[Webkit-unassigned] [Bug 134912] New: Debug build assert loading cnn.com, nytimes.com, sfgate.com, others

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Jul 14 16:45:47 PDT 2014 

https://bugs.webkit.org/show_bug.cgi?id=134912

           Summary: Debug build assert loading cnn.com, nytimes.com,
                    sfgate.com, others
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Unspecified
               URL: http://cnn.com
        OS/Version: Linux
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: gary at surfcrew.com


When loading any of cnn.com, nytimes.com, sfgate.com, debug builds of WebKitGtk 2.4.4 assert at DFGSpeculativeJIT.cpp.113:
    ASSERT(m_isCheckingArgumentTypes || m_canExit);

The stack is always the same:
0 WTFCrash Assertions.cpp 333 0x7ffff0f441db
1 JSC::DFG::SpeculativeJIT::speculationCheck DFGSpeculativeJIT.cpp 113 0x7ffff0c1377c
2 JSC::DFG::SpeculativeJIT::compileMakeRope DFGSpeculativeJIT.cpp 2753 0x7ffff0c1fa62
3 JSC::DFG::SpeculativeJIT::compile DFGSpeculativeJIT64.cpp 2427 0x7ffff0be9a82
4 JSC::DFG::SpeculativeJIT::compileCurrentBlock DFGSpeculativeJIT.cpp 1431 0x7ffff0c193d3
5 JSC::DFG::SpeculativeJIT::compile DFGSpeculativeJIT.cpp 1543 0x7ffff0c1998c
6 JSC::DFG::JITCompiler::compileBody DFGJITCompiler.cpp 111 0x7ffff0b87adc
7 JSC::DFG::JITCompiler::compileFunction DFGJITCompiler.cpp 336 0x7ffff0b8930c
8 JSC::DFG::Plan::compileInThreadImpl DFGPlan.cpp 251 0x7ffff0bda49c
9 JSC::DFG::Plan::compileInThread DFGPlan.cpp 125 0x7ffff0bd9d6a
10 JSC::DFG::compileImpl DFGDriver.cpp 108 0x7ffff0b5e7d0
11 JSC::DFG::compile DFGDriver.cpp 127 0x7ffff0b5e86b
12 JSC::operationOptimize JITOperations.cpp 1148 0x7ffff0d05c44
13 ?? 0x7fffa832d701
14 ?? 0x7fffa82e68e0
15 ?? 0x5628b0
16 ?? 0x1afd880
17 ?? 0x1b25fd0
18 ?? 0x1cf4dc0
19 WebCore::JSDOMWindowBase::supportsProfiling JSDOMWindowBase.cpp 121 0x7ffff3b2f74c
20 ?? 0x7fffffffcad0
21 JSC::JITCode::execute JITCode.cpp 48 0x7ffff0cf2164

Alberto Garcia (berto at iglalia.org) bisected the problem and says it looks like a regression caused by http://trac.webkit.org/changeset/168295 (itself a merge of http://trac.webkit.org/changeset/167336).

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list