WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED DUPLICATE of
bug 18367
18366
Crash during sunspider 3d-raytracing test
https://bugs.webkit.org/show_bug.cgi?id=18366
Summary
Crash during sunspider 3d-raytracing test
Mike Hommey
Reported
2008-04-08 12:33:43 PDT
I spotted a crash during sunspider 3d-raytracing test on amd64 (not tested anywhere else), confirmed on
r31722
. I bisected and found this crash has been happening first with
r30492
, and confirmed that reverting this commit on top of
r31722
solves the issue (to reveal another one, but that's another story) The full backtrace is as follows (unfortunately, for some reason I don't understand, building with -g ends up creating a binary that doesn't crash): 0x00002b08b977bea5 in waitpid () from /lib/libpthread.so.0 #0 0x00002b08b977bea5 in waitpid () from /lib/libpthread.so.0 #1 0x00002b08ba53a4f6 in g_spawn_sync () from /usr/lib/libglib-2.0.so.0 #2 0x00002b08ba53a808 in g_spawn_command_line_sync () from /usr/lib/libglib-2.0.so.0 #3 0x00002b08c37b64b3 in ?? () from /usr/lib/gtk-2.0/modules/libgnomebreakpad.so #4 <signal handler called> #5 0x00002b08b9391a3e in KJS::ElementNode::evaluate () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #6 0x00002b08b9391ab0 in KJS::ArrayNode::evaluate () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #7 0x00002b08b938929d in KJS::ReturnNode::execute () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #8 0x00002b08b935846a in KJS::BlockNode::execute () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #9 0x00002b08b93ab94f in KJS::FunctionImp::callAsFunction () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #10 0x00002b08b9381e49 in KJS::JSObject::call () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #11 0x00002b08b9394910 in KJS::ScopedVarFunctionCallNode::evaluate () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #12 0x00002b08b939051e in KJS::ArgumentListNode::evaluateList () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #13 0x00002b08b93948f2 in KJS::ScopedVarFunctionCallNode::evaluate () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #14 0x00002b08b938ce2e in KJS::AssignLocalVarNode::evaluate () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #15 0x00002b08b9389d8e in KJS::VarStatementNode::execute () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #16 0x00002b08b935846a in KJS::BlockNode::execute () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #17 0x00002b08b93ab94f in KJS::FunctionImp::callAsFunction () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #18 0x00002b08b9381e49 in KJS::JSObject::call () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #19 0x00002b08b9395ae3 in KJS::FunctionCallDotNode::evaluate () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #20 0x00002b08b938ce2e in KJS::AssignLocalVarNode::evaluate () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #21 0x00002b08b9389d8e in KJS::VarStatementNode::execute () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #22 0x00002b08b935846a in KJS::BlockNode::execute () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #23 0x00002b08b93899b9 in KJS::ForNode::execute () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #24 0x00002b08b935846a in KJS::BlockNode::execute () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #25 0x00002b08b93899b9 in KJS::ForNode::execute () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #26 0x00002b08b935846a in KJS::BlockNode::execute () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #27 0x00002b08b93ab94f in KJS::FunctionImp::callAsFunction () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #28 0x00002b08b9381e49 in KJS::JSObject::call () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #29 0x00002b08b9394910 in KJS::ScopedVarFunctionCallNode::evaluate () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #30 0x00002b08b9389dee in KJS::ExprStatementNode::execute () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #31 0x00002b08b935846a in KJS::BlockNode::execute () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #32 0x00002b08b93ab94f in KJS::FunctionImp::callAsFunction () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #33 0x00002b08b9381e49 in KJS::JSObject::call () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #34 0x00002b08b9395ae3 in KJS::FunctionCallDotNode::evaluate () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #35 0x00002b08b9389dee in KJS::ExprStatementNode::execute () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #36 0x00002b08b935846a in KJS::BlockNode::execute () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #37 0x00002b08b93ab94f in KJS::FunctionImp::callAsFunction () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #38 0x00002b08b9381e49 in KJS::JSObject::call () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #39 0x00002b08b93951ea in KJS::LocalVarFunctionCallNode::evaluate () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #40 0x00002b08b939051e in KJS::ArgumentListNode::evaluateList () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #41 0x00002b08b93951cc in KJS::LocalVarFunctionCallNode::evaluate () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #42 0x00002b08b938bcc3 in KJS::AssignResolveNode::evaluate () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #43 0x00002b08b9389dee in KJS::ExprStatementNode::execute () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #44 0x00002b08b935846a in KJS::BlockNode::execute () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #45 0x00002b08b93ab2c0 in KJS::ProgramNode::execute () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #46 0x00002b08b93ac9c3 in KJS::Interpreter::evaluate () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #47 0x00002b08b904f7b3 in WebCore::KJSProxy::evaluate () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #48 0x00002b08b91de8f1 in WebCore::FrameLoader::executeScript () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #49 0x00002b08b91a75c9 in WebCore::HTMLTokenizer::scriptExecution () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #50 0x00002b08b91a8685 in WebCore::HTMLTokenizer::scriptHandler () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #51 0x00002b08b91a94e2 in WebCore::HTMLTokenizer::parseSpecial () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #52 0x00002b08b91ac09c in WebCore::HTMLTokenizer::write () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #53 0x00002b08b91ccb17 in WebCore::FrameLoader::write () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #54 0x00002b08b91bef59 in WebCore::DocumentLoader::commitLoad () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #55 0x00002b08b91f4313 in WebCore::ResourceLoader::didReceiveData () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #56 0x00002b08b91ef256 in WebCore::MainResourceLoader::didReceiveData () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #57 0x00002b08b930e477 in WebCore::writeCallback () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #58 0x00002b08bc81d6a8 in ?? () from /usr/lib/libcurl-gnutls.so.4 #59 0x00002b08bc832b5e in ?? () from /usr/lib/libcurl-gnutls.so.4 #60 0x00002b08bc82f71d in ?? () from /usr/lib/libcurl-gnutls.so.4 #61 0x00002b08bc834b1c in ?? () from /usr/lib/libcurl-gnutls.so.4 #62 0x00002b08bc83548b in curl_multi_perform () from /usr/lib/libcurl-gnutls.so.4 #63 0x00002b08b930fea0 