[Webkit-unassigned] [Bug 73886] New: REGRESSION(r101863-r102042): Assertion hit: m_verifier.isSafeToUse() in RefCountedBase::ref in FunctionCodeBlock
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Dec 5 19:15:27 PST 2011
https://bugs.webkit.org/show_bug.cgi?id=73886
Summary: REGRESSION(r101863-r102042): Assertion hit:
m_verifier.isSafeToUse() in RefCountedBase::ref in
FunctionCodeBlock
Product: WebKit
Version: 528+ (Nightly build)
Platform: Unspecified
OS/Version: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: JavaScriptCore
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: rniwa at webkit.org
CC: ggaren at apple.com, oliver at apple.com, fpizlo at apple.com
I've been browsing on r102042 and I've been repeatedly hitting the following assertion:
class RefCountedBase {
public:
void ref()
{
#ifndef NDEBUG
// Start thread verification as soon as the ref count gets to 2. This
// heuristic reflects the fact that items are often created on one thread
// and then given to another thread to be used.
// FIXME: Make this restriction tigher. Especially as we move to more
// common methods for sharing items across threads like CrossThreadCopier.h
// We should be able to add a "detachFromThread" method to make this explicit.
if (m_refCount == 1)
m_verifier.setShared(true);
#endif
// If this assert fires, it either indicates a thread safety issue or
// that the verification needs to change. See ThreadRestrictionVerifier for
// the different modes.
ASSERT(m_verifier.isSafeToUse()); // < this one!
#0 0x1000c940a in WTF::RefCountedBase::ref at RefCounted.h:53
#1 0x1000dd65c in JSC::FunctionCodeBlock::FunctionCodeBlock at CodeBlock.h:1361
#2 0x1000d5a67 in JSC::FunctionExecutable::produceCodeBlockFor at Executable.cpp:475
#3 0x1000d6aea in JSC::FunctionExecutable::compileForCallInternal at Executable.cpp:516
#4 0x1000d6ffd in JSC::FunctionExecutable::compileOptimizedForCall at Executable.cpp:447
#5 0x1000780b3 in JSC::FunctionExecutable::compileOptimizedFor at Executable.h:573
#6 0x1000657cc in JSC::FunctionCodeBlock::compileOptimized at CodeBlock.cpp:2146
#7 0x10011e8b8 in cti_optimize_from_ret at JITStubs.cpp:2059
#8 0x100117386 in ctiOpThrowNotCaught at Instruction.h:81
#9 0x1000f41a0 in JSC::JITCode::execute at JITCode.h:115
#10 0x1000ea0ca in JSC::Interpreter::executeCall at Interpreter.cpp:1075
#11 0x100062787 in JSC::call at CallData.cpp:39
#12 0x10016238e in JSObjectCallAsFunction at JSObjectRef.cpp:443
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list