[Webkit-unassigned] [Bug 217189] [GStreamer] webaudio/Convolver/unmmodified-buffer.html is flaky timing out and crashing inside JSC since added in r267307

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Oct 1 13:49:54 PDT 2020 

https://bugs.webkit.org/show_bug.cgi?id=217189

--- Comment #3 from Lauro Moura <lmoura at igalia.com> ---
Created attachment 410266

  --> https://bugs.webkit.org/attachment.cgi?id=410266&action=review

JSC::CodeBlock::setConstantRegisters fails constants.Size assert

STDERR: ASSERTION FAILED: constants.size() == constantsSourceCodeRepresentation.size()

Thread 1 (Thread 0x7f911cf8e9c0 (LWP 107)):                                                                                                                                                                
#0  WTFCrash() () at ../../Source/WTF/wtf/Assertions.cpp:295                                                                                                                                               
#1  0x00007f91346f1ed7 in CRASH_WITH_INFO(...) () at DerivedSources/ForwardingHeaders/wtf/Assertions.h:713              
#2  0x00007f9124dde2e6 in JSC::CodeBlock::setConstantRegisters(WTF::RefCountedArray<JSC::WriteBarrier<JSC::Unknown, WTF::DumbValueTraits<JSC::Unknown> >, WTF::DumbPtrTraits<JSC::WriteBarrier<JSC::Unknown
, WTF::DumbValueTraits<JSC::Unknown> > > > const&, WTF::RefCountedArray<JSC::SourceCodeRepresentation, WTF::DumbPtrTraits<JSC::SourceCodeRepresentation> > const&, JSC::ScriptExecutable*) (this=0x7f90c22e
c390, constants=..., constantsSourceCodeRepresentation=..., topLevelExecutable=0x7f90d835c928) at ../../Source/JavaScriptCore/bytecode/CodeBlock.cpp:918
#3  0x00007f9124dd9df4 in JSC::CodeBlock::finishCreation(JSC::VM&, JSC::ScriptExecutable*, JSC::UnlinkedCodeBlock*, JSC::JSScope*) (this=0x7f90c22ec390, vm=..., ownerExecutable=0x7f90c22bd100, unlinkedCo
deBlock=0x7f911c64ea88, scope=0x7f90c24e6488) at ../../Source/JavaScriptCore/bytecode/CodeBlock.cpp:390
#4  0x00007f9125e4dfc3 in JSC::FunctionCodeBlock::create(JSC::VM&, JSC::FunctionExecutable*, JSC::UnlinkedFunctionCodeBlock*, JSC::JSScope*) (vm=..., ownerExecutable=0x7f90c22bd100, unlinkedCodeBlock=0x7
f911c64ea88, scope=0x7f90c24e6488) at ../../Source/JavaScriptCore/bytecode/FunctionCodeBlock.h:60
#5  0x00007f9125e4904a in JSC::ScriptExecutable::newCodeBlockFor(JSC::CodeSpecializationKind, JSC::JSFunction*, JSC::JSScope*, JSC::Exception*&) (this=0x7f90c22bd100, kind=JSC::CodeForCall, function=0x7f
90c22b9de0, scope=0x7f90c24e6488, exception=@0x7ffc6569ebe0: 0x0) at ../../Source/JavaScriptCore/runtime/ScriptExecutable.cpp:340
#6  0x00007f9125e4964a in JSC::ScriptExecutable::prepareForExecutionImpl(JSC::VM&, JSC::JSFunction*, JSC::JSScope*, JSC::CodeSpecializationKind, JSC::CodeBlock*&) (this=0x7f90c22bd100, vm=..., function=0
x7f90c22b9de0, scope=0x7f90c24e6488, kind=JSC::CodeForCall, resultCodeBlock=@0x7ffc6569ef40: 0x0) at ../../Source/JavaScriptCore/runtime/ScriptExecutable.cpp:422
#7  0x00007f91252c0bdf in JSC::ScriptExecutable::prepareForExecution<JSC::FunctionExecutable>(JSC::VM&, JSC::JSFunction*, JSC::JSScope*, JSC::CodeSpecializationKind, JSC::CodeBlock*&) (this=0x7f90c22bd10
0, vm=..., function=0x7f90c22b9de0, scope=0x7f90c24e6488, kind=JSC::CodeForCall, resultCodeBlock=@0x7ffc6569ef40: 0x0) at ../../Source/JavaScriptCore/bytecode/CodeBlock.h:1086
#8  0x00007f91259f0ab3 in JSC::LLInt::setUpCall(JSC::CallFrame*, JSC::CodeSpecializationKind, JSC::JSValue, JSC::LLIntCallLinkInfo*) (calleeFrame=0x7ffc6569ef30, kind=JSC::CodeForCall, calleeAsValue=...,
 callLinkInfo=0x7f90c24a3090) at ../../Source/JavaScriptCore/llint/LLIntSlowPaths.cpp:1743
#9  0x00007f91259f2512 in JSC::LLInt::genericCall<JSC::OpCall>(JSC::CodeBlock*, JSC::CallFrame*, JSC::OpCall&&, JSC::CodeSpecializationKind, unsigned int) (codeBlock=0x7f90c22ec260, callFrame=0x7ffc6569e
fb0, bytecode=..., kind=JSC::CodeForCall, checkpointIndex=0) at ../../Source/JavaScriptCore/llint/LLIntSlowPaths.cpp:1788
#10 0x00007f91259e7a96 in JSC::LLInt::llint_slow_path_call(JSC::CallFrame*, JSC::Instruction const*) (callFrame=0x7ffc6569efb0, pc=0x7f90d83a5b77) at ../../Source/JavaScriptCore/llint/LLIntSlowPaths.cpp:
1795
#11 0x00007f912492d712 in llint_op_call () at /app/webkit/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm:97
#12 0x00007ffc6569efb0 in  ()
#13 0x0000000000000000 in  ()

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20201001/2b418af5/attachment.htm>

More information about the webkit-unassigned mailing list