<html>
    <head>
      <base href="https://bugs.webkit.org/" />
    </head>
    <body><table border="1" cellspacing="0" cellpadding="8">
        <tr>
          <th>Bug ID</th>
          <td><a class="bz_bug_link 
          bz_status_NEW "
   title="NEW - REGRESSION (r205107): [GTK] ASSERTION FAILED: !(reinterpret_cast&lt;char*&gt;(this)[i])"
   href="https://bugs.webkit.org/show_bug.cgi?id=161308">161308</a>
          </td>
        </tr>

        <tr>
          <th>Summary</th>
          <td>REGRESSION (r205107): [GTK] ASSERTION FAILED: !(reinterpret_cast&lt;char*&gt;(this)[i])
          </td>
        </tr>

        <tr>
          <th>Classification</th>
          <td>Unclassified
          </td>
        </tr>

        <tr>
          <th>Product</th>
          <td>WebKit
          </td>
        </tr>

        <tr>
          <th>Version</th>
          <td>WebKit Nightly Build
          </td>
        </tr>

        <tr>
          <th>Hardware</th>
          <td>Unspecified
          </td>
        </tr>

        <tr>
          <th>OS</th>
          <td>Unspecified
          </td>
        </tr>

        <tr>
          <th>Status</th>
          <td>NEW
          </td>
        </tr>

        <tr>
          <th>Severity</th>
          <td>Normal
          </td>
        </tr>

        <tr>
          <th>Priority</th>
          <td>P2
          </td>
        </tr>

        <tr>
          <th>Component</th>
          <td>JavaScriptCore
          </td>
        </tr>

        <tr>
          <th>Assignee</th>
          <td>webkit-unassigned&#64;lists.webkit.org
          </td>
        </tr>

        <tr>
          <th>Reporter</th>
          <td>clopez&#64;igalia.com
          </td>
        </tr>

        <tr>
          <th>CC</th>
          <td>benjamin&#64;webkit.org, bugs-noreply&#64;webkitgtk.org, fpizlo&#64;apple.com, sbarati&#64;apple.com
          </td>
        </tr>

        <tr>
          <th>Blocks</th>
          <td>161268
          </td>
        </tr></table>
      <p>
        <div>
        <pre>Revision r205107 &lt;<a href="http://trac.webkit.org/r205107">http://trac.webkit.org/r205107</a>&gt; has caused lot of assertions on the Debug build of GTK+: <a href="https://build.webkit.org/builders/GTK%20Linux%2064-bit%20Debug%20%28Tests%29/builds/10835">https://build.webkit.org/builders/GTK%20Linux%2064-bit%20Debug%20%28Tests%29/builds/10835</a>

Backtrace:

ASSERTION FAILED: !(reinterpret_cast&lt;char*&gt;(this)[i])
../../Source/JavaScriptCore/dfg/DFGAbstractValue.h(66) : JSC::DFG::AbstractValue::AbstractValue()
1   0x7f5e53a30411 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18(WTFCrash+0x1e) [0x7f5e53a30411]
2   0x7f5e530e5262 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18(JSC::DFG::AbstractValue::AbstractValue()+0x96) [0x7f5e530e5262]
3   0x7f5e53115412 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18(JSC::DFG::AbstractValue::fullTop()+0x19) [0x7f5e53115412]
4   0x7f5e53114b74 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18(JSC::DFG::BasicBlock::BasicBlock(unsigned int, unsigned int, unsigned int, float)+0x12e) [0x7f5e53114b74]
5   0x7f5e5312f9e0 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18(JSC::DFG::ByteCodeParser::parseCodeBlock()+0x60e) [0x7f5e5312f9e0]
6   0x7f5e5312ffb6 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18(JSC::DFG::ByteCodeParser::parse()+0x1c8) [0x7f5e5312ffb6]
7   0x7f5e531302aa /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18(JSC::DFG::parse(JSC::DFG::Graph&amp;)+0x3b) [0x7f5e531302aa]
8   0x7f5e533155c4 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18(JSC::DFG::Plan::compileInThreadImpl(JSC::DFG::LongLivedState&amp;)+0xe2) [0x7f5e533155c4]
9   0x7f5e53314fcf /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18(JSC::DFG::Plan::compileInThread(JSC::DFG::LongLivedState&amp;, JSC::DFG::ThreadData*)+0x173) [0x7f5e53314fcf]
10  0x7f5e53423754 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18(JSC::DFG::Worklist::runThread(JSC::DFG::ThreadData*)+0x316) [0x7f5e53423754]
11  0x7f5e53423a7a /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18(JSC::DFG::Worklist::threadFunction(void*)+0x2a) [0x7f5e53423a7a]
12  0x7f5e53a4d6be /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18(+0x228c6be) [0x7f5e53a4d6be]
13  0x7f5e53a4d874 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18(+0x228c874) [0x7f5e53a4d874]
14  0x7f5e5a04c7ce /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(std::function&lt;void ()&gt;::operator()() const+0x32) [0x7f5e5a04c7ce]
15  0x7f5e53a4d5a0 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18(+0x228c5a0) [0x7f5e53a4d5a0]
16  0x7f5e53a887e1 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18(+0x22c77e1) [0x7f5e53a887e1]
17  0x7f5e4f88f0a4 /lib/x86_64-linux-gnu/libpthread.so.0(+0x80a4) [0x7f5e4f88f0a4]
18  0x7f5e4afc587d /lib/x86_64-linux-gnu/libc.so.6(clone+0x6d) [0x7f5e4afc587d]</pre>
        </div>
      </p>
      <hr>
      <span>You are receiving this mail because:</span>
      
      <ul>
          <li>You are the assignee for the bug.</li>
      </ul>
    </body>
</html>