[Webkit-unassigned] [Bug 119405] New: REGRESSION(FTL merge): Assertion fail on 32 bit with enabled DFG JIT

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Aug 1 11:56:53 PDT 2013


https://bugs.webkit.org/show_bug.cgi?id=119405

           Summary: REGRESSION(FTL merge): Assertion fail on 32 bit with
                    enabled DFG JIT
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Unspecified
        OS/Version: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: ossy at webkit.org
        Depends on: 119140


STDERR: ASSERTION FAILED: currentLowest != NUM_REGS && currentSpillOrder != SpillHintInvalid
STDERR: /home/webkitbuildbot/oszi/WebKit/Source/JavaScriptCore/dfg/DFGRegisterBank.h(136) : JSC::DFG::RegisterBank<BankInfo>::RegID JSC::DFG::RegisterBank<BankInfo>::allocate(JSC::VirtualRegister&) [with BankInfo = JSC::DFG::GPRInfo, JSC::DFG::RegisterBank<BankInfo>::RegID = JSC::X86Registers::RegisterID]

Program terminated with signal 11, Segmentation fault.
#0  0xf59e9618 in WTFCrash () at /home/webkitbuildbot/oszi/WebKit/Source/WTF/wtf/Assertions.cpp:339
339         *(int *)(uintptr_t)0xbbadbeef = 0;
(gdb)
(gdb) bt
#0  0xf59e9618 in WTFCrash () at /home/webkitbuildbot/oszi/WebKit/Source/WTF/wtf/Assertions.cpp:339
#1  0xf57f53b6 in JSC::DFG::RegisterBank<JSC::DFG::GPRInfo>::allocate(JSC::VirtualRegister&) ()
    at /home/webkitbuildbot/oszi/WebKit/Source/WTF/wtf/PrintStream.h:59
#2  0xf57f0368 in JSC::DFG::SpeculativeJIT::allocate() () at /home/webkitbuildbot/oszi/WebKit/Source/WTF/wtf/PrintStream.h:59
#3  0xf57d5ff3 in JSC::DFG::GPRTemporary::GPRTemporary (this=0xfff8ee64, jit=0x83094f0)
    at /home/webkitbuildbot/oszi/WebKit/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:1214
#4  0xf57da30f in JSC::DFG::SpeculativeJIT::compileGetByValOnString (this=0x83094f0, node=0xeb8b04ac)
    at /home/webkitbuildbot/oszi/WebKit/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:2137
#5  0xf58118c8 in JSC::DFG::SpeculativeJIT::compile(JSC::DFG::Node*) ()
    at /home/webkitbuildbot/oszi/WebKit/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp:2665
#6  0xf57d878e in JSC::DFG::SpeculativeJIT::compileCurrentBlock (this=0x83094f0)
    at /home/webkitbuildbot/oszi/WebKit/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:1804
#7  0xf57d8e38 in JSC::DFG::SpeculativeJIT::compile (this=0x83094f0) at /home/webkitbuildbot/oszi/WebKit/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:1918
#8  0xf579d2e0 in JSC::DFG::JITCompiler::compileBody (this=0xfff91454) at /home/webkitbuildbot/oszi/WebKit/Source/JavaScriptCore/dfg/DFGJITCompiler.cpp:117
#9  0xf579ed95 in JSC::DFG::JITCompiler::compileFunction (this=0xfff91454)
    at /home/webkitbuildbot/oszi/WebKit/Source/JavaScriptCore/dfg/DFGJITCompiler.cpp:382
#10 0xf57c2649 in JSC::DFG::Plan::compileInThreadImpl (this=0x83285b0, longLivedState=0x827f790)
    at /home/webkitbuildbot/oszi/WebKit/Source/JavaScriptCore/dfg/DFGPlan.cpp:256
#11 0xf57c214e in JSC::DFG::Plan::compileInThread (this=0x83285b0, longLivedState=0x827f790)
    at /home/webkitbuildbot/oszi/WebKit/Source/JavaScriptCore/dfg/DFGPlan.cpp:113
#12 0xf578524d in JSC::DFG::compile (compileMode=CompileFunction, exec=0xe9d001f8, codeBlock=0x83035f8, jitCode=0xec23ea9c,
    jitCodeWithArityCheck=0xec23eaa4, osrEntryBytecodeIndex=<unknown type>) at /home/webkitbuildbot/oszi/WebKit/Source/JavaScriptCore/dfg/DFGDriver.cpp:128
#13 0xf57852f2 in JSC::DFG::tryCompileFunction (exec=0xe9d001f8, codeBlock=0x83035f8, jitCode=0xec23ea9c, jitCodeWithArityCheck=0xec23eaa4,
    bytecodeIndex=<unknown type>) at /home/webkitbuildbot/oszi/WebKit/Source/JavaScriptCore/dfg/DFGDriver.cpp:139
#14 0xf5933125 in JSC::jitCompileFunctionIfAppropriateImpl(JSC::ExecState*, JSC::FunctionCodeBlock*, WTF::RefPtr<JSC::JITCode>&, JSC::MacroAssemblerCodePtr&, JSC::JITCode::JITType, unsigned int, JSC::JITCompilationEffort) () at /home/webkitbuildbot/oszi/WebKit/Source/JavaScriptCore/bytecode/SpeculatedType.h:272
#15 0xf593346b in JSC::prepareFunctionForExecutionImpl(JSC::ExecState*, JSC::FunctionCodeBlock*, WTF::RefPtr<JSC::JITCode>&, JSC::MacroAssemblerCodePtr&, JSC::JITCode::JITType, unsigned int, JSC::CodeSpecializationKind) () at /home/webkitbuildbot/oszi/WebKit/Source/JavaScriptCore/bytecode/SpeculatedType.h:272
#16 0xf59334ad in JSC::prepareFunctionForExecution(JSC::ExecState*, WTF::RefPtr<JSC::FunctionCodeBlock>&, JSC::FunctionCodeBlock*, WTF::RefPtr<JSC::JITCode>&, JSC::MacroAssemblerCodePtr&, int&, JSC::JITCode::JITType, unsigned int, JSC::CodeSpecializationKind) ()
    at /home/webkitbuildbot/oszi/WebKit/Source/JavaScriptCore/bytecode/SpeculatedType.h:272
#17 0xf59318c2 in JSC::FunctionExecutable::compileForCallInternal (this=0xec23ea88, exec=0xe9d001f8, scope=0xedc9fa38, jitType=DFGJIT, result=0xfff91db4,
    bytecodeIndex=<unknown type>) at /home/webkitbuildbot/oszi/WebKit/Source/JavaScriptCore/runtime/Executable.cpp:561
#18 0xf5931185 in JSC::FunctionExecutable::compileOptimizedForCall (this=0xec23ea88, exec=0xe9d001f8, scope=0xedc9fa38, result=0xfff91db4,
    bytecodeIndex=<unknown type>) at /home/webkitbuildbot/oszi/WebKit/Source/JavaScriptCore/runtime/Executable.cpp:480
#19 0xf567a218 in JSC::FunctionExecutable::compileOptimizedFor(JSC::ExecState*, JSC::JSScope*, JSC::CompilationResult&, unsigned int, JSC::CodeSpecializationKind) () at /home/webkitbuildbot/oszi/WebKit/Source/WTF/wtf/PrintStream.h:59
#20 0xf5674f9a in JSC::FunctionCodeBlock::compileOptimized (this=0x8314ff8, exec=0xe9d001f8, scope=0xedc9fa38, result=0xfff91db4,
    bytecodeIndex=<unknown type>) at /home/webkitbuildbot/oszi/WebKit/Source/JavaScriptCore/bytecode/CodeBlock.cpp:2730
#21 0xf588492d in cti_optimize (args=0xfff91e10) at /home/webkitbuildbot/oszi/WebKit/Source/JavaScriptCore/jit/JITStubs.cpp:1044
#22 0xf5881c61 in JSC::tryCacheGetByID (callFrame=0xee619460, codeBlock=0x827d76c, returnAddress=..., baseValue=..., propertyName=0x8274780,
    slot=0xfff91e98, stubInfo=0xf584e076) at /home/webkitbuildbot/oszi/WebKit/Source/JavaScriptCore/jit/JITStubs.cpp:274
#23 0xfff91e2c in ?? ()
#24 0xf586392a in JSC::JITCode::execute (this=0x8320a00, stack=0x827d76c, callFrame=0xe9d001a0, vm=0x8274780)
    at /home/webkitbuildbot/oszi/WebKit/Source/JavaScriptCore/jit/JITCode.cpp:46
#25 0xf584d40f in JSC::Interpreter::execute (this=0x827d760, eval=0xec23e9d8, callFrame=0xe9d00148, thisValue=..., scope=0xeb83cd50)
    at /home/webkitbuildbot/oszi/WebKit/Source/JavaScriptCore/interpreter/Interpreter.cpp:1208
#26 0xf584849d in JSC::eval (callFrame=0xe9d00148) at /home/webkitbuildbot/oszi/WebKit/Source/JavaScriptCore/interpreter/Interpreter.cpp:148
#27 0xf588875e in cti_op_call_eval (args=0xfff92900) at /home/webkitbuildbot/oszi/WebKit/Source/JavaScriptCore/jit/JITStubs.cpp:1965
#28 0xf5881c61 in JSC::tryCacheGetByID (callFrame=0xef986fc0, codeBlock=0x827d76c, returnAddress=..., baseValue=..., propertyName=0x8274780,
    slot=0xfff92988, stubInfo=0xf584e1d4) at /home/webkitbuildbot/oszi/WebKit/Source/JavaScriptCore/jit/JITStubs.cpp:274
#29 0xe9d00058 in ?? ()
#30 0xf586392a in JSC::JITCode::execute (this=0x831b0e8, stack=0x827d76c, callFrame=0xe9d00058, vm=0x8274780)
    at /home/webkitbuildbot/oszi/WebKit/Source/JavaScriptCore/jit/JITCode.cpp:46
#31 0xf584bb7e in JSC::Interpreter::execute (this=0x827d760, program=0xec23eae0, callFrame=0xedc9fa8c, thisObj=0xedcdffd8)
    at /home/webkitbuildbot/oszi/WebKit/Source/JavaScriptCore/interpreter/Interpreter.cpp:856
#32 0xf5925768 in JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, JSC::JSValue*) ()
    at /home/webkitbuildbot/oszi/WebKit/Source/JavaScriptCore/runtime/Completion.cpp:83
#33 0xf435e490 in WebCore::JSMainThreadExecState::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, JSC::JSValue*) ()
    at /home/webkitbuildbot/oszi/WebKit/Source/WTF/wtf/PassOwnArrayPtr.h:83
#34 0xf437b621 in WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld*) ()
---Type <return> to continue, or q <return> to quit---
    at /home/webkitbuildbot/oszi/WebKit/Source/WTF/wtf/PassOwnArrayPtr.h:83
#35 0xf437b71a in WebCore::ScriptController::evaluate(WebCore::ScriptSourceCode const&) ()
    at /home/webkitbuildbot/oszi/WebKit/Source/WTF/wtf/PassOwnArrayPtr.h:83
#36 0xf462e936 in WebCore::ScriptElement::executeScript(WebCore::ScriptSourceCode const&) ()
    at /home/webkitbuildbot/oszi/WebKit/Source/WTF/wtf/PassOwnArrayPtr.h:83
#37 0xf47bfbcf in WebCore::HTMLScriptRunner::executePendingScriptAndDispatchEvent(WebCore::PendingScript&) ()
    at /home/webkitbuildbot/oszi/WebKit/Source/WTF/wtf/PassOwnArrayPtr.h:83
#38 0xf47bfa44 in WebCore::HTMLScriptRunner::executeParsingBlockingScript() () at /home/webkitbuildbot/oszi/WebKit/Source/WTF/wtf/PassOwnArrayPtr.h:83
#39 0xf47bfedb in WebCore::HTMLScriptRunner::executeParsingBlockingScripts() () at /home/webkitbuildbot/oszi/WebKit/Source/WTF/wtf/PassOwnArrayPtr.h:83
#40 0xf47c003e in WebCore::HTMLScriptRunner::executeScriptsWaitingForLoad(WebCore::CachedResource*) ()
    at /home/webkitbuildbot/oszi/WebKit/Source/WTF/wtf/PassOwnArrayPtr.h:83
#41 0xf47b1f17 in WebCore::HTMLDocumentParser::notifyFinished(WebCore::CachedResource*) ()
    at /home/webkitbuildbot/oszi/WebKit/Source/WTF/wtf/PassOwnArrayPtr.h:83
#42 0xf49005c9 in WebCore::CachedResource::checkNotify (this=0x82e2f80)
    at /home/webkitbuildbot/oszi/WebKit/Source/WebCore/loader/cache/CachedResource.cpp:369
#43 0xf49006b1 in WebCore::CachedResource::finishLoading (this=0x82e2f80)
    at /home/webkitbuildbot/oszi/WebKit/Source/WebCore/loader/cache/CachedResource.cpp:385
#44 0xf49081b4 in WebCore::CachedScript::finishLoading(WebCore::ResourceBuffer*) () at /home/webkitbuildbot/oszi/WebKit/Source/WTF/wtf/PageBlock.h:72
#45 0xf4959af0 in WebCore::SubresourceLoader::didFinishLoading (this=0x82e3320, finishTime=0)
    at /home/webkitbuildbot/oszi/WebKit/Source/WebCore/loader/SubresourceLoader.cpp:282
#46 0xf4950ee1 in WebCore::ResourceLoader::didFinishLoading(WebCore::ResourceHandle*, double) ()
    at /home/webkitbuildbot/oszi/WebKit/Source/WTF/wtf/PageBlock.h:72
#47 0xf4d9a0b8 in WebCore::QNetworkReplyHandler::finish() () at /usr/include/c++/4.6/bits/stl_algobase.h:218
#48 0xf4d98da0 in WebCore::QNetworkReplyHandlerCallQueue::flush() () at /usr/include/c++/4.6/bits/stl_algobase.h:218
#49 0xf4d98aec in WebCore::QNetworkReplyHandlerCallQueue::push(void (WebCore::QNetworkReplyHandler::*)()) () at /usr/include/c++/4.6/bits/stl_algobase.h:218
#50 0xf4d999a8 in WebCore::QNetworkReplyWrapper::didReceiveFinished() () at /usr/include/c++/4.6/bits/stl_algobase.h:218
#51 0xf4d9c09c in WebCore::QNetworkReplyWrapper::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) ()
    at /usr/include/c++/4.6/bits/stl_algobase.h:218
#52 0xf2f8b9ad in QMetaObject::activate(QObject*, int, int, void**) () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Core.so.5
#53 0xf2f8c3cb in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Core.so.5
#54 0xf3679fd5 in QNetworkReply::finished() () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Network.so.5
#55 0xf367a250 in ?? () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Network.so.5
#56 0xf2f89b53 in QMetaCallEvent::placeMetaCall(QObject*) () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Core.so.5
#57 0xf2f8d062 in QObject::event(QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Core.so.5
#58 0xf37c0e34 in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Widgets.so.5
#59 0xf37c4844 in QApplication::notify(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Widgets.so.5
#60 0xf2f62eee in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Core.so.5
#61 0xf2f650b4 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Core.so.5
#62 0xf2f6560c in QCoreApplication::sendPostedEvents(QObject*, int) () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Core.so.5
#63 0xf2fb02c4 in ?? () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Core.so.5
#64 0xf224bcda in g_main_context_dispatch () from /lib/i386-linux-gnu/libglib-2.0.so.0
#65 0xf224c0e5 in ?? () from /lib/i386-linux-gnu/libglib-2.0.so.0
#66 0xf224c1c1 in g_main_context_iteration () from /lib/i386-linux-gnu/libglib-2.0.so.0
#67 0xf2fb06d8 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Core.so.5
#68 0xef9cf036 in ?? () from /usr/local/Trolltech/Qt5/Qt-5.0.1/plugins/platforms/libqxcb.so
#69 0xf2f61726 in QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Core.so.5
#70 0xf2f61b64 in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Core.so.5
#71 0xf2f656b2 in QCoreApplication::exec() () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Core.so.5
#72 0xf3218984 in QGuiApplication::exec() () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Gui.so.5
#73 0xf37bbfe4 in QApplication::exec() () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Widgets.so.5
#74 0x0807b8db in main () at /usr/include/c++/4.6/bits/move.h:83
#75 0xf2a7e4d3 in __libc_start_main () from /lib/i386-linux-gnu/libc.so.6
#76 0x080599d1 in _start ()

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.



More information about the webkit-unassigned mailing list