79848 – EFL port asserts on JSC::cti_op_nstricteq after r109040

Bug 79848 - EFL port asserts on JSC::cti_op_nstricteq after r109040

Summary: EFL port asserts on JSC::cti_op_nstricteq after r109040

Status:	RESOLVED DUPLICATE of bug 79844

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	JavaScriptCore (show other bugs)
Version:	528+ (Nightly build)
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:

Depends on:
Blocks:

Reported:	2012-02-28 17:04 PST by Raphael Kubo da Costa (:rakuco)
Modified:	2012-02-28 18:28 PST (History)
CC List:	3 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Raphael Kubo da Costa (:rakuco) 2012-02-28 17:04:56 PST

When launching EWebLauncher with pages which use JavaScript (for example, LayoutTests/fast/dom/dom-constructors.html, LayoutTests/fast/xpath/reverse-axes.html or even google.com), it always asserts before finishing loading the page with the following assert introduced in 109040:

  ASSERTION FAILED: (src1.isCell() && src2.isCell()) || src1.isDouble() || src2.isDouble()

#0  0xb51e7b40 in JSC::cti_op_stricteq (args=0xbfffce20) at /home/rakuco/dev/webkit/WebKit/Source/JavaScriptCore/jit/JITStubs.cpp:3298
#1  0xb51ddd13 in JSC::JITThunks::tryCacheGetByID (callFrame=0xaddfdd80, codeBlock=0xfffffffb, returnAddress=..., baseValue=..., propertyName=..., slot=..., stubInfo=0xbfffce58) at /home/rakuco/dev/webkit/WebKit/Source/JavaScriptCore/jit/JITStubs.cpp:970
#2  0xbfffce58 in ?? ()
#3  0xb51d3c39 in JSC::JITCode::execute (this=0xaddbff10, registerFile=0x813d414, callFrame=0xaf12a038, globalData=0x818e0a8) at /home/rakuco/dev/webkit/WebKit/Source/JavaScriptCore/jit/JITCode.h:127
#4  0xb51d02c8 in JSC::Interpreter::execute (this=0x813d408, program=0xaddbff00, callFrame=0xade1fcb4, scopeChain=0xaddfffe0, thisObj=0xb001ffc0) at /home/rakuco/dev/webkit/WebKit/Source/JavaScriptCore/interpreter/Interpreter.cpp:1191
#5  0xb51ff883 in JSC::evaluate (exec=0xade1fcb4, scopeChain=0xaddfffe0, source=..., thisValue=..., returnedException=0xbfffd97c) at /home/rakuco/dev/webkit/WebKit/Source/JavaScriptCore/runtime/Completion.cpp:73
#6  0xb4942c5d in WebCore::JSMainThreadExecState::evaluate (exec=0xade1fcb4, chain=0xaddfffe0, source=..., thisValue=..., exception=0xbfffd97c) at /home/rakuco/dev/webkit/WebKit/Source/WebCore/bindings/js/JSMainThreadExecState.h:85
#7  0xb4958b79 in WebCore::ScriptController::evaluateInWorld (this=0x80de338, sourceCode=..., world=0x813d438) at /home/rakuco/dev/webkit/WebKit/Source/WebCore/bindings/js/ScriptController.cpp:145
#8  0xb4958c72 in WebCore::ScriptController::evaluate (this=0x80de338, sourceCode=...) at /home/rakuco/dev/webkit/WebKit/Source/WebCore/bindings/js/ScriptController.cpp:162
#9  0xb4d27936 in WebCore::ScriptElement::executeScript (this=0x81db4f0, sourceCode=...) at /home/rakuco/dev/webkit/WebKit/Source/WebCore/dom/ScriptElement.cpp:279
#10 0xb4d2751e in WebCore::ScriptElement::prepareScript (this=0x81db4f0, scriptStartPosition=..., supportLegacyTypes=WebCore::ScriptElement::DisallowLegacyTypeInTypeAttribute) at /home/rakuco/dev/webkit/WebKit/Source/WebCore/dom/ScriptElement.cpp:232
#11 0xb447588f in WebCore::HTMLScriptRunner::runScript (this=0x8131a18, script=0x81db4b0, scriptStartPosition=...) at /home/rakuco/dev/webkit/WebKit/Source/WebCore/html/parser/HTMLScriptRunner.cpp:296
#12 0xb4474e57 in WebCore::HTMLScriptRunner::execute (this=0x8131a18, scriptElement=..., scriptStartPosition=...) at /home/rakuco/dev/webkit/WebKit/Source/WebCore/html/parser/HTMLScriptRunner.cpp:170
#13 0xb446f0e8 in WebCore::HTMLDocumentParser::runScriptsForPausedTreeBuilder (this=0x8103ac8) at /home/rakuco/dev/webkit/WebKit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:207
