[Webkit-unassigned] [Bug 117605] New: [ARM] Assertion failure on maps.google.com

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Jun 13 11:11:07 PDT 2013 

https://bugs.webkit.org/show_bug.cgi?id=117605

           Summary: [ARM] Assertion failure on maps.google.com
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Unspecified
        OS/Version: All
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: ctruta at gmail.com


The following failure occurs on Linux (tested on armel/Qt) and on QNX ARM, while loading the desktop version of Google Maps:

ASSERTION FAILED: !(forNode(edge).m_type & ~typeFilterFor(edge.useKind()))
~/WebKit/Source/JavaScriptCore/dfg/DFGAbstractState.cpp(263) : void JSC::DFG::AbstractState::verifyEdge(JSC::DFG::Node*, JSC::DFG::Edge)

Program received signal SIGSEGV, Segmentation fault.
0x73e8249a in WTFCrash () from ~/WebKit/WebKitBuild/Debug/lib/libWTF.so.1
(gdb) bt
#0  0x73e8249a in WTFCrash () from ~/WebKit/WebKitBuild/Debug/lib/libWTF.so.1
#1  0x73893218 in JSC::DFG::AbstractState::verifyEdge (this=0x7effcd18, edge=...)
    at ~/WebKit/Source/JavaScriptCore/dfg/DFGAbstractState.cpp:263
#2  0x73893342 in JSC::DFG::AbstractState::verifyEdges (this=0x7effcd18, node=0x6ec70688)
    at ~/WebKit/Source/JavaScriptCore/dfg/DFGAbstractState.cpp:268
#3  0x7389341c in JSC::DFG::AbstractState::executeEffects (this=0x7effcd18, indexInBlock=18, node=0x6ec70688)
    at ~/WebKit/Source/JavaScriptCore/dfg/DFGAbstractState.cpp:274
#4  0x73897b26 in JSC::DFG::AbstractState::executeEffects (this=0x7effcd18, indexInBlock=18)
    at ~/WebKit/Source/JavaScriptCore/dfg/DFGAbstractState.cpp:1569
#5  0x7391bbc8 in JSC::DFG::SpeculativeJIT::compile (this=0x7effc800, block=...)
    at ~/WebKit/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:1833
#6  0x7391c0c4 in JSC::DFG::SpeculativeJIT::compile (this=0x7effc800)
    at ~/WebKit/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:1913
#7  0x738ef5a4 in JSC::DFG::JITCompiler::compileBody (this=0x7effdb70, speculative=...)
    at ~/WebKit/Source/JavaScriptCore/dfg/DFGJITCompiler.cpp:108
#8  0x738f03ac in JSC::DFG::JITCompiler::compileFunction (this=0x7effdb70, entry=..., entryWithArityCheck=...)
    at ~/WebKit/Source/JavaScriptCore/dfg/DFGJITCompiler.cpp:302
#9  0x738e0f9c in JSC::DFG::compile (compileMode=JSC::DFG::CompileFunction, exec=0x70b98de0, codeBlock=0xcd3188, 
    jitCode=..., jitCodeWithArityCheck=0x6ea4a0c4, osrEntryBytecodeIndex=0)
    at ~/WebKit/Source/JavaScriptCore/dfg/DFGDriver.cpp:164
#10 0x738e092c in JSC::DFG::tryCompileFunction (exec=0x70b98de0, codeBlock=0xcd3188, jitCode=..., 
    jitCodeWithArityCheck=..., bytecodeIndex=0)
    at ~/WebKit/Source/JavaScriptCore/dfg/DFGDriver.cpp:182
#11 0x73a3df06 in JSC::jitCompileFunctionIfAppropriate (exec=0x70b98de0, codeBlock=..., jitCode=..., 
    jitCodeWithArityCheck=..., jitType=JSC::JITCode::DFGJIT, bytecodeIndex=0, effort=JSC::JITCompilationCanFail)
    at ~/WebKit/Source/JavaScriptCore/jit/JITDriver.h:95
#12 0x73a3e112 in JSC::prepareFunctionForExecution (exec=0x70b98de0, codeBlock=..., jitCode=..., 
    jitCodeWithArityCheck=..., jitType=JSC::JITCode::DFGJIT, bytecodeIndex=0, kind=JSC::CodeForCall)
    at ~/WebKit/Source/JavaScriptCore/runtime/ExecutionHarness.h:68
#13 0x73a3c994 in JSC::FunctionExecutable::compileForCallInternal (this=0x6ea4a098, exec=0x70b98de0, 
    scope=0x6ed1efb8, jitType=JSC::JITCode::DFGJIT, bytecodeIndex=0)
    at ~/WebKit/Source/JavaScriptCore/runtime/Executable.cpp:539
#14 0x73a3c39a in JSC::FunctionExecutable::compileOptimizedForCall (this=0x6ea4a098, exec=0x70b98de0, 
    scope=0x6ed1efb8, bytecodeIndex=0)
    at ~/WebKit/Source/JavaScriptCore/runtime/Executable.cpp:464
#15 0x737f5912 in JSC::FunctionExecutable::compileOptimizedFor (this=0x6ea4a098, exec=0x70b98de0, scope=0x6ed1efb8, 
    bytecodeIndex=0, kind=JSC::CodeForCall)
    at ~/WebKit/Source/JavaScriptCore/runtime/Executable.h:679
#16 0x737f00ec in JSC::FunctionCodeBlock::compileOptimized (this=0xbdcb80, exec=0x70b98de0, scope=0x6ed1efb8, 
    bytecodeIndex=0) at ~/WebKit/Source/JavaScriptCore/bytecode/CodeBlock.cpp:2843
#17 0x739a7e8c in JSC::JITStubThunked_optimize (args=0x7effe138)
    at ~/WebKit/Source/JavaScriptCore/jit/JITStubs.cpp:1964
#18 0x739a7dcc in cti_optimize () at ~/WebKit/Source/JavaScriptCore/jit/JITStubs.cpp:1895
#19 0x739a5894 in JSC::tryCacheGetByID (callFrame=0x7effe1e8, codeBlock=0x6ee0920c, returnAddress=..., baseValue=..., 
    propertyName=..., slot=..., stubInfo=0x0)
    at ~/WebKit/Source/JavaScriptCore/jit/JITStubs.cpp:1068
#20 0x00000000 in ?? ()

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list