79848 – EFL port asserts on JSC::cti_op_nstricteq after r109040

RESOLVED DUPLICATE of bug 79844 79848

EFL port asserts on JSC::cti_op_nstricteq after r109040

https://bugs.webkit.org/show_bug.cgi?id=79848

Summary EFL port asserts on JSC::cti_op_nstricteq after r109040

Raphael Kubo da Costa (:rakuco)

Reported 2012-02-28 17:04:56 PST

When launching EWebLauncher with pages which use JavaScript (for example, LayoutTests/fast/dom/dom-constructors.html, LayoutTests/fast/xpath/reverse-axes.html or even google.com), it always asserts before finishing loading the page with the following assert introduced in 109040: ASSERTION FAILED: (src1.isCell() && src2.isCell()) || src1.isDouble() || src2.isDouble() #0 0xb51e7b40 in JSC::cti_op_stricteq (args=0xbfffce20) at /home/rakuco/dev/webkit/WebKit/Source/JavaScriptCore/jit/JITStubs.cpp:3298 #1 0xb51ddd13 in JSC::JITThunks::tryCacheGetByID (callFrame=0xaddfdd80, codeBlock=0xfffffffb, returnAddress=..., baseValue=..., propertyName=..., slot=..., stubInfo=0xbfffce58) at /home/rakuco/dev/webkit/WebKit/Source/JavaScriptCore/jit/JITStubs.cpp:970 #2 0xbfffce58 in ?? () #3 0xb51d3c39 in JSC::JITCode::execute (this=0xaddbff10, registerFile=0x813d414, callFrame=0xaf12a038, globalData=0x818e0a8) at /home/rakuco/dev/webkit/WebKit/Source/JavaScriptCore/jit/JITCode.h:127 #4 0xb51d02c8 in JSC::Interpreter::execute (this=0x813d408, program=0xaddbff00, callFrame=0xade1fcb4, scopeChain=0xaddfffe0, thisObj=0xb001ffc0) at /home/rakuco/dev/webkit/WebKit/Source/JavaScriptCore/interpreter/Interpreter.cpp:1191 #5 0xb51ff883 in JSC::evaluate (exec=0xade1fcb4, scopeChain=0xaddfffe0, source=..., thisValue=..., returnedException=0xbfffd97c) at /home/rakuco/dev/webkit/WebKit/Source/JavaScriptCore/runtime/Completion.cpp:73 #6 0xb4942c5d in WebCore::JSMainThreadExecState::evaluate (exec=0xade1fcb4, chain=0xaddfffe0, source=..., thisValue=..., exception=0xbfffd97c) at /home/rakuco/dev/webkit/WebKit/Source/WebCore/bindings/js/JSMainThreadExecState.h:85 #7 0xb4958b79 in WebCore::ScriptController::evaluateInWorld (this=0x80de338, sourceCode=..., world=0x813d438) at /home/rakuco/dev/webkit/WebKit/Source/WebCore/bindings/js/ScriptController.cpp:145 #8 0xb4958c72 in WebCore::ScriptController::evaluate (this=0x80de338, sourceCode=...) at /home/rakuco/dev/webkit/WebKit/Source/WebCore/bindings/js/ScriptController.cpp:162 #9 0xb4d27936 in WebCore::ScriptElement::executeScript (this=0x81db4f0, sourceCode=...) at /home/rakuco/dev/webkit/WebKit/Source/WebCore/dom/ScriptElement.cpp:279 #10 0xb4d2751e in WebCore::ScriptElement::prepareScript (this=0x81db4f0, scriptStartPosition=..., supportLegacyTypes=WebCore::ScriptElement::DisallowLegacyTypeInTypeAttribute) at /home/rakuco/dev/webkit/WebKit/Source/WebCore/dom/ScriptElement.cpp:232 #11 0xb447588f in WebCore::HTMLScriptRunner::runScript (this=0x8131a18, script=0x81db4b0, scriptStartPosition=...) at /home/rakuco/dev/webkit/WebKit/Source/WebCore/html/parser/HTMLScriptRunner.cpp:296 #12 0xb4474e57 in WebCore::HTMLScriptRunner::execute (this=0x8131a18, scriptElement=..., scriptStartPosition=...) at /home/rakuco/dev/webkit/WebKit/Source/WebCore/html/parser/HTMLScriptRunner.cpp:170 #13 0xb446f0e8 in WebCore::HTMLDocumentParser::runScriptsForPausedTreeBuilder (this=0x8103ac8) at /home/rakuco/dev/webkit/WebKit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:207 #14 0xb446f19b in WebCore::HTMLDocumentParser::canTakeNextToken (this=0x8103ac8, mode=WebCore::HTMLDocumentParser::AllowYield, session=...) at /home/rakuco/dev/webkit/WebKit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:225 #15 0xb446f5bd in WebCore::HTMLDocumentParser::pumpTokenizer (this=0x8103ac8, mode=WebCore::HTMLDocumentParser::AllowYield) at /home/rakuco/dev/webkit/WebKit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:263 #16 0xb446ef30 in