#14 0xb446f19b in WebCore::HTMLDocumentParser::canTakeNextToken (this=0x8103ac8, mode=WebCore::HTMLDocumentParser::AllowYield, session=...) at /home/rakuco/dev/webkit/WebKit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:225
#15 0xb446f5bd in WebCore::HTMLDocumentParser::pumpTokenizer (this=0x8103ac8, mode=WebCore::HTMLDocumentParser::AllowYield) at /home/rakuco/dev/webkit/WebKit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:263
#16 0xb446ef30 in WebCore::HTMLDocumentParser::pumpTokenizerIfPossible (this=0x8103ac8, mode=WebCore::HTMLDocumentParser::AllowYield) at /home/rakuco/dev/webkit/WebKit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:177
#17 0xb4470099 in WebCore::HTMLDocumentParser::resumeParsingAfterScriptExecution (this=0x8103ac8) at /home/rakuco/dev/webkit/WebKit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:475
#18 0xb4470408 in WebCore::HTMLDocumentParser::notifyFinished (this=0x8103ac8, cachedResource=0x80d59d0) at /home/rakuco/dev/webkit/WebKit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:520
#19 0xb452e3ef in WebCore::CachedResource::checkNotify (this=0x80d59d0) at /home/rakuco/dev/webkit/WebKit/Source/WebCore/loader/cache/CachedResource.cpp:245
#20 0xb453e1d5 in WebCore::CachedScript::data (this=0x80d59d0, data=..., allDataReceived=true) at /home/rakuco/dev/webkit/WebKit/Source/WebCore/loader/cache/CachedScript.cpp:104
#21 0xb450f2f8 in WebCore::SubresourceLoader::didFinishLoading (this=0x8194e10, finishTime=0) at /home/rakuco/dev/webkit/WebKit/Source/WebCore/loader/SubresourceLoader.cpp:276
#22 0xb450ba1b in WebCore::ResourceLoader::didFinishLoading (this=0x8194e10, finishTime=0) at /home/rakuco/dev/webkit/WebKit/Source/WebCore/loader/ResourceLoader.cpp:451
#23 0xb4bafe9c in WebCore::readCallback (source=0xaff03180, asyncResult=0x8094048, data=0x8191aa8) at /home/rakuco/dev/webkit/WebKit/Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp:670
#24 0xb7b525b8 in async_ready_callback_wrapper (source_object=0xaff03180, res=0x8094048, user_data=0x8191aa8) at ginputstream.c:470
#25 0xb7b656e0 in g_simple_async_result_complete (simple=0x8094048) at gsimpleasyncresult.c:744
#26 0xb7b65753 in complete_in_idle_cb_for_thread (_data=0x81382d8) at gsimpleasyncresult.c:812
#27 0xb79d33b0 in g_idle_dispatch (source=0xae800f80, callback=0xb7b65720 <complete_in_idle_cb_for_thread>, user_data=0x81382d8) at gmain.c:4632
#28 0xb79d597a in g_main_dispatch (context=0x8093a98) at gmain.c:2513
#29 g_main_context_dispatch (context=0x8093a98) at gmain.c:3050
#30 0xb7d183d0 in _ecore_glib_select__locked (ctx=0x8093a98, ecore_fds=10, rfds=0xbfffe194, wfds=0xbfffe114, efds=0xbfffe094, ecore_timeout=0xbfffe214) at ecore_glib.c:171
#31 0xb7d184e2 in _ecore_glib_select (ecore_fds=10, rfds=0xbfffe194, wfds=0xbfffe114, efds=0xbfffe094, ecore_timeout=0xbfffe214) at ecore_glib.c:205
#32 0xb7d11f8f in _ecore_main_select (timeout=0) at ecore_main.c:1419
#33 0xb7d12aae in _ecore_main_loop_iterate_internal (once_only=0) at ecore_main.c:1835
#34 0xb7d11438 in ecore_main_loop_begin () at ecore_main.c:906
#35 0x0804c680 in main (argc=2, argv=0xbffff424) at /home/rakuco/dev/webkit/WebKit/Tools/EWebLauncher/main.c:833

Comment 1 Raphael Kubo da Costa (:rakuco) 2012-02-28 17:07:16 PST

ChangSeok reports he was able to reproduce it with the GTK+ port as well, but I haven't built it myself.

Comment 2 Filip Pizlo 2012-02-28 17:10:05 PST

Apologies!  These assertions turn out to be just plain wrong.  Patch on the way to remove them...

Comment 3 Filip Pizlo 2012-02-28 17:10:37 PST


*** This bug has been marked as a duplicate of bug 79844 ***

Comment 4 ChangSeok Oh 2012-02-28 18:28:29 PST

(In reply to comment #2)
> Apologies!  These assertions turn out to be just plain wrong.  Patch on the way to remove them...

I've been struggling to find a clue about this. :p
Thanks for your info.