Created attachment 222896 [details] Crash log r163227 Reproducibility: always Steps: 1. http://www.jorgexolalpa.com/ 2. Hover mouse on any of the link titles on the top left. What happened: 2. Crash. Thread 8 Crashed:: JSC Compilation Thread 0 com.apple.JavaScriptCore 0x00000001054eb5d4 JSC::ArrayProfile::computeUpdatedPrediction(JSC::ConcurrentJITLocker const&, JSC::CodeBlock*) + 4 1 com.apple.JavaScriptCore 0x00000001055564c7 JSC::DFG::ByteCodeParser::handleIntrinsic(int, JSC::Intrinsic, int, int, unsigned int) + 535 2 com.apple.JavaScriptCore 0x0000000105555bc1 JSC::DFG::ByteCodeParser::handleCall(int, JSC::DFG::NodeType, JSC::CodeSpecializationKind, unsigned int, int, int, int) + 657 3 com.apple.JavaScriptCore 0x000000010555dd93 JSC::DFG::ByteCodeParser::parseBlock(unsigned int) + 19107 4 com.apple.JavaScriptCore 0x000000010555846b JSC::DFG::ByteCodeParser::parseCodeBlock() + 1867 5 com.apple.JavaScriptCore 0x00000001055577bc JSC::DFG::ByteCodeParser::handleInlining(JSC::DFG::Node*, int, JSC::CallLinkStatus const&, int, int, unsigned int, JSC::CodeSpecializationKind) + 1276 6 com.apple.JavaScriptCore 0x0000000105555c98 JSC::DFG::ByteCodeParser::handleCall(int, JSC::DFG::NodeType, JSC::CodeSpecializationKind, unsigned int, int, int, int) + 872 7 com.apple.JavaScriptCore 0x000000010555c206 JSC::DFG::ByteCodeParser::parseBlock(unsigned int) + 12054 8 com.apple.JavaScriptCore 0x000000010555846b JSC::DFG::ByteCodeParser::parseCodeBlock() + 1867 9 com.apple.JavaScriptCore 0x00000001055628e4 JSC::DFG::ByteCodeParser::parse() + 628 10 com.apple.JavaScriptCore 0x00000001055629f9 JSC::DFG::parse(JSC::DFG::Graph&) + 41 11 com.apple.JavaScriptCore 0x00000001055cd993 JSC::DFG::Plan::compileInThreadImpl(JSC::DFG::LongLivedState&) + 211 12 com.apple.JavaScriptCore 0x00000001055cd6dd JSC::DFG::Plan::compileInThread(JSC::DFG::LongLivedState&) + 269 13 com.apple.JavaScriptCore 0x00000001056449db JSC::DFG::Worklist::runThread() + 539 14 com.apple.JavaScriptCore 0x00000001058ea57f WTF::wtfThreadEntryPoint(void*) + 15 15 libsystem_pthread.dylib 0x00007fff972bf899 _pthread_body + 138 16 libsystem_pthread.dylib 0x00007fff972bf72a _pthread_start + 137 17 libsystem_pthread.dylib 0x00007fff972c3fc9 thread_start + 13 Expected result: Webkit does not crash.
Fixed with r163498