[Webkit-unassigned] [Bug 136124] New tests introduced in r172794 fail on 32 bit platforms
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Aug 21 16:22:20 PDT 2014
https://bugs.webkit.org/show_bug.cgi?id=136124
Mark Lam <mark.lam at apple.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
AssignedTo|webkit-unassigned at lists.web |mark.lam at apple.com
|kit.org |
CC| |webkit-bug-importer at group.a
| |pple.com
--- Comment #1 from Mark Lam <mark.lam at apple.com> 2014-08-21 16:22:27 PST ---
The failure occurs at:
(lldb) bt 15
* thread #1: tid = 0x64e02f, 0x008f8502 JavaScriptCore`WTFCrash + 50 at Assertions.cpp:329, queue = 'com.apple.main-thread, stop reason = EXC_BAD_ACCESS (code=1, address=0xbbadbeef)
frame #0: 0x008f8502 JavaScriptCore`WTFCrash + 50 at Assertions.cpp:329
frame #1: 0x003d82b8 JavaScriptCore`JSC::DFG::RegisterBank<JSC::GPRInfo>::allocate(this=0x028e2da8, spillMe=0xbfff8560) + 296 at DFGRegisterBank.h:138
frame #2: 0x003b4305 JavaScriptCore`JSC::DFG::SpeculativeJIT::allocate(this=0x028e2a00) + 85 at DFGSpeculativeJIT.h:189
frame #3: 0x003e1f0e JavaScriptCore`JSC::DFG::SpeculativeJIT::fillSpeculateCell(this=0x028e2a00, edge=Edge at 0xbfff8724) + 1422 at DFGSpeculativeJIT32_64.cpp:908
frame #4: 0x003b3e31 JavaScriptCore`JSC::DFG::SpeculateCellOperand::gpr(this=0xbfffa450) + 193 at DFGSpeculativeJIT.h:3094
frame #5: 0x004025fd JavaScriptCore`JSC::DFG::SpeculativeJIT::compile(this=0x028e2a00, node=0x06002788) + 107133 at DFGSpeculativeJIT32_64.cpp:4726
frame #6: 0x003962e5 JavaScriptCore`JSC::DFG::SpeculativeJIT::compileCurrentBlock(this=0x028e2a00) + 1941 at DFGSpeculativeJIT.cpp:1449
frame #7: 0x00396c22 JavaScriptCore`JSC::DFG::SpeculativeJIT::compile(this=0x028e2a00) + 226 at DFGSpeculativeJIT.cpp:1561
frame #8: 0x00311250 JavaScriptCore`JSC::DFG::JITCompiler::compileBody(this=0xbfffdcc0) + 48 at DFGJITCompiler.cpp:113
frame #9: 0x0031344d JavaScriptCore`JSC::DFG::JITCompiler::compileFunction(this=0xbfffdcc0) + 541 at DFGJITCompiler.cpp:349
frame #10: 0x00381c47 JavaScriptCore`JSC::DFG::Plan::compileInThreadImpl(this=0x06f7b610, longLivedState=0x01d735a0) + 1815 at DFGPlan.cpp:297
frame #11: 0x00381144 JavaScriptCore`JSC::DFG::Plan::compileInThread(this=0x06f7b610, longLivedState=0x01d735a0, threadData=0x00000000) + 436 at DFGPlan.cpp:162
frame #12: 0x002cc09d JavaScriptCore`JSC::DFG::compileImpl(vm=0x020cd400, codeBlock=0x06f7ad40, profiledDFGCodeBlock=0x00000000, mode=DFGMode, osrEntryBytecodeIndex=85, mustHandleValues=0xbfffe828, callback=0xbfffe6b8) + 1853 at DFGDriver.cpp:104
frame #13: 0x002cb8f2 JavaScriptCore`JSC::DFG::compile(vm=0x020cd400, codeBlock=0x06f7ad40, profiledDFGCodeBlock=0x00000000, mode=DFGMode, osrEntryBytecodeIndex=85, mustHandleValues=0xbfffe828, passedCallback=0xbfffe7e8) + 194 at DFGDriver.cpp:122
frame #14: 0x00548b39 JavaScriptCore`operationOptimize(exec=0xbfffea08, bytecodeIndex=85) + 2793 at JITOperations.cpp:1196
(lldb) up
[0x0000000000000000 - 0x0000000000000151)
[0x0000000000000151 - 0x0000000000000288)
[0x0000000000000288 - 0x00000000000002b2)
[0x00000000000002b2 - 0x00000000000002bc)
[0x00000000000002bc - 0x0000000000005576)
frame #1: 0x003d82b8 JavaScriptCore`JSC::DFG::RegisterBank<JSC::GPRInfo>::allocate(this=0x028e2da8, spillMe=0xbfff8560) + 296 at DFGRegisterBank.h:138
135 }
136
137 // Deadlock check - this could only occur is all registers are locked!
-> 138 ASSERT(currentLowest != NUM_REGS && currentSpillOrder != SpillHintInvalid);
139 // There were no available registers; currentLowest will need to be spilled.
140 return allocateInternal(currentLowest, spillMe);
141 }
(lldb) p currentLowest
(uint32_t) $0 = 6
(lldb) p currentSpillOrder
(SpillHint) $1 = 4294967295
(lldb) p/x currentSpillOrder
(SpillHint) $2 = 0xffffffff
The comment explains the crash: "this could only occur is all registers are locked!"
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list