CommerceCore (1.0 - 17) <AA783B87-48D4-3CA6-8FF6-0316396022F4> /System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Frameworks/CommerceCore.framework/Versions/A/CommerceCore
0x7fff8ff8a000 - 0x7fff90451fff FaceCoreLight (1.4.7 - compatibility 1.0.0) <E9D2A69C-6E81-358C-A162-510969F91490> /System/Library/PrivateFrameworks/FaceCoreLight.framework/Versions/A/FaceCoreLight
0x7fff90452000 - 0x7fff90452fff com.apple.Cocoa (6.6 - ???) <021D4214-9C23-3CD8-AFB2-F331697A4508> /System/Library/Frameworks/Cocoa.framework/Versions/A/Cocoa
0x7fff9046e000 - 0x7fff90476fff libsystem_dnssd.dylib (??? - ???) <7749128E-D0C5-3832-861C-BC9913F774FA> /usr/lib/system/libsystem_dnssd.dylib
0x7fff90477000 - 0x7fff9047bfff libCGXType.A.dylib (600.0.0 - compatibility 64.0.0) <37517279-C92E-3217-B49A-838198B48787> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCGXType.A.dylib
0x7fff9047c000 - 0x7fff904fffef com.apple.Metadata (10.7.0 - 627.28) <1C14033A-69C9-3757-B24D-5583AEAC2CBA> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/Metadata.framework/Versions/A/Metadata
0x7fff90500000 - 0x7fff90530ff7 com.apple.DictionaryServices (1.2.1 - 158.2) <3FC86118-7553-38F7-8916-B329D2E94476> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/DictionaryServices.framework/Versions/A/DictionaryServices
0x7fff90531000 - 0x7fff90535fff libmathCommon.A.dylib (2026.0.0 - compatibility 1.0.0) <FF83AFF7-42B2-306E-90AF-D539C51A4542> /usr/lib/system/libmathCommon.A.dylib
0x7fff90536000 - 0x7fff90818fff com.apple.security (7.0 - 55110) <252F9E04-FF8A-3EA7-A38E-51DD0653663C> /System/Library/Frameworks/Security.framework/Versions/A/Security
0x7fff90819000 - 0x7fff90842ff7 com.apple.framework.Apple80211 (7.1.2 - 712.1) <B4CD34B3-D555-38D2-8FF8-E3C6A93B94EB> /System/Library/PrivateFrameworks/Apple80211.framework/Versions/A/Apple80211
0x7fff9084f000 - 0x7fff9085efff libxar.1.dylib (??? - ???) <58B07AA0-BC12-36E3-94FC-C252719A1BDF> /usr/lib/libxar.1.dylib
0x7fff9085f000 - 0x7fff908d2fff libstdc++.6.dylib (52.0.0 - compatibility 7.0.0) <6BDD43E4-A4B1-379E-9ED5-8C713653DFF2> /usr/lib/libstdc++.6.dylib
0x7fff908d3000 - 0x7fff908d6fff libRadiance.dylib (??? - ???) <CD89D70D-F177-3BAE-8A26-644EA7D5E28E> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libRadiance.dylib
0x7fff908d7000 - 0x7fff90d04fff libLAPACK.dylib (??? - ???) <4F2E1055-2207-340B-BB45-E4F16171EE0D> /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libLAPACK.dylib
0x7fff90d29000 - 0x7fff90d2cff7 com.apple.securityhi (4.0 - 1) <B37B8946-BBD4-36C1-ABC6-18EDBC573F03> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/SecurityHI.framework/Versions/A/SecurityHI
0x7fff90d2d000 - 0x7fff90d79ff7 com.apple.SystemConfiguration (1.11.2 - 1.11) <A14F3583-9CC0-397D-A50E-17217075953F> /System/Library/Frameworks/SystemConfiguration.framework/Versions/A/SystemConfiguration
0x7fff90d7a000 - 0x7fff90e6ffff libiconv.2.dylib (7.0.0 - compatibility 7.0.0) <5C40E880-0706-378F-B864-3C2BD922D926> /usr/lib/libiconv.2.dylib
0x7fff90e70000 - 0x7fff90ee5ff7 libc++.1.dylib (19.0.0 - compatibility 1.0.0) <C0EFFF1B-0FEB-3F99-BE54-506B35B555A9> /usr/lib/libc++.1.dylib
0x7fff90ee6000 - 0x7fff90f88ff7 com.apple.securityfoundation (5.0 - 55107) <6C2E7362-CB11-3CBD-BB1C-348E4B10F25A> /System/Library/Frameworks/SecurityFoundation.framework/Versions/A/SecurityFoundation
0x7fff912fa000 - 0x7fff9139afff com.apple.LaunchServices (480.27.1 - 480.27.1) <4DC96C1E-6FDE-305E-9718-E4C5C1341F56> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/LaunchServices.framework/Versions/A/LaunchServices
0x7fff91401000 - 0x7fff914e5e5f libobjc.A.dylib (228.0.0 - compatibility 1.0.0) <871E688B-CF57-3BC7-80D6-F6476DFF109B> /usr/lib/libobjc.A.dylib
0x7fff9151a000 - 0x7fff91559ff7 libGLImage.dylib (??? - ???) <348729DC-BC44-3744-B249-9DFA6498344A> /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLImage.dylib
0x7fff9155a000 - 0x7fff91876ff7 com.apple.CoreServices.CarbonCore (960.20 - 960.20) <C45CA09E-8867-3D67-BB2E-48D2E6B0D78C> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CarbonCore.framework/Versions/A/CarbonCore
0x7fff91cec000 - 0x7fff91cfcff7 com.apple.opengl (1.7.6 - 1.7.6) <C168883D-9BC5-3C38-9937-42852D719718> /System/Library/Frameworks/OpenGL.framework/Versions/A/OpenGL
0x7fff91cfd000 - 0x7fff91d12fff com.apple.speech.synthesis.framework (4.0.74 - 4.0.74) <C061ECBB-7061-3A43-8A18-90633F943295> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/SpeechSynthesis.framework/Versions/A/SpeechSynthesis
0x7fff91ee2000 - 0x7fff91f06fff com.apple.Kerberos (1.0 - 1) <1F826BCE-DA8F-381D-9C4C-A36AA0EA1CB9> /System/Library/Frameworks/Kerberos.framework/Versions/A/Kerberos
0x7fff91f07000 - 0x7fff91f49ff7 libcommonCrypto.dylib (55010.0.0 - compatibility 1.0.0) <A5B9778E-11C3-3F61-B740-1F2114E967FB> /usr/lib/system/libcommonCrypto.dylib
