[Webkit-unassigned] [Bug 68965] WebKit crashes in JSC when ENABLE_JIT is 0
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Nov 8 17:35:14 PST 2011
https://bugs.webkit.org/show_bug.cgi?id=68965
--- Comment #3 from Brian Burg <burg at cs.washington.edu> 2011-11-08 17:35:14 PST ---
Additionally, the crash is triggered by the following tests executed by run-javascriptcore-tests:
ecma_3/Array/15.4.4.3-1.js
ecma_3/Object/8.6.2.6-001.js
js1_5/Object/regress-192105.js
and the stack trace is nearly the same for each:
ASSERTION FAILED: slot.base() == baseValue
/Users/burg/repos/WebKit/Source/JavaScriptCore/interpreter/Interpreter.cpp(3220) : JSC::JSValue JSC::Interpreter::privateExecute(JSC::Interpreter::ExecutionFlag, JSC::RegisterFile *, CallFrame *)
1 0x109b3a9c2 JSC::Interpreter::privateExecute(JSC::Interpreter::ExecutionFlag, JSC::RegisterFile*, JSC::ExecState*)
2 0x109b45d14 JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::ScopeChainNode*, JSC::JSObject*)
3 0x109af549f JSC::evaluate(JSC::ExecState*, JSC::ScopeChainNode*, JSC::SourceCode const&, JSC::JSValue, JSC::JSValue*)
4 0x109a30e44 _ZL14runWithScriptsP12GlobalObjectRKN3WTF6VectorI6ScriptLm0EEEb
5 0x109a30678 jscmain(int, char**, JSC::JSGlobalData*)
6 0x109a3057f main
7 0x109a303d4 start
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list