[Webkit-unassigned] [Bug 155136] New: Speedometer benchmark test crashes on trunk.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Mar 7 14:33:28 PST 2016
https://bugs.webkit.org/show_bug.cgi?id=155136
Bug ID: 155136
Summary: Speedometer benchmark test crashes on trunk.
Classification: Unclassified
Product: WebKit
Version: WebKit Nightly Build
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: JavaScriptCore
Assignee: webkit-unassigned at lists.webkit.org
Reporter: clopez at igalia.com
Created attachment 273213
--> https://bugs.webkit.org/attachment.cgi?id=273213&action=review
GDB backtrace for the GTK port on Linux (Debug build on r197699).
With current trunk (r197699) if you try to run the Speedometer test <http://browserbench.org/Speedometer/> it will crash.
With the release build only happens sometimes, with the debug one seems more easy to reproduce.
Is reproducible at least both in the Mac and GTK ports.
With the debug build I get the following assertion:
ASSERTION FAILED: m_structure.isClear()
/Users/clopez/webkit/Source/JavaScriptCore/dfg/DFGAbstractValue.cpp(472) : void JSC::DFG::AbstractValue::checkConsistency() const
1 0x110245ca0 WTFCrash
2 0x10f653cc1 JSC::DFG::AbstractValue::checkConsistency() const
3 0x10f654ebb JSC::DFG::AbstractValue::normalizeClarity()
4 0x10f654f98 JSC::DFG::AbstractValue::filter(unsigned int)
5 0x10f6f77d9 JSC::DFG::AbstractInterpreter<JSC::DFG::InPlaceAbstractState>::filter(JSC::DFG::AbstractValue&, unsigned int)
6 0x10f6f7603 JSC::DFG::AbstractInterpreter<JSC::DFG::InPlaceAbstractState>::filterByType(JSC::DFG::Edge&, unsigned int)
7 0x10f6f7505 JSC::DFG::AbstractInterpreter<JSC::DFG::InPlaceAbstractState>::filterEdgeByUse(JSC::DFG::Edge&)
8 0x10f6f7451 JSC::DFG::AbstractInterpreter<JSC::DFG::InPlaceAbstractState>::filterEdgeByUse(JSC::DFG::Node*, JSC::DFG::Edge&)
9 0x10f6e90fe JSC::DFG::AbstractInterpreter<JSC::DFG::InPlaceAbstractState>::executeEdges(JSC::DFG::Node*)
10 0x10f6e743b JSC::DFG::AbstractInterpreter<JSC::DFG::InPlaceAbstractState>::execute(unsigned int)
11 0x10f6e6527 JSC::DFG::CFAPhase::performBlockCFA(JSC::DFG::BasicBlock*)
12 0x10f6e5f77 JSC::DFG::CFAPhase::performForwardCFA()
13 0x10f6e5a7f JSC::DFG::CFAPhase::run()
14 0x10f6e52f5 bool JSC::DFG::runAndLog<JSC::DFG::CFAPhase>(JSC::DFG::CFAPhase&)
15 0x10f6e527e bool JSC::DFG::runPhase<JSC::DFG::CFAPhase>(JSC::DFG::Graph&)
16 0x10f6e5238 JSC::DFG::performCFA(JSC::DFG::Graph&)
17 0x10f8fec3f JSC::DFG::Plan::compileInThreadImpl(JSC::DFG::LongLivedState&)
18 0x10f8fdd7d JSC::DFG::Plan::compileInThread(JSC::DFG::LongLivedState&, JSC::DFG::ThreadData*)
19 0x10fa15ada JSC::DFG::Worklist::runThread(JSC::DFG::ThreadData*)
20 0x10fa13e34 JSC::DFG::Worklist::threadFunction(void*)
21 0x1102b0dc9 WTF::createThread(void (*)(void*), void*, char const*)::$_0::operator()() const
22 0x1102b0d9d void std::__1::__invoke_void_return_wrapper<void>::__call<WTF::createThread(void (*)(void*), void*, char const*)::$_0&>(WTF::createThread(void (*)(void*), void*, char const*)::$_0&&&)
23 0x1102b0d3c std::__1::__function::__func<WTF::createThread(void (*)(void*), void*, char const*)::$_0, std::__1::allocator<WTF::createThread(void (*)(void*), void*, char const*)::$_0>, void ()>::operator()()
24 0x10fb5e74a std::__1::function<void ()>::operator()() const
25 0x1102afa9e WTF::threadEntryPoint(void*)
26 0x1102b1331 WTF::wtfThreadEntryPoint(void*)
27 0x7fff9358d05a _pthread_body
28 0x7fff9358cfd7 _pthread_body
29 0x7fff9358a3ed thread_start
The above backtrace is from Safari running on MacOS 10.10 with the WebKit Debug build on r197699.
I'm ataching also a GDB backtrace I got for this very same crash but on the GTK port on Linux (Debug build).
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160307/f22b61b5/attachment.html>
More information about the webkit-unassigned
mailing list