[Webkit-unassigned] [Bug 96184] [GTK][Stable] Crash in JSC::DFG::SpeculativeJIT::speculateArray(JSC::DFG::Array::Mode, JSC::DFG::Edge, JSC::X86Registers::RegisterID)

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Sep 11 05:51:30 PDT 2012 

https://bugs.webkit.org/show_bug.cgi?id=96184





--- Comment #4 from Priit Laes (IRC: plaes) <plaes at plaes.org>  2012-09-11 05:51:54 PST ---
After applying 04c1974fb3141d7af2ec6123ab884016d10a1d4e it crashes like this:

Program received signal SIGSEGV, Segmentation fault.
0xb51f0ba9 in JSC::ArrayProfile::computeUpdatedPrediction(JSC::OperationInProgress) () from /usr/lib/libjavascriptcoregtk-3.0.so.0
(gdb) bt
#0  0xb51f0ba9 in JSC::ArrayProfile::computeUpdatedPrediction(JSC::OperationInProgress) () from /usr/lib/libjavascriptcoregtk-3.0.so.0
#1  0xb52526c6 in JSC::DFG::ByteCodeParser::handleIntrinsic(bool, int, JSC::Intrinsic, int, int, unsigned int) () from /usr/lib/libjavascriptcoregtk-3.0.so.0
#2  0xb525635a in JSC::DFG::ByteCodeParser::handleCall(JSC::Interpreter*, JSC::Instruction*, JSC::DFG::NodeType, JSC::CodeSpecializationKind) () from /usr/lib/libjavascriptcoregtk-3.0.so.0
#3  0xb52591b4 in JSC::DFG::ByteCodeParser::parseBlock(unsigned int) () from /usr/lib/libjavascriptcoregtk-3.0.so.0
#4  0xb525ac4b in JSC::DFG::ByteCodeParser::parseCodeBlock() () from /usr/lib/libjavascriptcoregtk-3.0.so.0
#5  0xb525b2f7 in JSC::DFG::ByteCodeParser::parse() () from /usr/lib/libjavascriptcoregtk-3.0.so.0
#6  0xb525bc7c in JSC::DFG::parse(JSC::ExecState*, JSC::DFG::Graph&) () from /usr/lib/libjavascriptcoregtk-3.0.so.0
#7  0xb5272bc1 in JSC::DFG::compile(JSC::DFG::CompileMode, JSC::ExecState*, JSC::CodeBlock*, JSC::JITCode&, JSC::MacroAssemblerCodePtr*, unsigned int) [clone .part.189] () from /usr/lib/libjavascriptcoregtk-3.0.so.0
#8  0xb540fa62 in JSC::FunctionExecutable::compileForCallInternal(JSC::ExecState*, JSC::ScopeChainNode*, JSC::JITCode::JITType, unsigned int) () from /usr/lib/libjavascriptcoregtk-3.0.so.0
#9  0xb540fb8a in JSC::FunctionExecutable::compileOptimizedForCall(JSC::ExecState*, JSC::ScopeChainNode*, unsigned int) () from /usr/lib/libjavascriptcoregtk-3.0.so.0
#10 0xb51f138d in JSC::FunctionCodeBlock::compileOptimized(JSC::ExecState*, JSC::ScopeChainNode*, unsigned int) () from /usr/lib/libjavascriptcoregtk-3.0.so.0
#11 0xb5348b97 in cti_optimize () from /usr/lib/libjavascriptcoregtk-3.0.so.0
#12 0xa63b63db in ?? ()
#13 0xb5304704 in JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::ScopeChainNode*, JSC::JSObject*) () from /usr/lib/libjavascriptcoregtk-3.0.so.0
#14 0xb53fe292 in JSC::evaluate(JSC::ExecState*, JSC::ScopeChainNode*, JSC::SourceCode const&, JSC::JSValue, JSC::JSValue*) () from /usr/lib/libjavascriptcoregtk-3.0.so.0
#15 0xb67cadab in WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld*) () from /usr/lib/libwebkitgtk-3.0.so.0
#16 0xb67cb44b in WebCore::ScriptController::evaluate(WebCore::ScriptSourceCode const&) () from /usr/lib/libwebkitgtk-3.0.so.0
#17 0xb69923de in WebCore::ScriptElement::executeScript(WebCore::ScriptSourceCode const&) () from /usr/lib/libwebkitgtk-3.0.so.0
#18 0xb6995b71 in WebCore::ScriptElement::prepareScript(WTF::TextPosition const&, WebCore::ScriptElement::LegacyTypeSupport) () from /usr/lib/libwebkitgtk-3.0.so.0
#19 0xb6b691cd in WebCore::HTMLScriptRunner::runScript(WebCore::Element*, WTF::TextPosition const&) () from /usr/lib/libwebkitgtk-3.0.so.0
#20 0xb6b69c0d in WebCore::HTMLScriptRunner::execute(WTF::PassRefPtr<WebCore::Element>, WTF::TextPosition const&) () from /usr/lib/libwebkitgtk-3.0.so.0
#21 0xb6b5321d in WebCore::HTMLDocumentParser::runScriptsForPausedTreeBuilder() () from /usr/lib/libwebkitgtk-3.0.so.0
#22 0xb6b532d8 in WebCore::HTMLDocumentParser::canTakeNextToken(WebCore::HTMLDocumentParser::SynchronousMode, WebCore::PumpSession&) () from /usr/lib/libwebkitgtk-3.0.so.0
#23 0xb6b5346b in WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode) () from /usr/lib/libwebkitgtk-3.0.so.0
#24 0xb6b5427f in WebCore::HTMLDocumentParser::resumeParsingAfterYield() () from /usr/lib/libwebkitgtk-3.0.so.0
#25 0xb6b66015 in WebCore::HTMLParserScheduler::continueNextChunkTimerFired(WebCore::Timer<WebCore::HTMLParserScheduler>*) () from /usr/lib/libwebkitgtk-3.0.so.0
#26 0xb6b662c7 in WebCore::Timer<WebCore::HTMLParserScheduler>::fired() () from /usr/lib/libwebkitgtk-3.0.so.0
#27 0xb6eb443a in WebCore::ThreadTimers::sharedTimerFiredInternal() () from /usr/lib/libwebkitgtk-3.0.so.0
#28 0xb6eb44b5 in WebCore::ThreadTimers::sharedTimerFired() () from /usr/lib/libwebkitgtk-3.0.so.0
#29 0xb787462b in WebCore::timeout_cb(void*) () from /usr/lib/libwebkitgtk-3.0.so.0
#30 0xb57e0d8f in g_timeout_dispatch (source=0x9f02148, callback=0xb7874610 <WebCore::timeout_cb(void*)>, user_data=0x0) at gmain.c:4026
#31 0xb57e0038 in g_main_dispatch (context=0x8149538) at gmain.c:2715
#32 g_main_context_dispatch (context=0x8149538) at gmain.c:3219
#33 0xb57e03f8 in g_main_context_iterate (dispatch=1, block=-1249975136, context=0x8149538, self=<optimized out>) at gmain.c:3290
#34 g_main_context_iterate (context=0x8149538, block=-1249975136, dispatch=1, self=<optimized out>) at gmain.c:3227
#35 0xb57e04dd in g_main_context_iteration (context=0x8149538, may_block=1) at gmain.c:3351
#36 0xb5a22f0f in g_application_run (application=0x8145928, argc=1, argv=0xbfffed54) at gapplication.c:1607
#37 0x080710d1 in main (argc=1, argv=0xbfffed54) at ephy-main.c:499

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list