[Webkit-unassigned] [Bug 131713] New: Crash in RefCountedArray<JSC::UnlinkedInstruction> destructor

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Apr 15 15:27:40 PDT 2014 

https://bugs.webkit.org/show_bug.cgi?id=131713

           Summary: Crash in RefCountedArray<JSC::UnlinkedInstruction>
                    destructor
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Unspecified
        OS/Version: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: ap at webkit.org
                CC: ggaren at apple.com, oliver at apple.com,
                    bfulgham at webkit.org, fpizlo at apple.com


Saw this on regression tests: http://build.webkit.org/results/Apple%20MountainLion%20Debug%20WK2%20(Tests)/r167322%20(17192)/webgl/1.0.2/conformance/ogles/GL/equal/equal_001_to_008-crash-log.txt

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   com.apple.JavaScriptCore          0x000000010bbe43d2 WTF::RefCountedArray<JSC::UnlinkedInstruction>::~RefCountedArray() + 50 (RefCountedArray.h:109)
1   com.apple.JavaScriptCore          0x000000010bbe4395 WTF::RefCountedArray<JSC::UnlinkedInstruction>::~RefCountedArray() + 21 (RefCountedArray.h:113)
2   com.apple.JavaScriptCore          0x000000010bbe434e JSC::UnlinkedInstructionStream::~UnlinkedInstructionStream() + 46 (UnlinkedInstructionStream.h:35)
3   com.apple.JavaScriptCore          0x000000010bbe42e5 JSC::UnlinkedInstructionStream::~UnlinkedInstructionStream() + 21 (UnlinkedInstructionStream.h:35)
4   com.apple.JavaScriptCore          0x000000010c238754 JSC::UnlinkedCodeBlock::~UnlinkedCodeBlock() + 340 (memory:2488)
5   com.apple.JavaScriptCore          0x000000010c23a1f5 JSC::UnlinkedFunctionCodeBlock::~UnlinkedFunctionCodeBlock() + 21 (UnlinkedCodeBlock.h:698)
6   com.apple.JavaScriptCore          0x000000010c2392f5 JSC::UnlinkedFunctionCodeBlock::~UnlinkedFunctionCodeBlock() + 21 (UnlinkedCodeBlock.h:698)
7   com.apple.JavaScriptCore          0x000000010c236a3d JSC::UnlinkedFunctionCodeBlock::destroy(JSC::JSCell*) + 29 (UnlinkedCodeBlock.cpp:437)
8   com.apple.JavaScriptCore          0x000000010c0c213d JSC::MarkedBlock::callDestructor(JSC::JSCell*) + 61 (MarkedBlock.cpp:64)
9   com.apple.JavaScriptCore          0x000000010c0c2518 JSC::MarkedBlock::FreeList JSC::MarkedBlock::specializedSweep<(JSC::MarkedBlock::BlockState)3, (JSC::MarkedBlock::SweepMode)0, (JSC::MarkedBlock::DestructorType)1>() + 216 (MarkedBlock.cpp:78)
10  com.apple.JavaScriptCore          0x000000010c0c0ede JSC::MarkedBlock::FreeList JSC::MarkedBlock::sweepHelper<(JSC::MarkedBlock::DestructorType)1>(JSC::MarkedBlock::SweepMode) + 302 (MarkedBlock.cpp:139)

This doesn't happen often - these WebGL tests are quite flaky, but I couldn't find this specific crash happen before.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list