[Webkit-unassigned] [Bug 96184] New: [GTK][Stable] Crash in JSC::DFG::SpeculativeJIT::speculateArray(JSC::DFG::Array::Mode, JSC::DFG::Edge, JSC::X86Registers::RegisterID)

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sat Sep 8 09:55:26 PDT 2012 

https://bugs.webkit.org/show_bug.cgi?id=96184

           Summary: [GTK][Stable] Crash in
                    JSC::DFG::SpeculativeJIT::speculateArray(JSC::DFG::Arr
                    ay::Mode, JSC::DFG::Edge,
                    JSC::X86Registers::RegisterID)
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Unspecified
        OS/Version: Unspecified
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P2
         Component: WebKit Gtk
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: plaes at plaes.org


Webkit-gtk-1.9.91, epiphany on x86. Getting it on twitter page (logged in):

(gdb) bt
#0  0xb53aef5e in JSC::DFG::SpeculativeJIT::speculateArray(JSC::DFG::Array::Mode, JSC::DFG::Edge, JSC::X86Registers::RegisterID) () from /usr/lib/libjavascriptcoregtk-3.0.so.0
#1  0xb538d18c in JSC::DFG::SpeculativeJIT::compile(JSC::DFG::Node&) () from /usr/lib/libjavascriptcoregtk-3.0.so.0
#2  0xb53b355e in JSC::DFG::SpeculativeJIT::compile(JSC::DFG::BasicBlock&) () from /usr/lib/libjavascriptcoregtk-3.0.so.0
#3  0xb53b3b12 in JSC::DFG::SpeculativeJIT::compile() () from /usr/lib/libjavascriptcoregtk-3.0.so.0
#4  0xb5351ecb in JSC::DFG::JITCompiler::compileBody(JSC::DFG::SpeculativeJIT&) () from /usr/lib/libjavascriptcoregtk-3.0.so.0
#5  0xb535466e in JSC::DFG::JITCompiler::compileFunction(JSC::JITCode&, JSC::MacroAssemblerCodePtr&) () from /usr/lib/libjavascriptcoregtk-3.0.so.0
#6  0xb534ad6e in JSC::DFG::compile(JSC::DFG::CompileMode, JSC::ExecState*, JSC::CodeBlock*, JSC::JITCode&, JSC::MacroAssemblerCodePtr*, unsigned int) [clone .part.194] () from /usr/lib/libjavascriptcoregtk-3.0.so.0
#7  0xb54e6a12 in JSC::FunctionExecutable::compileForCallInternal(JSC::ExecState*, JSC::ScopeChainNode*, JSC::JITCode::JITType, unsigned int) () from /usr/lib/libjavascriptcoregtk-3.0.so.0
#8  0xb54e6b3a in JSC::FunctionExecutable::compileOptimizedForCall(JSC::ExecState*, JSC::ScopeChainNode*, unsigned int) () from /usr/lib/libjavascriptcoregtk-3.0.so.0
#9  0xb52c919d in JSC::FunctionCodeBlock::compileOptimized(JSC::ExecState*, JSC::ScopeChainNode*, unsigned int) () from /usr/lib/libjavascriptcoregtk-3.0.so.0
#10 0xb541fb47 in cti_optimize () from /usr/lib/libjavascriptcoregtk-3.0.so.0
#11 0x8c62e08b in ?? ()
#12 0xb53d9fc9 in JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) () from /usr/lib/libjavascriptcoregtk-3.0.so.0
#13 0xb54d3cf2 in JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) () from /usr/lib/libjavascriptcoregtk-3.0.so.0
#14 0xb67c5152 in WebCore::ScheduledAction::executeFunctionInContext(JSC::JSGlobalObject*, JSC::JSValue, WebCore::ScriptExecutionContext*) () from /usr/lib/libwebkitgtk-3.0.so.0
#15 0xb67c59b7 in WebCore::ScheduledAction::execute(WebCore::Document*) () from /usr/lib/libwebkitgtk-3.0.so.0
#16 0xb67c5a90 in WebCore::ScheduledAction::execute(WebCore::ScriptExecutionContext*) () from /usr/lib/libwebkitgtk-3.0.so.0
#17 0xb6d56d7e in WebCore::DOMTimer::fired() () from /usr/lib/libwebkitgtk-3.0.so.0
#18 0xb6eb443a in WebCore::ThreadTimers::sharedTimerFiredInternal() () from /usr/lib/libwebkitgtk-3.0.so.0
#19 0xb6eb44b5 in WebCore::ThreadTimers::sharedTimerFired() () from /usr/lib/libwebkitgtk-3.0.so.0
#20 0xb787462b in WebCore::timeout_cb(void*) () from /usr/lib/libwebkitgtk-3.0.so.0
#21 0xb58b8d8f in g_timeout_dispatch (source=0x9fe5e30, callback=0xb7874610 <WebCore::timeout_cb(void*)>, user_data=0x0) at gmain.c:4026
#22 0xb58b8038 in g_main_dispatch (context=0x8142e68) at gmain.c:2715
#23 g_main_context_dispatch (context=0x8142e68) at gmain.c:3219
#24 0xb58b83f8 in g_main_context_iterate (dispatch=1, block=-1249090400, context=0x8142e68, self=<optimized out>) at gmain.c:3290
#25 g_main_context_iterate (context=0x8142e68, block=-1249090400, dispatch=1, self=<optimized out>) at gmain.c:3227
#26 0xb58b84dd in g_main_context_iteration (context=0x8142e68, may_block=1) at gmain.c:3351
#27 0xb5afaf0f in g_application_run (application=0x81498f8, argc=1, argv=0xbfffed74) at gapplication.c:1607
#28 0x080710d1 in main (argc=1, argv=0xbfffed74) at ephy-main.c:499

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list