0x7fff91fd4000 - 0x7fff9202fff7 com.apple.HIServices (1.11 - ???) <DE8FA7FA-0A41-35D9-8473-5104F81DA934> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/HIServices.framework/Versions/A/HIServices
0x7fff92030000 - 0x7fff92058ff7 com.apple.CoreVideo (1.7 - 70.1) <98F917B2-FB53-3EA3-B548-7E97B38309A7> /System/Library/Frameworks/CoreVideo.framework/Versions/A/CoreVideo
0x7fff92059000 - 0x7fff92172fff com.apple.DesktopServices (1.6.2 - 1.6.2) <6B83172E-F539-3AF8-A76D-1F9EA357B076> /System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Versions/A/DesktopServicesPriv
0x7fff92173000 - 0x7fff921d9ff7 com.apple.coreui (1.2.1 - 165.3) <378C9221-ADE6-36D9-9944-F33AE6904E4F> /System/Library/PrivateFrameworks/CoreUI.framework/Versions/A/CoreUI
0x7fff921da000 - 0x7fff921dbfff libdnsinfo.dylib (395.6.0 - compatibility 1.0.0) <718A135F-6349-354A-85D5-430B128EFD57> /usr/lib/system/libdnsinfo.dylib
0x7fff921eb000 - 0x7fff921effff libdyld.dylib (195.5.0 - compatibility 1.0.0) <F1903B7A-D3FF-3390-909A-B24E09BAD1A5> /usr/lib/system/libdyld.dylib
0x7fff921f0000 - 0x7fff9222afe7 com.apple.DebugSymbols (2.1 - 87) <ED2B177C-4146-3715-91DF-D99A8ED5449A> /System/Library/PrivateFrameworks/DebugSymbols.framework/Versions/A/DebugSymbols
External Modification Summary:
Calls made by other processes targeting this process:
task_for_pid: 2
thread_create: 0
thread_set_state: 0
Calls made by this process:
task_for_pid: 0
thread_create: 0
thread_set_state: 0
Calls made by all processes on this machine:
task_for_pid: 3171153
thread_create: 21
thread_set_state: 644845
VM Region Summary:
ReadOnly portion of Libraries: Total=282.9M resident=243.1M(86%) swapped_out_or_unallocated=39.9M(14%)
Writable regions: Total=1.2G written=25.0M(2%) resident=50.2M(4%) swapped_out=0K(0%) unallocated=1.1G(96%)
REGION TYPE VIRTUAL
=========== =======
CG shared images 1216K
CoreAnimation 8312K
CoreGraphics 16K
CoreServices 3704K
IOKit 19.9M
IOKit (reserved) 512K reserved VM address space (unallocated)
JS JIT generated code 256.0M
JS JIT generated code (reserved) 768.0M reserved VM address space (unallocated)
JS VM register file 4096K
JS garbage collector 5440K
MALLOC 126.4M
MALLOC guard page 48K
Memory tag=242 12K
OpenGL GLSL 1372K
OpenGL GLSL (reserved) 128K reserved VM address space (unallocated)
SQLite page cache 288K
STACK GUARD 56.0M
Stack 13.1M
VM_ALLOCATE 320K
__CI_BITMAP 80K
__DATA 16.6M
__IMAGE 528K
__LINKEDIT 120.4M
__RC_CAMERAS 244K
__TEXT 162.5M
__UNICODE 544K
mapped file 19.1M
shared memory 524K
=========== =======
TOTAL 1.5G
TOTAL, minus reserved VM space 816.3M
Model: MacPro5,1, BootROM MP51.007F.B03, 12 processors, 6-Core Intel Xeon, 2.66 GHz, 24 GB, SMC 1.39f11
Graphics: ATI Radeon HD 5770, ATI Radeon HD 5770, PCIe, 1024 MB
Memory Module: DIMM 1, 4 GB, DDR3 ECC, 1333 MHz, 0x80AD, 0x484D54333531553742465238432D48392020
Memory Module: DIMM 2, 4 GB, DDR3 ECC, 1333 MHz, 0x80AD, 0x484D54333531553742465238432D48392020
Memory Module: DIMM 3, 4 GB, DDR3 ECC, 1333 MHz, 0x80AD, 0x484D54333531553742465238432D48392020
Memory Module: DIMM 5, 4 GB, DDR3 ECC, 1333 MHz, 0x80AD, 0x484D54333531553742465238432D48392020
Memory Module: DIMM 6, 4 GB, DDR3 ECC, 1333 MHz, 0x80AD, 0x484D54333531553742465238432D48392020
Memory Module: DIMM 7, 4 GB, DDR3 ECC, 1333 MHz, 0x80AD, 0x484D54333531553742465238432D48392020
AirPort: spairport_wireless_card_type_airport_extreme (0x14E4, 0x8E), Broadcom BCM43xx 1.0 (5.100.98.75.19)
Bluetooth: Version 4.0.3f12, 2 service, 18 devices, 1 incoming serial ports
Network Service: Ethernet 1, Ethernet, en0
Network Service: AirPort, AirPort, en2
PCI Card: ATI Radeon HD 5770, sppci_displaycontroller, Slot-1
Serial ATA Device: HL-DT-ST DVD-RW GH61N
Serial ATA Device: APPLE SSD TS512C, 500.28 GB
USB Device: hub_device, apple_vendor_id, 0x9136, 0xfd300000 / 11
USB Device: iPad, apple_vendor_id, 0x12a2, 0xfd330000 / 18
USB Device: USB-PS/2 Trackball, 0x046d (Logitech Inc.), 0xc401, 0xfd310000 / 19
USB Device: Keyboard Hub, apple_vendor_id, 0x1006, 0xfd320000 / 16
USB Device: Apple Keyboard, apple_vendor_id, 0x0220, 0xfd322000 / 17
USB Device: hub_device, apple_vendor_id, 0x9137, 0xfd340000 / 12
USB Device: Display iSight, apple_vendor_id, 0x8508, 0xfd342000 / 15
USB Device: Apple LED Cinema Display, apple_vendor_id, 0x9236, 0xfd343000 / 14
USB Device: Display Audio, apple_vendor_id, 0x2912, 0xfd341000 / 13
USB Device: BRCM2046 Hub, 0x0a5c (Broadcom Corp.), 0x4500, 0x5a100000 / 2
USB Device: Bluetooth USB Host Controller, apple_vendor_id, 0x8215, 0x5a110000 / 5
FireWire Device: built-in_hub, 800mbit_speed
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Andy Wingo
I can indeed reproduce this bug.
