NEW146635
ASSERTION FAILED: exec->vm().typeProfiler() in functionReturnTypeFor 
https://bugs.webkit.org/show_bug.cgi?id=146635
Summary ASSERTION FAILED: exec->vm().typeProfiler() in functionReturnTypeFor
Renata Hodovan
Reported 2015-07-06 04:01:58 PDT
Created attachment 256208 [details] Test case Load this test with debug or release jsc: returnTypeFor(arguments); Backtrace: ASSERTION FAILED: exec->vm().typeProfiler() ../../Source/JavaScriptCore/jsc.cpp(1142) : JSC::EncodedJSValue functionReturnTypeFor(JSC::ExecState*) 1 0x7ffff72d46db WTFCrash 2 0x428539 3 0x7fffb0fff0a8 [New Thread 0x7fffaf7fa700 (LWP 12117)] [New Thread 0x7fffafffb700 (LWP 12116)] [New Thread 0x7fffb07fc700 (LWP 12114)] [New Thread 0x7fffb0ffd700 (LWP 12113)] Program received signal SIGSEGV, Segmentation fault. 0x00007ffff72d46e0 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321 321 *(int *)(uintptr_t)0xbbadbeef = 0; (gdb) bt #0 0x00007ffff72d46e0 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321 #1 0x0000000000428539 in functionReturnTypeFor (exec=0x7fffffffca70) at ../../Source/JavaScriptCore/jsc.cpp:1142 #2 0x00007fffb0fff0a8 in ?? () #3 0x00007fffffffcac0 in ?? () #4 0x00007ffff727e8e9 in llint_entry () from webkit/WebKitBuild/Debug/lib/libjavascriptcore_efl.so.1 Backtrace stopped: frame did not save the PC
Attachments
Test case (25 bytes, application/javascript)
2015-07-06 04:01 PDT, Renata Hodovan 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Saam Barati
Comment 1 2015-07-06 18:17:22 PDT
Did you run this with: JSC_enableTypeProfiler=1 ? Also, I think this function also will assert if it's argument is not a function. This is the intention. This function is used in JSC's stress tests.
Note You need to log in before you can comment on or make changes to this bug.