[Webkit-unassigned] [Bug 112106] New: REGRESSION(r144131): It made fast/js/regress/string-repeat-arith.html assert on 32 bit
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Mar 11 23:25:32 PDT 2013
https://bugs.webkit.org/show_bug.cgi?id=112106
Summary: REGRESSION(r144131): It made
fast/js/regress/string-repeat-arith.html assert on 32
bit
Product: WebKit
Version: 528+ (Nightly build)
Platform: All
OS/Version: All
Status: NEW
Keywords: Qt, QtTriaged
Severity: Normal
Priority: P1
Component: JavaScriptCore
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: ossy at webkit.org
CC: oliver at apple.com, fpizlo at apple.com,
mhahnenberg at apple.com, zarvai at inf.u-szeged.hu,
kadam at inf.u-szeged.hu
Blocks: 79668,110433
r144131 made fast/js/regress/string-repeat-arith.html assert on 32 bit,
for example on Qt 32 bit debug bot. Here is a GDB backtrace to help
fixing the regression:
$ gdb WebKitBuild/Debug/bin/DumpRenderTree
GNU gdb (Ubuntu/Linaro 7.4-2012.02-0ubuntu2) 7.4-2012.02
Copyright (C) 2012 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "i686-linux-gnu".
For bug reporting instructions, please see:
<http://bugs.launchpad.net/gdb-linaro/>...
Reading symbols from /home/oszi/WebKit/WebKitBuild/Debug/bin/DumpRenderTree...done.
(gdb) run LayoutTests/fast/js/regress/string-repeat-arith.html
Starting program: /home/oszi/WebKit/WebKitBuild/Debug/bin/DumpRenderTree LayoutTests/fast/js/regress/string-repeat-arith.html
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
[New Thread 0xf00cab40 (LWP 16009)]
[New Thread 0xef6ffb40 (LWP 16011)]
[Thread 0xef6ffb40 (LWP 16011) exited]
[New Thread 0xef6ffb40 (LWP 16012)]
[New Thread 0xee860b40 (LWP 16013)]
ASSERTION FAILED: m_isCheckingArgumentTypes || m_canExit
/home/oszi/WebKit/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp(308) : void JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution(JSC::ExitKind, JSC::DFG::JSValueRegs, JSC::DFG::Node*)
1 0xf608ce7e /home/oszi/WebKit/WebKitBuild/Debug/lib/libQt5WebKit.so.5(+0x1b97e7e) [0xf608ce7e]
2 0xf6094354 /home/oszi/WebKit/WebKitBuild/Debug/lib/libQt5WebKit.so.5(+0x1b9f354) [0xf6094354]
3 0xf60945e1 /home/oszi/WebKit/WebKitBuild/Debug/lib/libQt5WebKit.so.5(+0x1b9f5e1) [0xf60945e1]
4 0xf60be070 /home/oszi/WebKit/WebKitBuild/Debug/lib/libQt5WebKit.so.5(+0x1bc9070) [0xf60be070]
5 0xf60925e2 /home/oszi/WebKit/WebKitBuild/Debug/lib/libQt5WebKit.so.5(+0x1b9d5e2) [0xf60925e2]
6 0xf6092ce6 /home/oszi/WebKit/WebKitBuild/Debug/lib/libQt5WebKit.so.5(+0x1b9dce6) [0xf6092ce6]
7 0xf605e757 /home/oszi/WebKit/WebKitBuild/Debug/lib/libQt5WebKit.so.5(+0x1b69757) [0xf605e757]
8 0xf605f641 /home/oszi/WebKit/WebKitBuild/Debug/lib/libQt5WebKit.so.5(+0x1b6a641) [0xf605f641]
9 0xf60508a3 /home/oszi/WebKit/WebKitBuild/Debug/lib/libQt5WebKit.so.5(+0x1b5b8a3) [0xf60508a3]
10 0xf605009e /home/oszi/WebKit/WebKitBuild/Debug/lib/libQt5WebKit.so.5(+0x1b5b09e) [0xf605009e]
11 0xf61e4e48 /home/oszi/WebKit/WebKitBuild/Debug/lib/libQt5WebKit.so.5(+0x1cefe48) [0xf61e4e48]
12 0xf61e527b /home/oszi/WebKit/WebKitBuild/Debug/lib/libQt5WebKit.so.5(+0x1cf027b) [0xf61e527b]
13 0xf61e1145 /home/oszi/WebKit/WebKitBuild/Debug/lib/libQt5WebKit.so.5(+0x1cec145) [0xf61e1145]
14 0xf61e0e15 /home/oszi/WebKit/WebKitBuild/Debug/lib/libQt5WebKit.so.5(+0x1cebe15) [0xf61e0e15]
15 0xf5f4cf3a /home/oszi/WebKit/WebKitBuild/Debug/lib/libQt5WebKit.so.5(+0x1a57f3a) [0xf5f4cf3a]