Andy Wingo
BT with arguments:
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff205e9b5 in JSC::DFG::Node::deref (this=0x11c1550) at ../../Source/JavaScriptCore/dfg/DFGNode.h:728
728 ASSERT(m_refCount);
(gdb) bt
#0 0x00007ffff205e9b5 in JSC::DFG::Node::deref (this=0x11c1550) at ../../Source/JavaScriptCore/dfg/DFGNode.h:728
#1 0x00007ffff205eb12 in JSC::DFG::Graph::deref (this=0x7fffffffb5e0, nodeIndex=864) at ../../Source/JavaScriptCore/dfg/DFGGraph.h:114
#2 0x00007ffff205eb55 in JSC::DFG::Graph::deref (this=0x7fffffffb5e0, nodeUse=...) at ../../Source/JavaScriptCore/dfg/DFGGraph.h:119
#3 0x00007ffff209eb2b in JSC::DFG::Graph::derefChildren (this=0x7fffffffb5e0, op=864) at ../../Source/JavaScriptCore/dfg/DFGGraph.cpp:375
#4 0x00007ffff205eb27 in JSC::DFG::Graph::deref (this=0x7fffffffb5e0, nodeIndex=864) at ../../Source/JavaScriptCore/dfg/DFGGraph.h:115
#5 0x00007ffff208891d in JSC::DFG::CFGSimplificationPhase::removePotentiallyDeadPhiReference (this=0x7fffffffb560, myNodeIndex=864, phiNode=..., edgeIndex=0)
at ../../Source/JavaScriptCore/dfg/DFGCFGSimplificationPhase.cpp:425
#6 0x00007ffff2088799 in JSC::DFG::CFGSimplificationPhase::fixPhis (this=0x7fffffffb560, sourceBlockIndex=10, destinationBlockIndex=10) at ../../Source/JavaScriptCore/dfg/DFGCFGSimplificationPhase.cpp:392
#7 0x00007ffff20880a9 in JSC::DFG::CFGSimplificationPhase::killUnreachable (this=0x7fffffffb560, blockIndex=10) at ../../Source/JavaScriptCore/dfg/DFGCFGSimplificationPhase.cpp:259
#8 0x00007ffff2087f40 in JSC::DFG::CFGSimplificationPhase::run (this=0x7fffffffb560) at ../../Source/JavaScriptCore/dfg/DFGCFGSimplificationPhase.cpp:239
#9 0x00007ffff2089ffa in JSC::DFG::runPhase<JSC::DFG::CFGSimplificationPhase> (graph=...) at ../../Source/JavaScriptCore/dfg/DFGPhase.h:82
#10 0x00007ffff20870ab in JSC::DFG::performCFGSimplification (graph=...) at ../../Source/JavaScriptCore/dfg/DFGCFGSimplificationPhase.cpp:723
#11 0x00007ffff20980c6 in JSC::DFG::compile (compileMode=JSC::DFG::CompileFunction, exec=0x7fff9b1f9140, codeBlock=0x1173b20, jitCode=..., jitCodeWithArityCheck=0x7fff9b010b68)
at ../../Source/JavaScriptCore/dfg/DFGDriver.cpp:84
#12 0x00007ffff2097744 in JSC::DFG::tryCompileFunction (exec=0x7fff9b1f9140, codeBlock=0x1173b20, jitCode=..., jitCodeWithArityCheck=...) at ../../Source/JavaScriptCore/dfg/DFGDriver.cpp:128
#13 0x00007ffff2216909 in JSC::jitCompileFunctionIfAppropriate (exec=0x7fff9b1f9140, codeBlock=..., jitCode=..., jitCodeWithArityCheck=..., symbolTable=@0x7fff9b010bd8: 0x10c2ad0, jitType=JSC::JITCode::DFGJIT,
effort=JSC::JITCompilationCanFail) at ../../Source/JavaScriptCore/jit/JITDriver.h:95
#14 0x00007ffff2216bbe in JSC::prepareFunctionForExecution (exec=0x7fff9b1f9140, codeBlock=..., jitCode=..., jitCodeWithArityCheck=..., symbolTable=@0x7fff9b010bd8: 0x10c2ad0, jitType=JSC::JITCode::DFGJIT,
kind=JSC::CodeForCall) at ../../Source/JavaScriptCore/runtime/ExecutionHarness.h:64
#15 0x00007ffff2214a42 in JSC::FunctionExecutable::compileForCallInternal (this=0x7fff9b010b20, exec=0x7fff9b1f9140, scopeChainNode=0x7fff9ad8cfc0, jitType=JSC::JITCode::DFGJIT)
at ../../Source/JavaScriptCore/runtime/Executable.cpp:554
#16 0x00007ffff2213e93 in JSC::FunctionExecutable::compileOptimizedForCall (this=0x7fff9b010b20, exec=0x7fff9b1f9140, scopeChainNode=0x7fff9ad8cfc0) at ../../Source/JavaScriptCore/runtime/Executable.cpp:465
#17 0x00007ffff1fe3317 in JSC::FunctionExecutable::compileOptimizedFor (this=0x7fff9b010b20, exec=0x7fff9b1f9140, scopeChainNode=0x7fff9ad8cfc0, kind=JSC::CodeForCall)
at ../../Source/JavaScriptCore/runtime/Executable.h:586
#18 0x00007ffff1fdfe0b in JSC::FunctionCodeBlock::compileOptimized (this=0x10c4060, exec=0x7fff9b1f9140, scopeChainNode=0x7fff9ad8cfc0) at ../../Source/JavaScriptCore/bytecode/CodeBlock.cpp:2473
#19 0x00007ffff216d865 in JSC::cti_optimize_from_ret (args=0x7fffffffd9c0) at ../../Source/JavaScriptCore/jit/JITStubs.cpp:2070
#20 0x00007ffff2169bbc in JSC::JITThunks::tryCacheGetByID (callFrame=0x7fffffffd8d0, codeBlock=0x7fff9b010b20, returnAddress=..., baseValue=..., propertyName=..., slot=..., stubInfo=0x7fff98a8e880)
at ../../Source/JavaScriptCore/jit/JITStubs.cpp:970
The function being optimized is pretty large:
#12 0x00007ffff2097744 in JSC::DFG::tryCompileFunction (exec=0x7fff9b1f9140, codeBlock=0x1173b20, jitCode=..., jitCodeWithArityCheck=...) at ../../Source/JavaScriptCore/dfg/DFGDriver.cpp:128
