[Webkit-unassigned] [Bug 131356] New: REGRESSION(r166678?): Dromaeo/cssquery-dojo.html crashes regularly

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Apr 8 05:03:23 PDT 2014 

https://bugs.webkit.org/show_bug.cgi?id=131356

           Summary: REGRESSION(r166678?): Dromaeo/cssquery-dojo.html
                    crashes regularly
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Unspecified
        OS/Version: Unspecified
            Status: NEW
          Severity: Critical
          Priority: P1
         Component: JavaScriptCore
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: ossy at webkit.org
                CC: ggaren at apple.com, mhahnenberg at apple.com
            Blocks: 127152


It crashes regularly on the Apple Mountain Lion and the EFL performance bots.

Here is a backtrace from the EFL bot:
Running Dromaeo/cssquery-dojo.html (46 of 128)
error: Dromaeo/cssquery-dojo.html
1   0x7f775df41ae0
2   0x7f775e2cbff0
3   0x7f775dac18a7 JSC::speculationFromCell(JSC::JSCell*)
4   0x7f775dbc76c3 JSC::DFG::PredictionPropagationPhase::propagate(JSC::DFG::Node*)
5   0x7f775dbc9456 bool JSC::DFG::runAndLog<JSC::DFG::PredictionPropagationPhase>(JSC::DFG::PredictionPropagationPhase&)
6   0x7f775dbc9f1e JSC::DFG::performPredictionPropagation(JSC::DFG::Graph&)
7   0x7f775dbc6376 JSC::DFG::Plan::compileInThreadImpl(JSC::DFG::LongLivedState&)
8   0x7f775dbc6837 JSC::DFG::Plan::compileInThread(JSC::DFG::LongLivedState&, JSC::DFG::ThreadData*)
9   0x7f775db58674 JSC::DFG::compile(JSC::VM&, JSC::CodeBlock*, JSC::CodeBlock*, JSC::DFG::CompilationMode, unsigned int, JSC::Operands<JSC::JSValue, JSC::OperandValueTraits<JSC::JSValue> > const&, WTF::PassRefPtr<JSC::DeferredCompilationCallback>)
10  0x7f775dce8c29
11  0x7f770402f5d7

FAILED
Finished: 600.570791 s

---

After checking the bot history the first failure was on r166690 :
http://build.webkit.org/builders/Apple%20MountainLion%20Release%20%28Perf%29/builds/8494
But this build doesn't contain any JSC related change, maybe the following
patch is the culprit - http://trac.webkit.org/changeset/166678 (CodeBlockSet should be generational)

Could you possibly check it?

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list