in WebCore::ResourceHandleManager::downloadTimerCallback () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #64 0x00002b08b926a493 in WebCore::TimerBase::fireTimers () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #65 0x00002b08b926a54b in WebCore::TimerBase::sharedTimerFired () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #66 0x00002b08b8f8eba2 in WebCore::timeout_cb () from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1 #67 0x00002b08ba5070b2 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0 #68 0x00002b08ba50a356 in ?? () from /usr/lib/libglib-2.0.so.0 #69 0x00002b08ba50a617 in g_main_loop_run () from /usr/lib/libglib-2.0.so.0 #70 0x00002b08b9e17b63 in IA__gtk_main () at /build/buildd/gtk+2.0-2.12.9/gtk/gtkmain.c:1163 #71 0x0000000000401eab in main ()
Attachments
Add attachment
proposed patch, testcase, etc.
Mike Hommey
Comment 1
2008-04-08 13:09:01 PDT
FWIW, building without -O2 leads to a webkit that doesn't crash
Mike Hommey
Comment 2
2008-04-08 13:52:04 PDT
Interestingly,
http://webkit.org/perf/sunspider-0.9/3d-raytrace.html
alone doesn't crash, and gtklauncher outputs: console message:
http://webkit.org/perf/sunspider-0.9/sunspider-record-result.js
@29: TypeError: Value undefined (result of expression parent.recordResult) is not object. Anyways, starting with
http://webkit.org/perf/sunspider-0.9/sunspider-driver.html
, it does crash with the following (now useful) backtrace: Thread 1 (Thread 0x2b5186b1dec0 (LWP 31811)): #0 0x00002b517d45cea5 in waitpid () from /lib/libpthread.so.0 No symbol table info available. #1 0x00002b517e21b4f6 in g_spawn_sync () from /usr/lib/libglib-2.0.so.0 No symbol table info available. #2 0x00002b517e21b808 in g_spawn_command_line_sync () from /usr/lib/libglib-2.0.so.0 No symbol table info available. #3 0x00002b51874974b3 in ?? () from /usr/lib/gtk-2.0/modules/libgnomebreakpad.so No symbol table info available. #4 <signal handler called> No symbol table info available. #5 0x00002b517d072a3e in KJS::ElementNode::evaluate (this=0x2b5188b25618, exec=0x7fff2e1c6560) at JavaScriptCore/kjs/nodes.cpp:792 val = (class KJS::JSValue *) 0x2b5188a2ee60 n = (class KJS::ElementNode *) 0x2b5188b25618 array = (class KJS::JSObject *) 0x2b5188a19d00 length = 0 #6 0x00002b517d072ab0 in KJS::ArrayNode::evaluate (this=0x2b5188b5aac0, exec=0x7fff2e1c6560) at JavaScriptCore/kjs/nodes.cpp:812 array = <value optimized out> length = <value optimized out> #7 0x00002b517d06a29d in KJS::ReturnNode::execute (this=0x2b5188b25780, exec=0x7fff2e1c6560) at JavaScriptCore/kjs/nodes.cpp:4359 v = <value optimized out> #8 0x00002b517d03946a in KJS::BlockNode::execute (this=0x2b5188b44d80, exec=0x7fff2e1c6560) at JavaScriptCore/kjs/nodes.cpp:3951 No locals. #9 0x00002b517d08c94f in KJS::FunctionImp::callAsFunction (this=0x2b5188a1e480, exec=0x7fff2e1c6a30, thisObj=<value optimized out>, args=<value optimized out>) at JavaScriptCore/kjs/function.cpp:77 newExec = {<KJS::ExecState> = {<WTFNoncopyable::Noncopyable> = {<No data fields>}, m_globalObject = 0x2b5188a127c0, m_exception = 0x0, m_propertyNames = 0x2b5187d7edc0, m_emptyList = 0x2b517d43cbe0, m_callingExec = 0x7fff2e1c6a30, m_scopeNode = 0x2b5188b44d80, m_function = 0x2b5188a1e480, m_arguments = 0x7fff2e1c6660, m_activation = 0x2b5187d314e8, m_localStorage = 0x2b5187d31518, m_scopeChain = {_node = 0x7fff2e1c65b8}, m_inlineScopeChainNode = { next = 0x2b5187db2e58, object = 0x2b5187d314e8, refCount = 2}, m_variableObject = 0x2b5187d314e8, m_thisValue = 0x2b5188a127c0, m_labelStack = {<WTFNoncopyable::Noncopyable> = {<No data fields>}, tos = 0x0}, m_iterationDepth = 0, m_switchDepth = 0, m_codeType = KJS::FunctionCode, m_completionType = 