128 return compile(CompileFunction, exec, codeBlock, jitCode, &jitCodeWithArityCheck);
(gdb) call codeBlock->dump(exec)
1261 m_instructions; 10088 bytes at 0x1173b20 (FunctionCode); 1 parameter(s); 31 callee register(s); 16 variable(s)
[ 0] enter
[ 1] convert_this r-7
[ 4] get_by_id r0, r-7, _segments(@id0) llint()
[ 13] get_by_id r1, r0, length(@id1) llint()
[ 22] mov r2, r1
[ 25] jnlesseq r1, Int32: 2(@k0), 6(->31)
[ 29] ret Undefined(@k1)
[ 31] get_by_id r16, r-7, _closed(@id2) llint()
[ 40] jfalse r16, 79(->119)
[ 43] get_global_var r19, 0
[ 47] method_check
[ 47] get_by_id r16, r19, min(@id3) llint()
[ 57] mov r18, r1
[ 60] mov r17, Int32: 4(@k2)
[ 63] call r16, 3, 26 llint(not set)
[ 69] op_call_put_result r3
[ 72] mov r16, r2
[ 75] get_global_var r20, 0
[ 79] method_check
[ 79] get_by_id r17, r20, min(@id3) llint()
[ 89] mov r19, r1
[ 92] mov r18, r3
[ 95] call r17, 3, 27 llint(not set)
[ 101] op_call_put_result r17
[ 104] mul r17, r17, Int32: 2(@k0)
[ 109] add r16, r16, r17
[ 114] mov r2, r16
[ 117] jmp 5(->122)
[ 119] mov r3, Int32: 0(@k3)
[ 122] new_array r4, r0, 0
[ 126] mov r5, Int32: 0(@k3)
[ 129] jnless r5, r1, 37(->166)
[ 133] loop_hint
[ 134] mov r16, r4
[ 137] add r17, r5, r3
[ 142] get_by_val r18, r0, r5
[ 147] get_by_id r18, r18, _point(@id4) llint(struct = 0x7fff98aac660 (offset = 0))
[ 156] put_by_val r16, r17, r18
[ 160] pre_inc r5
[ 162] loop_if_less r5, r1, -29(->133)
[ 166] get_by_id r16, r-7, _closed(@id2) llint()
[ 175] jfalse r16, 84(->259)
[ 178] mov r5, Int32: 0(@k3)
[ 181] jnless r5, r3, 76(->257)
[ 185] loop_hint
[ 186] mov r16, r4
[ 189] mov r17, r5
[ 192] add r18, r5, r1
[ 197] sub r18, r18, r3
[ 202] get_by_val r18, r0, r18
[ 207] get_by_id r18, r18, _point(@id4) llint()
[ 216] put_by_val r16, r17, r18
[ 220] mov r16, r4
[ 223] add r18, r5, r1
[ 228] add r17, r18, r3
[ 233] get_by_val r18, r0, r5
[ 238] get_by_id r18, r18, _point(@id4) llint()
[ 247] put_by_val r16, r17, r18
[ 251] pre_inc r5
[ 253] loop_if_less r5, r3, -68(->185)
[ 257] jmp 4(->261)
[ 259] pre_dec r2
[ 261] new_array r6, r0, 0
[ 265] mov r5, Int32: 1(@k4)
[ 268] sub r16, r2, Int32: 1(@k4)
[ 273] jnless r5, r16, 74(->347)
[ 277] loop_hint
[ 278] mov r16, r6
[ 281] mov r17, r5
[ 284] get_by_val r18, r4, r5
[ 289] get_by_id r18, r18, _x(@id5) llint(struct = 0x7fff9ad5e320 (offset = 0))
[ 298] mul r18, Int32: 4(@k2), r18
[ 303] add r19, r5, Int32: 1(@k4)
[ 308] get_by_val r19, r4, r19
[ 313] get_by_id r19, r19, _x(@id5) llint(struct = 0x7fff9ad5e320 (offset = 0))
[ 322] mul r19, Int32: 2(@k0), r19
[ 327] add r18, r18, r19
[ 332] put_by_val r16, r17, r18
[ 336] pre_inc r5
[ 338] sub r16, r2, Int32: 1(@k4)
[ 343] loop_if_less r5, r16, -66(->277)
[ 347] mov r16, r6
[ 350] mov r17, Int32: 0(@k3)
[ 353] get_by_val r18, r4, Int32: 0(@k3)
[ 358] get_by_id r18, r18, _x(@id5) llint(struct = 0x7fff9ad5e320 (offset = 0))
[ 367] get_by_val r19, r4, Int32: 1(@k4)
[ 372] get_by_id r19, r19, _x(@id5) llint(struct = 0x7fff9ad5e320 (offset = 0))
[ 381] mul r19, Int32: 2(@k0), r19
[ 386] add r18, r18, r19
[ 391] put_by_val r16, r17, r18
[ 395] mov r16, r6
[ 398] sub r17, r2, Int32: 1(@k4)
[ 403] sub r18, r2, Int32: 1(@k4)
[ 408] get_by_val r18, r4, r18
[ 413] get_by_id r18, r18, _x(@id5) llint(struct = 0x7fff9ad5e320 (offset = 0))
[ 422] mul r18, Int32: 3(@k5), r18
[ 427] put_by_val r16, r17, r18
[ 431] get_scoped_var r16, 3, 0
[ 436] mov r18, Undefined(@k1)
[ 439] mov r17, r6
[ 442] call r16, 2, 25 llint(0x7fff9ada97e0, exec 0x7fff9b010ce0)
[ 448] op_call_put_result r7
[ 451] mov r5, Int32: 1(@k4)
[ 454] sub r16, r2, Int32: 1(@k4)
[ 459] jnless r5, r16, 74(->533)
[ 463] loop_hint
[ 464] mov r16, r6
[ 467] mov r17, r5
[ 470] get_by_val r18, r4, r5
[ 475] get_by_id r18, r18, _y(@id6) llint(struct = 0x7fff9ad5e320 (offset = 1))
[ 484] mul r18, Int32: 4(@k2), r18
[ 489] add r19, r5, Int32: 1(@k4)
[ 494] get_by_val r19, r4, r19
[ 499] get_by_id r19, r19, _y(@id6) llint(struct = 0x7fff9ad5e320 (offset = 1))
[ 508] mul r19, Int32: 2(@k0), r19
[ 513] add r18, r18, r19
[ 518] put_by_val r16, r17, r18
[ 522] pre_inc r5
[ 524] sub r16, r2, Int32: 1(@k4)
[ 529] loop_if_less r5, r16, -66(->463)
[ 533] mov r16, r6
[ 536] mov r17, Int32: 0(@k3)
[ 539] get_by_val r18, r4, Int32: 0(@k3)
[ 544] get_by_id r18, r18, _y(@id6) llint(struct = 0x7fff9ad5e320 (offset = 1))
