[Webkit-unassigned] [Bug 116853] New: ASSERTION FAILED: low in JSC::UnlinkedCodeBlock::expressionRangeForBytecodeOffset

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue May 28 01:31:05 PDT 2013 

https://bugs.webkit.org/show_bug.cgi?id=116853

           Summary: ASSERTION FAILED: low in
                    JSC::UnlinkedCodeBlock::expressionRangeForBytecodeOffs
                    et
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Unspecified
        OS/Version: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: reni at webkit.org


Created an attachment (id=203028)
 --> (https://bugs.webkit.org/attachment.cgi?id=203028&action=review)
Test case

JSC has an assertion failure on the attached test.
It seems jsc cannot handle the thrown StackOverflowError correctly (like it does in a simple infinite loop).

Backtrace:

#0  0x00000000007fa9ad in WTFCrash () at /home/reni/Data/REPOS/webkit_sec/Source/WTF/wtf/Assertions.cpp:339
#1  0x00000000004bdf5e in JSC::UnlinkedCodeBlock::expressionRangeForBytecodeOffset (this=0x7fffb395f870, bytecodeOffset=4, divot=@0x7fffffffc5fc: 0, 
    startOffset=@0x7fffffffc5f8: 0, endOffset=@0x7fffffffc5f4: 0) at /home/reni/Data/REPOS/webkit_sec/Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.cpp:279
#2  0x0000000000641a3d in JSC::StackFrame::expressionInfo (this=0x7fffb27cc010, divot=@0x7fffffffc5fc: 0, startOffset=@0x7fffffffc5f8: 0, 
    endOffset=@0x7fffffffc5f4: 0) at /home/reni/Data/REPOS/webkit_sec/Source/JavaScriptCore/interpreter/Interpreter.cpp:631
#3  0x00000000006419cb in JSC::StackFrame::column (this=0x7fffb27cc010)
    at /home/reni/Data/REPOS/webkit_sec/Source/JavaScriptCore/interpreter/Interpreter.cpp:625
#4  0x0000000000641b5f in JSC::StackFrame::toString (this=0x7fffb27cc010, callFrame=0x7ffff7f5fb78)
    at /home/reni/Data/REPOS/webkit_sec/Source/JavaScriptCore/interpreter/Interpreter.cpp:649
#5  0x00000000006420d2 in JSC::Interpreter::addStackTraceIfNecessary (callFrame=0x7fffb3dc0f88, error=...)
    at /home/reni/Data/REPOS/webkit_sec/Source/JavaScriptCore/interpreter/Interpreter.cpp:711
#6  0x000000000072eab2 in JSC::throwError (exec=0x7fffb3dc0f88, error=0x7ffff7e8ff20)
    at /home/reni/Data/REPOS/webkit_sec/Source/JavaScriptCore/runtime/Error.cpp:165
#7  0x0000000000730093 in JSC::throwStackOverflowError (exec=0x7fffb3dc0f88)
    at /home/reni/Data/REPOS/webkit_sec/Source/JavaScriptCore/runtime/ExceptionHelpers.cpp:141
#8  0x0000000000643d49 in JSC::Interpreter::executeCall (this=0xf40f60, callFrame=0x7fffb3dc0f88, function=0x7ffff7ecfe30, callType=JSC::CallTypeHost, 
    callData=..., thisValue=..., args=...) at /home/reni/Data/REPOS/webkit_sec/Source/JavaScriptCore/interpreter/Interpreter.cpp:1032
#9  0x0000000000721313 in JSC::call (exec=0x7fffb3dc0f88, functionObject=..., callType=JSC::CallTypeHost, callData=..., thisValue=..., args=...)
    at /home/reni/Data/REPOS/webkit_sec/Source/JavaScriptCore/runtime/CallData.cpp:40
#10 0x0000000000774e8e in JSC::callDefaultValueFunction (exec=0x7fffb3dc0f88, object=0x7ffff7e6feb0, propertyName=...)
    at /home/reni/Data/REPOS/webkit_sec/Source/JavaScriptCore/runtime/JSObject.cpp:1344

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list