[Webkit-unassigned] [Bug 72883] New: ASSERTION FAILED: !callLinkInfo->isLinked() in JSC JIT
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Nov 21 07:30:32 PST 2011
https://bugs.webkit.org/show_bug.cgi?id=72883
Summary: ASSERTION FAILED: !callLinkInfo->isLinked() in JSC JIT
Product: WebKit
Version: 528+ (Nightly build)
Platform: Unspecified
URL: http://technorati.com
OS/Version: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: JavaScriptCore
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: svillar at igalia.com
This is what I got from valgrind
==4981== Conditional jump or move depends on uninitialised value(s)
==4981== at 0xACB4EF9: JSC::NumericStrings::add(int) (NumericStrings.h:52)
==4981== by 0xAEBE0C0: JSC::JSValue::toPrimitiveString(JSC::ExecState*) const (JSValue.cpp:212)
==4981== by 0xADE6B9B: cti_op_add (JITStubs.cpp:1327)
==4981== by 0xADE6603: JSC::JITThunks::tryCacheGetByID(JSC::ExecState*, JSC::CodeBlock*, JSC::ReturnAddressPtr, JSC::JSValue, JSC::Identifier const&, JSC::PropertySlot const&, JSC::StructureStubInfo*) (JITStubs.cpp:952)
==4981== by 0x7FEFFDB5F: ???
==4981== by 0x420CF9F: ???
==4981== by 0xFFFF00000000003F: ???
==4981== by 0x420D01F: ???
==4981==
==4981== Conditional jump or move depends on uninitialised value(s)
==4981== at 0xACB4EF9: JSC::NumericStrings::add(int) (NumericStrings.h:52)
==4981== by 0xAEBE0C0: JSC::JSValue::toPrimitiveString(JSC::ExecState*) const (JSValue.cpp:212)
==4981== by 0xAD5CE08: JSC::jsAdd(JSC::ExecState*, JSC::JSValue, JSC::JSValue) (Operations.h:308)
==4981== by 0xAD570A2: operationValueAdd (DFGOperations.cpp:232)
==4981== by 0x79519334: ???
==4981== by 0xADC09DD: JSC::JITCode::execute(JSC::RegisterFile*, JSC::ExecState*, JSC::JSGlobalData*) (JITCode.h:115)
==4981== by 0xADBD715: JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::ScopeChainNode*, JSC::JSObject*) (Interpreter.cpp:1002)
==4981== by 0xAE702D3: JSC::evaluate(JSC::ExecState*, JSC::ScopeChainNode*, JSC::SourceCode const&, JSC::JSValue, JSC::JSValue*) (Completion.cpp:70)
==4981== by 0x718BA2C: WebCore::JSMainThreadExecState::evaluate(JSC::ExecState*, JSC::ScopeChainNode*, JSC::SourceCode const&, JSC::JSValue, JSC::JSValue*) (JSMainThreadExecState.h:58)
==4981== by 0x71C1935: WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld*) (ScriptController.cpp:146)
==4981== by 0x71C1A39: WebCore::ScriptController::evaluate(WebCore::ScriptSourceCode const&) (ScriptController.cpp:163)