[ 553] get_by_val r19, r4, Int32: 1(@k4)
[ 558] get_by_id r19, r19, _y(@id6) llint(struct = 0x7fff9ad5e320 (offset = 1))
[ 567] mul r19, Int32: 2(@k0), r19
[ 572] add r18, r18, r19
[ 577] put_by_val r16, r17, r18
[ 581] mov r16, r6
[ 584] sub r17, r2, Int32: 1(@k4)
[ 589] sub r18, r2, Int32: 1(@k4)
[ 594] get_by_val r18, r4, r18
[ 599] get_by_id r18, r18, _y(@id6) llint(struct = 0x7fff9ad5e320 (offset = 1))
[ 608] mul r18, Int32: 3(@k5), r18
[ 613] put_by_val r16, r17, r18
[ 617] get_scoped_var r16, 3, 0
[ 622] mov r18, Undefined(@k1)
[ 625] mov r17, r6
[ 628] call r16, 2, 25 llint(0x7fff9ada97e0, exec 0x7fff9b010ce0)
[ 634] op_call_put_result r8
[ 637] get_by_id r16, r-7, _closed(@id2) llint()
[ 646] jfalse r16, 184(->830)
[ 649] mov r5, Int32: 0(@k3)
[ 652] mov r9, r1
[ 655] jnless r5, r3, 173(->828)
[ 659] loop_hint
[ 660] div r10, r5, r3
[ 665] sub r11, Int32: 1(@k4), r10
[ 670] mov r16, r7
[ 673] mov r17, r9
[ 676] get_by_val r18, r7, r5
[ 681] mul r18, r18, r10
[ 686] get_by_val r19, r7, r9
[ 691] mul r19, r19, r11
[ 696] add r18, r18, r19
[ 701] put_by_val r16, r17, r18
[ 705] mov r16, r8
[ 708] mov r17, r9
[ 711] get_by_val r18, r8, r5
[ 716] mul r18, r18, r10
[ 721] get_by_val r19, r8, r9
[ 726] mul r19, r19, r11
[ 731] add r18, r18, r19
[ 736] put_by_val r16, r17, r18
[ 740] add r12, r5, r3
[ 745] add r13, r9, r3
[ 750] mov r16, r7
[ 753] mov r17, r13
[ 756] get_by_val r18, r7, r12
[ 761] mul r18, r18, r11
[ 766] get_by_val r19, r7, r13
[ 771] mul r19, r19, r10
[ 776] add r18, r18, r19
[ 781] put_by_val r16, r17, r18
[ 785] mov r16, r8
[ 788] mov r17, r13
[ 791] get_by_val r18, r8, r12
[ 796] mul r18, r18, r11
[ 801] get_by_val r19, r8, r13
[ 806] mul r19, r19, r10
[ 811] add r18, r18, r19
[ 816] put_by_val r16, r17, r18
[ 820] pre_inc r5
[ 822] pre_inc r9
[ 824] loop_if_less r5, r3, -165(->659)
[ 828] pre_dec r2
[ 830] mov r14, Null(@k6)
[ 833] mov r5, r3
[ 836] sub r16, r2, r3
[ 841] jnlesseq r5, r16, 339(->1180)
[ 845] loop_hint
[ 846] sub r16, r5, r3
[ 851] get_by_val r15, r0, r16
[ 856] jfalse r14, 53(->909)
[ 859] mov r18, r15
[ 862] method_check
[ 862] get_by_id r16, r18, setHandleIn(@id7) llint()
[ 872] mov r20, r14
[ 875] method_check
[ 875] get_by_id r17, r20, subtract(@id8) llint()
[ 885] get_by_id r19, r15, _point(@id4) llint(struct = 0x7fff98aac660 (offset = 0))
[ 894] call r17, 2, 27 llint(0x7fff9afd9120, exec 0x7fffa0084320)
[ 900] op_call_put_result r17
[ 903] call r16, 2, 25 llint(0x7fff9ae61b00, exec 0x7fff9b034400)
[ 909] jnless r5, r2, 260(->1169)
[ 913] mov r18, r15
[ 916] method_check
[ 916] get_by_id r16, r18, setHandleOut(@id9) llint()
[ 926] get_scoped_var r21, 6, 1
[ 931] get_by_val r23, r7, r5
[ 936] get_by_val r22, r8, r5
[ 941] construct r21, 3, 31 llint(0x7fff9afd7f20, exec 0x7fff9b013440)
[ 947] op_call_put_result r20
[ 950] method_check
[ 950] get_by_id r17, r20, subtract(@id8) llint()
[ 960] get_by_id r19, r15, _point(@id4) llint(struct = 0x7fff98aac660 (offset = 0))
[ 969] call r17, 2, 27 llint(0x7fff9afd9120, exec 0x7fffa0084320)
[ 975] op_call_put_result r17
[ 978] call r16, 2, 25 llint(0x7fff9ae61a40, exec 0x7fff9b034240)
[ 984] sub r16, r2, Int32: 1(@k4)
[ 989] jnless r5, r16, 98(->1087)
[ 993] get_scoped_var r16, 6, 1
[ 998] add r20, r5, Int32: 1(@k4)
[1003] get_by_val r20, r4, r20
[1008] get_by_id r20, r20, _x(@id5) llint(struct = 0x7fff9ad5e320 (offset = 0))
[1017] mul r20, Int32: 2(@k0), r20
[1022] add r21, r5, Int32: 1(@k4)
[1027] get_by_val r21, r7, r21
[1032] sub r18, r20, r21
[1037] add r20, r5, Int32: 1(@k4)
[1042] get_by_val r20, r4, r20
[1047] get_by_id r20, r20, _y(@id6) llint(struct = 0x7fff9ad5e320 (offset = 1))
[1056] mul r20, Int32: 2(@k0), r20
[1061] add r21, r5, Int32: 1(@k4)
[1066] get_by_val r21, r8, r21
[1071] sub r17, r20, r21
[1076] construct r16, 3, 26 llint(0x7fff9afd7f20, exec 0x7fff9b013440)
[1082] op_call_put_result r14
[1085] jmp 84(->1169)
[1087] get_scoped_var r16, 6, 1
[1092] get_by_val r20, r4, r2
[1097] get_by_id r20, r20, _x(@id5) llint(struct = 0x7fff9ad5e320 (offset = 0))
[1106] sub r21, r2, Int32: 1(@k4)
[1111] get_by_val r21, r7, r21
[1116] add r20, r20, r21
[1121] div r18, r20, Int32: 2(@k0)
[1126] get_by_val r20, r4, r2
[1131] get_by_id r20, r20, _y(@id6) llint(struct = 0x7fff9ad5e320 (offset = 1))
[1140] sub r21, r2, Int32: 1(@k4)
[1145] get_by_val r21, r8, r21
[1150] add r20, r20, r21
