[Webkit-unassigned] [Bug 141042] New: EXC_BAD_ACCESS Crash at JSC::FTL::LowerDFGToLLVM::compileCompareStrictEq when page is redrawn.

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Jan 29 11:56:37 PST 2015 

https://bugs.webkit.org/show_bug.cgi?id=141042

            Bug ID: 141042
           Summary: EXC_BAD_ACCESS Crash at
                    JSC::FTL::LowerDFGToLLVM::compileCompareStrictEq when
                    page is redrawn.
    Classification: Unclassified
           Product: WebKit
           Version: 525.x (Safari 3.2)
          Hardware: Macintosh Intel
                OS: Mac OS X 10.10
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: cody.taylor at maternityneighborhood.com

Created attachment 245637
  --> https://bugs.webkit.org/attachment.cgi?id=245637&action=review
Four Stack Traces

Occurs on Safari version (at least) 8.0 to 8.0.2.

The crash is happening on a proprietary website, so I am unable to share the URL.

I am able to state that this is an Angular search/filter application. There are div boxes being 'hidden' or 'shown' as result of the filtering. Form types include input boxes, checkboxs, radio buttons, sliders, and select controls.

The application is being updated on any input with `lodash.throttle` every 500 ms. Increasing the time does not seem to make any difference.

Being multi-threaded I'm not sure how to track down the exact point of origin. However, this does appear on every stacktrace as the "Crashed Thread":

```
0   com.apple.JavaScriptCore          0x00000001092e9f6e WTFCrash + 62
1   com.apple.JavaScriptCore          0x000000010941f94d JSC::FTL::LowerDFGToLLVM::compileCompareStrictEq() + 3485
2   com.apple.JavaScriptCore          0x0000000109407dcd JSC::FTL::LowerDFGToLLVM::compileNode(unsigned int) + 3453
3   com.apple.JavaScriptCore          0x0000000109406fe8 JSC::FTL::LowerDFGToLLVM::compileBlock(JSC::DFG::BasicBlock*) + 808
4   com.apple.JavaScriptCore          0x0000000109406475 JSC::FTL::LowerDFGToLLVM::lower() + 3509
5   com.apple.JavaScriptCore          0x00000001094056a9 JSC::FTL::lowerDFGToLLVM(JSC::FTL::State&) + 41
6   com.apple.JavaScriptCore          0x00000001093b3ff6 JSC::DFG::Plan::compileInThreadImpl(JSC::DFG::LongLivedState&) + 1398
7   com.apple.JavaScriptCore          0x00000001093b381d JSC::DFG::Plan::compileInThread(JSC::DFG::LongLivedState&, JSC::DFG::ThreadData*) + 493
8   com.apple.JavaScriptCore          0x00000001093ed062 JSC::DFG::Worklist::runThread(JSC::DFG::ThreadData*) + 546
9   com.apple.JavaScriptCore          0x00000001090eaa9f WTF::wtfThreadEntryPoint(void*) + 15
10  libsystem_pthread.dylib           0x00007fff8d82b2fc _pthread_body + 131
11  libsystem_pthread.dylib           0x00007fff8d82b279 _pthread_start + 176
12  libsystem_pthread.dylib           0x00007fff8d8294b1 thread_start + 13
```

Any pointers are appreciated.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20150129/bb4f009b/attachment-0002.html>

More information about the webkit-unassigned mailing list