[Webkit-unassigned] [Bug 94999] New: Crash in JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sat Aug 25 03:02:40 PDT 2012 

https://bugs.webkit.org/show_bug.cgi?id=94999

           Summary: Crash in
                    JSC::DFG::SpeculativeJIT::compileGetIndexedPropertySto
                    rage
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Unspecified
               URL: http://jsplumb.org/jquery/demo.html
        OS/Version: Unspecified
            Status: UNCONFIRMED
          Severity: Major
          Priority: P2
         Component: JavaScriptCore
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: plaes at plaes.org


I'm getting following crash when playing around (just moving the boxes around) with the demo at http://jsplumb.org/jquery/demo.html:

#0  0x00007ffff0cd6e60 in JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage(JSC::DFG::Node&) () from /usr/lib64/libjavascriptcoregtk-3.0.so.0
#1  0x00007ffff0cb8019 in JSC::DFG::SpeculativeJIT::compile(JSC::DFG::Node&) ()
   from /usr/lib64/libjavascriptcoregtk-3.0.so.0
#2  0x00007ffff0cda9c5 in JSC::DFG::SpeculativeJIT::compile(JSC::DFG::BasicBlock&) ()
   from /usr/lib64/libjavascriptcoregtk-3.0.so.0
#3  0x00007ffff0cdb012 in JSC::DFG::SpeculativeJIT::compile() ()
   from /usr/lib64/libjavascriptcoregtk-3.0.so.0
#4  0x00007ffff0c849ba in JSC::DFG::JITCompiler::compileFunction(JSC::JITCode&, JSC::MacroAssemblerCodePtr&) () from /usr/lib64/libjavascriptcoregtk-3.0.so.0
#5  0x00007ffff0c7abbb in JSC::DFG::compile(JSC::DFG::CompileMode, JSC::ExecState*, JSC::CodeBlock*, JSC::JITCode&, JSC::MacroAssemblerCodePtr*, unsigned int) [clone .part.192] ()
   from /usr/lib64/libjavascriptcoregtk-3.0.so.0
#6  0x00007ffff0df5e34 in JSC::FunctionExecutable::compileForCallInternal(JSC::ExecState*, JSC::ScopeChainNode*, JSC::JITCode::JITType, unsigned int) ()
   from /usr/lib64/libjavascriptcoregtk-3.0.so.0
#7  0x00007ffff0d3ad90 in cti_optimize () from /usr/lib64/libjavascriptcoregtk-3.0.so.0
#8  0x00007fff9c0df9ed in ?? ()



WebKitGtk 1.9.90/Epiphany-3.5.90 on x86-64.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list