[Webkit-unassigned] [Bug 206276] New: [Win][32bit] Assert failure bytecodeIndex.offset() < instructions().size() in UnlinkedCodeBlock::expressionRangeForBytecodeIndex

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Jan 14 21:19:44 PST 2020 

https://bugs.webkit.org/show_bug.cgi?id=206276

            Bug ID: 206276
           Summary: [Win][32bit] Assert failure bytecodeIndex.offset() <
                    instructions().size() in
                    UnlinkedCodeBlock::expressionRangeForBytecodeIndex
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: Hironori.Fujii at sony.com

[Win][32bit] Assert failure bytecodeIndex.offset() < instructions().size() in UnlinkedCodeBlock::expressionRangeForBytecodeIndex

AppleWin, 32bit, debug build
trunk at 254556

The assertion fails at almost every web sites using JS.

I don't know which revision is the culprit.
release builds work fine.

callstack:

> JavaScriptCore.dll!abort() Line 77	C++
> JavaScriptCore.dll!WTFCrashWithInfo(int __formal=184, const char * __formal=0x046fe770, const char * __formal=0x046fe394, int __formal=2258) Line 619	C++
> JavaScriptCore.dll!JSC::UnlinkedCodeBlock::expressionRangeForBytecodeIndex(JSC::BytecodeIndex bytecodeIndex={...}, int & divot=0, int & startOffset=0, int & endOffset=0, unsigned int & line=0, unsigned int & column=0) Line 184	C++
> JavaScriptCore.dll!JSC::CodeBlock::expressionRangeForBytecodeIndex(JSC::BytecodeIndex bytecodeIndex={...}, int & divot=0, int & startOffset=0, int & endOffset=0, unsigned int & line=0, unsigned int & column=0) Line 1906	C++
> JavaScriptCore.dll!JSC::appendSourceToError(JSC::JSGlobalObject * globalObject=0x0cf76c68, JSC::CallFrame * callFrame=0x0c41ffa8, JSC::ErrorInstance * exception=0x26290cf8, JSC::BytecodeIndex bytecodeIndex={...}) Line 76	C++
> JavaScriptCore.dll!JSC::ErrorInstance::finishCreation(JSC::JSGlobalObject * globalObject=0x0cf76c68, JSC::VM & vm={...}, const WTF::String & message={...}, bool useCurrentFrame=true) Line 131	C++
> JavaScriptCore.dll!JSC::ErrorInstance::create(JSC::JSGlobalObject * globalObject=0x0cf76c68, JSC::VM & vm={...}, JSC::Structure * structure=0x0d2229e0, const WTF::String & message={...}, WTF::String(*)(const WTF::String &, const WTF::String &, JSC::RuntimeType, JSC::ErrorInstance::SourceTextWhereErrorOccurred) appender=0x03d862b0, JSC::RuntimeType type=TypeUndefined, bool useCurrentFrame=true) Line 62	C++
> JavaScriptCore.dll!JSC::createTypeError(JSC::JSGlobalObject * globalObject=0x0cf76c68, const WTF::String & message={...}, WTF::String(*)(const WTF::String &, const WTF::String &, JSC::RuntimeType, JSC::ErrorInstance::SourceTextWhereErrorOccurred) appender=0x03d862b0, JSC::RuntimeType type=TypeUndefined) Line 78	C++
> JavaScriptCore.dll!JSC::createError(JSC::JSGlobalObject * globalObject=0x0cf76c68, JSC::JSValue value={...}, const WTF::String & message={...}, WTF::String(*)(const WTF::String &, const WTF::String &, JSC::RuntimeType, JSC::ErrorInstance::SourceTextWhereErrorOccurred) appender=0x03d862b0) Line 281	C++
> JavaScriptCore.dll!JSC::createNotAConstructorError(JSC::JSGlobalObject * globalObject=0x0cf76c68, JSC::JSValue value={...}) Line 309	C++
> JavaScriptCore.dll!JSC::LLInt::handleHostCall(JSC::CallFrame * calleeFrame=0x0c41ff28, JSC::JSValue callee={...}, JSC::CodeSpecializationKind kind=CodeForConstruct) Line 1490	C++
> JavaScriptCore.dll!JSC::LLInt::setUpCall(JSC::CallFrame * calleeFrame=0x0c41ff28, JSC::CodeSpecializationKind kind=CodeForConstruct, JSC::JSValue calleeAsValue={...}, JSC::LLIntCallLinkInfo * callLinkInfo=0x263f3928) Line 1517	C++
> JavaScriptCore.dll!JSC::LLInt::genericCall<JSC::OpConstruct>(JSC::CodeBlock * codeBlock=0x0d08a920, JSC::CallFrame * callFrame=0x0c41ffa8, JSC::OpConstruct && bytecode={...}, JSC::CodeSpecializationKind kind=CodeForConstruct) Line 1579	C++
> JavaScriptCore.dll!llint_slow_path_construct(JSC::CallFrame * callFrame=0x0c41ffa8, const JSC::Instruction * pc=0x263b5524) Line 1600	C++
> JavaScriptCore.dll!JSC::LLInt::CLoop::execute(JSC::OpcodeID entryOpcodeID=llint_vm_entry_to_javascript, void * executableAddress=0x000000db, JSC::VM * vm=0x0ba46fd8, JSC::ProtoCallFrame * protoCallFrame=0x012fe510, bool isInitializationPass=false) Line 20151	C++