32767, m_breakOrContinueTarget = 0x7fff2e1c6660}, <No data fields>} result = <value optimized out> #10 0x00002b517d062e49 in KJS::JSObject::call (this=0x2b5188a19d00, exec=0x0, thisObj=0x0, args=@0x2b5188a2ee60) at JavaScriptCore/kjs/object.cpp:96 ret = (class KJS::JSValue *) 0x0 depth = 4 #11 0x00002b517d075910 in KJS::ScopedVarFunctionCallNode::evaluate (this=0x2b5187df2f60, exec=0x7fff2e1c6a30) at JavaScriptCore/kjs/nodes.cpp:1322 No locals. #12 0x00002b517d07151e in KJS::ArgumentListNode::evaluateList (this=0x2b5188b24d40, exec=0x7fff2e1c6a30, list=@0x7fff2e1c6750) at JavaScriptCore/kjs/nodes.cpp:1011 n = (class KJS::ArgumentListNode *) 0x2b5188b24f80 #13 0x00002b517d0758f2 in KJS::ScopedVarFunctionCallNode::evaluate (this=0x2b5187df2f90, exec=0x7fff2e1c6a30) at JavaScriptCore/kjs/nodes.h:695 No locals. #14 0x00002b517d07151e in KJS::ArgumentListNode::evaluateList (this=0x2b5188b24620, exec=0x7fff2e1c6a30, list=@0x7fff2e1c6840) at JavaScriptCore/kjs/nodes.cpp:1011 n = (class KJS::ArgumentListNode *) 0x2b5188b24620 #15 0x00002b517d0758f2 in KJS::ScopedVarFunctionCallNode::evaluate (this=0x2b5187df2fc0, exec=0x7fff2e1c6a30) at JavaScriptCore/kjs/nodes.h:695 No locals. #16 0x00002b517d06de2e in KJS::AssignLocalVarNode::evaluate (this=0x2b5188b4a1e0, exec=0x7fff2e1c6560) at JavaScriptCore/kjs/nodes.cpp:3559 v = <value optimized out> #17 0x00002b517d06ad8e in KJS::VarStatementNode::execute (this=0x2b5188b4a208, exec=0x7fff2e1c6560) at JavaScriptCore/kjs/nodes.cpp:4014 No locals. #18 0x00002b517d03946a in KJS::BlockNode::execute (this=0x2b5188b927a8, exec=0x7fff2e1c6a30) at JavaScriptCore/kjs/nodes.cpp:3951 No locals. #19 0x00002b517d06a9b9 in KJS::ForNode::execute (this=0x2b5187cfdca8, exec=0x7fff2e1c6a30) at JavaScriptCore/kjs/nodes.cpp:4164 b = <value optimized out> statementValue = (class KJS::JSValue *) 0x2b5188a19e00 value = (class KJS::JSValue *) 0x2b5188a19e00 #20 0x00002b517d03946a in KJS::BlockNode::execute (this=0x2b5188b92770, exec=0x7fff2e1c6a30) at JavaScriptCore/kjs/nodes.cpp:3951 No locals. #21 0x00002b517d06a9b9 in KJS::ForNode::execute (this=0x2b5187cfd240, exec=0x7fff2e1c6a30) at JavaScriptCore/kjs/nodes.cpp:4164 b = <value optimized out> statementValue = (class KJS::JSValue *) 0x7fff2e1c6a30 value = (class KJS::JSValue *) 0x0 #22 0x00002b517d03946a in KJS::BlockNode::execute (this=0x2b5188ba7480, exec=0x7fff2e1c6a30) at JavaScriptCore/kjs/nodes.cpp:3951 No locals. #23 0x00002b517d08c94f in KJS::FunctionImp::callAsFunction (this=0x2b5188a1e080, exec=0x7fff2e1c6c40, thisObj=<value optimized out>, args=<value optimized out>) at JavaScriptCore/kjs/function.cpp:77 newExec = {<KJS::ExecState> = {<WTFNoncopyable::Noncopyable> = {<No data fields>}, m_globalObject = 0x2b5188a127c0, m_exception = 0x0, m_propertyNames = 0x2b5187d7edc0, m_emptyList = 0x2b517d43cbe0, m_callingExec = 0x7fff2e1c6c40, m_scopeNode = 0x2b5188ba7480, m_function = 0x2b5188a1e080, m_arguments = 0x7fff2e1c6b30, m_activation = 0x2b5187d31278, m_localStorage = 0x2b5187d312a8, m_scopeChain = {_node = 0x7fff2e1c6a88}, m_inlineScopeChainNode = { next = 0x2b5187db2e58, object = 0x2b5187d31278, refCount = 2}, m_variableObject = 0x2b5187d31278, m_thisValue = 0x2b5188a127c0, m_labelStack = {<WTFNoncopyable::Noncopyable> = {<No data fields>}, tos = 0x0}, m_iterationDepth = 2, m_switchDepth = 0, m_codeType = KJS::FunctionCode, m_completionType = KJS::Normal, m_breakOrContinueTarget = 0x2b517d08bc22}, <No data fields>} result = <value optimized out> #24 0x00002b517d062e49 in KJS::JSObject::call (this=0x2b5188a19d00, exec=0x0, thisObj=0x0, args=@0x2b5188a2ee60) at JavaScriptCore/kjs/object.cpp:96 ret = (class KJS::JSValue *) 0x0 depth = 4 #25 0x00002b517d075910 in