Bug 122908 - iPad Google News crashes in CLoop builds
Summary: iPad Google News crashes in CLoop builds
Status: UNCONFIRMED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Nobody
URL: http://news.google.com/
Keywords:
Depends on:
Blocks:
 
Reported: 2013-10-16 11:42 PDT by Ralph T
Modified: 2013-10-17 13:27 PDT (History)
3 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Ralph T 2013-10-16 11:42:38 PDT
The LLInt CLoop crashes when loading http://news.google.com/ with an iPad User-Agent. I'm using "Mozilla/5.0 (iPad; CPU OS 5_0 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9A334 Safari/7534.48.3" but probably a newer one would work, too. The DFG JIT doesn't crash on this page.

Program received signal SIGSEGV, Segmentation fault.
0x00007f6354745644 in JSC::LLInt::CLoop::execute(JSC::ExecState*, JSC::OpcodeID, bool) () from /home/ralpht/meta/WebKit/WebKitBuild/Release/lib/libWebKit2.so.0
(gdb) bt
#0  0x00007f6354745644 in JSC::LLInt::CLoop::execute(JSC::ExecState*, JSC::OpcodeID, bool) () from /home/ralpht/meta/WebKit/WebKitBuild/Release/lib/libWebKit2.so.0
#1  0x00007f63546884e8 in JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::JSObject*) () from /home/ralpht/meta/WebKit/WebKitBuild/Release/lib/libWebKit2.so.0
#2  0x00007f63559e9b38 in JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, JSC::JSValue*) () from /home/ralpht/meta/WebKit/WebKitBuild/Release/lib/libWebKit2.so.0
#3  0x00007f6354f56cbb in WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld&) () from /home/ralpht/meta/WebKit/WebKitBuild/Release/lib/libWebKit2.so.0
#4  0x00007f6354f56f63 in WebCore::ScriptController::evaluate(WebCore::ScriptSourceCode const&) () from /home/ralpht/meta/WebKit/WebKitBuild/Release/lib/libWebKit2.so.0
#5  0x00007f635541d7d1 in WebCore::ScriptElement::executeScript(WebCore::ScriptSourceCode const&) [clone .part.35] () from /home/ralpht/meta/WebKit/WebKitBuild/Release/lib/libWebKit2.so.0
#6  0x00007f635541e18d in WebCore::ScriptElement::execute(WebCore::CachedScript*) () from /home/ralpht/meta/WebKit/WebKitBuild/Release/lib/libWebKit2.so.0
#7  0x00007f635485500d in WebCore::ScriptRunner::timerFired(WebCore::Timer<WebCore::ScriptRunner>*) () from /home/ralpht/meta/WebKit/WebKitBuild/Release/lib/libWebKit2.so.0
#8  0x00007f6354bcb209 in WebCore::ThreadTimers::sharedTimerFiredInternal() () from /home/ralpht/meta/WebKit/WebKitBuild/Release/lib/libWebKit2.so.0
#9  0x00007f6355270af2 in WebCore::timeout_cb(void*) () from /home/ralpht/meta/WebKit/WebKitBuild/Release/lib/libWebKit2.so.0
#10 0x00007f6351356b2b in g_timeout_dispatch (source=source@entry=0x25b36a0, callback=<optimized out>, user_data=<optimized out>) at gmain.c:4413
#11 0x00007f6351355f15 in g_main_dispatch (context=0x207fa50) at gmain.c:3054
#12 g_main_context_dispatch (context=context@entry=0x207fa50) at gmain.c:3630
#13 0x00007f6351356258 in g_main_context_iterate (context=0x207fa50, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3701
#14 0x00007f63513566ca in g_main_loop_run (loop=0x207fbb0) at gmain.c:3895
Comment 1 Mark Lam 2013-10-16 12:10:35 PDT
Ralph, which revision did you see this manifest on?
Comment 2 Ralph T 2013-10-16 12:16:28 PDT
I don't know exactly -- I believe it was between September 9th and September 23. I usually build with DFG JIT enabled  (which recently that stopped compiling for ARMv7 and I don't have the VM-fu to submit a fix) so I didn't notice it until now.