[Webkit-unassigned] [Bug 139398] New: Crash in JSC::FTL::LowerDFGToLLVM::compileCompareStrictEq

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Dec 8 07:29:15 PST 2014 

https://bugs.webkit.org/show_bug.cgi?id=139398

            Bug ID: 139398
           Summary: Crash in
                    JSC::FTL::LowerDFGToLLVM::compileCompareStrictEq
    Classification: Unclassified
           Product: WebKit
           Version: 528+ (Nightly build)
          Hardware: Macintosh Intel
                OS: Mac OS X 10.10
            Status: NEW
          Severity: Major
          Priority: P2
         Component: JavaScriptCore
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: bert at freudenbergs.de

Safari (and WebKit nightly) crashes reproducibly after a couple of seconds running this (which works fine in Chrome and Firefox):

http://bertfreudenberg.github.io/SqueakJS/etoys/

It's not trivial to isolate the problem. This is a full Smalltalk Virtual Machine with its own JIT and memory management, but if I can be of any help: I am the main developer.

Thread 22 Crashed:: FTL Worklist Worker Thread
0   com.apple.JavaScriptCore          0x000000011237e30e WTFCrashWithSecurityImplication + 62
1   com.apple.JavaScriptCore          0x0000000111f72212 JSC::DFG::crash(JSC::DFG::Graph&, WTF::CString const&, char const*, int, char const*, char const*) + 418
2   com.apple.JavaScriptCore          0x0000000111f722bf JSC::DFG::Graph::handleAssertionFailure(JSC::DFG::Node*, char const*, int, char const*, char const*) + 159
3   com.apple.JavaScriptCore          0x0000000112078c93 JSC::FTL::LowerDFGToLLVM::compileCompareStrictEq() + 3411
4   com.apple.JavaScriptCore          0x0000000112061247 JSC::FTL::LowerDFGToLLVM::compileNode(unsigned int) + 3351
5   com.apple.JavaScriptCore          0x0000000112060418 JSC::FTL::LowerDFGToLLVM::compileBlock(JSC::DFG::BasicBlock*) + 824
6   com.apple.JavaScriptCore          0x000000011205f8fb JSC::FTL::LowerDFGToLLVM::lower() + 3899
7   com.apple.JavaScriptCore          0x000000011205e999 JSC::FTL::lowerDFGToLLVM(JSC::FTL::State&) + 41

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20141208/bb5df047/attachment-0002.html>

More information about the webkit-unassigned mailing list