KJS::ScopedVarFunctionCallNode::evaluate (this=0x2b5187df2600, exec=0x7fff2e1c6c40) at JavaScriptCore/kjs/nodes.cpp:1322 No locals. #26 0x00002b517d06adee in KJS::ExprStatementNode::execute (this=0x2b5188b46cd0, exec=0x7fff2e1c6560) at JavaScriptCore/kjs/nodes.cpp:3998 value = (class KJS::JSValue *) 0x0 #27 0x00002b517d03946a in KJS::BlockNode::execute (this=0x2b5188ba7240, exec=0x7fff2e1c6c40) at JavaScriptCore/kjs/nodes.cpp:3951 No locals. #28 0x00002b517d08c94f in KJS::FunctionImp::callAsFunction (this=0x2b5188a1da00, exec=0x7fff2e1c6e90, thisObj=<value optimized out>, args=<value optimized out>) at JavaScriptCore/kjs/function.cpp:77 newExec = {<KJS::ExecState> = {<WTFNoncopyable::Noncopyable> = {<No data fields>}, m_globalObject = 0x2b5188a127c0, m_exception = 0x0, m_propertyNames = 0x2b5187d7edc0, m_emptyList = 0x2b517d43cbe0, m_callingExec = 0x7fff2e1c6e90, m_scopeNode = 0x2b5188ba7240, m_function = 0x2b5188a1da00, m_arguments = 0x7fff2e1c6d50, m_activation = 0x2b5187d31008, m_localStorage = 0x2b5187d31038, m_scopeChain = {_node = 0x7fff2e1c6c98}, m_inlineScopeChainNode = { next = 0x2b5187db2e58, object = 0x2b5187d31008, refCount = 2}, m_variableObject = 0x2b5187d31008, m_thisValue = 0x2b5188a13540, m_labelStack = {<WTFNoncopyable::Noncopyable> = {<No data fields>}, tos = 0x0}, m_iterationDepth = 0, m_switchDepth = 0, m_codeType = KJS::FunctionCode, m_completionType = KJS::Normal, m_breakOrContinueTarget = 0x2b5188a13540}, <No data fields>} result = <value optimized out> #29 0x00002b517d062e49 in KJS::JSObject::call (this=0x2b5188a19d00, exec=0x0, thisObj=0x0, args=@0x2b5188a2ee60) at JavaScriptCore/kjs/object.cpp:96 ret = (class KJS::JSValue *) 0x0 depth = 4 #30 0x00002b517d076ae3 in KJS::FunctionCallDotNode::evaluate (this=0x2b5188beb140, exec=0x7fff2e1c6e90) at JavaScriptCore/kjs/nodes.cpp:1500 No locals. #31 0x00002b517d06adee in KJS::ExprStatementNode::execute (this=0x2b5188beb118, exec=0x7fff2e1c6560) at JavaScriptCore/kjs/nodes.cpp:3998 value = (class KJS::JSValue *) 0x0 #32 0x00002b517d03946a in KJS::BlockNode::execute (this=0x2b5188bedd80, exec=0x7fff2e1c6e90) at JavaScriptCore/kjs/nodes.cpp:3951 No locals. #33 0x00002b517d08c94f in KJS::FunctionImp::callAsFunction (this=0x2b5188a1e000, exec=0x7fff2e1c72d0, thisObj=<value optimized out>, args=<value optimized out>) at JavaScriptCore/kjs/function.cpp:77 newExec = {<KJS::ExecState> = {<WTFNoncopyable::Noncopyable> = {<No data fields>}, m_globalObject = 0x2b5188a127c0, m_exception = 0x0, m_propertyNames = 0x2b5187d7edc0, m_emptyList = 0x2b517d43cbe0, m_callingExec = 0x7fff2e1c72d0, m_scopeNode = 0x2b5188bedd80, m_function = 0x2b5188a1e000, m_arguments = 0x7fff2e1c6f90, m_activation = 0x2b5188a14540, m_localStorage = 0x2b5188bf0b40, m_scopeChain = {_node = 0x2b5188b78750}, m_inlineScopeChainNode = { next = 0x0, object = 0x0, refCount = 1}, m_variableObject = 0x2b5188a14540, m_thisValue = 0x2b5188a127c0, m_labelStack = {<WTFNoncopyable::Noncopyable> = {<No data fields>}, tos = 0x0}, m_iterationDepth = 0, m_switchDepth = 0, m_codeType = KJS::FunctionCode, m_completionType = KJS::Normal, m_breakOrContinueTarget = 0x2b5188b78750}, <No data fields>} result = <value optimized out> #34 0x00002b517d062e49 in KJS::JSObject::call (this=0x2b5188a19d00, exec=0x0, thisObj=0x0, args=@0x2b5188a2ee60) at JavaScriptCore/kjs/object.cpp:96 ret = (class KJS::JSValue *) 0x0 depth = 4 #35 0x00002b517d0761ea in KJS::LocalVarFunctionCallNode::evaluate (this=0x2b5187df2ba0, exec=0x7fff2e1c72d0) at JavaScriptCore/kjs/nodes.cpp:1269 No locals. #36 0x00002b517d07151e in KJS::ArgumentListNode::evaluateList (this=0x2b5188bec0a0, exec=0x7fff2e1c72d0, list=@0x7fff2e1c7080) at JavaScriptCore/kjs/nodes.cpp:1011 