WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED WORKSFORME
72906
ASSERT in JSC::cti_op_get_by_id_self_fail
https://bugs.webkit.org/show_bug.cgi?id=72906
Summary
ASSERT in JSC::cti_op_get_by_id_self_fail
Xan Lopez
Reported
2011-11-21 12:59:52 PST
r100946
, using DFG on x86-64. Program received signal SIGSEGV, Segmentation fault. 0x00007ffff3e06890 in JSC::cti_op_get_by_id_self_fail (args=0x7fffffffc0c0) at ../../Source/JavaScriptCore/jit/JITStubs.cpp:1711 1711 ASSERT(!stubInfo->stubRoutine); (gdb) bt #0 0x00007ffff3e06890 in JSC::cti_op_get_by_id_self_fail (args=0x7fffffffc0c0) at ../../Source/JavaScriptCore/jit/JITStubs.cpp:1711 #1 0x00007ffff3e04534 in JSC::JITThunks::tryCacheGetByID (callFrame=0x2, codeBlock=0x0, returnAddress=..., baseValue=..., propertyName=..., slot=..., stubInfo=0x7fff984a08e0) at ../../Source/JavaScriptCore/jit/JITStubs.cpp:952 #2 0x00007fffffffc0e0 in ?? () #3 0x00007fff984a08e0 in ?? () #4 0x0000000005feeb38 in ?? () #5 0x0000000005feeb00 in ?? () #6 0x00007fff9b818167 in ?? () #7 0x00007ffff3cceef5 in JSC::Register::Register (this=0xe8c78948104d8b48) at ../../Source/JavaScriptCore/interpreter/Register.h:101 Backtrace stopped: previous frame inner to this frame (corrupt stack?) (gdb)
Attachments
Add attachment
proposed patch, testcase, etc.
Filip Pizlo
Comment 1
2011-11-21 16:12:02 PST
That looks bad! Can you say a little bit about how to reproduce? Like, what website were you on at the time? (In reply to
comment #0
)
>
r100946
, using DFG on x86-64. > > > Program received signal SIGSEGV, Segmentation fault. > 0x00007ffff3e06890 in JSC::cti_op_get_by_id_self_fail (args=0x7fffffffc0c0) at ../../Source/JavaScriptCore/jit/JITStubs.cpp:1711 > 1711 ASSERT(!stubInfo->stubRoutine); > (gdb) bt > #0 0x00007ffff3e06890 in JSC::cti_op_get_by_id_self_fail (args=0x7fffffffc0c0) at ../../Source/JavaScriptCore/jit/JITStubs.cpp:1711 > #1 0x00007ffff3e04534 in JSC::JITThunks::tryCacheGetByID (callFrame=0x2, codeBlock=0x0, returnAddress=..., baseValue=..., > propertyName=..., slot=..., stubInfo=0x7fff984a08e0) at ../../Source/JavaScriptCore/jit/JITStubs.cpp:952 > #2 0x00007fffffffc0e0 in ?? () > #3 0x00007fff984a08e0 in ?? () > #4 0x0000000005feeb38 in ?? () > #5 0x0000000005feeb00 in ?? () > #6 0x00007fff9b818167 in ?? () > #7 0x00007ffff3cceef5 in JSC::Register::Register (this=0xe8c78948104d8b48) at ../../Source/JavaScriptCore/interpreter/Register.h:101 > Backtrace stopped: previous frame inner to this frame (corrupt stack?) > (gdb)
Xan Lopez
Comment 2
2011-11-22 06:04:41 PST
(In reply to
comment #1
)
> That looks bad! Can you say a little bit about how to reproduce? Like, what website were you on at the time? >
I've triggered a few times, most (all?) of them in Twitter. Unfortunately I cannot find a reliable way to do it, it just happens sometimes clicking around.
Filip Pizlo
Comment 3
2011-11-22 13:32:37 PST
(In reply to
comment #2
)
> (In reply to
comment #1
) > > That looks bad! Can you say a little bit about how to reproduce? Like, what website were you on at the time? > > > > I've triggered a few times, most (all?) of them in Twitter. Unfortunately I cannot find a reliable way to do it, it just happens sometimes clicking around.
Thanks for the info, I will try this out.
Filip Pizlo
Comment 4
2011-11-22 19:53:59 PST
<
rdar://problem/10482427
>
Gavin Barraclough
Comment 5
2012-03-07 16:52:10 PST
Xan, We haven't been able to reproduce this, there was a lot of churn & new code back around november of last year, my guess is that this has been fixed. I'm going to mark this as WORKSFORME as we can't repro, but if you see this ASSERT again please reopen. Thanks! G.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug