[Webkit-unassigned] [Bug 119440] New: REGRESSION(r153612): It made jsc and layout tests crash

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Aug 2 05:41:53 PDT 2013 

https://bugs.webkit.org/show_bug.cgi?id=119440

           Summary: REGRESSION(r153612): It made jsc and layout tests
                    crash
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Critical
          Priority: P1
         Component: JavaScriptCore
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: ossy at webkit.org
                CC: ggaren at apple.com, oliver at apple.com,
                    barraclough at apple.com, msaboff at apple.com,
                    fpizlo at apple.com, mhahnenberg at apple.com,
                    mark.lam at apple.com
            Blocks: 119140


After http://trac.webkit.org/changeset/153612 jsc and layout tests
started to crash on 64 bit bit in debug mode. (at least on Qt)

Here is a GDB backtrace on r153636:

 gdb --args ../../../../WebKitBuild/Debug/bin/jsc -s  -f ./ecma/shell.js -f ./ecma/Boolean/15.6.4.2-4-n.js
GNU gdb (Ubuntu/Linaro 7.4-2012.04-0ubuntu2.1) 7.4-2012.04
Copyright (C) 2012 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
For bug reporting instructions, please see:
<http://bugs.launchpad.net/gdb-linaro/>...
Reading symbols from /home/webkitbuildbot/oszi/WebKit/WebKitBuild/Debug/bin/jsc...done.
(gdb) run
Starting program: /home/webkitbuildbot/oszi/WebKit/WebKitBuild/Debug/bin/jsc -s -f ./ecma/shell.js -f ./ecma/Boolean/15.6.4.2-4-n.js
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[New Thread 0x7fffb4309700 (LWP 29393)]
[New Thread 0x7fffb3ae9700 (LWP 29394)]
[New Thread 0x7fffb32e8700 (LWP 29395)]
[New Thread 0x7fffb2ae7700 (LWP 29396)]
[New Thread 0x7fffb22e6700 (LWP 29397)]
[New Thread 0x7fffb1ae5700 (LWP 29398)]
[New Thread 0x7fffb12e4700 (LWP 29399)]
15.6.4.2-4-n Boolean.prototype.toString()

Program received signal SIGSEGV, Segmentation fault.
0x00007fffb06e4160 in ?? ()
(gdb) bt
#0  0x00007fffb06e4160 in ?? ()
#1  0x00007fffffffb550 in ?? ()
#2  0x000000000068efcb in JSC::JSStack::installTrapsAfterFrame (this=0x0, frame=0x0)
    at /home/webkitbuildbot/oszi/WebKit/Source/JavaScriptCore/interpreter/JSStackInlines.h:212
#3  0x00000000006a0682 in JSC::JITCode::execute (this=0x1024bb0, stack=0xff2668, callFrame=0x7fffb06e4160, vm=0xfe1730)
    at /home/webkitbuildbot/oszi/WebKit/Source/JavaScriptCore/jit/JITCode.cpp:46
#4  0x000000000068c9e3 in JSC::Interpreter::execute (this=0xff2650, eval=0x7ffff7e3fdf0, callFrame=0x7fffb06e4108, thisValue=..., scope=0x7fffb05fffc8)
    at /home/webkitbuildbot/oszi/WebKit/Source/JavaScriptCore/interpreter/Interpreter.cpp:1208
#5  0x0000000000687609 in JSC::eval (callFrame=0x7fffb06e4108) at /home/webkitbuildbot/oszi/WebKit/Source/JavaScriptCore/interpreter/Interpreter.cpp:148
#6  0x00000000006dace6 in JSC::LLInt::llint_slow_path_call_eval (exec=0x7fffb06e40a0, pc=0x1026fc8)
    at /home/webkitbuildbot/oszi/WebKit/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp:1109
#7  0x0000000000ab5737 in llint_op_call_eval ()
#8  0x00007fffffffca80 in ?? ()
#9  0x000000000068efcb in JSC::JSStack::installTrapsAfterFrame (this=0x0, frame=0x0)
    at /home/webkitbuildbot/oszi/WebKit/Source/JavaScriptCore/interpreter/JSStackInlines.h:212
#10 0x00000000006a0682 in JSC::JITCode::execute (this=0x101c760, stack=0xff2668, callFrame=0x7fffb06e4058, vm=0xfe1730)
    at /home/webkitbuildbot/oszi/WebKit/Source/JavaScriptCore/jit/JITCode.cpp:46
#11 0x000000000068af4f in JSC::Interpreter::execute (this=0xff2650, program=0x7ffff7e3fe70, callFrame=0x7ffff7f7f8e0, thisObj=0x7ffff7e7feb0)
    at /home/webkitbuildbot/oszi/WebKit/Source/JavaScriptCore/interpreter/Interpreter.cpp:856
#12 0x00000000007728fd in JSC::evaluate (exec=0x7ffff7f7f8e0, source=..., thisValue=..., returnedException=0x7fffffffe080)
    at /home/webkitbuildbot/oszi/WebKit/Source/JavaScriptCore/runtime/Completion.cpp:83
#13 0x000000000040ff8c in runWithScripts (globalObject=0x7ffff7f7f870, scripts=..., dump=false)
    at /home/webkitbuildbot/oszi/WebKit/Source/JavaScriptCore/jsc.cpp:596
#14 0x0000000000410c97 in jscmain (argc=6, argv=0x7fffffffe348) at /home/webkitbuildbot/oszi/WebKit/Source/JavaScriptCore/jsc.cpp:812
#15 0x000000000040fd68 in main (argc=6, argv=0x7fffffffe348) at /home/webkitbuildbot/oszi/WebKit/Source/JavaScriptCore/jsc.cpp:554
(gdb)

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list