[Webkit-unassigned] [Bug 139197] New: Assertion failure in DFG::Node::varNumber() (hasVarNumber()) at apple.com
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Dec 2 14:18:34 PST 2014
https://bugs.webkit.org/show_bug.cgi?id=139197
Bug ID: 139197
Summary: Assertion failure in DFG::Node::varNumber()
(hasVarNumber()) at apple.com
Classification: Unclassified
Product: WebKit
Version: 528+ (Nightly build)
Hardware: Unspecified
URL: http://www.apple.com
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: JavaScriptCore
Assignee: webkit-unassigned at lists.webkit.org
Reporter: mitz at webkit.org
To reproduce the bug, navigate to http://www.apple.com/. The result is
ASSERTION FAILED: hasVarNumber()
Source/JavaScriptCore/dfg/DFGNode.h(891) : int JSC::DFG::Node::varNumber()
1 0x10e8d7060 WTFCrash
2 0x10e0fca85 JSC::DFG::Node::varNumber()
3 0x10e13f1d5 void JSC::DFG::clobberize<JSC::DFG::ReadMethodClobberize<JSC::DFG::(anonymous namespace)::LocalCSEPhase::BlockCSE<JSC::DFG::(anonymous namespace)::LocalCSEPhase::SmallMaps> >, JSC::DFG::WriteMethodClobberize<JSC::DFG::(anonymous namespace)::LocalCSEPhase::BlockCSE<JSC::DFG::(anonymous namespace)::LocalCSEPhase::SmallMaps> >, JSC::DFG::DefMethodClobberize<JSC::DFG::(anonymous namespace)::LocalCSEPhase::BlockCSE<JSC::DFG::(anonymous namespace)::LocalCSEPhase::SmallMaps> > >(JSC::DFG::Graph&, JSC::DFG::Node*, JSC::DFG::ReadMethodClobberize<JSC::DFG::(anonymous namespace)::LocalCSEPhase::BlockCSE<JSC::DFG::(anonymous namespace)::LocalCSEPhase::SmallMaps> > const&, JSC::DFG::WriteMethodClobberize<JSC::DFG::(anonymous namespace)::LocalCSEPhase::BlockCSE<JSC::DFG::(anonymous namespace)::LocalCSEPhase::SmallMaps> > const&, JSC::DFG::DefMethodClobberize<JSC::DFG::(anonymous namespace)::LocalCSEPhase::BlockCSE<JSC::DFG::(anonymous namespace)::LocalCSEPhase::SmallMaps> > const&)
4 0x10e13aee7 void JSC::DFG::clobberize<JSC::DFG::(anonymous namespace)::LocalCSEPhase::BlockCSE<JSC::DFG::(anonymous namespace)::LocalCSEPhase::SmallMaps> >(JSC::DFG::Graph&, JSC::DFG::Node*, JSC::DFG::(anonymous namespace)::LocalCSEPhase::BlockCSE<JSC::DFG::(anonymous namespace)::LocalCSEPhase::SmallMaps>&)
5 0x10e134fe6 JSC::DFG::(anonymous namespace)::LocalCSEPhase::BlockCSE<JSC::DFG::(anonymous namespace)::LocalCSEPhase::SmallMaps>::run(JSC::DFG::BasicBlock*)
6 0x10e134b00 JSC::DFG::(anonymous namespace)::LocalCSEPhase::run()
7 0x10e134855 bool JSC::DFG::runAndLog<JSC::DFG::(anonymous namespace)::LocalCSEPhase>(JSC::DFG::(anonymous namespace)::LocalCSEPhase&)
8 0x10e12cd1f bool JSC::DFG::runPhase<JSC::DFG::(anonymous namespace)::LocalCSEPhase>(JSC::DFG::Graph&)
9 0x10e12ccc8 JSC::DFG::performLocalCSE(JSC::DFG::Graph&)
10 0x10e25bf0d JSC::DFG::Plan::compileInThreadImpl(JSC::DFG::LongLivedState&)
11 0x10e25b53d JSC::DFG::Plan::compileInThread(JSC::DFG::LongLivedState&, JSC::DFG::ThreadData*)
12 0x10e3438b4 JSC::DFG::Worklist::runThread(JSC::DFG::ThreadData*)
13 0x10e341294 JSC::DFG::Worklist::threadFunction(void*)
14 0x10e92f7f9 WTF::createThread(void (*)(void*), void*, char const*)::$_0::operator()() const
15 0x10e92f7cc std::__1::__function::__func<WTF::createThread(void (*)(void*), void*, char const*)::$_0, std::__1::allocator<WTF::createThread(void (*)(void*), void*, char const*)::$_0>, void ()>::operator()()
16 0x10e903001 std::__1::function<void ()>::operator()() const
17 0x10e92e5de WTF::threadEntryPoint(void*)
18 0x10e92ff6c WTF::wtfThreadEntryPoint(void*)
19 0x108c41268 _pthread_body
20 0x108c411e5 _pthread_body
21 0x108c3f41d thread_start
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20141202/72d6182d/attachment-0002.html>
More information about the webkit-unassigned
mailing list