[Webkit-unassigned] [Bug 187362] New: [32-bit JSC tests] ASSERTION FAILED: !butterfly->propertyStorage()[-I - 1].get() under JSC::ObjectInitializationScope::verifyPropertiesAreInitialized

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Jul 5 14:10:27 PDT 2018 

https://bugs.webkit.org/show_bug.cgi?id=187362

            Bug ID: 187362
           Summary: [32-bit JSC tests] ASSERTION FAILED:
                    !butterfly->propertyStorage()[-I - 1].get() under
                    JSC::ObjectInitializationScope::verifyPropertiesAreIni
                    tialized
           Product: WebKit
           Version: Other
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: ryanhaddad at apple.com

The following assertion failure is seen with 858 tests on the 32-bit JSC bot:

ASSERTION FAILED: !butterfly->propertyStorage()[-i - 1].get()
./runtime/ObjectInitializationScope.cpp(89) : void JSC::ObjectInitializationScope::verifyPropertiesAreInitialized(JSC::JSObject *)
1   0x2a104b WTFCrash
2   0x134540e JSC::ObjectInitializationScope::verifyPropertiesAreInitialized(JSC::JSObject*)
3   0x134501a JSC::ObjectInitializationScope::~ObjectInitializationScope()
4   0x1345537 JSC::ObjectInitializationScope::~ObjectInitializationScope()
5   0x9ce262 JSC::createRegExpMatchesArray(JSC::VM&, JSC::JSGlobalObject*, JSC::JSString*, WTF::String const&, JSC::RegExp*, unsigned int, JSC::MatchResult&)
6   0x9cceb4 JSC::RegExpObject::execInline(JSC::ExecState*, JSC::JSGlobalObject*, JSC::JSString*)
7   0x139354e JSC::RegExpObject::exec(JSC::ExecState*, JSC::JSGlobalObject*, JSC::JSString*)
8   0x1395ebb JSC::regExpProtoFuncExec(JSC::ExecState*)
9   0xdbddb0e1
10  0x3a0238 llint_entry
11  0x3a0238 llint_entry
12  0x3a0238 llint_entry
13  0x39a100 vmEntryToJavaScript
14  0xe46c19 JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*)
15  0xe460b6 JSC::Interpreter::executeProgram(JSC::SourceCode const&, JSC::ExecState*, JSC::JSObject*)
16  0x1159e12 JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&)
17  0x7309f runWithOptions(GlobalObject*, CommandLine&, bool&)
18  0x43d0a jscmain(int, char**)::$_3::operator()(JSC::VM&, GlobalObject*, bool&) const
19  0x290ea int runJSC<jscmain(int, char**)::$_3>(CommandLine, bool, jscmain(int, char**)::$_3 const&)
20  0x27880 jscmain(int, char**)
21  0x277a7 main
22  0xa73f4611 start

https://build.webkit.org/builders/Apple%20High%20Sierra%2032-bit%20JSC%20%28BuildAndTest%29/builds/2238

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20180705/94bc7f12/attachment.html>

More information about the webkit-unassigned mailing list