[Webkit-unassigned] [Bug 120007] [sh4] ASSERTION FAILED in JIT
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Oct 4 08:53:23 PDT 2013
https://bugs.webkit.org/show_bug.cgi?id=120007
--- Comment #13 from yannick.poirier at inverto.tv 2013-10-04 08:52:18 PST ---
I've isolated the piece of code to easily reproduce the ASSERT
function fcnt() {}
for (var i = 0; i < 10; ++i) {
var f = function(){fcnt()};
for (var j = 0; j < 10; ++j)
var _av = eval("f()");
}
$> bin/jsc test.js
ASSERTION FAILED: callee != callLinkInfo->callee.get()
webkit/Source/JavaScriptCore/jit/JITStubs.cpp(1331) : void* JSC::JITStubThunked_vm_lazyLinkClosureCall(void**)
#0 0x0043d13c in WTFCrash () at webkit/Source/WTF/wtf/Assertions.cpp:346
#1 0x004fc41e in JITStubThunked_vm_lazyLinkClosureCall (args=0x7bd0a5d0)
at webkit/Source/JavaScriptCore/jit/JITStubs.cpp:1331
#2 0x004fc220 in cti_vm_lazyLinkClosureCall () at webkit/Source/JavaScriptCore/jit/JITStubs.cpp:1313
It works if
$> bin/jsc --useDFGJIT=false test.js
Any hint would be welcomed
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list