[Webkit-unassigned] [Bug 139865] New: js/promises-tests/promises-tests-2-3-3.html sometimes crashes under DFG::SpeculativeJIT::compile

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Dec 22 09:26:37 PST 2014 

https://bugs.webkit.org/show_bug.cgi?id=139865

            Bug ID: 139865
           Summary: js/promises-tests/promises-tests-2-3-3.html sometimes
                    crashes under DFG::SpeculativeJIT::compile
    Classification: Unclassified
           Product: WebKit
           Version: 528+ (Nightly build)
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Keywords: InRadar
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: ap at webkit.org
                CC: ggaren at apple.com, mark.lam at apple.com

run-webkit-tests js/promises-tests/promises-tests-2-3-3.html -f --repeat 1000

Thread 13 Crashed:: DFG Worklist Worker Thread
0   com.apple.JavaScriptCore          0x0000000103d62c8a WTFCrash + 42 (Assertions.cpp:321)
1   com.apple.JavaScriptCore          0x00000001037acc31 JSC::DFG::SpeculativeJIT::compile(JSC::DFG::Node*) + 79505 (DFGSpeculativeJIT64.cpp:4540)
2   com.apple.JavaScriptCore          0x000000010374e17a JSC::DFG::SpeculativeJIT::compileCurrentBlock() + 1754 (DFGSpeculativeJIT.cpp:1463)
3   com.apple.JavaScriptCore          0x000000010374e946 JSC::DFG::SpeculativeJIT::compile() + 182 (DFGSpeculativeJIT.cpp:1568)
4   com.apple.JavaScriptCore          0x00000001036d72a7 JSC::DFG::JITCompiler::compileBody() + 55 (DFGJITCompiler.cpp:113)
5   com.apple.JavaScriptCore          0x00000001036d9d73 JSC::DFG::JITCompiler::compileFunction() + 1187 (DFGJITCompiler.cpp:354)
6   com.apple.JavaScriptCore          0x000000010373b040 JSC::DFG::Plan::compileInThreadImpl(JSC::DFG::LongLivedState&) + 3184 (DFGPlan.cpp:302)
7   com.apple.JavaScriptCore          0x000000010373a041 JSC::DFG::Plan::compileInThread(JSC::DFG::LongLivedState&, JSC::DFG::ThreadData*) + 417 (DFGPlan.cpp:164)
8   com.apple.JavaScriptCore          0x00000001038049c9 JSC::DFG::Worklist::runThread(JSC::DFG::ThreadData*) + 745 (DFGWorklist.cpp:358)
9   com.apple.JavaScriptCore          0x0000000103802ef4 JSC::DFG::Worklist::threadFunction(void*) + 36 (DFGWorklist.cpp:401)
10  com.apple.JavaScriptCore          0x0000000103db8ed9 WTF::createThread(void (*)(void*), void*, char const*)::$_0::operator()() const + 25 (Threading.cpp:82)

rdar://problem/19326058

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20141222/d0b67f7a/attachment-0002.html>

More information about the webkit-unassigned mailing list