[Webkit-unassigned] [Bug 19217] REGRESSION: Assertion failure in JSImmediate::toString when loading GMail
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri May 23 11:02:38 PDT 2008
http://bugs.webkit.org/show_bug.cgi?id=19217
------- Comment #3 from aroben at apple.com 2008-05-23 11:02 PDT -------
dumpCallFrame in the Machine::privateExecute frame that is closest to
JSImmediate::toString gives:
450 instructions; 2128 bytes at 06C38900; 8 locals (5 parameters); 30
temporaries
[ 0] load lr1, undefined(@k0)
[ 3] load lr2, undefined(@k0)
[ 6] load lr3, undefined(@k0)
[ 9] get_by_id tr0, lr8, vd(@id0)
[ 13] jfalse tr0, 17(->32)
[ 16] get_scoped_var tr0, -83, 0
[ 20] get_scoped_var tr12, -914, 0
[ 24] call tr0, tr0, tr2147483647, 11, 2
[ 30] throw tr0
[ 32] mov tr0, lr6
[ 35] jtrue tr0, 5(->42)
[ 38] get_scoped_var tr0, -915, 0
[ 42] mov lr1, tr0
[ 45] mov tr0, lr8
[ 48] put_by_id tr0, jS(@id1), lr7
[ 52] mov tr0, lr8
[ 55] get_scoped_var tr1, -298, 0
[ 59] put_by_id tr0, oh(@id2), tr1
[ 63] mov tr2, lr8
[ 66] load tr3, 0(@k1)
[ 69] put_by_id tr2, Dg(@id3), tr3
[ 73] mov tr4, lr8
[ 76] put_by_id tr4, eBb(@id4), lr1
[ 80] mov tr0, lr8
[ 83] load tr1, true(@k2)
[ 86] put_by_id tr0, vd(@id0), tr1
[ 90] mov tr2, lr8
[ 93] get_scoped_var tr3, -893, 0
[ 97] construct tr4, tr3, 14, 1
[ 102] put_by_id tr2, va(@id5), tr4
[ 106] mov tr5, lr8
[ 109] get_scoped_var tr6, -896, 0
[ 113] jtrue tr6, 15(->130)
[ 116] get_scoped_var tr7, -895, 0
[ 120] call tr6, tr7, tr2147483647, 18, 1
[ 126] put_scoped_var -896, 0, tr6
[ 130] put_by_id tr5, O9(@id6), tr6
[ 134] get_scoped_var tr7, -892, 0
[ 138] get_by_id tr8, tr7, vCb(@id7)
[ 142] get_by_id tr20, lr8, va(@id5)
[ 146] call tr7, tr8, tr7, 19, 2
[ 152] get_by_id tr8, lr8, va(@id5)
[ 156] get_scoped_var tr9, -274, 0
[ 160] get_by_id tr21, lr8, gTa(@id8)
[ 164] mov tr22, lr8
[ 167] call tr9, tr9, tr2147483647, 20, 3
[ 173] put_by_id tr8, onreadystatechange(@id9), tr9
[ 177] get_by_id tr10, lr8, va(@id5)
[ 181] get_by_id tr11, tr10, open(@id10)
[ 185] mov tr23, lr1
[ 188] mov tr24, lr7
[ 191] load tr25, true(@k2)
[ 194] call tr10, tr11, tr10, 22, 4
[ 200] jmp 36(->237)
[ 202] catch tr10
[ 204] new_object tr11
[ 206] put_by_id tr11, f(@id11), tr10
[ 210] push_scope tr11
[ 212] get_by_id tr12, lr8, Xt(@id12)
[ 216] load tr24, 5(@k3)
[ 219] resolve tr25, f(@id11)
[ 222] call tr12, tr12, lr8, 23, 3
[ 228] load tr13, undefined(@k0)
[ 231] jmp_scopes ^1, 1(->234)
[ 234] ret tr13
[ 236] pop_scope
[ 237] jfalse lr5, 16(->255)
[ 240] get_scoped_var tr10, -90, 0
[ 244] mov tr22, lr5
[ 247] call lr2, tr10, tr2147483647, 21, 2
[ 253] jmp 5(->259)
[ 255] get_scoped_var lr2, -298, 0
[ 259] get_by_id tr10, lr8, headers(@id13)
[ 263] get_by_id tr11, tr10, Mb(@id14)
[ 267] call lr3, tr11, tr10, 22, 1
[ 273] jfalse lr4, 17(->292)
[ 276] get_scoped_var tr0, -360, 0
[ 280] mov tr12, lr4
[ 283] new_func_exp tr13, f0
[ 286] call tr0, tr0, tr2147483647, 11, 3
[ 292] get_scoped_var tr1, -916, 0
[ 296] eq tr0, lr1, tr1
[ 300] jfalse tr0, 18(->320)
[ 303] get_by_id tr1, lr3, Nb(@id15)
[ 307] get_scoped_var tr13, -909, 0
[ 311] call tr1, tr1, lr3, 12, 2
[ 317] not tr0, tr1
[ 320] jfalse tr0, 19(->341)
[ 323] get_by_id tr0, lr3, R(@id16)
[ 327] get_scoped_var tr12, -909, 0
[ 331] get_scoped_var tr13, -917, 0
[ 335] call tr0, tr0, lr3, 11, 3
[ 341] get_scoped_var tr0, -360, 0
[ 345] mov tr12, lr3
[ 348] new_func_exp tr13, f1
[ 351] mov tr14, lr8
[ 354] call tr0, tr0, tr2147483647, 11, 4
[ 360] get_by_id tr1, lr8, bC(@id17)
[ 364] jfalse tr1, 29(->395)
[ 367] get_scoped_var tr1, -796, 0
[ 371] get_by_id tr2, tr1, clearTimeout(@id18)
