r100279, GNU/Linux x86/64. Fairly easy to reproduce clicking on the "N more tweets" thingie on twitter: Program received signal SIGSEGV, Segmentation fault. 0x00007ffff3d4445c in JSC::CodeBlock::reoptimizationRetryCounter (this=0x0) at ../../Source/JavaScriptCore/bytecode/CodeBlock.h:866 866 ASSERT(m_reoptimizationRetryCounter <= Heuristics::reoptimizationRetryCounterMax); (gdb) bt #0 0x00007ffff3d4445c in JSC::CodeBlock::reoptimizationRetryCounter (this=0x0) at ../../Source/JavaScriptCore/bytecode/CodeBlock.h:866 #1 0x00007ffff3dd554c in JSC::CodeBlock::largeFailCountThreshold (this=0xb438ed0) at ../../Source/JavaScriptCore/bytecode/CodeBlock.h:987 #2 0x00007ffff3dd3c45 in JSC::DFG::OSRExitCompiler::compileExit (this=0x7fffffffc2a0, exit=..., recovery=0x0) at ../../Source/JavaScriptCore/dfg/DFGOSRExitCompiler64.cpp:475 #3 0x00007ffff3dd646c in JSC::DFG::compileOSRExit (exec=0x7fff99ae6830) at ../../Source/JavaScriptCore/dfg/DFGOSRExitCompiler.cpp:59 #4 0x00007fff9b81b696 in ?? () #5 0x00007fffffffc330 in ?? () #6 0x00007fff88e684c0 in ?? () #7 0x0000000000000000 in ?? ()
Certainly related to the recent activation of the DFG JIT for GTK+.
(In reply to comment #1) > Certainly related to the recent activation of the DFG JIT for GTK+. More recent than that, I've been using the DFG JIT for some time already without issues. I believe this regression is a few days old only.
Related to bug 72292, perhaps.
I cannot reproduce this bug with current webkit, though I didn't reproduce it before either. Xan, please give it another go with current webkit.
(In reply to comment #4) > I cannot reproduce this bug with current webkit, though I didn't reproduce it before either. Xan, please give it another go with current webkit. I'm almost certain that it's a dup of https://bugs.webkit.org/show_bug.cgi?id=72292. Crashes in exactly this code path were the main symptom of that bug. Please reopen if you can still repro. *** This bug has been marked as a duplicate of bug 72292 ***