> JavaScriptCore.dll!vmEntryToJavaScript(void * executableAddress=0x000000db, JSC::VM * vm=0x0ba46fd8, JSC::ProtoCallFrame * protoCallFrame=0x012fe510) Line 171	C++
> JavaScriptCore.dll!JSC::JITCode::execute(JSC::VM * vm=0x0ba46fd8, JSC::ProtoCallFrame * protoCallFrame=0x012fe510) Line 38	C++
> JavaScriptCore.dll!JSC::Interpreter::executeProgram(const JSC::SourceCode & source={...}, JSC::JSGlobalObject * __formal=0x0cf76c68, JSC::JSObject * thisObj=0x0cf302c8) Line 849	C++
> JavaScriptCore.dll!JSC::evaluate(JSC::JSGlobalObject * globalObject=0x0cf76c68, const JSC::SourceCode & source={...}, JSC::JSValue thisValue={...}, WTF::NakedPtr<JSC::Exception> & returnedException={...}) Line 148	C++
> JavaScriptCore.dll!JSC::profiledEvaluate(JSC::JSGlobalObject * globalObject=0x0cf76c68, JSC::ProfilingReason reason=Other, const JSC::SourceCode & source={...}, JSC::JSValue thisValue={...}, WTF::NakedPtr<JSC::Exception> & returnedException={...}) Line 161	C++
> WebKit.dll!WebCore::JSExecState::profiledEvaluate(JSC::JSGlobalObject * lexicalGlobalObject=0x0cf76c68, JSC::ProfilingReason reason=Other, const JSC::SourceCode & source={...}, JSC::JSValue thisValue={...}, WTF::NakedPtr<JSC::Exception> & returnedException={...}) Line 79	C++
> WebKit.dll!WebCore::ScriptController::evaluateInWorld(const WebCore::ScriptSourceCode & sourceCode={...}, WebCore::DOMWrapperWorld & world={...}) Line 143	C++
> WebKit.dll!WebCore::ScriptController::evaluateInWorldIgnoringException(const WebCore::ScriptSourceCode & sourceCode={...}, WebCore::DOMWrapperWorld & world={...}) Line 116	C++
> WebKit.dll!WebCore::ScriptController::evaluateIgnoringException(const WebCore::ScriptSourceCode & sourceCode={...}) Line 163	C++
> WebKit.dll!WebCore::ScriptElement::executeClassicScript(const WebCore::ScriptSourceCode & sourceCode={...}) Line 394	C++
> WebKit.dll!WebCore::LoadableClassicScript::execute(WebCore::ScriptElement & scriptElement={...}) Line 123	C++
> WebKit.dll!WebCore::ScriptElement::executeScriptAndDispatchEvent(WebCore::LoadableScript & loadableScript={...}) Line 432	C++
> WebKit.dll!WebCore::ScriptElement::executePendingScript(WebCore::PendingScript & pendingScript={...}) Line 440	C++
> WebKit.dll!WebCore::ScriptRunner::timerFired() Line 132	C++
> [External Code]	
> WebKit.dll!WTF::Detail::CallableWrapper<std::_Binder<std::_Unforced,void (__thiscall WebCore::ScriptRunner::*&)(void),WebCore::ScriptRunner *>,void>::call() Line 52	C++
> WebKit.dll!WTF::Function<void __cdecl(void)>::operator()() Line 84	C++
> WebKit.dll!WebCore::Timer::fired() Line 127	C++
> WebKit.dll!WebCore::ThreadTimers::sharedTimerFiredInternal() Line 129	C++
> WebKit.dll!WebCore::ThreadTimers::setSharedTimer::__l8::<lambda>() Line 69	C++
> WebKit.dll!WTF::Detail::CallableWrapper<void <lambda>(void),void>::call() Line 52	C++
> WebKit.dll!WTF::Function<void __cdecl(void)>::operator()() Line 84	C++
> WebKit.dll!WebCore::MainThreadSharedTimer::fired() Line 84	C++
> WebKit.dll!WebCore::TimerWindowWndProc(HWND__ * hWnd=0x00180a86, unsigned int message=49988, unsigned int wParam=0, long lParam=0) Line 89	C++
> [External Code]	
> user32.dll![Frames below may be incorrect and/or missing, no symbols loaded for user32.dll]	Unknown
> WebKit.dll!WebKitMessageLoop::run(HACCEL__ * hAccelTable=0x0cd10a11) Line 94	C++
> MiniBrowserLib.dll!wWinMain(HINSTANCE__ * hInstance=0x00920000, HINSTANCE__ * hPrevInstance=0x00000000, wchar_t * lpstrCmdLine=0x0152611c, int nCmdShow=10) Line 124	C++
> MiniBrowserLib.dll!dllLauncherEntryPoint(HINSTANCE__ * hInstance=0x00920000, HINSTANCE__ * hPrevInstance=0x00000000, wchar_t * lpstrCmdLine=0x0152611c, int nCmdShow=10) Line 145	C++
> MiniBrowser.exe!wWinMain(HINSTANCE__ * hInstance=0x00920000, HINSTANCE__ * hPrevInstance=0x00000000, wchar_t * lpstrCmdLine=0x0152611c, int nCmdShow=10) Line 232	C++
> [External Code]

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200115/e48232fe/attachment-0001.htm>

More information about the webkit-unassigned mailing list