[Webkit-unassigned] [Bug 126584] ASSERT in compileArithNegate on pdfjs

Tue Jan 7 10:57:16 PST 2014

https://bugs.webkit.org/show_bug.cgi?id=126584


--- Comment #3 from Mark Hahnenberg <mhahnenberg at apple.com>  2014-01-07 10:55:01 PST ---
More useful backtrace:

frame #0: 0x0000000100739c6a JavaScriptCore`WTFCrash + 42 at Assertions.cpp:341
    frame #1: 0x00000001002a6f30 JavaScriptCore`JSC::DFG::SpeculativeJIT::speculationCheck(this=0x0000000106822200, kind=NegativeZero, jsValueSource=JSValueSource at 0x000000010a54acc8, node=0x0000000000000000, jumpToFail=Jump at 0x000000010a54acb8) + 128 at DFGSpeculativeJIT.cpp:113
    frame #2: 0x00000001002b63fb JavaScriptCore`JSC::DFG::SpeculativeJIT::compileArithNegate(this=0x0000000106822200, node=0x000000010cfa9d80) + 1179 at DFGSpeculativeJIT.cpp:2906
    frame #3: 0x00000001002f6a67 JavaScriptCore`JSC::DFG::SpeculativeJIT::compile(this=0x0000000106822200, node=0x000000010cfa9d80) + 6663 at DFGSpeculativeJIT64.cpp:2419
    frame #4: 0x00000001002ada79 JavaScriptCore`JSC::DFG::SpeculativeJIT::compileCurrentBlock(this=0x0000000106822200) + 1881 at DFGSpeculativeJIT.cpp:1431
    frame #5: 0x00000001002ae276 JavaScriptCore`JSC::DFG::SpeculativeJIT::compile(this=0x0000000106822200) + 182 at DFGSpeculativeJIT.cpp:1543
    frame #6: 0x0000000100241034 JavaScriptCore`JSC::DFG::JITCompiler::compileBody(this=0x000000010a54fe80) + 36 at DFGJITCompiler.cpp:111
    frame #7: 0x0000000100242f60 JavaScriptCore`JSC::DFG::JITCompiler::compileFunction(this=0x000000010a54fe80) + 416 at DFGJITCompiler.cpp:336
    frame #8: 0x00000001002a0e26 JavaScriptCore`JSC::DFG::Plan::compileInThreadImpl(this=0x00000001062a8a50, longLivedState=0x000000010a550d00) + 1622 at DFGPlan.cpp:250
    frame #9: 0x00000001002a05c2 JavaScriptCore`JSC::DFG::Plan::compileInThread(this=0x00000001062a8a50, longLivedState=0x000000010a550d00) + 242 at DFGPlan.cpp:124
    frame #10: 0x000000010033e7f4 JavaScriptCore`JSC::DFG::Worklist::runThread(this=0x000000010979e460) + 468 at DFGWorklist.cpp:240
    frame #11: 0x000000010033d8d5 JavaScriptCore`JSC::DFG::Worklist::threadFunction(argument=0x000000010979e460) + 21 at DFGWorklist.cpp:261
    frame #12: 0x0000000100788108 JavaScriptCore`WTF::threadEntryPoint(contextData=0x000000010979c7f0) + 152 at Threading.cpp:69
    frame #13: 0x0000000100788eb8 JavaScriptCore`WTF::wtfThreadEntryPoint(param=0x000000010979ca00) + 296 at ThreadingPthreads.cpp:195
    frame #14: 0x00007fff898b8899 libsystem_pthread.dylib`_pthread_body + 138
    frame #15: 0x00007fff898b872a libsystem_pthread.dylib`_pthread_start + 137
    frame #16: 0x00007fff898bcfc9 libsystem_pthread.dylib`thread_start + 13

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.