[Webkit-unassigned] [Bug 186630] New: REGRESSION(232741): Crash running ARES-6

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Jun 14 13:19:16 PDT 2018 

https://bugs.webkit.org/show_bug.cgi?id=186630

            Bug ID: 186630
           Summary: REGRESSION(232741): Crash running ARES-6
           Product: WebKit
           Version: Other
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: msaboff at apple.com

<rdar://problem/41102411>

Looks like we crash as we are DFG compiling a function running Babylon.

Process:               com.apple.WebKit.WebContent.Development [4233]
Code Type:             X86-64 (Native)
Responsible:           Safari [4226]
User ID:               501

Date/Time:             2018-06-13 14:36:11.293 -0700
Report Version:        12

Crashed Thread:        17  WTF::AutomaticThread

Exception Type:        EXC_BREAKPOINT (SIGTRAP)
Exception Codes:       0x0000000000000002, 0x0000000000000000
Exception Note:        EXC_CORPSE_NOTIFY

Termination Signal:    Trace/BPT trap: 5
Termination Reason:    Namespace SIGNAL, Code 0x5
Terminating Process:   exc handler [4233]
…
Thread 17 Crashed:: WTF::AutomaticThread
0   com.apple.JavaScriptCore            0x00000002bc0c63fa JSC::DFG::BasicBlock::replacePredecessor(JSC::DFG::BasicBlock*, JSC::DFG::BasicBlock*) + 58
1   com.apple.JavaScriptCore            0x00000002bc14db5a JSC::DFG::CriticalEdgeBreakingPhase::breakCriticalEdge(JSC::DFG::BasicBlock*, JSC::DFG::BasicBlock**) + 218
2   com.apple.JavaScriptCore            0x00000002bc14d99c JSC::DFG::CriticalEdgeBreakingPhase::run() + 668
3   com.apple.JavaScriptCore            0x00000002bc143ae3 bool JSC::DFG::runPhase<JSC::DFG::CriticalEdgeBreakingPhase>(JSC::DFG::Graph&) + 115
4   com.apple.JavaScriptCore            0x00000002bc2443f8 JSC::DFG::Plan::compileInThreadImpl() + 3624
5   com.apple.JavaScriptCore            0x00000002bc242eb6 JSC::DFG::Plan::compileInThread(JSC::DFG::ThreadData*) + 646
6   com.apple.JavaScriptCore            0x00000002bc34bacc JSC::DFG::Worklist::ThreadBody::work() + 300
7   com.apple.JavaScriptCore            0x00000002bbdc3ec0 WTF::Function<void ()>::CallableWrapper<WTF::AutomaticThread::start(WTF::AbstractLocker const&)::$_0>::call() + 304
8   com.apple.JavaScriptCore            0x00000002bbdf0312 WTF::Thread::entryPoint(WTF::Thread::NewThreadContext*) + 194
9   com.apple.JavaScriptCore            0x00000002bbbf8459 WTF::wtfThreadEntryPoint(void*) + 9
10  libsystem_pthread.dylib             0x00007fff6c7fbb47 _pthread_body + 128
11  libsystem_pthread.dylib             0x00007fff6c7fbac5 _pthread_start + 61
12  libsystem_pthread.dylib             0x00007fff6c7fb6f1 thread_start + 13

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20180614/128661ca/attachment.html>

More information about the webkit-unassigned mailing list