RESOLVED FIXED 52659
[GTK] fast/js/parser-syntax-check.html crashes on the 32-bit debug bot 
https://bugs.webkit.org/show_bug.cgi?id=52659
Summary [GTK] fast/js/parser-syntax-check.html crashes on the 32-bit debug bot
Martin Robinson
Reported 2011-01-18 13:13:13 PST
It seems that after http://trac.webkit.org/changeset/75899, the 32-bit GTK+ debug bot began hitting an assertion failure. Here's the relavant stack trace: warning: Can't read pathname for load map: Input/output error. Core was generated by `/home/slave/webkitgtk/gtk-linux-32-debug/build/WebKitBuild/Debug/Programs/DumpR'. Program terminated with signal 11, Segmentation fault. #0 0x56722894 in JSC::Lexer::shift (this=0x8e08a08) at ../../Source/JavaScriptCore/parser/Lexer.cpp:277 277 ASSERT(m_current != -1); Thread 1 (Thread 22273): #0 0x56722894 in JSC::Lexer::shift (this=0x8e08a08) at ../../Source/JavaScriptCore/parser/Lexer.cpp:277 #1 0x567232db in JSC::Lexer::parseString (this=0x8e08a08, lvalp=0xfff81a54, strictMode=false) at ../../Source/JavaScriptCore/parser/Lexer.cpp:535 #2 0x56721bf4 in JSC::Lexer::lex (this=0x8e08a08, lvalp=0xfff81a54, llocp=0xfff81a5c, lexType=JSC::Lexer::IdentifyReservedWords, strictMode=false) at ../../Source/JavaScriptCore/parser/Lexer.cpp:1028 #3 0x56709614 in JSC::JSParser::next (this=0xfff81a08, lexType=JSC::Lexer::IdentifyReservedWords) at ../../Source/JavaScriptCore/parser/JSParser.cpp:103 #4 0x56712f6c in JSC::JSParser::parseVarDeclarationList<JSC::ASTBuilder> ( this=0xfff81a08, context=..., declarations=@0xfff815f4, lastIdent=@0xfff815e8, lastInitializer=@0xfff815e4, identStart=@0xfff815f0, initStart=@0xfff815e0, initEnd=@0xfff815dc) at ../../Source/JavaScriptCore/parser/JSParser.cpp:719 #5 0x5671091a in JSC::JSParser::parseForStatement<JSC::ASTBuilder> ( this=0xfff81a08, context=...) at ../../Source/JavaScriptCore/parser/JSParser.cpp:792 #6 0x5670e638 in JSC::JSParser::parseStatement<JSC::ASTBuilder> ( this=0xfff81a08, context=..., directive=@0xfff816a8) at ../../Source/JavaScriptCore/parser/JSParser.cpp:1155 #7 0x5670c629 in JSC::JSParser::parseSourceElements<(JSC::JSParser::SourceElementsMode)0, JSC::ASTBuilder> (this=0xfff81a08, context=...) at ../../Source/JavaScriptCore/parser/JSParser.cpp:617 #8 0x56702812 in JSC::JSParser::parseProgram (this=0xfff81a08) at ../../Source/JavaScriptCore/parser/JSParser.cpp:589 #9 0x567023fa in JSC::jsParse (globalData=0x8e071f8, parameters=0x0, strictness=JSC::JSParseNormal, parserMode=JSC::JSParseProgramCode, source=0xe89e12c) at ../../Source/JavaScriptCore/parser/JSParser.cpp:551 #10 0x567280a3 in JSC::Parser::parse (this=0x8e08a68, globalData=0x8e071f8, parameters=0x0, strictness=JSC::JSParseNormal, mode=JSC::JSParseProgramCode, errLine=0xfff82388, errMsg=0xfff82384) at ../../Source/JavaScriptCore/parser/Parser.cpp:51 #11 0x5675f60b in JSC::Parser::parse<JSC::EvalNode> (this=0x8e08a68, lexicalGlobalObject=0x61f1a180, debugger=0x0, debuggerExecState=0x5a5be0d0, source=..., parameters=0x0, strictness=JSC::JSParseNormal, exception=0xfff82414) at ../../Source/JavaScriptCore/parser/Parser.h:88 #12 0x5675cb09 in JSC::EvalExecutable::compileInternal (this=0xe89e0f8, exec=0x5a5be0d0, scopeChainNode=0xe82b918) at ../../Source/JavaScriptCore/runtime/Executable.cpp:99 #13 0x566a8b11 in JSC::EvalExecutable::compile (this=0xe89e0f8, exec=0x5a5be0d0, scopeChainNode=0xe82b918) at ../../Source/JavaScriptCore/runtime/Executable.h:205 #14 0x566b4793 in JSC::EvalCodeCache::get (this=0xd8ad210, exec=0x5a5be0d0, inStrictContext=false, evalSource=..., scopeChain=0xe82b918, exceptionValue=...) at ../../Source/JavaScriptCore/bytecode/EvalCodeCache.h:55 #15 0x566af2fb in JSC::Interpreter::callEval (this=0x8e08c90, callFrame=0x5a5be0d0, registerFile=0x8e08c9c, argv=0x5a5be0f8, argc=2, registerOffset=13) at ../../Source/JavaScriptCore/interpreter/Interpreter.cpp:413 #16 0x566f17fa in cti_op_call_eval (args=0xfff82690) at ../../Source/JavaScriptCore/jit/JITStubs.cpp:3277 #17 0x566e6b84 in JSC::JITThunks::tryCacheGetByID (callFrame=0x65aeb000, codeBlock=0x8e08c9c, returnAddress=..., baseValue=..., propertyName=..., slot=..., stubInfo=0xfff82708) at ../../Source/JavaScriptCore/jit/JITStubs.cpp:1022 #18 0x566b3dac in JSC::JITCode::execute (this=0xe76127c, registerFile=0x8e08c9c, callFrame=0x5a5be038, globalData=0x8e071f8) at ../../Source/JavaScriptCore/jit/JITCode.h:77 #19 0x566b0c6f in JSC::Interpreter::execute (this=0x8e08c90, program=0xe761268, callFrame=0xe745344, scopeChain=0xe72f830, thisObj=0x5a9c0000) at ../../Source/JavaScriptCore/interpreter/Interpreter.cpp:778 #20 0x56752fcb in JSC::evaluate (exec=0xe745344, scopeChain=..., source=..., thisValue=...) at ../../Source/JavaScriptCore/runtime/Completion.cpp:62 #21 0x55a8f499 in WebCore::JSMainThreadExecState::evaluate (exec=0xe745344, chain=..., source=..., thisValue=...) at ../../Source/WebCore/bindings/js/JSMainThreadExecState.h:54 #22 0x55ab46ef in WebCore::ScriptController::evaluateInWorld (this=0x8a77d9c, sourceCode=..., world=0x8e09710, shouldAllowXSS=WebCore::DoNotAllowXSS) at ../../Source/WebCore/bindings/js/ScriptController.cpp:148 #23 0x55ab4889 in WebCore::ScriptController::evaluate (this=0x8a77d9c, sourceCode=..., shouldAllowXSS=WebCore::DoNotAllowXSS) at ../../Source/WebCore/bindings/js/ScriptController.cpp:171 #24 0x55add584 in WebCore::ScriptController::executeScript (this=0x8a77d9c, sourceCode=..., shouldAllowXSS=WebCore::DoNotAllowXSS) at ../../Source/WebCore/bindings/ScriptControllerBase.cpp:60 #25 0x55c89a48 in WebCore::ScriptElement::executeScript (this=0xe75e82c, sourceCode=...) at ../../Source/WebCore/dom/ScriptElement.cpp:216 #26 0x55df1d0b in WebCore::HTMLScriptRunner::executePendingScriptAndDispatchEvent (this=0xe756648, pendingScript=...) at ../../Source/WebCore/html/parser/HTMLScriptRunner.cpp:144 #27 0x55df1b5b in WebCore::HTMLScriptRunner::executeParsingBlockingScript ( this=0xe756648) at ../../Source/WebCore/html/parser/HTMLScriptRunner.cpp:123 #28 0x55df2028 in WebCore::HTMLScriptRunner::executeParsingBlockingScripts ( this=0xe756648) at ../../Source/WebCore/html/parser/HTMLScriptRunner.cpp:195 #29 0x55df21a0 in WebCore::HTMLScriptRunner::executeScriptsWaitingForLoad ( this=0xe756648, cachedScript=0xe75e9b0) at ../../Source/WebCore/html/parser/HTMLScriptRunner.cpp:206 #30 0x55de7a68 in WebCore::HTMLDocumentParser::notifyFinished ( this=0xe7555f8, cachedResource=0xe75e9b0) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:471 #31 0x55ecb0de in WebCore::CachedScript::checkNotify (this=0xe75e9b0) at ../../Source/WebCore/loader/cache/CachedScript.cpp:100 #32 0x55ecb065 in WebCore::CachedScript::data (this=0xe75e9b0, data=..., allDataReceived=true) at ../../Source/WebCore/loader/cache/CachedScript.cpp:90 #33 0x55ec9c33 in WebCore::CachedResourceRequest::didFinishLoading ( this=0xe75e710, loader=0xe7609c8) at ../../Source/WebCore/loader/cache/CachedResourceRequest.cpp:159 #34 0x55f26a31 in WebCore::SubresourceLoader::didFinishLoading ( this=0xe7609c8, finishTime=0) at ../../Source/WebCore/loader/SubresourceLoader.cpp:181 #35 0x55f1e635 in WebCore::ResourceLoader::didFinishLoading (this=0xe7609c8, finishTime=0) at ../../Source/WebCore/loader/ResourceLoader.cpp:434 #36 0x55905ec1 in closeCallback (source=0xda84a30, res=0xb99eef8) at ../../Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp:824 #37 0x57f1a7fb in async_ready_close_callback_wrapper ( source_object=0xda84a30, res=0xb99eef8, user_data=0x0) at /tmp/buildd/glib2.0-2.27.5.2010128/gio/ginputstream.c:484 #38 0x57f2d410 in g_simple_async_result_complete (simple=0xb99eef8) at /tmp/buildd/glib2.0-2.27.5.2010128/gio/gsimpleasyncresult.c:748 #39 0x57f2d73e in complete_in_idle_cb_for_thread (_data=0xe724260) at /tmp/buildd/glib2.0-2.27.5.2010128/gio/gsimpleasyncresult.c:813 #40 0x5806b301 in g_idle_dispatch (source=0x5a15daf0, callback=0xbbadbeef, user_data=0xe724260) at /tmp/buildd/glib2.0-2.27.5.2010128/glib/gmain.c:4536 #41 0x5806d5c5 in g_main_dispatch (context=0x8a64d28) at /tmp/buildd/glib2.0-2.27.5.2010128/glib/gmain.c:2440 #42 g_main_context_dispatch (context=0x8a64d28) at /tmp/buildd/glib2.0-2.27.5.2010128/glib/gmain.c:3013 #43 0x58071b78 in g_main_context_iterate (context=0x8a64d28, block=<value optimized out>, dispatch=1, self=0x8a402b0) at /tmp/buildd/glib2.0-2.27.5.2010128/glib/gmain.c:3091 #44 0x580720b7 in g_main_loop_run (loop=0xe72e038) at /tmp/buildd/glib2.0-2.27.5.2010128/glib/gmain.c:3299 #45 0x57a95dc9 in IA__gtk_main () at /build/buildd-gtk+2.0_2.20.1-1-i386-Ixfflh/gtk+2.0-2.20.1/gtk/gtkmain.c:1219 #46 0x0805f829 in runTest (testPathOrURL=...) at ../../Tools/DumpRenderTree/gtk/DumpRenderTree.cpp:655 #47 0x0805ef4d in runTestingServerLoop () at ../../Tools/DumpRenderTree/gtk/DumpRenderTree.cpp:469 #48 0x08060c81 in main (argc=2, argv=0xfff83894) at ../../Tools/DumpRenderTree/gtk/DumpRenderTree.cpp:1096
Attachments
Add attachment proposed patch, testcase, etc.
Martin Robinson
Comment 1 2011-01-20 02:31:13 PST
This appears to be a bug in GCC. I verified that this code works on my local machine (GCC version 4.4.3-4ubuntu5) and fails on the 32-bit debug bot (4.4.3-5). #include <cstdio> int main(int argc, const char* argv[]) { int num = 8192; if (__builtin_expect(num, 0)) { printf("passed\n"); } }
Martin Robinson
Comment 2 2011-01-20 02:42:56 PST
Perhaps this bug: http://gcc.gnu.org/bugzilla/show_bug.cgi?id=43385
Martin Robinson
Comment 3 2011-01-20 08:57:05 PST
The GTK+ 32-bit debug bot now has a newer version of GCC, so this should not be an issue any longer.
Note You need to log in before you can comment on or make changes to this bug.