16 0xf6136696 /home/oszi/WebKit/WebKitBuild/Debug/lib/libQt5WebKit.so.5(+0x1c41696) [0xf6136696]
17 0xf61334fe /home/oszi/WebKit/WebKitBuild/Debug/lib/libQt5WebKit.so.5(+0x1c3e4fe) [0xf61334fe]
18 0x81735b0 [0x81735b0]
19 0xf60fdc27 /home/oszi/WebKit/WebKitBuild/Debug/lib/libQt5WebKit.so.5(+0x1c08c27) [0xf60fdc27]
20 0xf60fb4d5 /home/oszi/WebKit/WebKitBuild/Debug/lib/libQt5WebKit.so.5(+0x1c064d5) [0xf60fb4d5]
21 0xf61d7d64 /home/oszi/WebKit/WebKitBuild/Debug/lib/libQt5WebKit.so.5(_ZN3JSC8evaluateEPNS_9ExecStateERKNS_10SourceCodeENS_7JSValueEPS5_+0x213) [0xf61d7d64]
22 0xf4af6112 /home/oszi/WebKit/WebKitBuild/Debug/lib/libQt5WebKit.so.5(+0x601112) [0xf4af6112]
23 0xf4b13459 /home/oszi/WebKit/WebKitBuild/Debug/lib/libQt5WebKit.so.5(+0x61e459) [0xf4b13459]
24 0xf4b1356a /home/oszi/WebKit/WebKitBuild/Debug/lib/libQt5WebKit.so.5(+0x61e56a) [0xf4b1356a]
25 0xf4e134c6 /home/oszi/WebKit/WebKitBuild/Debug/lib/libQt5WebKit.so.5(+0x91e4c6) [0xf4e134c6]
26 0xf4fb456a /home/oszi/WebKit/WebKitBuild/Debug/lib/libQt5WebKit.so.5(+0xabf56a) [0xf4fb456a]
27 0xf4fb43c8 /home/oszi/WebKit/WebKitBuild/Debug/lib/libQt5WebKit.so.5(+0xabf3c8) [0xf4fb43c8]
28 0xf4fb48d5 /home/oszi/WebKit/WebKitBuild/Debug/lib/libQt5WebKit.so.5(+0xabf8d5) [0xf4fb48d5]
29 0xf4fb489c /home/oszi/WebKit/WebKitBuild/Debug/lib/libQt5WebKit.so.5(+0xabf89c) [0xf4fb489c]
30 0xf4fa46e7 /home/oszi/WebKit/WebKitBuild/Debug/lib/libQt5WebKit.so.5(+0xaaf6e7) [0xf4fa46e7]
31 0xf4fa47e6 /home/oszi/WebKit/WebKitBuild/Debug/lib/libQt5WebKit.so.5(+0xaaf7e6) [0xf4fa47e6]
Program received signal SIGSEGV, Segmentation fault.
0xf608ce88 in JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution (this=0xffffa1e8, kind=Uncountable, jsValueRegs=..., node=0x0)
at /home/oszi/WebKit/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:308
308 ASSERT(m_isCheckingArgumentTypes || m_canExit);
(gdb) bt
#0 0xf608ce88 in JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution (this=0xffffa1e8, kind=Uncountable, jsValueRegs=..., node=0x0)
at /home/oszi/WebKit/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:308
#1 0xf6094354 in JSC::DFG::SpeculativeJIT::checkGeneratedTypeForToInt32 (this=0xffffa1e8, node=0xede20984)
at /home/oszi/WebKit/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:2102
#2 0xf60945e1 in JSC::DFG::SpeculativeJIT::compileValueToInt32 (this=0xffffa1e8, node=0xede20f6c)
at /home/oszi/WebKit/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:2152
#3 0xf60be070 in JSC::DFG::SpeculativeJIT::compile(JSC::DFG::Node*) () at /home/oszi/WebKit/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp:2187
#4 0xf60925e2 in JSC::DFG::SpeculativeJIT::compile (this=0xffffa1e8, block=0x8196a00)
at /home/oszi/WebKit/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:1757
#5 0xf6092ce6 in JSC::DFG::SpeculativeJIT::compile (this=0xffffa1e8) at /home/oszi/WebKit/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:1875
#6 0xf605e757 in JSC::DFG::JITCompiler::compileBody (this=0xffffb454, speculative=0xffffa1e8)
at /home/oszi/WebKit/Source/JavaScriptCore/dfg/DFGJITCompiler.cpp:108
#7 0xf605f641 in JSC::DFG::JITCompiler::compile (this=0xffffb454, entry=0xedeaeb4c) at /home/oszi/WebKit/Source/JavaScriptCore/dfg/DFGJITCompiler.cpp:250
#8 0xf60508a3 in JSC::DFG::compile(JSC::DFG::CompileMode, JSC::ExecState*, JSC::CodeBlock*, JSC::JITCode&, JSC::MacroAssemblerCodePtr*, unsigned int) ()
