164327 – Crashes in ByteCodeParser::getPredictionWithoutOSRExit on certain sites

Bug 164327 - Crashes in ByteCodeParser::getPredictionWithoutOSRExit on certain sites

Summary: Crashes in ByteCodeParser::getPredictionWithoutOSRExit on certain sites

Status:	RESOLVED DUPLICATE of bug 164306

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	JavaScriptCore (show other bugs)
Version:	Safari Technology Preview
Hardware:	Mac macOS 10.12

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2016-11-02 10:25 PDT by Dieter Komendera
Modified:	2016-11-07 11:31 PST (History)
CC List:	3 users (show)

See Also:

Attachments
crash log (97.16 KB, application/octet-stream) 2016-11-02 10:25 PDT, Dieter Komendera	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Dieter Komendera 2016-11-02 10:25:04 PDT

Created attachment 293671 [details]
crash log

URL: https://travis-ci.org/rails/rails/jobs/172644765

macOS 10.12.1 (16B2555)
STP Release 16 (Safari 10.1, WebKit 12603.1.10)

Steps to reproduce:
* go to the URL above


Crashed Thread:        11  WTF::AutomaticThread
Thread 11 Crashed:: WTF::AutomaticThread
0   com.apple.JavaScriptCore      	0x00000001030fa08c JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit(unsigned int) + 620
1   com.apple.JavaScriptCore      	0x00000001030ecdeb JSC::DFG::ByteCodeParser::handleCall(int, JSC::DFG::NodeType, JSC::CallMode, unsigned int, JSC::DFG::Node*, int, int, JSC::CallLinkStatus) + 379
2   com.apple.JavaScriptCore      	0x00000001030ec56d JSC::DFG::ByteCodeParser::handleCall(int, JSC::DFG::NodeType, JSC::CallMode, unsigned int, int, int, int) + 429
3   com.apple.JavaScriptCore      	0x0000000102d7acca JSC::DFG::ByteCodeParser::parseBlock(unsigned int) + 6698
4   com.apple.JavaScriptCore      	0x0000000102d7902b JSC::DFG::ByteCodeParser::parseCodeBlock() + 1243
5   com.apple.JavaScriptCore      	0x000000010310090a void

Comment 1 Dieter Komendera 2016-11-02 10:26:54 PDT

Related to https://bugs.webkit.org/show_bug.cgi?id=164306 ?

Comment 2 Radar WebKit Bug Importer 2016-11-02 16:52:57 PDT

<rdar://problem/29079164>

Comment 3 Saam Barati 2016-11-06 15:15:37 PST

Dieter, do you know which websites you saw this on?
It looks like it could be solved by the fix in: https://bugs.webkit.org/show_bug.cgi?id=164306

Comment 4 Dieter Komendera 2016-11-06 22:38:36 PST

Saam, mostly on Travis CI build logs like the one in my original report, but also other build logs like https://travis-ci.org/elixir-lang/elixir/jobs/173800891

Comment 5 Saam Barati 2016-11-07 11:31:44 PST

Dieter, this is indeed the same problem as:
https://bugs.webkit.org/show_bug.cgi?id=164306

I've just verified that the fix for that bug also fixes this crash. Thanks for reporting the bug.

*** This bug has been marked as a duplicate of bug 164306 ***