[Webkit-unassigned] [Bug 143645] New: Crash in JSC::DFG::SpeculativeJIT::fillSpeculateInt52(JSC::DFG::Edge, JSC::DataFormat)

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sun Apr 12 09:30:28 PDT 2015 

https://bugs.webkit.org/show_bug.cgi?id=143645

            Bug ID: 143645
           Summary: Crash in
                    JSC::DFG::SpeculativeJIT::fillSpeculateInt52(JSC::DFG:
                    :Edge, JSC::DataFormat)
    Classification: Unclassified
           Product: WebKit
           Version: 528+ (Nightly build)
          Hardware: Macintosh Intel
                OS: Mac OS X 10.10
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: dieter at komendera.com

Created attachment 250607
  --> https://bugs.webkit.org/attachment.cgi?id=250607&action=review
crash report

I’ve had Safari’s “DFG Worklist Worker Thread” crash Safari (8.0.5 on 10.10.3) twice. The last time I was typing into a text field (ironically at bugreport.apple.com), loosing my already typed text.


Thread 15 Crashed:: DFG Worklist Worker Thread
0   com.apple.JavaScriptCore          0x00007fff8e9ed5fe WTFCrash + 62
1   com.apple.JavaScriptCore          0x00007fff8ead5a08 JSC::DFG::SpeculativeJIT::fillSpeculateInt52(JSC::DFG::Edge, JSC::DataFormat) + 1944
2   com.apple.JavaScriptCore          0x00007fff8e90ecd0 JSC::DFG::SpeculativeJIT::compileAdd(JSC::DFG::Node*) + 2720
3   com.apple.JavaScriptCore          0x00007fff8e8ed59e JSC::DFG::SpeculativeJIT::compile(JSC::DFG::Node*) + 3694
4   com.apple.JavaScriptCore          0x00007fff8eabcdc6 JSC::DFG::SpeculativeJIT::compileCurrentBlock() + 1302
5   com.apple.JavaScriptCore          0x00007fff8e8ebea2 JSC::DFG::SpeculativeJIT::compile() + 114
6   com.apple.JavaScriptCore          0x00007fff8ea8f426 JSC::DFG::JITCompiler::compileFunction() + 710
7   com.apple.JavaScriptCore          0x00007fff8eab7aa5 JSC::DFG::Plan::compileInThreadImpl(JSC::DFG::LongLivedState&) + 1925
8   com.apple.JavaScriptCore          0x00007fff8eab70bd JSC::DFG::Plan::compileInThread(JSC::DFG::LongLivedState&, JSC::DFG::ThreadData*) + 493
9   com.apple.JavaScriptCore          0x00007fff8eaf0a82 JSC::DFG::Worklist::runThread(JSC::DFG::ThreadData*) + 546
10  com.apple.JavaScriptCore          0x00007fff8e7eecff WTF::wtfThreadEntryPoint(void*) + 15


Also filed rdar://20512791

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20150412/470848f0/attachment.html>

More information about the webkit-unassigned mailing list