at /home/oszi/WebKit/Source/WTF/wtf/PrintStream.h:58
#9 0xf605009e in JSC::DFG::tryCompile (exec=0xee900058, codeBlock=0x8178340, jitCode=0xedeaeb4c, bytecodeIndex=<unknown type>)
at /home/oszi/WebKit/Source/JavaScriptCore/dfg/DFGDriver.cpp:172
#10 0xf61e4e48 in bool JSC::jitCompileIfAppropriate<JSC::ProgramCodeBlock>(JSC::ExecState*, WTF::OwnPtr<JSC::ProgramCodeBlock>&, JSC::JITCode&, JSC::JITCode::JITType, unsigned int, JSC::JITCompilationEffort) () at /home/oszi/WebKit/Source/JavaScriptCore/bytecode/SpeculatedType.h:260
#11 0xf61e527b in bool JSC::prepareForExecution<JSC::ProgramCodeBlock>(JSC::ExecState*, WTF::OwnPtr<JSC::ProgramCodeBlock>&, JSC::JITCode&, JSC::JITCode::JITType, unsigned int) () at /home/oszi/WebKit/Source/JavaScriptCore/bytecode/SpeculatedType.h:260
#12 0xf61e1145 in JSC::ProgramExecutable::compileInternal (this=0xedeaeb38, exec=0xee900058, scope=0xeee5f838, jitType=DFGJIT, bytecodeIndex=<unknown type>)
at /home/oszi/WebKit/Source/JavaScriptCore/runtime/Executable.cpp:327
#13 0xf61e0e15 in JSC::ProgramExecutable::compileOptimized (this=0xedeaeb38, exec=0xee900058, scope=0xeee5f838, bytecodeIndex=<unknown type>)
at /home/oszi/WebKit/Source/JavaScriptCore/runtime/Executable.cpp:295
#14 0xf5f4cf3a in JSC::ProgramCodeBlock::compileOptimized (this=0x818fa38, exec=0xee900058, scope=0xeee5f838, bytecodeIndex=<unknown type>)
at /home/oszi/WebKit/Source/JavaScriptCore/bytecode/CodeBlock.cpp:2860
#15 0xf6136696 in cti_optimize (args=0xffffba20) at /home/oszi/WebKit/Source/JavaScriptCore/jit/JITStubs.cpp:1899
#16 0xf61334fe in JSC::tryCacheGetByID (callFrame=0xee8dd300, codeBlock=0x8105a38, returnAddress=..., baseValue=..., propertyName=0x80fc300,
slot=0xffffbaa8, stubInfo=0xf60fdf5b) at /home/oszi/WebKit/Source/JavaScriptCore/jit/JITStubs.cpp:996
#17 0x081735b0 in ?? ()
#18 0xf60fdc27 in JSC::JITCode::execute(JSC::JSStack*, JSC::ExecState*, JSC::JSGlobalData*) () at /home/oszi/WebKit/Source/WTF/wtf/PrintStream.h:58
#19 0xf60fb4d5 in JSC::Interpreter::execute (this=0x8105a30, program=0xedeaeb38, callFrame=0xeee5f994, thisObj=0xeee9ffd8)
at /home/oszi/WebKit/Source/JavaScriptCore/interpreter/Interpreter.cpp:987
#20 0xf61d7d64 in JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, JSC::JSValue*) ()
at /home/oszi/WebKit/Source/JavaScriptCore/runtime/Completion.cpp:75
#21 0xf4af6112 in WebCore::JSMainThreadExecState::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, JSC::JSValue*) ()
at /home/oszi/WebKit/Source/WTF/wtf/PassOwnArrayPtr.h:83
#22 0xf4b13459 in WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld*) ()
at /home/oszi/WebKit/Source/WTF/wtf/PassOwnArrayPtr.h:83
#23 0xf4b1356a in WebCore::ScriptController::evaluate(WebCore::ScriptSourceCode const&) () at /home/oszi/WebKit/Source/WTF/wtf/PassOwnArrayPtr.h:83
#24 0xf4e134c6 in WebCore::ScriptElement::executeScript(WebCore::ScriptSourceCode const&) () at /home/oszi/WebKit/Source/WTF/wtf/MemoryInstrumentation.h:109
#25 0xf4fb456a in WebCore::HTMLScriptRunner::executePendingScriptAndDispatchEvent(WebCore::PendingScript&) ()
at /home/oszi/WebKit/Source/WTF/wtf/MemoryInstrumentation.h:109
---Type <return> to continue, or q <return> to quit---
#26 0xf4fb43c8 in WebCore::HTMLScriptRunner::executeParsingBlockingScript() () at /home/oszi/WebKit/Source/WTF/wtf/MemoryInstrumentation.h:109