n = (class KJS::ArgumentListNode *) 0x2b5188bec0a0 #37 0x00002b517d0761cc in KJS::LocalVarFunctionCallNode::evaluate (this=0x2b5187df2bd0, exec=0x7fff2e1c72d0) at JavaScriptCore/kjs/nodes.h:695 No locals. #38 0x00002b517d06ccc3 in KJS::AssignResolveNode::evaluate (this=0x2b5188beb618, exec=0x7fff2e1c72d0) at JavaScriptCore/kjs/nodes.cpp:3654 slot = {m_getValue = 0x2b5188a1e0c0, m_slotBase = 0x2b5188b46e10, m_data = {getterFunc = 0x2b5188a1da00, valueSlot = 0x2b5188a1da00, staticEntry = 0x2b5188a1da00, index = 2292308480, numericFunc = 0x2b5188a1da00}} base = (class KJS::JSObject *) 0x2b5188a127c0 v = <value optimized out> #39 0x00002b517d06adee in KJS::ExprStatementNode::execute (this=0x2b5188beb5f0, exec=0x7fff2e1c6560) at JavaScriptCore/kjs/nodes.cpp:3998 value = (class KJS::JSValue *) 0x0 #40 0x00002b517d03946a in KJS::BlockNode::execute (this=0x2b5188bed900, exec=0x7fff2e1c72d0) at JavaScriptCore/kjs/nodes.cpp:3951 No locals. #41 0x00002b517d08c2c0 in KJS::ProgramNode::execute (this=0x2b5188bed900, exec=0x7fff2e1c72d0) at JavaScriptCore/kjs/nodes.cpp:4883 No locals. #42 0x00002b517d08d9c3 in KJS::Interpreter::evaluate (exec=0x2b5187d7d238, sourceURL=@0x7fff2e1c7500, startingLineNumber=441, code=0x2b5188b02000, codeLength=<value optimized out>, thisV=0x0) at JavaScriptCore/kjs/interpreter.cpp:103 newExec = {<KJS::ExecState> = {<WTFNoncopyable::Noncopyable> = {<No data fields>}, m_globalObject = 0x2b5188a127c0, m_exception = 0x0, m_propertyNames = 0x2b5187d7edc0, m_emptyList = 0x2b517d43cbe0, m_callingExec = 0x0, m_scopeNode = 0x2b5188bed900, m_function = 0x0, m_arguments = 0x0, m_activation = 0x0, m_localStorage = 0x2b5187d7d000, m_scopeChain = {_node = 0x2b5187db2e58}, m_inlineScopeChainNode = {next = 0x0, object = 0x0, refCount = 1}, m_variableObject = 0x2b5188a127c0, m_thisValue = 0x2b5188a127c0, m_labelStack = {<WTFNoncopyable::Noncopyable> = {<No data fields>}, tos = 0x0}, m_iterationDepth = 0, m_switchDepth = 0, m_codeType = KJS::GlobalCode, m_completionType = KJS::Normal, m_breakOrContinueTarget = 0x2b517d03fd93}, <No data fields>} value = <value optimized out> globalObject = (class KJS::JSGlobalObject *) 0x2b5188a127c0 sourceId = 9 errLine = -1 errMsg = {m_rep = {m_ptr = 0x2b517d414f40}} thisObj = <value optimized out> #43 0x00002b517cd307b3 in WebCore::KJSProxy::evaluate (this=0x2b5187d86f30, filename=@0x7fff2e1c77c0, baseLine=441, str=<value optimized out>) at WebCore/bindings/js/kjs_proxy.cpp:86 exec = (class KJS::ExecState *) 0x2b5187d7d238 comp = {m_type = 773616884, m_value = 0x2b517d03fbda} #44 0x00002b517cebf8f1 in WebCore::FrameLoader::executeScript (this=0x2b5187d8f400, url=@0x7fff2e1c77c0, baseLine=441, script=@0x7fff2e1c79f0) at WebCore/loader/FrameLoader.cpp:783 scriptProxy = <value optimized out> wasRunningScript = false result = <value optimized out> #45 0x00002b517ce885c9 in WebCore::HTMLTokenizer::scriptExecution (this=0x2b5187d5a400, str=@0x7fff2e1c79f0, state={static EntityShift = <optimized out>, m_bits = 0}, scriptURL=<value optimized out>, baseLine=441) at WebCore/html/HTMLTokenizer.cpp:540 url = {m_impl = {m_ptr = 0x2b5187db2b40}} savedPrependingSrc = (WebCore::SegmentedString *) 0x7fff2e1c7900 prependingSrc = {m_pushedChar1 = 0, m_pushedChar2 = 0, m_currentString = {m_length = 0, m_current = 0x0, m_string = {m_impl = {m_ptr = 0x0}}, m_doNotExcludeLineNumbers = true}, m_currentChar = 0x0, m_substrings = {m_start = 0, m_end = 0, m_buffer = {<WTF::VectorBufferBase<WebCore::SegmentedSubstring>> = {<WTFNoncopyable::Noncopyable> = {<No data fields>}, m_buffer = 0x0, m_capacity = 0}, <No data fields>}}, m_composite = false} #46 0x00002b517ce89685 in WebCore::HTMLTokenizer::scriptHandler (this=0x2b5187d5a400, state={static EntityShift = <optimized out>, m_bits = 0}) at WebCore/html/HTMLTokenizer.cpp:480 doScriptExec = true followingFrameset = false cs = (class WebCore::CachedScript *) 0x0 scriptCode = {m_impl = {m_ptr = 0x2b5188b783d8}} savedPrependingSrc = (WebCore::SegmentedString *) 0x0 prependingSrc = {m_pushedChar1 = 0, m_pushedChar2 = 0, m_currentString = {m_length = 0, m_current = 0x0, m_string = {m_impl = {m_ptr = 0x0}}, m_doNotExcludeLineNumbers = true}, m_currentChar = 0x0, m_substrings = {m_start = 0, m_end = 0, m_buffer = {<WTF::VectorBufferBase<WebCore::SegmentedSubstring>> = {<WTFNoncopyable::Noncopyable> = {<No data fields>}, m_buffer = 0x0, m_capacity = 0}, <No data fields>}}, m_composite = false} #47 0x00002b517ce8a4e2 in WebCore::HTMLTokenizer::parseSpecial (this=0x2b5187d5a400, src=@0x2b5187d5ae28, state={static EntityShift = <optimized out>, m_bits = 773612896}) at WebCore/html/HTMLTokenizer.cpp:330 ch = 6740 #48 0x00002b517ce8d09c in WebCore::HTMLTokenizer::write (this=0x2b5187d5a400, str=<value optimized out>, appendData=<value optimized out>) at WebCore/html/HTMLTokenizer.cpp:1669 cc = <value optimized out> source = {m_pushedChar1 = 0, m_pushedChar2 = 0, m_currentString = {m_length = 1237, m_current = 0x2b5187d70a00, m_string = {m_impl = {m_ptr = 0x2b5188b78480}}, m_doNotExcludeLineNumbers = true}, m_currentChar = 0x2b5187d70a00, m_substrings = {m_start = 0, m_end = 0, m_buffer = {<WTF::VectorBufferBase<WebCore::SegmentedSubstring>> = {<WTFNoncopyable::Noncopyable> = {<No data fields>}, m_buffer = 0x2b5187cf9d70, m_capacity = 0}, <No data fields>}}, m_composite = false} wasInWrite = false processedCount = 1 startTime = 1207687808.954571 frame = (class WebCore::Frame *) 0x2b5187d86330 state = {static EntityShift = <optimized out>, m_bits = 0} #49 0x00002b517ceadb17 in WebCore::FrameLoader::write (this=0x2b5187d8f400, str=0x89e3d8 " return pixels;\n}\n\nfunction arrayToCanvasCommands(pixels)\n{\n var s = '<canvas id=\"renderCanvas\" width=\"30px\" height=\"30px\"></canvas><scr' + 'ipt>\\nvar pixels = [';\n var size = 30;\n for (var "..., len=<value optimized out>, flush=false) at WebCore/loader/FrameLoader.cpp:1029 tokenizer = (WebCore::Tokenizer *) 0x2b5187d5a400 decoded = {m_impl = {m_ptr = 0x2b5188b78480}} #50 0x00002b517ce9ff59 in WebCore::DocumentLoader::commitLoad (this=0x2b5187d19600, data=0x89e3d8 " return pixels;\n}\n\nfunction arrayToCanvasCommands(pixels)\n{\n var s = '<canvas id=\"renderCanvas\" width=\"30px\" height=\"30px\"></canvas><scr' + 'ipt>\\nvar pixels = [';\n var size = 30;\n for (var "..., length=1237) at WebCore/loader/DocumentLoader.cpp:328 frameLoader = (WebCore::FrameLoader *) 0x0 #51 0x00002b517ced5313 in WebCore::ResourceLoader::didReceiveData (this=0x2b5188a19d00, data=0x89e3d8 " return pixels;\n}\n\nfunction arrayToCanvasCommands(pixels)\n{\n var s = '<canvas id=\"renderCanvas\" width=\"30px\" height=\"30px\"></canvas><scr' + 'ipt>\\nvar pixels = [';\n var size = 30;\n for (var "..., length=1237, lengthReceived=0, allAtOnce=96) at WebCore/loader/ResourceLoader.cpp:234 No locals. #52 0x00002b517ced0256 in WebCore::MainResourceLoader::didReceiveData (this=0x2b5188b67800, data=0x7fff2e1c6560 "À'¡\210Q+", length=0, lengthReceived=47629184724576, allAtOnce=false) at WebCore/loader/MainResourceLoader.cpp:296 No locals. #53 0x00002b517cfef477 in writeCallback (ptr=0x89e3d8, size=<value optimized out>, nmemb=<value optimized out>, data=<value optimized out>) at WebCore/platform/network/curl/ResourceHandleManager.cpp:126 job = (class WebCore::ResourceHandle *) 0x2b5187d9c430 d = (class WebCore::ResourceHandleInternal *) 0x2b5187de4000 totalSize = 1237 h = (CURL *) 