==4981== by 0x73F4CD9: WebCore::ScriptElement::executeScript(WebCore::ScriptSourceCode const&) (ScriptElement.cpp:301)
==4981==
ASSERTION FAILED: !callLinkInfo->isLinked()
../../Source/JavaScriptCore/jit/JIT.cpp(717) : static void JSC::JIT::linkFor(JSC::JSFunction*, JSC::CodeBlock*, JSC::CodeBlock*, JSC::AbstractMacroAssembler<JSC::X86Assembler>::CodePtr, JSC::CallLinkInfo*, JSC::JSGlobalData*, JSC::CodeSpecializationKind)
==4981== Conditional jump or move depends on uninitialised value(s)
==4981== at 0x134E119C: ??? (in /lib/x86_64-linux-gnu/libgcc_s.so.1)
==4981== by 0x134E21CC: _Unwind_Backtrace (in /lib/x86_64-linux-gnu/libgcc_s.so.1)
==4981== by 0xEA76C3D: backtrace (backtrace.c:91)
==4981== by 0xAEF8F7B: WTFGetBacktrace (Assertions.cpp:168)
==4981== by 0xAEF8FAB: WTFReportBacktrace (Assertions.cpp:197)
==4981== by 0xADD30A1: JSC::JIT::linkFor(JSC::JSFunction*, JSC::CodeBlock*, JSC::CodeBlock*, JSC::MacroAssemblerCodePtr, JSC::CallLinkInfo*, JSC::JSGlobalData*, JSC::CodeSpecializationKind) (JIT.cpp:717)
==4981== by 0xADF4380: JSC::lazyLinkFor(JSC::ExecState*, JSC::CodeSpecializationKind) (JITStubs.cpp:2304)
==4981== by 0xADEADC4: cti_vm_lazyLinkCall (JITStubs.cpp:2314)
==4981== by 0xADE6603: JSC::JITThunks::tryCacheGetByID(JSC::ExecState*, JSC::CodeBlock*, JSC::ReturnAddressPtr, JSC::JSValue, JSC::Identifier const&, JSC::PropertySlot const&, JSC::StructureStubInfo*) (JITStubs.cpp:952)
==4981== by 0x7FEFFDB5F: ???
==4981== by 0x2728951F: ???
==4981== by 0x420DE1F: ???
==4981==
==4981== Conditional jump or move depends on uninitialised value(s)
==4981== at 0x134E35F7: ??? (in /lib/x86_64-linux-gnu/libgcc_s.so.1)
==4981== by 0xEA982E5: dl_iterate_phdr (dl-iteratephdr.c:75)
==4981== by 0x134E3CE5: _Unwind_Find_FDE (in /lib/x86_64-linux-gnu/libgcc_s.so.1)
==4981== by 0x134E11BF: ??? (in /lib/x86_64-linux-gnu/libgcc_s.so.1)
==4981== by 0x134E21CC: _Unwind_Backtrace (in /lib/x86_64-linux-gnu/libgcc_s.so.1)
==4981== by 0xEA76C3D: backtrace (backtrace.c:91)
==4981== by 0xAEF8F7B: WTFGetBacktrace (Assertions.cpp:168)
==4981== by 0xAEF8FAB: WTFReportBacktrace (Assertions.cpp:197)
==4981== by 0xADD30A1: JSC::JIT::linkFor(JSC::JSFunction*, JSC::CodeBlock*, JSC::CodeBlock*, JSC::MacroAssemblerCodePtr, JSC::CallLinkInfo*, JSC::JSGlobalData*, JSC::CodeSpecializationKind) (JIT.cpp:717)
==4981== by 0xADF4380: JSC::lazyLinkFor(JSC::ExecState*, JSC::CodeSpecializationKind) (JITStubs.cpp:2304)
==4981== by 0xADEADC4: cti_vm_lazyLinkCall (JITStubs.cpp:2314)
==4981== by 0xADE6603: JSC::JITThunks::tryCacheGetByID(JSC::ExecState*, JSC::CodeBlock*, JSC::ReturnAddressPtr, JSC::JSValue, JSC::Identifier const&, JSC::PropertySlot const&, JSC::StructureStubInfo*) (JITStubs.cpp:952)
==4981==
==4981== Conditional jump or move depends on uninitialised value(s)
==4981== at 0x134E35FC: ??? (in /lib/x86_64-linux-gnu/libgcc_s.so.1)
==4981== by 0xEA982E5: dl_iterate_phdr (dl-iteratephdr.c:75)
==4981== by 0x134E3CE5: _Unwind_Find_FDE (in /lib/x86_64-linux-gnu/libgcc_s.so.1)
==4981== by 0x134E11BF: ??? (in /lib/x86_64-linux-gnu/libgcc_s.so.1)
==4981== by 0x134E21CC: _Unwind_Backtrace (in /lib/x86_64-linux-gnu/libgcc_s.so.1)
==4981== by 0xEA76C3D: backtrace (backtrace.c:91)
==4981== by 0xAEF8F7B: WTFGetBacktrace (Assertions.cpp:168)
==4981== by 0xAEF8FAB: WTFReportBacktrace (Assertions.cpp:197)
==4981== by 0xADD30A1: JSC::JIT::linkFor(JSC::JSFunction*, JSC::CodeBlock*, JSC::CodeBlock*, JSC::MacroAssemblerCodePtr, JSC::CallLinkInfo*, JSC::JSGlobalData*, JSC::CodeSpecializationKind) (JIT.cpp:717)
==4981== by 0xADF4380: JSC::lazyLinkFor(JSC::ExecState*, JSC::CodeSpecializationKind) (JITStubs.cpp:2304)
==4981== by 0xADEADC4: cti_vm_lazyLinkCall (JITStubs.cpp:2314)
==4981== by 0xADE6603: JSC::JITThunks::tryCacheGetByID(JSC::ExecState*, JSC::CodeBlock*, JSC::ReturnAddressPtr, JSC::JSValue, JSC::Identifier const&, JSC::PropertySlot const&, JSC::StructureStubInfo*) (JITStubs.cpp:952)
==4981==
==4981== Conditional jump or move depends on uninitialised value(s)
==4981== at 0x134E3505: ??? (in /lib/x86_64-linux-gnu/libgcc_s.so.1)
==4981== by 0xEA982E5: dl_iterate_phdr (dl-iteratephdr.c:75)
==4981== by 0x134E3CE5: _Unwind_Find_FDE (in /lib/x86_64-linux-gnu/libgcc_s.so.1)
==4981== by 0x134E11BF: ??? (in /lib/x86_64-linux-gnu/libgcc_s.so.1)
==4981== by 0x134E21CC: _Unwind_Backtrace (in /lib/x86_64-linux-gnu/libgcc_s.so.1)
==4981== by 0xEA76C3D: backtrace (backtrace.c:91)
==4981== by 0xAEF8F7B: WTFGetBacktrace (Assertions.cpp:168)
==4981== by 0xAEF8FAB: WTFReportBacktrace (Assertions.cpp:197)
==4981== by 0xADD30A1: JSC::JIT::linkFor(JSC::JSFunction*, JSC::CodeBlock*, JSC::CodeBlock*, JSC::MacroAssemblerCodePtr, JSC::CallLinkInfo*, JSC::JSGlobalData*, JSC::CodeSpecializationKind) (JIT.cpp:717)
==4981== by 0xADF4380: JSC::lazyLinkFor(JSC::ExecState*, JSC::CodeSpecializationKind) (JITStubs.cpp:2304)
==4981== by 0xADEADC4: cti_vm_lazyLinkCall (JITStubs.cpp:2314)
==4981== by 0xADE6603: JSC::JITThunks::tryCacheGetByID(JSC::ExecState*, JSC::CodeBlock*, JSC::ReturnAddressPtr, JSC::JSValue, JSC::Identifier const&, JSC::PropertySlot const&, JSC::StructureStubInfo*) (JITStubs.cpp:952)
==4981==
==4981== Conditional jump or move depends on uninitialised value(s)
==4981== at 0x134E3533: ??? (in /lib/x86_64-linux-gnu/libgcc_s.so.1)
==4981== by 0xEA982E5: dl_iterate_phdr (dl-iteratephdr.c:75)
==4981== by 0x134E3CE5: _Unwind_Find_FDE (in /lib/x86_64-linux-gnu/libgcc_s.so.1)
==4981== by 0x134E11BF: ??? (in /lib/x86_64-linux-gnu/libgcc_s.so.1)
==4981== by 0x134E21CC: _Unwind_Backtrace (in /lib/x86_64-linux-gnu/libgcc_s.so.1)
==4981== by 0xEA76C3D: backtrace (backtrace.c:91)
==4981== by 0xAEF8F7B: WTFGetBacktrace (Assertions.cpp:168)
==4981== by 0xAEF8FAB: WTFReportBacktrace (Assertions.cpp:197)
==4981== by 0xADD30A1: JSC::JIT::linkFor(JSC::JSFunction*, JSC::CodeBlock*, JSC::CodeBlock*, JSC::MacroAssemblerCodePtr, JSC::CallLinkInfo*, JSC::JSGlobalData*, JSC::CodeSpecializationKind) (JIT.cpp:717)
==4981== by 0xADF4380: JSC::lazyLinkFor(JSC::ExecState*, JSC::CodeSpecializationKind) (JITStubs.cpp:2304)
==4981== by 0xADEADC4: cti_vm_lazyLinkCall (JITStubs.cpp:2314)
==4981== by 0xADE6603: JSC::JITThunks::tryCacheGetByID(JSC::ExecState*, JSC::CodeBlock*, JSC::ReturnAddressPtr, JSC::JSValue, JSC::Identifier const&, JSC::PropertySlot const&, JSC::StructureStubInfo*) (JITStubs.cpp:952)
==4981==
==4981== Use of uninitialised value of size 8
==4981== at 0x134E14B6: ??? (in /lib/x86_64-linux-gnu/libgcc_s.so.1)
==4981== by 0x134E21CC: _Unwind_Backtrace (in /lib/x86_64-linux-gnu/libgcc_s.so.1)
==4981== by 0xEA76C3D: backtrace (backtrace.c:91)
==4981== by 0xAEF8F7B: WTFGetBacktrace (Assertions.cpp:168)
==4981== by 0xAEF8FAB: WTFReportBacktrace (Assertions.cpp:197)
==4981== by 0xADD30A1: JSC::JIT::linkFor(JSC::JSFunction*, JSC::CodeBlock*, JSC::CodeBlock*, JSC::MacroAssemblerCodePtr, JSC::CallLinkInfo*, JSC::JSGlobalData*, JSC::CodeSpecializationKind) (JIT.cpp:717)
==4981== by 0xADF4380: JSC::lazyLinkFor(JSC::ExecState*, JSC::CodeSpecializationKind) (JITStubs.cpp:2304)
==4981== by 0xADEADC4: cti_vm_lazyLinkCall (JITStubs.cpp:2314)
==4981== by 0xADE6603: JSC::JITThunks::tryCacheGetByID(JSC::ExecState*, JSC::CodeBlock*, JSC::ReturnAddressPtr, JSC::JSValue, JSC::Identifier const&, JSC::PropertySlot const&, JSC::StructureStubInfo*) (JITStubs.cpp:952)
==4981== by 0x7FEFFDB5F: ???
==4981== by 0x2728951F: ???
==4981== by 0x420DE1F: ???
