[Webkit-unassigned] [Bug 128054] New: Crash in JSC::ArrayProfile::computeUpdatedPrediction(JSC::ConcurrentJITLocker const&, JSC::CodeBlock*)

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sat Feb 1 18:37:00 PST 2014 

https://bugs.webkit.org/show_bug.cgi?id=128054

           Summary: Crash in
                    JSC::ArrayProfile::computeUpdatedPrediction(JSC::Concu
                    rrentJITLocker const&, JSC::CodeBlock*)
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Macintosh Intel
               URL: http://www.jorgexolalpa.com/
        OS/Version: Mac OS X 10.9
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: rex_4539 at yahoo.com


Created an attachment (id=222896)
 --> (https://bugs.webkit.org/attachment.cgi?id=222896&action=review)
Crash log

r163227

Reproducibility: always

Steps:
1. http://www.jorgexolalpa.com/
2. Hover mouse on any of the link titles on the top left.

What happened:
2. Crash.

Thread 8 Crashed:: JSC Compilation Thread
0   com.apple.JavaScriptCore          0x00000001054eb5d4 JSC::ArrayProfile::computeUpdatedPrediction(JSC::ConcurrentJITLocker const&, JSC::CodeBlock*) + 4
1   com.apple.JavaScriptCore          0x00000001055564c7 JSC::DFG::ByteCodeParser::handleIntrinsic(int, JSC::Intrinsic, int, int, unsigned int) + 535
2   com.apple.JavaScriptCore          0x0000000105555bc1 JSC::DFG::ByteCodeParser::handleCall(int, JSC::DFG::NodeType, JSC::CodeSpecializationKind, unsigned int, int, int, int) + 657
3   com.apple.JavaScriptCore          0x000000010555dd93 JSC::DFG::ByteCodeParser::parseBlock(unsigned int) + 19107
4   com.apple.JavaScriptCore          0x000000010555846b JSC::DFG::ByteCodeParser::parseCodeBlock() + 1867
5   com.apple.JavaScriptCore          0x00000001055577bc JSC::DFG::ByteCodeParser::handleInlining(JSC::DFG::Node*, int, JSC::CallLinkStatus const&, int, int, unsigned int, JSC::CodeSpecializationKind) + 1276
6   com.apple.JavaScriptCore          0x0000000105555c98 JSC::DFG::ByteCodeParser::handleCall(int, JSC::DFG::NodeType, JSC::CodeSpecializationKind, unsigned int, int, int, int) + 872
7   com.apple.JavaScriptCore          0x000000010555c206 JSC::DFG::ByteCodeParser::parseBlock(unsigned int) + 12054
8   com.apple.JavaScriptCore          0x000000010555846b JSC::DFG::ByteCodeParser::parseCodeBlock() + 1867
9   com.apple.JavaScriptCore          0x00000001055628e4 JSC::DFG::ByteCodeParser::parse() + 628
10  com.apple.JavaScriptCore          0x00000001055629f9 JSC::DFG::parse(JSC::DFG::Graph&) + 41
11  com.apple.JavaScriptCore          0x00000001055cd993 JSC::DFG::Plan::compileInThreadImpl(JSC::DFG::LongLivedState&) + 211
12  com.apple.JavaScriptCore          0x00000001055cd6dd JSC::DFG::Plan::compileInThread(JSC::DFG::LongLivedState&) + 269
13  com.apple.JavaScriptCore          0x00000001056449db JSC::DFG::Worklist::runThread() + 539
14  com.apple.JavaScriptCore          0x00000001058ea57f WTF::wtfThreadEntryPoint(void*) + 15
15  libsystem_pthread.dylib           0x00007fff972bf899 _pthread_body + 138
16  libsystem_pthread.dylib           0x00007fff972bf72a _pthread_start + 137
17  libsystem_pthread.dylib           0x00007fff972c3fc9 thread_start + 13

Expected result:
Webkit does not crash.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list