129118 – REGRESSION (r164417): ASSERTION FAILED: isBranch() in X86 32 bit build

Bug 129118 - REGRESSION (r164417): ASSERTION FAILED: isBranch() in X86 32 bit build

Summary: REGRESSION (r164417): ASSERTION FAILED: isBranch() in X86 32 bit build

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	JavaScriptCore (show other bugs)
Version:	528+ (Nightly build)
Hardware:	All All

Importance:	P2 Normal
Assignee:	Michael Saboff

URL:
Keywords:

Duplicates (1):	129100 (view as bug list)
Depends on:
Blocks:

Reported:	2014-02-20 13:52 PST by Michael Saboff
Modified:	2014-02-20 23:48 PST (History)
CC List:	1 user (show)

See Also:

Attachments
Patch (1.30 KB, patch) 2014-02-20 13:53 PST, Michael Saboff	fpizlo: review+	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Michael Saboff 2014-02-20 13:52:39 PST

Running testapi from a debug build gives:

...
PASS: z should be null and is.
PASS: Test script executed successfully.
ASSERTION FAILED: isBranch()
/Volumes/Data/src/webkit.work/Source/JavaScriptCore/dfg/DFGNode.h(873) : JSC::DFG::BranchData *JSC::DFG::Node::branchData()
1   0x85a72d WTFCrash
2   0x203367 JSC::DFG::Node::branchData()
3   0x3b1c79 JSC::DFG::SpeculativeJIT::compile(JSC::DFG::Node*)
4   0x355262 JSC::DFG::SpeculativeJIT::compileCurrentBlock()
5   0x355d2b JSC::DFG::SpeculativeJIT::compile()
6   0x2d2b40 JSC::DFG::JITCompiler::compileBody()
7   0x2d470e JSC::DFG::JITCompiler::compile()
8   0x345751 JSC::DFG::Plan::compileInThreadImpl(JSC::DFG::LongLivedState&)
9   0x344ca0 JSC::DFG::Plan::compileInThread(JSC::DFG::LongLivedState&, JSC::DFG::ThreadData*)
10  0x28cdc8 JSC::DFG::compileImpl(JSC::VM&, JSC::CodeBlock*, JSC::CodeBlock*, JSC::DFG::CompilationMode, unsigned int, JSC::Operands<JSC::JSValue, JSC::OperandValueTraits<JSC::JSValue> > const&, WTF::PassRefPtr<JSC::DeferredCompilationCallback>)
11  0x28c532 JSC::DFG::compile(JSC::VM&, JSC::CodeBlock*, JSC::CodeBlock*, JSC::DFG::CompilationMode, unsigned int, JSC::Operands<JSC::JSValue, JSC::OperandValueTraits<JSC::JSValue> > const&, WTF::PassRefPtr<JSC::DeferredCompilationCallback>)
12  0x4cc4ab operationOptimize
13  0x1962e7a
14  0x6129b4 callToJavaScript
15  0x4b5390 JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*)
16  0x49257f JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::JSObject*)
17  0x1886ed JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, JSC::JSValue*)
18  0x508601 JSEvaluateScript
19  0x79ead main
20  0x9690d70d start

Comment 1 Michael Saboff 2014-02-20 13:53:28 PST

Created attachment 224794 [details]
Patch

Comment 2 Filip Pizlo 2014-02-20 14:01:03 PST

Comment on attachment 224794 [details]
Patch

Lol.

Comment 3 Michael Saboff 2014-02-20 14:02:00 PST

Committed r164445: <http://trac.webkit.org/changeset/164445>

Comment 4 Csaba Osztrogonác 2014-02-20 23:48:16 PST

*** Bug 129100 has been marked as a duplicate of this bug. ***