[Webkit-unassigned] [Bug 68222] New: REGRESSION: Assertion failure in DFG::SpeculativeJIT::compile on WebKit Trac

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Sep 15 22:38:15 PDT 2011


https://bugs.webkit.org/show_bug.cgi?id=68222

           Summary: REGRESSION: Assertion failure in
                    DFG::SpeculativeJIT::compile on WebKit Trac
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Macintosh Intel
               URL: https://trac.webkit.org/
        OS/Version: Mac OS X 10.7
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: aroben at apple.com
                CC: webkit-bug-importer at group.apple.com, fpizlo at apple.com


To reproduce:

1. Go to https://trac.webkit.org/

You'll hit this assertion in DFG::SpeculativeJIT::compile:

        ASSERT(m_bytecodeIndexForOSR != nextNode.codeOrigin.bytecodeIndex()
               || (!m_bytecodeIndexForOSR && !nextNode.codeOrigin.bytecodeIndex()));

(gdb) p nextNode
$1 = ('JSC::DFG::Node' &) @0x7fff5fbfae54: {
  op = JSC::DFG::JSConstant, 
  codeOrigin = {
    m_bytecodeIndex = 39
  }, 
  children = {
    fixed = {
      child1 = 4294967295, 
      child2 = 4294967295, 
      child3 = 4294967295
    }, 
    variable = {
      firstChild = 4294967295, 
      numChildren = 4294967295
    }
  }, 
  m_virtualRegister = 5, 
  m_refCount = 1, 
  m_opInfo = 0, 
  m_opInfo2 = 1606392048
}

Here's the backtrace:

#0    0x0000000101cc515e in JSC::DFG::SpeculativeJIT::compile(JSC::DFG::Node&) at /Users/aroben/dev/WebKit/OpenSource/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:778
#1    0x0000000101ccb875 in JSC::DFG::SpeculativeJIT::compile(JSC::DFG::BasicBlock&) ()
#2    0x0000000101ccbdbf in JSC::DFG::SpeculativeJIT::compile() ()
#3    0x0000000101c9f36f in JSC::DFG::JITCompiler::compileBody() ()
#4    0x0000000101ca0426 in JSC::DFG::JITCompiler::compileFunction(JSC::JITCode&, JSC::MacroAssemblerCodePtr&) ()
#5    0x0000000101bdcde1 in JSC::DFG::compile(JSC::DFG::CompileMode, JSC::ExecState*, JSC::ExecState*, JSC::CodeBlock*, JSC::JITCode&, JSC::MacroAssemblerCodePtr*) ()
#6    0x0000000101bdcc6b in JSC::DFG::tryCompileFunction(JSC::ExecState*, JSC::ExecState*, JSC::CodeBlock*, JSC::JITCode&, JSC::MacroAssemblerCodePtr&) ()
#7    0x0000000101cdfb07 in JSC::FunctionExecutable::compileForCallInternal(JSC::ExecState*, JSC::ScopeChainNode*, JSC::ExecState*, JSC::JITCode::JITType) ()
#8    0x0000000101bfb344 in JSC::FunctionExecutable::compileForCall(JSC::ExecState*, JSC::ScopeChainNode*, JSC::ExecState*) ()
#9    0x0000000101cbdde3 in JSC::FunctionExecutable::compileFor(JSC::ExecState*, JSC::ScopeChainNode*, JSC::CodeSpecializationKind) ()
#10    0x0000000101d3cab3 in JSC::lazyLinkFor(JSC::JITStackFrame&, JSC::CodeSpecializationKind) ()
#11    0x0000000101d30c4c in cti_vm_lazyLinkCall ()
#12    0x0000000101d3a9e0 in jscGeneratedNativeCode ()
#13    0x0000000101cfd2a9 in JSC::JITCode::execute(JSC::RegisterFile*, JSC::ExecState*, JSC::JSGlobalData*) ()
#14    0x0000000101cf6302 in JSC::Interpreter::execute(JSC::EvalExecutable*, JSC::ExecState*, JSC::JSValue, int, JSC::ScopeChainNode*) ()
#15    0x0000000101cf5999 in JSC::Interpreter::callEval(JSC::ExecState*, JSC::RegisterFile*, JSC::Register*, int, int) ()
#16    0x0000000101d37e05 in cti_op_call_eval ()
#17    0x0000000101d3a9e0 in jscGeneratedNativeCode ()
#18    0x0000000101cfd2a9 in JSC::JITCode::execute(JSC::RegisterFile*, JSC::ExecState*, JSC::JSGlobalData*) ()
#19    0x0000000101cf9098 in JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::ScopeChainNode*, JSC::JSObject*) ()
#20    0x0000000101c5cb1f in JSC::evaluate(JSC::ExecState*, JSC::ScopeChainNode*, JSC::SourceCode const&, JSC::JSValue, JSC::JSValue*) ()
#21    0x00000001053794d1 in WebCore::JSMainThreadExecState::evaluate(JSC::ExecState*, JSC::ScopeChainNode*, JSC::SourceCode const&, JSC::JSValue, JSC::JSValue*) ()
#22    0x0000000105a05552 in WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld*) at /Users/aroben/dev/WebKit/OpenSource/Source/WebCore/bindings/js/ScriptController.cpp:144
#23    0x0000000105a056a9 in WebCore::ScriptController::evaluate(WebCore::ScriptSourceCode const&) ()
#24    0x0000000105a1b113 in WebCore::ScriptElement::executeScript(WebCore::ScriptSourceCode const&) ()
#25    0x0000000104fb2d45 in WebCore::HTMLScriptRunner::executePendingScriptAndDispatchEvent(WebCore::PendingScript&) ()
#26    0x0000000104fb2b6a in WebCore::HTMLScriptRunner::executeParsingBlockingScript() ()
#27    0x0000000104fb347a in WebCore::HTMLScriptRunner::executeParsingBlockingScripts() ()
#28    0x0000000104fb3609 in WebCore::HTMLScriptRunner::executeScriptsWaitingForLoad(WebCore::CachedResource*) ()
#29    0x0000000104f3a35c in WebCore::HTMLDocumentParser::notifyFinished(WebCore::CachedResource*) ()
#30    0x0000000104f3a3fc in non-virtual thunk to WebCore::HTMLDocumentParser::notifyFinished(WebCore::CachedResource*) ()
#31    0x000000010495951d in WebCore::CachedResource::checkNotify() ()
#32    0x000000010497177d in WebCore::CachedScript::data(WTF::PassRefPtr<WebCore::SharedBuffer>, bool) ()
#33    0x000000010496ffc9 in WebCore::CachedResourceRequest::didFinishLoading(WebCore::SubresourceLoader*, double) ()
#34    0x0000000105aea8f8 in WebCore::SubresourceLoader::didFinishLoading(double) ()
#35    0x00000001059cc2dc in WebCore::ResourceLoader::didFinishLoading(WebCore::ResourceHandle*, double) ()
#36    0x00000001059c8ba7 in -[WebCoreResourceHandleAsDelegate connectionDidFinishLoading:] ()

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.



More information about the webkit-unassigned mailing list