146634 – ASSERTION FAILED: exec->vm().controlFlowProfiler() in functionDumpBasicBlockExecutionRanges

Bug 146634 - ASSERTION FAILED: exec->vm().controlFlowProfiler() in functionDumpBasicBlockExecutionRanges

Summary: ASSERTION FAILED: exec->vm().controlFlowProfiler() in functionDumpBasicBlockE...

Status:	NEW

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	JavaScriptCore (show other bugs)
Version:	528+ (Nightly build)
Hardware:	PC Linux

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:

Depends on:
Blocks:	116980
	Show dependency tree / graph

Reported:	2015-07-06 03:56 PDT by Renata Hodovan
Modified:	2015-07-06 18:19 PDT (History)
CC List:	2 users (show)

See Also:

Attachments
Test case (39 bytes, application/javascript) 2015-07-06 03:56 PDT, Renata Hodovan	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Renata Hodovan 2015-07-06 03:56:02 PDT

Created attachment 256207 [details]
Test case

Load this test with debug or release jsc. An assertion fail will happen in debug and an immediate crash in release because of the release assert:

Array(dumpBasicBlockExecutionRanges());


Backtrace:

ASSERTION FAILED: exec->vm().controlFlowProfiler()
../../Source/JavaScriptCore/jsc.cpp(1156) : JSC::EncodedJSValue functionDumpBasicBlockExecutionRanges(JSC::ExecState*)
1   0x7ffff72d46db WTFCrash
2   0x428728
3   0x7fffb0fff0a8
[New Thread 0x7fffaf7fa700 (LWP 32247)]
[New Thread 0x7fffafffb700 (LWP 32245)]
[New Thread 0x7fffb07fc700 (LWP 32244)]
[New Thread 0x7fffb0ffd700 (LWP 32243)]

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff72d46e0 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321
321     *(int *)(uintptr_t)0xbbadbeef = 0;
(gdb) bt
#0  0x00007ffff72d46e0 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321
#1  0x0000000000428728 in functionDumpBasicBlockExecutionRanges (exec=0x7fffffffca50) at ../../Source/JavaScriptCore/jsc.cpp:1156
#2  0x00007fffb0fff0a8 in ?? ()
#3  0x00007fffffffcab0 in ?? ()
#4  0x00007ffff727e8e9 in llint_entry () from webkit/WebKitBuild/Debug/lib/libjavascriptcore_efl.so.1

Comment 1 Saam Barati 2015-07-06 18:19:06 PDT

Did you run this with:
JSC_enableControlFlowProfiler=1
?
If not, this assertion is doing the right thing. 
It makes sure the control flow profiler is enabled.a
Also, this function is only used inside
JSC's stress tests.