[Webkit-unassigned] [Bug 121661] New: Frequent RELEASE_ASSERT crashes in Structure::checkOffsetConsistency on WebGL swizzler tests

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Sep 20 00:27:53 PDT 2013 

https://bugs.webkit.org/show_bug.cgi?id=121661

           Summary: Frequent RELEASE_ASSERT crashes in
                    Structure::checkOffsetConsistency on WebGL swizzler
                    tests
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Unspecified
        OS/Version: Unspecified
            Status: NEW
          Keywords: MakingBotsRed
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: ap at webkit.org
                CC: ggaren at apple.com, oliver at apple.com, dino at apple.com,
                    fpizlo at apple.com


All these tests are quite crashy, particularly on leaks tester for whatever reason: <http://webkit-test-results.appspot.com/dashboards/flakiness_dashboard.html#tests=swizzlers>

    RELEASE_ASSERT(numberOfSlotsForLastOffset(m_offset, m_inlineCapacity) == propertyTable->propertyStorageSize());

Thread 12 Crashed:: JSC Compilation Thread
0   com.apple.JavaScriptCore          0x000000010d91280a WTFCrash + 42 (Assertions.cpp:342)
1   com.apple.JavaScriptCore          0x000000010d395a9f JSC::Structure::checkOffsetConsistency() const + 207 (StructureInlines.h:233)
2   com.apple.JavaScriptCore          0x000000010d394c89 JSC::Structure::outOfLineCapacity() const + 25 (Structure.h:182)
3   com.apple.JavaScriptCore          0x000000010d49ee2f JSC::DFG::ByteCodeParser::parseBlock(unsigned int) + 16639 (DFGByteCodeParser.cpp:2518)
4   com.apple.JavaScriptCore          0x000000010d499ab2 JSC::DFG::ByteCodeParser::parseCodeBlock() + 2002 (DFGByteCodeParser.cpp:3589)
5   com.apple.JavaScriptCore          0x000000010d4a50fa JSC::DFG::ByteCodeParser::parse() + 250 (DFGByteCodeParser.cpp:3626)
6   com.apple.JavaScriptCore          0x000000010d4a53de JSC::DFG::parse(JSC::DFG::Graph&) + 62 (DFGByteCodeParser.cpp:3666)
7   com.apple.JavaScriptCore          0x000000010d59446e JSC::DFG::Plan::compileInThreadImpl(JSC::DFG::LongLivedState&) + 190 (DFGPlan.cpp:155)
8   com.apple.JavaScriptCore          0x000000010d5941a2 JSC::DFG::Plan::compileInThread(JSC::DFG::LongLivedState&) + 242 (DFGPlan.cpp:116)
9   com.apple.JavaScriptCore          0x000000010d634cc4 JSC::DFG::Worklist::runThread() + 468 (DFGWorklist.cpp:239)
10  com.apple.JavaScriptCore          0x000000010d633d95 JSC::DFG::Worklist::threadFunction(void*) + 21 (DFGWorklist.cpp:261)
11  com.apple.JavaScriptCore          0x000000010d959400 WTF::threadEntryPoint(void*) + 144 (Threading.cpp:70)
12  com.apple.JavaScriptCore          0x000000010d959dd8 WTF::wtfThreadEntryPoint(void*) + 104 (ThreadingPthreads.cpp:195)
13  libsystem_c.dylib                 0x00007fff96e23772 _pthread_start + 327
14  libsystem_c.dylib                 0x00007fff96e101a1 thread_start + 13

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list