[Webkit-unassigned] [Bug 72906] ASSERT in JSC::cti_op_get_by_id_self_fail
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Nov 21 16:12:02 PST 2011
https://bugs.webkit.org/show_bug.cgi?id=72906
--- Comment #1 from Filip Pizlo <fpizlo at apple.com> 2011-11-21 16:12:02 PST ---
That looks bad! Can you say a little bit about how to reproduce? Like, what website were you on at the time?
(In reply to comment #0)
> r100946, using DFG on x86-64.
>
>
> Program received signal SIGSEGV, Segmentation fault.
> 0x00007ffff3e06890 in JSC::cti_op_get_by_id_self_fail (args=0x7fffffffc0c0) at ../../Source/JavaScriptCore/jit/JITStubs.cpp:1711
> 1711 ASSERT(!stubInfo->stubRoutine);
> (gdb) bt
> #0 0x00007ffff3e06890 in JSC::cti_op_get_by_id_self_fail (args=0x7fffffffc0c0) at ../../Source/JavaScriptCore/jit/JITStubs.cpp:1711
> #1 0x00007ffff3e04534 in JSC::JITThunks::tryCacheGetByID (callFrame=0x2, codeBlock=0x0, returnAddress=..., baseValue=...,
> propertyName=..., slot=..., stubInfo=0x7fff984a08e0) at ../../Source/JavaScriptCore/jit/JITStubs.cpp:952
> #2 0x00007fffffffc0e0 in ?? ()
> #3 0x00007fff984a08e0 in ?? ()
> #4 0x0000000005feeb38 in ?? ()
> #5 0x0000000005feeb00 in ?? ()
> #6 0x00007fff9b818167 in ?? ()
> #7 0x00007ffff3cceef5 in JSC::Register::Register (this=0xe8c78948104d8b48) at ../../Source/JavaScriptCore/interpreter/Register.h:101
> Backtrace stopped: previous frame inner to this frame (corrupt stack?)
> (gdb)
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list