==4981==
==4981== Conditional jump or move depends on uninitialised value(s)
==4981== at 0x134E14B9: ??? (in /lib/x86_64-linux-gnu/libgcc_s.so.1)
==4981== by 0x134E21CC: _Unwind_Backtrace (in /lib/x86_64-linux-gnu/libgcc_s.so.1)
==4981== by 0xEA76C3D: backtrace (backtrace.c:91)
==4981== by 0xAEF8F7B: WTFGetBacktrace (Assertions.cpp:168)
==4981== by 0xAEF8FAB: WTFReportBacktrace (Assertions.cpp:197)
==4981== by 0xADD30A1: JSC::JIT::linkFor(JSC::JSFunction*, JSC::CodeBlock*, JSC::CodeBlock*, JSC::MacroAssemblerCodePtr, JSC::CallLinkInfo*, JSC::JSGlobalData*, JSC::CodeSpecializationKind) (JIT.cpp:717)
==4981== by 0xADF4380: JSC::lazyLinkFor(JSC::ExecState*, JSC::CodeSpecializationKind) (JITStubs.cpp:2304)
==4981== by 0xADEADC4: cti_vm_lazyLinkCall (JITStubs.cpp:2314)
==4981== by 0xADE6603: JSC::JITThunks::tryCacheGetByID(JSC::ExecState*, JSC::CodeBlock*, JSC::ReturnAddressPtr, JSC::JSValue, JSC::Identifier const&, JSC::PropertySlot const&, JSC::StructureStubInfo*) (JITStubs.cpp:952)
==4981== by 0x7FEFFDB5F: ???
==4981== by 0x2728951F: ???
==4981== by 0x420DE1F: ???
==4981==
==4981== Conditional jump or move depends on uninitialised value(s)
==4981== at 0xEA76B61: backtrace_helper (backtrace.c:68)
==4981== by 0x134E219C: _Unwind_Backtrace (in /lib/x86_64-linux-gnu/libgcc_s.so.1)
==4981== by 0xEA76C3D: backtrace (backtrace.c:91)
==4981== by 0xAEF8F7B: WTFGetBacktrace (Assertions.cpp:168)
==4981== by 0xAEF8FAB: WTFReportBacktrace (Assertions.cpp:197)
==4981== by 0xADD30A1: JSC::JIT::linkFor(JSC::JSFunction*, JSC::CodeBlock*, JSC::CodeBlock*, JSC::MacroAssemblerCodePtr, JSC::CallLinkInfo*, JSC::JSGlobalData*, JSC::CodeSpecializationKind) (JIT.cpp:717)
==4981== by 0xADF4380: JSC::lazyLinkFor(JSC::ExecState*, JSC::CodeSpecializationKind) (JITStubs.cpp:2304)
==4981== by 0xADEADC4: cti_vm_lazyLinkCall (JITStubs.cpp:2314)
==4981== by 0xADE6603: JSC::JITThunks::tryCacheGetByID(JSC::ExecState*, JSC::CodeBlock*, JSC::ReturnAddressPtr, JSC::JSValue, JSC::Identifier const&, JSC::PropertySlot const&, JSC::StructureStubInfo*) (JITStubs.cpp:952)
==4981== by 0x7FEFFDB5F: ???
==4981== by 0x2728951F: ???
==4981== by 0x420DE1F: ???
==4981==
==4981== Conditional jump or move depends on uninitialised value(s)
==4981== at 0xAEF906A: WTFReportBacktrace (Assertions.cpp:199)
==4981== by 0xADD30A1: JSC::JIT::linkFor(JSC::JSFunction*, JSC::CodeBlock*, JSC::CodeBlock*, JSC::MacroAssemblerCodePtr, JSC::CallLinkInfo*, JSC::JSGlobalData*, JSC::CodeSpecializationKind) (JIT.cpp:717)
==4981== by 0xADF4380: JSC::lazyLinkFor(JSC::ExecState*, JSC::CodeSpecializationKind) (JITStubs.cpp:2304)
==4981== by 0xADEADC4: cti_vm_lazyLinkCall (JITStubs.cpp:2314)
==4981== by 0xADE6603: JSC::JITThunks::tryCacheGetByID(JSC::ExecState*, JSC::CodeBlock*, JSC::ReturnAddressPtr, JSC::JSValue, JSC::Identifier const&, JSC::PropertySlot const&, JSC::StructureStubInfo*) (JITStubs.cpp:952)
==4981== by 0x7FEFFDB5F: ???
==4981== by 0x2728951F: ???
==4981== by 0x420DE1F: ???
==4981== by 0x2729959F: ???
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list