[Webkit-unassigned] [Bug 68222] New: REGRESSION: Assertion failure in DFG::SpeculativeJIT::compile on WebKit Trac
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Sep 15 22:38:15 PDT 2011
https://bugs.webkit.org/show_bug.cgi?id=68222
Summary: REGRESSION: Assertion failure in
DFG::SpeculativeJIT::compile on WebKit Trac
Product: WebKit
Version: 528+ (Nightly build)
Platform: Macintosh Intel
URL: https://trac.webkit.org/
OS/Version: Mac OS X 10.7
Status: NEW
Severity: Normal
Priority: P2
Component: JavaScriptCore
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: aroben at apple.com
CC: webkit-bug-importer at group.apple.com, fpizlo at apple.com
To reproduce:
1. Go to https://trac.webkit.org/
You'll hit this assertion in DFG::SpeculativeJIT::compile:
ASSERT(m_bytecodeIndexForOSR != nextNode.codeOrigin.bytecodeIndex()
|| (!m_bytecodeIndexForOSR && !nextNode.codeOrigin.bytecodeIndex()));
(gdb) p nextNode
$1 = ('JSC::DFG::Node' &) @0x7fff5fbfae54: {
op = JSC::DFG::JSConstant,
codeOrigin = {
m_bytecodeIndex = 39
},
children = {
fixed = {
child1 = 4294967295,
child2 = 4294967295,
child3 = 4294967295
},
variable = {
firstChild = 4294967295,
numChildren = 4294967295
}
},
m_virtualRegister = 5,
m_refCount = 1,
m_opInfo = 0,
m_opInfo2 = 1606392048
}
Here's the backtrace:
#0 0x0000000101cc515e in JSC::DFG::SpeculativeJIT::compile(JSC::DFG::Node&) at /Users/aroben/dev/WebKit/OpenSource/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:778
#1 0x0000000101ccb875 in JSC::DFG::SpeculativeJIT::compile(JSC::DFG::BasicBlock&) ()
#2 0x0000000101ccbdbf in JSC::DFG::SpeculativeJIT::compile() ()
#3 0x0000000101c9f36f in JSC::DFG::JITCompiler::compileBody() ()
#4 0x0000000101ca0426 in JSC::DFG::JITCompiler::compileFunction(JSC::JITCode&, JSC::MacroAssemblerCodePtr&) ()
#5 0x0000000101bdcde1 in JSC::DFG::compile(JSC::DFG::CompileMode, JSC::ExecState*, JSC::ExecState*, JSC::CodeBlock*, JSC::JITCode&, JSC::MacroAssemblerCodePtr*) ()
#6 0x0000000101bdcc6b in JSC::DFG::tryCompileFunction(JSC::ExecState*, JSC::ExecState*, JSC::CodeBlock*, JSC::JITCode&, JSC::MacroAssemblerCodePtr&) ()
#7 0x0000000101cdfb07 in JSC::FunctionExecutable::compileForCallInternal(JSC::ExecState*, JSC::ScopeChainNode*, JSC::ExecState*, JSC::JITCode::JITType) ()
#8 0x0000000101bfb344 in JSC::FunctionExecutable::compileForCall(JSC::ExecState*, JSC::ScopeChainNode*, JSC::ExecState*) ()
#9 0x0000000101cbdde3 in JSC::FunctionExecutable::compileFor(JSC::ExecState*, JSC::ScopeChainNode*, JSC::CodeSpecializationKind) ()
#10 0x0000000101d3cab3 in JSC::lazyLinkFor(JSC::JITStackFrame&, JSC::CodeSpecializationKind) ()
#11 0x0000000101d30c4c in cti_vm_lazyLinkCall ()
#12 0x0000000101d3a9e0 in jscGeneratedNativeCode ()
#13 0x0000000101cfd2a9 in JSC::JITCode::execute(JSC::RegisterFile*, JSC::ExecState*, JSC::JSGlobalData*) ()
#14 0x0000000101cf6302 in JSC::Interpreter::execute(JSC::EvalExecutable*, JSC::ExecState*, JSC::JSValue, int, JSC::ScopeChainNode*) ()
#15 0x0000000101cf5999 in JSC::Interpreter::callEval(JSC::ExecState*, JSC::RegisterFile*, JSC::Register*, int, int) ()
#16 0x0000000101d37e05 in cti_op_call_eval ()
#17 0x0000000101d3a9e0 in jscGeneratedNativeCode ()
#18 0x0000000101cfd2a9 in JSC::JITCode::execute(JSC::RegisterFile*, JSC::ExecState*, JSC::JSGlobalData*) ()
#19 0x0000000101cf9098 in JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::ScopeChainNode*, JSC::JSObject*) ()
#20 0x0000000101c5cb1f in JSC::evaluate(JSC::ExecState*, JSC::ScopeChainNode*, JSC::SourceCode const&, JSC::JSValue, JSC::JSValue*) ()
#21 0x00000001053794d1 in WebCore::JSMainThreadExecState::evaluate(JSC::ExecState*, JSC::ScopeChainNode*, JSC::SourceCode const&, JSC::JSValue, JSC::JSValue*) ()
#22 0x0000000105a05552 in WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld*) at /Users/aroben/dev/WebKit/OpenSource/Source/WebCore/bindings/js/ScriptController.cpp:144
#23 0x0000000105a056a9 in WebCore::ScriptController::evaluate(WebCore::ScriptSourceCode const&) ()
#24 0x0000000105a1b113 in WebCore::ScriptElement::executeScript(WebCore::ScriptSourceCode const&) ()
#25 0x0000000104fb2d45 in WebCore::HTMLScriptRunner::executePendingScriptAndDispatchEvent(WebCore::PendingScript&) ()
#26 0x0000000104fb2b6a in WebCore::HTMLScriptRunner::executeParsingBlockingScript() ()
#27 0x0000000104fb347a in WebCore::HTMLScriptRunner::executeParsingBlockingScripts() ()
#28 0x0000000104fb3609 in WebCore::HTMLScriptRunner::executeScriptsWaitingForLoad(WebCore::CachedResource*) ()
#29 0x0000000104f3a35c in WebCore::HTMLDocumentParser::notifyFinished(WebCore::CachedResource*) ()
#30 0x0000000104f3a3fc in non-virtual thunk to WebCore::HTMLDocumentParser::notifyFinished(WebCore::CachedResource*) ()
#31 0x000000010495951d in WebCore::CachedResource::checkNotify() ()
#32 0x000000010497177d in WebCore::CachedScript::data(WTF::PassRefPtr<WebCore::SharedBuffer>, bool) ()
#33 0x000000010496ffc9 in WebCore::CachedResourceRequest::didFinishLoading(WebCore::SubresourceLoader*, double) ()
#34 0x0000000105aea8f8 in WebCore::SubresourceLoader::didFinishLoading(double) ()
#35 0x00000001059cc2dc in WebCore::ResourceLoader::didFinishLoading(WebCore::ResourceHandle*, double) ()
#36 0x00000001059c8ba7 in -[WebCoreResourceHandleAsDelegate connectionDidFinishLoading:] ()
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list