[1155] div r17, r20, Int32: 2(@k0)
[1160] construct r16, 3, 26 llint(0x7fff9afd7f20, exec 0x7fff9b013440)
[1166] op_call_put_result r14
[1169] pre_inc r5
[1171] sub r16, r2, r3
[1176] loop_if_lesseq r5, r16, -331(->845)
[1180] get_by_id r16, r-7, _closed(@id2) llint()
[1189] jfalse r16, 70(->1259)
[1192] jfalse r14, 67(->1259)
[1195] get_by_id r16, r-7, _segments(@id0) llint()
[1204] get_by_val r15, r16, Int32: 0(@k3)
[1209] mov r18, r15
[1212] method_check
[1212] get_by_id r16, r18, setHandleIn(@id7) llint()
[1222] mov r20, r14
[1225] method_check
[1225] get_by_id r17, r20, subtract(@id8) llint()
[1235] get_by_id r19, r15, _point(@id4) llint()
[1244] call r17, 2, 27 llint(not set)
[1250] op_call_put_result r17
[1253] call r16, 2, 25 llint(not set)
[1259] ret Undefined(@k1)
Identifiers:
id0 = _segments
id1 = length
id2 = _closed
id3 = min
id4 = _point
id5 = _x
id6 = _y
id7 = setHandleIn
id8 = subtract
id9 = setHandleOut
Constants:
k0 = Int32: 2
k1 = Undefined
k2 = Int32: 4
k3 = Int32: 0
k4 = Int32: 1
k5 = Int32: 3
k6 = Null
k7 = False
k8 = Double: 4010000000000000, 4.000000
k9 = Double: 4000000000000000, 2.000000
k10 = Double: 4008000000000000, 3.000000
Andy Wingo
The suspicious thing to me is this:
#6 0x00007ffff2088799 in JSC::DFG::CFGSimplificationPhase::fixPhis (this=0x7fffffffb560, sourceBlockIndex=10, destinationBlockIndex=10) at ../../Source/JavaScriptCore/dfg/DFGCFGSimplificationPhase.cpp:392
That the source and destination block indexes are the same. I wonder if this case is handled correctly. Still investigating.
Andy Wingo
For the record, the dataflow dump output for block 10.
Block #10 (bc#185): (skipped) (OSR target)
Predecessors:
Phi Nodes:
123: < 1:-> Phi(, r4(HK<Array>)) predicting Array, double ratio 0.000000
126: < 1:-> Phi(, r5(VC<Int32>)) predicting Int, double ratio 0.000000
129: < 1:-> Phi(, r1(HG<Int32>)) predicting Int, double ratio 0.000000
133: < 1:-> Phi(, r3(BL<Int32>)) predicting Int, double ratio 0.000000
138: < 1:-> Phi(, r0(KI<Array>)) predicting Array, double ratio 0.000000
864: skipped < 0:-> Phi(@864, , r2(CB<Int32>))
897: < 1:-> Phi(@897, , arg0(GL<Final>)) predicting Final, double ratio 0.000000
159: skipped < 0:-> Phi(@126, , r5(VC<Int32>))
164: skipped < 0:-> Phi(@133, , r3(BL<Int32>))
813: skipped < 0:-> Phi(@138, , r0(KI<Array>))
846: skipped < 0:-> Phi(@129, , r1(HG<Int32>))
856: skipped < 0:-> Phi(@123, , r4(HK<Array>))
863: skipped < 0:-> Phi(@864, , r2(CB<Int32>))
896: skipped < 0:-> Phi(@897, , arg0(GL<Final>))
vars before: <empty>
var links: @897 : @139 @130 @864 @134 @124 @127 - - - - - - - - - - - - - - - - - - - - - - - - -
122: <!0:-> Phantom(MustGenerate)
124: < 2:-> GetLocal(@123, ResultJS|UsedAsNum|NeedsNegZero|CanExit, r4(HK<Array>)) predicting Array, double ratio 0.000000
125: skipped < 0:-> SetLocal(@124<Array>, r16(GC))
127: < 6:-> GetLocal(@126, ResultJS|UsedAsNum|NeedsNegZero|UsedAsInt|CanExit, r5(VC<Int32>)) predicting Int, double ratio 0.000000
128: skipped < 0:-> SetLocal(@127<Int32>, r17(IC))
130: < 2:-> GetLocal(@129, ResultJS|UsedAsNum|NeedsNegZero|UsedAsInt|CanExit, r1(HG<Int32>)) predicting Int, double ratio 0.000000
131: <!1:-> ValueAdd(@127<Int32>, @130<Int32>, ResultJS|MustGenerate|MightClobber|UsedAsNum|NeedsNegZero|UsedAsInt|CanExit)
132: skipped < 0:-> SetLocal(@131<Int32>, r18(KC))
134: < 3:-> GetLocal(@133, ResultJS|UsedAsNum|NeedsNegZero|UsedAsInt|CanExit, r3(BL<Int32>)) predicting Int, double ratio 0.000000
135: <!2:-> ArithSub(@131<Int32>, @134<Int32>, ResultNumber|MustGenerate|UsedAsNum|NeedsNegZero|UsedAsInt|CanExit)
136: skipped < 0:-> SetLocal(@135<Int32>, r18(MC))
137: <!0:-> ForceOSRExit(MustGenerate|CanExit)
139: < 4:-> GetLocal(@138, ResultJS|UsedAsNum|NeedsNegZero|CanExit, r0(KI<Array>)) predicting Array, double ratio 0.000000
140: <!1:-> GetIndexedPropertyStorage(@139<Array>, @135<Int32>, ResultStorage|MustGenerate|CanExit)
141: <!1:-> GetByVal(@139<Array>, @135<Int32>, @140<Other>, ResultJS|MustGenerate|MightClobber|UsedAsNum|NeedsNegZero|CanExit) predicting None
142: skipped < 0:-> SetLocal(@141, r18(OC))
143: <!1:-> GetById(@141, ResultJS|MustGenerate|ClobbersWorld|UsedAsNum|NeedsNegZero|CanExit, id4{_point}) predicting None
144: skipped < 0:-> SetLocal(@143, r18(PC))
145: <!0:-> PutByVal(@124<Array>, @127<Int32>, @143, MustGenerate|ClobbersWorld|CanExit)
