[Webkit-unassigned] [Bug 65930] New: DFG JIT failure loading web site
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Aug 9 11:20:31 PDT 2011
https://bugs.webkit.org/show_bug.cgi?id=65930
Summary: DFG JIT failure loading web site
Product: WebKit
Version: 528+ (Nightly build)
Platform: Unspecified
OS/Version: Unspecified
Status: NEW
Keywords: InRadar
Severity: Normal
Priority: P2
Component: JavaScriptCore
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: oliver at apple.com
CC: ggaren at apple.com, barraclough at apple.com
<rdar://problem/9922643>
�8/9/11 11:17 AM Oliver Hunt:
* SUMMARY
Navigating to http://www.skinnytaste.com/2011/06/ricotta-cheese-chocolate-chip-muffins.html crashes the DFG JIT reproducibly in a debug build
* STEPS TO REPRODUCE
1. Do a debug build of safari
2. Load http://www.skinnytaste.com/2011/06/ricotta-cheese-chocolate-chip-muffins.html
* RESULTS
Crash:
ASSERTION FAILED: m_data[index].name != InvalidVirtualRegister
/Volumes/Data/git/WebKit/OpenSource/Source/JavaScriptCore/dfg/DFGRegisterBank.h(329) : void JSC::DFG::RegisterBank<JSC::DFG::GPRInfo>::releaseAtIndex(unsigned int)
1 JSC::DFG::RegisterBank<JSC::DFG::GPRInfo>::releaseAtIndex(unsigned int)
2 JSC::DFG::RegisterBank<JSC::DFG::GPRInfo>::release(JSC::X86Registers::RegisterID)
3 JSC::DFG::JITCodeGenerator::fillDouble(unsigned int)
4 JSC::DFG::DoubleOperand::fpr()
5 JSC::DFG::NonSpeculativeJIT::compile(JSC::DFG::SpeculationCheckIndexIterator&, JSC::DFG::Node&)
6 JSC::DFG::NonSpeculativeJIT::compile(JSC::DFG::SpeculationCheckIndexIterator&, JSC::DFG::BasicBlock&)
7 JSC::DFG::NonSpeculativeJIT::compile(JSC::DFG::SpeculationCheckIndexIterator&)
8 JSC::DFG::JITCompiler::compileBody()
9 JSC::DFG::JITCompiler::compileFunction(JSC::JITCode&, JSC::MacroAssemblerCodePtr&)
10 JSC::tryDFGCompileFunction(JSC::ExecState*, JSC::ExecState*, JSC::CodeBlock*, JSC::JITCode&, JSC::MacroAssemblerCodePtr&)
11 JSC::FunctionExecutable::compileForCallInternal(JSC::ExecState*, JSC::ScopeChainNode*, JSC::ExecState*)
12 JSC::FunctionExecutable::compileForCall(JSC::ExecState*, JSC::ScopeChainNode*, JSC::ExecState*)
13 JSC::FunctionExecutable::compileFor(JSC::ExecState*, JSC::ScopeChainNode*, JSC::CodeSpecializationKind)
14 JSC::lazyLinkFor(JSC::JITStackFrame&, JSC::CodeSpecializationKind)
15 cti_vm_lazyLinkCall
16 jscGeneratedNativeCode
17 JSC::JITCode::execute(JSC::RegisterFile*, JSC::ExecState*, JSC::JSGlobalData*)
18 JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::ScopeChainNode*, JSC::JSObject*)
19 JSC::evaluate(JSC::ExecState*, JSC::ScopeChainNode*, JSC::SourceCode const&, JSC::JSValue)
20 WebCore::JSMainThreadExecState::evaluate(JSC::ExecState*, JSC::ScopeChainNode*, JSC::SourceCode const&, JSC::JSValue)
21 WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld*)
22 WebCore::ScriptController::evaluate(WebCore::ScriptSourceCode const&)
23 WebCore::ScriptElement::executeScript(WebCore::ScriptSourceCode const&)
24 WebCore::ScriptElement::prepareScript(WTF::TextPosition<WTF::OneBasedNumber> const&, WebCore::ScriptElement::LegacyTypeSupport)
25 WebCore::HTMLScriptRunner::runScript(WebCore::Element*, WTF::TextPosition<WTF::OneBasedNumber> const&)
26 WebCore::HTMLScriptRunner::execute(WTF::PassRefPtr<WebCore::Element>, WTF::TextPosition<WTF::OneBasedNumber> const&)
27 WebCore::HTMLDocumentParser::runScriptsForPausedTreeBuilder()
28 WebCore::HTMLDocumentParser::canTakeNextToken(WebCore::HTMLDocumentParser::SynchronousMode, WebCore::PumpSession&)
29 WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode)
30 WebCore::HTMLDocumentParser::pumpTokenizerIfPossible(WebCore::HTMLDocumentParser::SynchronousMode)
31 WebCore::HTMLDocumentParser::resumeParsingAfterScriptExecution()
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list