Steps to reproduce: 1. Build WebKit with debug configuration and FTL JIT enabled. 2. Run './MiniBrowser https://octane-benchmark.googlecode.com/svn/latest/index.html' from a terminal. 3. Click 'Start Octane 2.0' in the web page. Result: Assertion failure shows in the terminal and WebKitWebProcess crashes when it runs the TypeScript test. If it doesn't crash, running the benchmark again is likely to crash it. This bug was found while making FTL JIT work on FreeBSD, so I put links to backtraces instead of pasting them again. Backtrace on FreeBSD: https://bugs.webkit.org/show_bug.cgi?id=152258#c10 Backtrace on GNU/Linux: https://bugs.webkit.org/show_bug.cgi?id=152258#c11
I think this bug may be the same as 155037