0x89dcc0 httpCode = 200 err = <value optimized out> #54 0x00002b51804fe6a8 in ?? () from /usr/lib/libcurl-gnutls.so.4 No symbol table info available. #55 0x00002b5180513b5e in ?? () from /usr/lib/libcurl-gnutls.so.4 No symbol table info available. #56 0x00002b518051071d in ?? () from /usr/lib/libcurl-gnutls.so.4 No symbol table info available. #57 0x00002b5180515b1c in ?? () from /usr/lib/libcurl-gnutls.so.4 No symbol table info available. #58 0x00002b518051648b in curl_multi_perform () from /usr/lib/libcurl-gnutls.so.4 No symbol table info available. #59 0x00002b517cff0ea0 in WebCore::ResourceHandleManager::downloadTimerCallback (this=0x2b5187d6fd80, timer=<value optimized out>) at WebCore/platform/network/curl/ResourceHandleManager.cpp:308 fdread = {fds_bits = {64, 0 <repeats 15 times>}} fdwrite = {fds_bits = {0 <repeats 16 times>}} fdexcep = {fds_bits = {0 <repeats 16 times>}} maxfd = 6 timeout = {tv_sec = 0, tv_usec = 5000} rc = 1 runningHandles = 0 started = <value optimized out> #60 0x00002b517cf4b493 in WebCore::TimerBase::fireTimers (fireTime=1207687808.954479, firingTimers=@0x7fff2e1c8330) at WebCore/platform/Timer.cpp:347 timer = (class WebCore::TimerBase *) 0x2b5187d6fd80 interval = <value optimized out> i = 0 #61 0x00002b517cf4b54b in WebCore::TimerBase::sharedTimerFired () at WebCore/platform/Timer.cpp:368 fireTime = 1207687808.954479 firingTimers = {m_size = 1, m_buffer = {<WTF::VectorBufferBase<WebCore::TimerBase*>> = {<WTFNoncopyable::Noncopyable> = {<No data fields>}, m_buffer = 0x2b5188b4fc80, m_capacity = 16}, <No data fields>}} firingTimersSet = {m_impl = {static m_minTableSize = <optimized out>, static m_maxLoad = <optimized out>, static m_minLoad = <optimized out>, m_table = 0x2b5187d04600, m_tableSize = 64, m_tableSizeMask = 63, m_keyCount = 0, m_deletedCount = 1}} #62 0x00002b517cc6fba2 in timeout_cb () at WebCore/platform/gtk/SharedTimerGtk.cpp:48 No locals. #63 0x00002b517e1e87db in ?? () from /usr/lib/libglib-2.0.so.0 No symbol table info available. #64 0x00002b517e1e80b2 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0 No symbol table info available. #65 0x00002b517e1eb356 in ?? () from /usr/lib/libglib-2.0.so.0 No symbol table info available. #66 0x00002b517e1eb617 in g_main_loop_run () from /usr/lib/libglib-2.0.so.0 No symbol table info available. #67 0x00002b517daf8b63 in IA__gtk_main () at /build/buildd/gtk+2.0-2.12.9/gtk/gtkmain.c:1163 tmp_list = (GList *) 0x62a8b0 functions = (GList *) 0x0 init = (GtkInitFunction *) 0x661280 loop = (GMainLoop *) 0x87f5d0 #68 0x0000000000401eab in main (argc=2, argv=0x7fff2e1c8678) at WebKitTools/GtkLauncher/main.c:200 vbox = (GtkWidget *) 0x62a8b0 uri = <value optimized out>
Mike Hommey
Comment 3
2008-04-09 03:50:42 PDT
FWIW, and this applies to bugs
18367
,
18368
and 18369, too, the crash happens when building with -O1, with -O2, but NOT when building with -O0 or -fdefer-pop -fdelayed-branch -fguess-branch-probability -fcprop-registers -fif-conversion -fif-conversion2 -ftree-ccp -ftree-dce -ftree-dominator-opts -ftree-dse -ftree-ter -ftree-lrs -ftree-sra -ftree-copyrename -ftree-fre -ftree-ch -funit-at-a-time -fmerge-constants, which is listed in gcc's man as being the flags -O1 turn on. Note that a -O1 build is significantly faster on the tests that pass than a build with all these flags, so obviously, gcc does much more than what it claims.
Mike Hommey
Comment 4
2008-04-09 05:08:20 PDT
This *doesn't* happen with the Qt port.
Mike Hommey
Comment 5
2008-04-09 10:21:24 PDT
It doesn't happen on x86
Mike Hommey
Comment 6
2008-04-10 13:07:13 PDT
*** This bug has been marked as a duplicate of
18367
***
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug