[Webkit-unassigned] [Bug 120007] New: [sh4] ASSERTION FAILED in JIT

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Aug 19 05:50:00 PDT 2013 

https://bugs.webkit.org/show_bug.cgi?id=120007

           Summary: [sh4] ASSERTION FAILED in JIT
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Unspecified
        OS/Version: Unspecified
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: yannick.poirier at inverto.tv
                CC: jbrianceau at nds.com


I'm facing these assertion failure when launching peacekeeper ( http://peacekeeper.futuremark.com/ )
Webkit -r154268, sh4 JIT + DFG enabled.

ASSERTION FAILED: callee != callLinkInfo->callee.get()
webkit/Source/JavaScriptCore/jit/JITStubs.cpp(1340) : void* JSC::JITStubThunked_vm_lazyLinkClosureCall(void**)

#0  WTFCrash ()    at webkit/Source/WTF/wtf/Assertions.cpp:338
#1  0x2a2deae6 in JITStubThunked_vm_lazyLinkClosureCall    (args=0x59675918)
    at webkit/Source/JavaScriptCore/jit/JITStubs.cpp:1340
#2  0x2a2de8e8 in cti_vm_lazyLinkClosureCall ()    at webkit/Source/JavaScriptCore/jit/JITStubs.cpp:1322


ASSERTION FAILED: isUndefinedOrNull()
webkit/Source/JavaScriptCore/runtime/JSCJSValue.cpp(110) : JSC::JSObject* JSC::JSValue::synthesizePrototype(JSC::ExecState*) const

#0  WTFCrash () at /home/ypo/work/git/webkit/Source/WTF/wtf/Assertions.cpp:338
#1  0x29fbe6aa in JSC::JSValue::synthesizePrototype (this=0x596766e0, exec=0x6103e6f0)
    at webkit/Source/JavaScriptCore/runtime/JSCJSValue.cpp:110
#2  0x2a2265c8 in JSC::JSValue::get (this=0x596766e0, exec=0x6103e6f0, propertyName=..., slot=...)
    at webkit/Source/JavaScriptCore/runtime/JSCJSValueInlines.h:636
#3  0x2a2264bc in JSC::JSValue::get (this=0x596766e0, exec=0x6103e6f0, propertyName=...)
    at webkit/Source/JavaScriptCore/runtime/JSCJSValueInlines.h:625
#4  0x2a2e0286 in getByVal (callFrame=0x6103e6f0, baseValue=..., subscript=..., returnAddress=...)
    at webkit/Source/JavaScriptCore/jit/JITStubs.cpp:1556
#5  0x2a2e0814 in JITStubThunked_op_get_by_val_generic (args=0x5967676c)
    at webkit/Source/JavaScriptCore/jit/JITStubs.cpp:1616
#6  0x2a2e0750 in cti_op_get_by_val_generic () at webkit/Source/JavaScriptCore/jit/JITStubs.cpp:1605


Then peacekeeper test doesn't start anymore.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list