146: skipped < 0:-> SetLocal(@124<Array>, r16(QC))
147: <!1:-> ValueAdd(@127<Int32>, @130<Int32>, ResultJS|MustGenerate|MightClobber|UsedAsNum|UsedAsInt|CanExit)
148: skipped < 0:-> SetLocal(@147<Int32>, r18(RC))
149: <!1:-> ValueAdd(@147<Int32>, @134<Int32>, ResultJS|MustGenerate|MightClobber|UsedAsNum|UsedAsInt|CanExit)
150: skipped < 0:-> SetLocal(@149<Int32>, r17(SC))
151: <!0:-> ForceOSRExit(MustGenerate|CanExit)
152: <!1:-> GetIndexedPropertyStorage(@139<Array>, @127<Int32>, ResultStorage|MustGenerate|CanExit)
153: <!1:-> GetByVal(@139<Array>, @127<Int32>, @152<Other>, ResultJS|MustGenerate|MightClobber|UsedAsNum|NeedsNegZero|CanExit) predicting None
154: skipped < 0:-> SetLocal(@153, r18(TC))
155: <!1:-> GetById(@153, ResultJS|MustGenerate|ClobbersWorld|UsedAsNum|NeedsNegZero|CanExit, id4{_point}) predicting None
156: skipped < 0:-> SetLocal(@155, r18(UC))
157: <!0:-> PutByVal(@124<Array>, @149<Int32>, @155, MustGenerate|ClobbersWorld|CanExit)
158: <!0:-> Phantom(MustGenerate)
160: skipped < 0:-> GetLocal(@126, ResultJS|UsedAsNum|NeedsNegZero|UsedAsInt|CanExit, r5(VC<Int32>))
161: < 1:-> JSConstant(ResultJS|UsedAsNum|NeedsNegZero|UsedAsInt, $4 = Int32: 1)
162: <!1:-> ArithAdd(@127<Int32>, @161<Int32>, ResultNumber|MustGenerate|UsedAsNum|NeedsNegZero|UsedAsInt|CanExit)
163: skipped < 0:-> SetLocal(@162<Int32>, r5(VC<Int32>))
165: skipped < 0:-> GetLocal(@133, ResultJS|UsedAsNum|NeedsNegZero|CanExit, r3(BL<Int32>))
166: <!1:-> CompareLess(@162<Int32>, @134<Int32>, ResultBoolean|MustGenerate|MightClobber|UsedAsNum|NeedsNegZero|CanExit)
167: <!0:-> Branch(@166<Boolean>, MustGenerate|CanExit, T:#10, F:#12)
vars after: <empty>
var links: @897 : @139 @130 @864 @134 @124 @163 - - - - - - - - - - @146 @150 @156 - - - - - - - - - - - -
Andy Wingo
Interestingly, earlier in the CFG simplification phase, the phi node in question (864) had a refcount of 2. Simplifying some other part of the graph removed one of the references. Then block 10 became unreachable, and we go to kill its phi uses. The only remaining use of 864 is itself, and thus the refcount drops to 0, and the graph goes to unref its children, including itself, but its refcount is already 0, and hence this assertion.
Andy Wingo
If my analysis is right, I'm not sure what the right fix is. One can easily have arbitrarily long cycles that could exhibit similar behaviour.
This patch fixes the immediate symptom:
diff --git a/Source/JavaScriptCore/dfg/DFGCFGSimplificationPhase.cpp b/Source/JavaScriptCore/dfg/DFGCFGSimplificationPhase.cpp
index 0f0a225..84286d3 100644
--- a/Source/JavaScriptCore/dfg/DFGCFGSimplificationPhase.cpp
+++ b/Source/JavaScriptCore/dfg/DFGCFGSimplificationPhase.cpp
@@ -365,6 +365,10 @@ private:
void fixPhis(BlockIndex sourceBlockIndex, BlockIndex destinationBlockIndex)
{
+ if (sourceBlockIndex == destinationBlockIndex) {
+ // No need to kill off phis referenced from our own block.
+ return;
+ }
BasicBlock* sourceBlock = m_graph.m_blocks[sourceBlockIndex].get();
BasicBlock* destinationBlock = m_graph.m_blocks[destinationBlockIndex].get();
if (!destinationBlock) {
However I get other problems on paperjs.org, including a segfault in meta balls:
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff1facd86 in JSC::JSCell::classInfo (this=0x0) at ../../Source/JavaScriptCore/runtime/JSCell.h:195
195 return m_classInfo;
(gdb) bt
#0 0x00007ffff1facd86 in JSC::JSCell::classInfo (this=0x0) at ../../Source/JavaScriptCore/runtime/JSCell.h:195
#1 0x00007ffff1faed96 in JSC::JSCell::methodTable (this=0x0) at ../../Source/JavaScriptCore/runtime/JSObject.h:536
#2 0x00007ffff20ad801 in JSC::JSValue::get (this=0x7fffffffcde0, exec=0x7fff96f963b0, propertyName=0, slot=...) at ../../Source/JavaScriptCore/runtime/JSObject.h:843
#3 0x00007ffff20ad755 in JSC::JSValue::get (this=0x7fffffffcde0, exec=0x7fff96f963b0, propertyName=0) at ../../Source/JavaScriptCore/runtime/JSObject.h:830
#4 0x00007ffff20aae9b in JSC::DFG::operationGetArgumentByVal (exec=0x7fff96f963b0, argumentsRegister=1, index=0) at ../../Source/JavaScriptCore/dfg/DFGOperations.cpp:1108
#5 0x00007fffa3a3107f in ?? ()
And voronoi prints out this on the console, many times:
** Message: console message: http://jonathanpuckey.com/static/rhill-voronoi-core.js @284: TypeError: 'null' is not an object
Michael, can you reproduce any of these? Filip, do you have any thoughts here?
Filip Pizlo
(In reply to comment #6)
> If my analysis is right, I'm not sure what the right fix is. One can easily have arbitrarily long cycles that could exhibit similar behavior.
Here's one answer, which is correct in general but incorrect in this particular case (see below, for the correct, but less general, answer): you call call Graph::collectGarbage(), which will reset all ref counts based on a tracing GC over the graph.
>
> This patch fixes the immediate symptom:
>
> diff --git a/Source/JavaScriptCore/dfg/DFGCFGSimplificationPhase.cpp b/Source/JavaScriptCore/dfg/DFGCFGSimplificationPhase.cpp
> index 0f0a225..84286d3 100644
> --- a/Source/JavaScriptCore/dfg/DFGCFGSimplificationPhase.cpp
> +++ b/Source/JavaScriptCore/dfg/DFGCFGSimplificationPhase.cpp
> @@ -365,6 +365,10 @@ private:
>
> void fixPhis(BlockIndex sourceBlockIndex, BlockIndex destinationBlockIndex)
> {
> + if (sourceBlockIndex == destinationBlockIndex) {
> + // No need to kill off phis referenced from our own block.
> + return;
> + }
> BasicBlock* sourceBlock = m_graph.m_blocks[sourceBlockIndex].get();
> BasicBlock* destinationBlock = m_graph.m_blocks[destinationBlockIndex].get();
> if (!destinationBlock) {
That's probably wrong, since you'll end up with Phi references to code that was deleted, which ought to almost certainly lead to hilarity.
>
> However I get other problems on paperjs.org, including a segfault in meta balls:
>
>
> Program received signal SIGSEGV, Segmentation fault.
> 0x00007ffff1facd86 in JSC::JSCell::classInfo (this=0x0) at ../../Source/JavaScriptCore/runtime/JSCell.h:195
> 195 return m_classInfo;
> (gdb) bt
> #0 0x00007ffff1facd86 in JSC::JSCell::classInfo (this=0x0) at ../../Source/JavaScriptCore/runtime/JSCell.h:195
> #1 0x00007ffff1faed96 in JSC::JSCell::methodTable (this=0x0) at ../../Source/JavaScriptCore/runtime/JSObject.h:536
> #2 0x00007ffff20ad801 in JSC::JSValue::get (this=0x7fffffffcde0, exec=0x7fff96f963b0, propertyName=0, slot=...) at ../../Source/JavaScriptCore/runtime/JSObject.h:843
> #3 0x00007ffff20ad755 in JSC::JSValue::get (this=0x7fffffffcde0, exec=0x7fff96f963b0, propertyName=0) at ../../Source/JavaScriptCore/runtime/JSObject.h:830
> #4 0x00007ffff20aae9b in JSC::DFG::operationGetArgumentByVal (exec=0x7fff96f963b0, argumentsRegister=1, index=0) at ../../Source/JavaScriptCore/dfg/DFGOperations.cpp:1108
> #5 0x00007fffa3a3107f in ?? ()
>
> And voronoi prints out this on the console, many times:
>
> ** Message: console message: http://jonathanpuckey.com/static/rhill-voronoi-core.js @284: TypeError: 'null' is not an object
That may well be a different bug. I'll look into it.
>
> Michael, can you reproduce any of these? Filip, do you have any thoughts here?
Now for the (hopefully) correct answer. The problem was that fixPhis() was being used in two subtly different cases, but was assuming that it was only being used in one of them and did wrong things for the other case.
Case #1, or the Jettisoned Block case:
Consider the control flow graph consisting of blocks A, B, C. A initially has a branch to B and C based on some predicate (B if true, C if false). But constant folding proves this predicate to be true, leading to C being jettisoned. We then call fixPhis() with A as the source block and C as the destination block. In this case, A is a reachable block, and C may or may not be reachable (note that other reachable blocks could still jump to C). Regardless of whether or not C is reachable at this point (we don't need to know), we need to ensure that any Phis in C no longer refer to A's nodes, since A is no longer a predecessor of C. In the process of removing those Phi references, we must ensure that the thing that the Phi points to gets deref'd.
Note it's also possible to have blocks A and B, where A branches to either A or B - i.e. a loop. Then A will potentially have Phi loops. But it will only have *live* Phi loops if the variables for those Phis are used outside of the loop. Hence, we will not encounter this infinite deref'ing because the Phi's ref counts will never hit zero.
Case #2, or the Unreachable Block case:
Consider the control flow graph consisting of blocks A, B, C, D. A initially had a branch to B and C based on some predicate (B if true, C if false). But constant folding proves this predicate to be true, leading to C being jettisoned. Initially we do case #1 above, but then we have more work to do: assume that there are no longer any other jumps to C, making C unreachable. This means that D will have Phi functions that refer into C; these must now be fixed up, since C is no longer a predecessor of D since C is unreachable.
In this case we call fixPhis() with C as the source block and D as the destination block. But unlike case #1, the source block (C) is unreachable. Hence, although we need to remove references into C from D, we don't need to do any deref's. This is because all of C is going away anyway. It will cease to exist. Its ref counts don't matter. There's no point in getting them right.
In this case it is certainly possible for there to be a dead cycle, and deref'ing this dead cycle will lead to infinite recursion and horror and badness. (Though the infinite recursion would be caught by an ASSERT.) It is possible to fix that by calling collectGarbage(). But we don't need to do any of that, because the ref counts of C's nodes are irrelevant - all that matters is that D just doesn't refer into C anymore.
So, in short: the fix is to make fixPhis() deref only if the destination Phi is shouldGenerate() *and* if the source block is reachable.
I'm testing this fix right now.
Filip Pizlo
OK, I think I've fixed it. There don't appear to be any other issues.
*** This bug has been marked as a duplicate of bug 88362 ***
Andy Wingo
Thanks for looking at it, and thanks for the explanation too!