WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
NEW
68222
REGRESSION: Assertion failure in DFG::SpeculativeJIT::compile on WebKit Trac
https://bugs.webkit.org/show_bug.cgi?id=68222
Summary
REGRESSION: Assertion failure in DFG::SpeculativeJIT::compile on WebKit Trac
Adam Roben (:aroben)
Reported
2011-09-15 22:38:15 PDT
To reproduce: 1. Go to
https://trac.webkit.org/
You'll hit this assertion in DFG::SpeculativeJIT::compile: ASSERT(m_bytecodeIndexForOSR != nextNode.codeOrigin.bytecodeIndex() || (!m_bytecodeIndexForOSR && !nextNode.codeOrigin.bytecodeIndex())); (gdb) p nextNode $1 = ('JSC::DFG::Node' &) @0x7fff5fbfae54: { op = JSC::DFG::JSConstant, codeOrigin = { m_bytecodeIndex = 39 }, children = { fixed = { child1 = 4294967295, child2 = 4294967295, child3 = 4294967295 }, variable = { firstChild = 4294967295, numChildren = 4294967295 } }, m_virtualRegister = 5, m_refCount = 1, m_opInfo = 0, m_opInfo2 = 1606392048 } Here's the backtrace: #0 0x0000000101cc515e in JSC::DFG::SpeculativeJIT::compile(JSC::DFG::Node&) at /Users/aroben/dev/WebKit/OpenSource/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:778 #1 0x0000000101ccb875 in JSC::DFG::SpeculativeJIT::compile(JSC::DFG::BasicBlock&) () #2 0x0000000101ccbdbf in JSC::DFG::SpeculativeJIT::compile() () #3 0x0000000101c9f36f in JSC::DFG::JITCompiler::compileBody() () #4 0x0000000101ca0426 in JSC::DFG::JITCompiler::compileFunction(JSC::JITCode&, JSC::MacroAssemblerCodePtr&) () #5 0x0000000101bdcde1 in JSC::DFG::compile(JSC::DFG::CompileMode, JSC::ExecState*, JSC::ExecState*, JSC::CodeBlock*, JSC::JITCode&, JSC::MacroAssemblerCodePtr*) () #6 0x0000000101bdcc6b in JSC::DFG::tryCompileFunction(JSC::ExecState*, JSC::ExecState*, JSC::CodeBlock*, JSC::JITCode&, JSC::MacroAssemblerCodePtr&) () #7 0x0000000101cdfb07 in JSC::FunctionExecutable::compileForCallInternal(JSC::ExecState*, JSC::ScopeChainNode*, JSC::ExecState*, JSC::JITCode::JITType) () #8 0x0000000101bfb344 in JSC::FunctionExecutable::compileForCall(JSC::ExecState*, JSC::ScopeChainNode*, JSC::ExecState*) () #9 0x0000000101cbdde3 in JSC::FunctionExecutable::compileFor(JSC::ExecState*, JSC::ScopeChainNode*, JSC::CodeSpecializationKind) () #10 0x0000000101d3cab3 in JSC::lazyLinkFor(JSC::JITStackFrame&, JSC::CodeSpecializationKind) () #11 0x0000000101d30c4c in cti_vm_lazyLinkCall () #12 0x0000000101d3a9e0 in jscGeneratedNativeCode () #13 0x0000000101cfd2a9 in JSC::JITCode::execute(JSC::RegisterFile*, JSC::ExecState*, JSC::JSGlobalData*) () #14 0x0000000101cf6302 in JSC::Interpreter::execute(JSC::EvalExecutable*, JSC::ExecState*, JSC::JSValue, int, JSC::ScopeChainNode*) () #15 0x0000000101cf5999 in JSC::Interpreter::callEval(JSC::ExecState*, JSC::RegisterFile*, JSC::Register*, int, int) () #16 0x0000000101d37e05 in cti_op_call_eval () #17 0x0000000101d3a9e0 in jscGeneratedNativeCode () #18 0x0000000101cfd2a9 in JSC::JITCode::execute(JSC::RegisterFile*, JSC::ExecState*, JSC::JSGlobalData*) () #19 0x0000000101cf9098 in JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::ScopeChainNode*, JSC::JSObject*) () #20 0x0000000101c5cb1f in JSC::evaluate(JSC::ExecState*, JSC::ScopeChainNode*, JSC::SourceCode const&, JSC::JSValue, JSC::JSValue*) () #21 0x00000001053794d1 in WebCore::JSMainThreadExecState::evaluate(JSC::ExecState*, JSC::ScopeChainNode*, JSC::SourceCode const&, JSC::JSValue, JSC::JSValue*) () #22 0x0000000105a05552 in WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld*) at /Users/aroben/dev/WebKit/OpenSource/Source/WebCore/bindings/js/ScriptController.cpp:144 #23 0x0000000105a056a9 in WebCore::ScriptController::evaluate(WebCore::ScriptSourceCode const&) () #24 0x0000000105a1b113 in WebCore::ScriptElement::executeScript(WebCore::ScriptSourceCode const&) () #25 0x0000000104fb2d45 in WebCore::HTMLScriptRunner::executePendingScriptAndDispatchEvent(WebCore::PendingScript&) () #26 0x0000000104fb2b6a in WebCore::HTMLScriptRunner::executeParsingBlockingScript() () #27 0x0000000104fb347a in WebCore::HTMLScriptRunner::executeParsingBlockingScripts() () #28 0x0000000104fb3609 in WebCore::HTMLScriptRunner::executeScriptsWaitingForLoad(WebCore::CachedResource*) () #29 0x0000000104f3a35c in WebCore::HTMLDocumentParser::notifyFinished(WebCore::CachedResource*) () #30 0x0000000104f3a3fc in non-virtual thunk to WebCore::HTMLDocumentParser::notifyFinished(WebCore::CachedResource*) () #31 0x000000010495951d in WebCore::CachedResource::checkNotify() () #32 0x000000010497177d in WebCore::CachedScript::data(WTF::PassRefPtr<WebCore::SharedBuffer>, bool) () #33 0x000000010496ffc9 in WebCore::CachedResourceRequest::didFinishLoading(WebCore::SubresourceLoader*, double) () #34 0x0000000105aea8f8 in WebCore::SubresourceLoader::didFinishLoading(double) () #35 0x00000001059cc2dc in WebCore::ResourceLoader::didFinishLoading(WebCore::ResourceHandle*, double) () #36 0x00000001059c8ba7 in -[WebCoreResourceHandleAsDelegate connectionDidFinishLoading:] ()
Attachments
Add attachment
proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1
2011-09-15 22:38:28 PDT
<
rdar://problem/10135477
>
Filip Pizlo
Comment 2
2011-09-16 12:55:02 PDT
Can't reproduce. :-( Going to trac.webkit.org does not crash for me.
Adam Roben (:aroben)
Comment 3
2011-09-16 13:16:29 PDT
Maybe you need to be logged in to Trac for the bug to occur? Also make sure you're using https: and not http:.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug