RESOLVED FIXED 121844
Crashing under JSC::DFG::SpeculativeJIT::spill visiting citicards.com 
https://bugs.webkit.org/show_bug.cgi?id=121844
Summary Crashing under JSC::DFG::SpeculativeJIT::spill visiting citicards.com
Jessie Berlin
Reported 2013-09-24 09:50:47 PDT
1 com.apple.JavaScriptCore 0x10bb8906c WTFCrash + 0x4c > 2 com.apple.JavaScriptCore 0x10ba90ab0 JSC::DFG::SpeculativeJIT::spill(JSC::VirtualRegister) + 0x240 3 com.apple.JavaScriptCore 0x10bc1c237 JSC::DFG::GPRTemporary::GPRTemporary<JSC::DFG::SpeculateInt32Operand, JSC::DFG::SpeculateInt32Operand>(JSC::DFG::SpeculativeJIT*, JSC::DFG::ReuseTag, JSC::DFG::SpeculateInt32Operand&, JSC::DFG::SpeculateInt32Operand&) + 0x197 4 com.apple.JavaScriptCore 0x10ba7af02 JSC::DFG::SpeculativeJIT::compile(JSC::DFG::Node*) + 0x1662 5 com.apple.JavaScriptCore 0x10bc0ef85 JSC::DFG::SpeculativeJIT::compileCurrentBlock() + 0x945 6 com.apple.JavaScriptCore 0x10ba788c0 JSC::DFG::SpeculativeJIT::compile() + 0x70 7 com.apple.JavaScriptCore 0x10bbed40e JSC::DFG::JITCompiler::compileFunction() + 0x22e 8 com.apple.JavaScriptCore 0x10bc068aa JSC::DFG::Plan::compileInThreadImpl(JSC::DFG::LongLivedState&) + 0x48a 9 com.apple.JavaScriptCore 0x10bc0627f JSC::DFG::Plan::compileInThread(JSC::DFG::LongLivedState&) + 0xff 10 com.apple.JavaScriptCore 0x10bc32b36 JSC::DFG::Worklist::runThread() + 0x106 11 com.apple.JavaScriptCore 0x10b97a95f WTF::wtfThreadEntryPoint(void*) + 0xf 12 libsystem_c.dylib 0x7fff936b1772 _pthread_start + 0x147 13 libsystem_c.dylib 0x7fff9369e1a1 thread_start + 0xd I am seeing this on ML with the single web process. <rdar://problem/15066488>
Attachments
the patch (14.07 KB, patch)
2013-09-24 16:21 PDT, Filip Pizlo 		mhahnenberg: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Filip Pizlo
Comment 1 2013-09-24 16:21:23 PDT
Created attachment 212515 [details] the patch
WebKit Commit Bot
Comment 2 2013-09-24 16:23:14 PDT
Attachment 212515 [details] did not pass style-queue: Failed to run "['Tools/Scripts/check-webkit-style', '--diff-files', u'LayoutTests/ChangeLog', u'LayoutTests/js/dfg-int52-spill-expected.txt', u'LayoutTests/js/dfg-int52-spill-trickier-expected.txt', u'LayoutTests/js/dfg-int52-spill-trickier.html', u'LayoutTests/js/dfg-int52-spill.html', u'LayoutTests/js/script-tests/dfg-int52-spill-trickier.js', u'LayoutTests/js/script-tests/dfg-int52-spill.js', u'Source/JavaScriptCore/ChangeLog', u'Source/JavaScriptCore/bytecode/ValueRecovery.h', u'Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h', u'Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp', u'Tools/ChangeLog', u'Tools/Scripts/run-javascriptcore-tests']" exit_code: 1 Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h:516: Weird number of spaces at line-start. Are you using a 4-space indent? [whitespace/indent] [3] Total errors found: 1 in 13 files If any of these errors are false positives, please file a bug against check-webkit-style.
Mark Hahnenberg
Comment 3 2013-09-24 16:25:17 PDT
Comment on attachment 212515 [details] the patch r=me
Filip Pizlo
Comment 4 2013-09-24 16:26:50 PDT
Landed in http://trac.webkit.org/changeset/156371
Note You need to log in before you can comment on or make changes to this bug.