[Webkit-unassigned] [Bug 139524] New: DFGAbstractInterpreter ASSERT loading nytimes.com with Web Inspector open

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Dec 10 19:08:08 PST 2014 

https://bugs.webkit.org/show_bug.cgi?id=139524

            Bug ID: 139524
           Summary: DFGAbstractInterpreter ASSERT loading nytimes.com with
                    Web Inspector open
    Classification: Unclassified
           Product: WebKit
           Version: 528+ (Nightly build)
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: joepeck at webkit.org
                CC: ggaren at apple.com, mark.lam at apple.com,
                    msaboff at apple.com

* STEPS TO REPRODUCE
1. Inspect about:blank
2. Navigate to http://nytimes.com
  => ASSERT

ASSERTION FAILED: mayHaveTypeCheck(edge.useKind()) || !needsTypeCheck(edge)
/Users/pecoraro/Code/safari/OpenSource/Source/JavaScriptCore/dfg/DFGAbstractInterpreter.h(102) : void JSC::DFG::AbstractInterpreter<JSC::DFG::InPlaceAbstractState>::filterEdgeByUse(JSC::DFG::Edge &) [AbstractStateType = JSC::DFG::InPlaceAbstractState]
1   0x119c5db40 WTFCrash
2   0x1194e04d9 JSC::DFG::AbstractInterpreter<JSC::DFG::InPlaceAbstractState>::filterEdgeByUse(JSC::DFG::Edge&)
3   0x1194e0451 JSC::DFG::AbstractInterpreter<JSC::DFG::InPlaceAbstractState>::filterEdgeByUse(JSC::DFG::Node*, JSC::DFG::Edge&)
4   0x1194cff39 JSC::DFG::AbstractInterpreter<JSC::DFG::InPlaceAbstractState>::executeEdges(JSC::DFG::Node*)
5   0x1194cf6cb JSC::DFG::AbstractInterpreter<JSC::DFG::InPlaceAbstractState>::execute(unsigned int)
6   0x1194cea24 JSC::DFG::CFAPhase::performBlockCFA(JSC::DFG::BasicBlock*)
7   0x1194ce5a7 JSC::DFG::CFAPhase::performForwardCFA()
8   0x1194ce376 JSC::DFG::CFAPhase::run()
9   0x1194ce045 bool JSC::DFG::runAndLog<JSC::DFG::CFAPhase>(JSC::DFG::CFAPhase&)
10  0x1194cdfce bool JSC::DFG::runPhase<JSC::DFG::CFAPhase>(JSC::DFG::Graph&)
11  0x1194cdf88 JSC::DFG::performCFA(JSC::DFG::Graph&)
12  0x119623690 JSC::DFG::Plan::compileInThreadImpl(JSC::DFG::LongLivedState&)
13  0x119622931 JSC::DFG::Plan::compileInThread(JSC::DFG::LongLivedState&, JSC::DFG::ThreadData*)
14  0x1196ee580 JSC::DFG::Worklist::runThread(JSC::DFG::ThreadData*)
15  0x1196ecb64 JSC::DFG::Worklist::threadFunction(void*)
16  0x119cb2419 WTF::createThread(void (*)(void*), void*, char const*)::$_0::operator()() const
17  0x119cb23ec std::__1::__function::__func<WTF::createThread(void (*)(void*), void*, char const*)::$_0, std::__1::allocator<WTF::createThread(void (*)(void*), void*, char const*)::$_0>, void ()>::operator()()
18  0x119c0de9a std::__1::function<void ()>::operator()() const
19  0x119cb136e WTF::threadEntryPoint(void*)
20  0x119cb2d78 WTF::wtfThreadEntryPoint(void*)
21  0x7fff8c6f5268 _pthread_body
22  0x7fff8c6f51e5 _pthread_body
23  0x7fff8c6f341d thread_start

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20141211/e22dbf72/attachment-0002.html>

More information about the webkit-unassigned mailing list