[Webkit-unassigned] [Bug 132378] New: js/dfg-create-inlined-arguments-in-closure-inline.html flakily crashes under ClosureCallStubRoutine::structure()

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Apr 29 23:18:44 PDT 2014 

https://bugs.webkit.org/show_bug.cgi?id=132378

           Summary: js/dfg-create-inlined-arguments-in-closure-inline.html
                    flakily crashes under
                    ClosureCallStubRoutine::structure()
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Unspecified
        OS/Version: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: ap at webkit.org
                CC: ggaren at apple.com, fpizlo at apple.com


Happens on bot, and reproducible locally:

run-webkit-tests js/dfg-create-inlined-arguments-in-closure-inline.html --repeat-each 1000

Thread 10 Crashed:: JSC Compilation Thread
0   com.apple.JavaScriptCore          0x000000010303e4b0 JSC::WriteBarrierBase<JSC::Structure>::get() const + 16 (WriteBarrier.h:92)
1   com.apple.JavaScriptCore          0x00000001030c968c JSC::ClosureCallStubRoutine::structure() const + 28 (ClosureCallStubRoutine.h:44)
2   com.apple.JavaScriptCore          0x00000001030cb827 JSC::CallLinkStatus::computeFor(JSC::ConcurrentJITLocker const&, JSC::CallLinkInfo&) + 151 (CallLinkStatus.cpp:156)
3   com.apple.JavaScriptCore          0x00000001030cb6bc JSC::CallLinkStatus::computeFor(JSC::CodeBlock*, unsigned int, WTF::HashMap<JSC::CodeOrigin, JSC::CallLinkInfo*, JSC::CodeOriginApproximateHash, WTF::HashTraits<JSC::CodeOrigin>, WTF::HashTraits<JSC::CallLinkInfo*> > const&) + 396 (CallLinkStatus.cpp:136)
4   com.apple.JavaScriptCore          0x00000001030cbcc4 JSC::CallLinkStatus::computeFor(JSC::CodeBlock*, JSC::CodeOrigin, WTF::HashMap<JSC::CodeOrigin, JSC::CallLinkInfo*, JSC::CodeOriginApproximateHash, WTF::HashTraits<JSC::CodeOrigin>, WTF::HashTraits<JSC::CallLinkInfo*> > const&, WTF::HashMap<JSC::CodeOrigin, JSC::CallLinkStatus, JSC::CodeOriginApproximateHash, WTF::HashTraits<JSC::CodeOrigin>, WTF::HashTraits<JSC::CallLinkStatus> > const&) + 212 (CallLinkStatus.cpp:238)
5   com.apple.JavaScriptCore          0x0000000103189e79 JSC::DFG::ByteCodeParser::handleCall(int, JSC::DFG::NodeType, JSC::CodeSpecializationKind, unsigned int, int, int, int) + 441 (DFGByteCodeParser.cpp:1211)

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list