[ 375] get_by_id tr14, lr8, bC(@id17)
[ 379] call tr1, tr2, tr1, 13, 2
[ 385] mov tr2, lr8
[ 388] load tr3, null(@k4)
[ 391] put_by_id tr2, bC(@id17), tr3
[ 395] load tr1, 0(@k1)
[ 398] get_by_id tr2, lr8, xy(@id19)
[ 402] less tr1, tr1, tr2
[ 406] jfalse tr1, 43(->451)
[ 409] mov tr1, lr8
[ 412] get_scoped_var tr2, -796, 0
[ 416] get_by_id tr3, tr2, setTimeout(@id20)
[ 420] get_scoped_var tr16, -274, 0
[ 424] get_by_id tr28, lr8, wv(@id21)
[ 428] mov tr29, lr8
[ 431] call tr15, tr16, tr2147483647, 27, 3
[ 437] get_by_id tr16, lr8, xy(@id19)
[ 441] call tr2, tr3, tr2, 14, 3
[ 447] put_by_id tr1, bC(@id17), tr2
[ 451] mov tr1, lr8
[ 454] load tr2, false(@k5)
[ 457] put_by_id tr1, sea(@id22), tr2
[ 461] mov tr3, lr8
[ 464] load tr4, true(@k2)
[ 467] put_by_id tr3, Aia(@id23), tr4
[ 471] get_by_id tr5, lr8, va(@id5)
[ 475] get_by_id tr6, tr5, send(@id24)
[ 479] mov tr18, lr2
[ 482] call tr5, tr6, tr5, 17, 2
[ 488] mov tr6, lr8
[ 491] load tr7, false(@k5)
[ 494] put_by_id tr6, Aia(@id23), tr7
[ 498] jmp 28(->527)
[ 500] catch tr1
[ 502] new_object tr2
[ 504] put_by_id tr2, f(@id11), tr1
[ 508] push_scope tr2
[ 510] get_by_id tr3, lr8, Xt(@id12)
[ 514] load tr15, 5(@k3)
[ 517] resolve tr16, f(@id11)
[ 520] call tr3, tr3, lr8, 14, 3
[ 526] pop_scope
[ 527] load tr0, undefined(@k0)
[ 530] ret tr0
Identifiers:
id0 = vd
id1 = jS
id2 = oh
id3 = Dg
id4 = eBb
id5 = va
id6 = O9
id7 = vCb
id8 = gTa
id9 = onreadystatechange
id10 = open
id11 = f
id12 = Xt
id13 = headers
id14 = Mb
id15 = Nb
id16 = R
id17 = bC
id18 = clearTimeout
id19 = xy
id20 = setTimeout
id21 = wv
id22 = sea
id23 = Aia
id24 = send
Constants:
k0 = undefined
k1 = 0
k2 = true
k3 = 5
k4 = null
k5 = false
Exception Handlers:
1: { start: [ 177] end: [ 200] target: [ 202] }
2: { start: [ 360] end: [ 498] target: [ 500] }
Register frame:
----------------------------------------
use | address | value
----------------------------------------
[call frame] | 0477B10C | 00710070
[call frame] | 0477B110 | 0030006A
[call frame] | 0477B114 | 00650061
[call frame] | 0477B118 | 007A0038
[call frame] | 0477B11C | 00730033
[call frame] | 0477B120 | 00350039
[call frame] | 0477B124 | 00790039
[call frame] | 0477B128 | 006E0069
[call frame] | 0477B12C | 00730031
[call frame] | 0477B130 | 00640078
----------------------------------------
[param] | 0477B134 | 00340074
[param] | 0477B138 | 006C0075
[param] | 0477B13C | 00560026
[param] | 0477B140 | 00520045
[param] | 0477B144 | 0036003D
----------------------------------------
[var] | 0477B148 | 00690026
[var] | 0477B14C | 003D0074
[var] | 0477B150 | 00380036
----------------------------------------
[temp] | 0477B154 | 00380032
[temp] | 0477B158 | 00540026
[temp] | 0477B15C | 00500059
[temp] | 0477B160 | 003D0045
[temp] | 0477B164 | 006D0078
[temp] | 0477B168 | 0068006C
[temp] | 0477B16C | 00740074
[temp] | 0477B170 | 00260070
[temp] | 0477B174 | 0078007A
[temp] | 0477B178 | 0069003D
[temp] | 0477B17C | 00610070
[temp] | 0477B180 | 0064007A
[temp] | 0477B184 | 00650032
[temp] | 0477B188 | 00610062
[temp] | 0477B18C | 00660065
[temp] | 0477B190 | 00260066
[temp] | 0477B194 | 003D0074
[temp] | 0477B198 | FDFD0031
[temp] | 0477B19C | DDDDFDFD
[temp] | 0477B1A0 | 00240027
[temp] | 0477B1A4 | 020E01EF
[temp] | 0477B1A8 | 0A38E9D0
[temp] | 0477B1AC | 086AC8D0
[temp] | 0477B1B0 | 00000000
[temp] | 0477B1B4 | 00000000
[temp] | 0477B1B8 | 00000106
[temp] | 0477B1BC | 00000001
[temp] | 0477B1C0 | 001354B0
[temp] | 0477B1C4 | FDFDFDFD
[temp] | 0477B1C8 | 70747468
--
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list