WebCore::HTMLDocumentParser::pumpTokenizerIfPossible (this=0x8103ac8, mode=WebCore::HTMLDocumentParser::AllowYield) at /home/rakuco/dev/webkit/WebKit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:177 #17 0xb4470099 in WebCore::HTMLDocumentParser::resumeParsingAfterScriptExecution (this=0x8103ac8) at /home/rakuco/dev/webkit/WebKit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:475 #18 0xb4470408 in WebCore::HTMLDocumentParser::notifyFinished (this=0x8103ac8, cachedResource=0x80d59d0) at /home/rakuco/dev/webkit/WebKit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:520 #19 0xb452e3ef in WebCore::CachedResource::checkNotify (this=0x80d59d0) at /home/rakuco/dev/webkit/WebKit/Source/WebCore/loader/cache/CachedResource.cpp:245 #20 0xb453e1d5 in WebCore::CachedScript::data (this=0x80d59d0, data=..., allDataReceived=true) at /home/rakuco/dev/webkit/WebKit/Source/WebCore/loader/cache/CachedScript.cpp:104 #21 0xb450f2f8 in WebCore::SubresourceLoader::didFinishLoading (this=0x8194e10, finishTime=0) at /home/rakuco/dev/webkit/WebKit/Source/WebCore/loader/SubresourceLoader.cpp:276 #22 0xb450ba1b in WebCore::ResourceLoader::didFinishLoading (this=0x8194e10, finishTime=0) at /home/rakuco/dev/webkit/WebKit/Source/WebCore/loader/ResourceLoader.cpp:451 #23 0xb4bafe9c in WebCore::readCallback (source=0xaff03180, asyncResult=0x8094048, data=0x8191aa8) at /home/rakuco/dev/webkit/WebKit/Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp:670 #24 0xb7b525b8 in async_ready_callback_wrapper (source_object=0xaff03180, res=0x8094048, user_data=0x8191aa8) at ginputstream.c:470 #25 0xb7b656e0 in g_simple_async_result_complete (simple=0x8094048) at gsimpleasyncresult.c:744 #26 0xb7b65753 in complete_in_idle_cb_for_thread (_data=0x81382d8) at gsimpleasyncresult.c:812 #27 0xb79d33b0 in g_idle_dispatch (source=0xae800f80, callback=0xb7b65720 <complete_in_idle_cb_for_thread>, user_data=0x81382d8) at gmain.c:4632 #28 0xb79d597a in g_main_dispatch (context=0x8093a98) at gmain.c:2513 #29 g_main_context_dispatch (context=0x8093a98) at gmain.c:3050 #30 0xb7d183d0 in _ecore_glib_select__locked (ctx=0x8093a98, ecore_fds=10, rfds=0xbfffe194, wfds=0xbfffe114, efds=0xbfffe094, ecore_timeout=0xbfffe214) at ecore_glib.c:171 #31 0xb7d184e2 in _ecore_glib_select (ecore_fds=10, rfds=0xbfffe194, wfds=0xbfffe114, efds=0xbfffe094, ecore_timeout=0xbfffe214) at ecore_glib.c:205 #32 0xb7d11f8f in _ecore_main_select (timeout=0) at ecore_main.c:1419 #33 0xb7d12aae in _ecore_main_loop_iterate_internal (once_only=0) at ecore_main.c:1835 #34 0xb7d11438 in ecore_main_loop_begin () at ecore_main.c:906 #35 0x0804c680 in main (argc=2, argv=0xbffff424) at /home/rakuco/dev/webkit/WebKit/Tools/EWebLauncher/main.c:833

Attachments
Add attachment proposed patch, testcase, etc.

Raphael Kubo da Costa (:rakuco)

Comment 1 2012-02-28 17:07:16 PST

ChangSeok reports he was able to reproduce it with the GTK+ port as well, but I haven't built it myself.

Filip Pizlo

Comment 2 2012-02-28 17:10:05 PST

Apologies! These assertions turn out to be just plain wrong. Patch on the way to remove them...

Filip Pizlo

Comment 3 2012-02-28 17:10:37 PST

*** This bug has been marked as a duplicate of bug 79844 ***

ChangSeok Oh

Comment 4 2012-02-28 18:28:29 PST

(In reply to comment #2) > Apologies! These assertions turn out to be just plain wrong. Patch on the way to remove them... I've been struggling to find a clue about this. :p Thanks for your info.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution DUPLICATE

of bug 79844

Priority P2

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware Unspecified

OS Unspecified

Product WebKit

Component JavaScriptCore

Assignee

Nobody

Reported

2012-02-28 17:04 PST

Modified

2012-02-28 18:28 PST History

CC List

3 users Show

URL

Keywords

Depends on

Blocks