#27 0xf4fb48d5 in WebCore::HTMLScriptRunner::executeParsingBlockingScripts() () at /home/oszi/WebKit/Source/WTF/wtf/MemoryInstrumentation.h:109
#28 0xf4fb489c in WebCore::HTMLScriptRunner::execute(WTF::PassRefPtr<WebCore::Element>, WTF::TextPosition const&) ()
at /home/oszi/WebKit/Source/WTF/wtf/MemoryInstrumentation.h:109
#29 0xf4fa46e7 in WebCore::HTMLDocumentParser::runScriptsForPausedTreeBuilder() () at /home/oszi/WebKit/Source/WTF/wtf/MemoryInstrumentation.h:109
#30 0xf4fa47e6 in WebCore::HTMLDocumentParser::canTakeNextToken(WebCore::HTMLDocumentParser::SynchronousMode, WebCore::PumpSession&) ()
at /home/oszi/WebKit/Source/WTF/wtf/MemoryInstrumentation.h:109
#31 0xf4fa4e17 in WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode) ()
at /home/oszi/WebKit/Source/WTF/wtf/MemoryInstrumentation.h:109
#32 0xf4fa4613 in WebCore::HTMLDocumentParser::resumeParsingAfterYield() () at /home/oszi/WebKit/Source/WTF/wtf/MemoryInstrumentation.h:109
#33 0xf4fb1c2b in WebCore::HTMLParserScheduler::continueNextChunkTimerFired(WebCore::Timer<WebCore::HTMLParserScheduler>*) ()
at /home/oszi/WebKit/Source/WTF/wtf/MemoryInstrumentation.h:109
#34 0xf4fb1ec2 in WebCore::Timer<WebCore::HTMLParserScheduler>::fired() () at /home/oszi/WebKit/Source/WTF/wtf/MemoryInstrumentation.h:109
#35 0xf532e8a7 in WebCore::ThreadTimers::sharedTimerFiredInternal() () at /usr/include/c++/4.6/bits/stl_algobase.h:218
#36 0xf532e7c3 in WebCore::ThreadTimers::sharedTimerFired() () at /usr/include/c++/4.6/bits/stl_algobase.h:218
#37 0xf561571e in WebCore::SharedTimerQt::timerEvent(QTimerEvent*) () at /usr/include/c++/4.6/bits/stl_algobase.h:218
#38 0xf379dec4 in QObject::event(QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Core.so.5
#39 0xf3fd1e34 in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Widgets.so.5
#40 0xf3fd5844 in QApplication::notify(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Widgets.so.5
#41 0xf3773eee in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Core.so.5
#42 0xf37c06a2 in QTimerInfoList::activateTimers() () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Core.so.5
#43 0xf37c0fe8 in ?? () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Core.so.5
#44 0xf2a5ccda in g_main_context_dispatch () from /lib/i386-linux-gnu/libglib-2.0.so.0
#45 0xf2a5d0e5 in ?? () from /lib/i386-linux-gnu/libglib-2.0.so.0
#46 0xf2a5d1c1 in g_main_context_iteration () from /lib/i386-linux-gnu/libglib-2.0.so.0
#47 0xf37c16d8 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Core.so.5
#48 0xf01de036 in ?? () from /usr/local/Trolltech/Qt5/Qt-5.0.1/plugins/platforms/libqxcb.so
#49 0xf3772726 in QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Core.so.5
#50 0xf3772b64 in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Core.so.5
#51 0xf37766b2 in QCoreApplication::exec() () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Core.so.5
#52 0xf3a29984 in QGuiApplication::exec() () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Gui.so.5
#53 0xf3fccfe4 in QApplication::exec() () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Widgets.so.5
#54 0x0806e14d in main () at /usr/include/c++/4.6/bits/move.h:130
#55 0xf328f4d3 in __libc_start_main () from /lib/i386-linux-gnu/libc.so.6
#56 0x08056bf1 in _start ()
(gdb)
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list