Details
Description
While accessing a webpage ( https://www.infinitytv.it/tsplay/index.html ) , I can reproduce the ASSERT every time. Callstack:
(gdb) bt #0 0xf5487c93 in WTFCrash () at /home/zzb/qt5/qtwebkit/Source/WTF/wtf/Assertions.cpp:345 #1 0xf5299e85 in JSC::DFG::SpeculateCellOperand::SpeculateCellOperand(JSC::DFG::SpeculativeJIT*, JSC::DFG::Edge, JSC::DFG::OperandSpeculationMode) () at /home/zzb/qt5/qtwebkit/Source/WTF/wtf/PrintStream.h:58 #2 0xf52bd831 in JSC::DFG::SpeculativeJIT::compile (this=0xff985fbc, node=0xe2071404) at /home/zzb/qt5/qtwebkit/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp:3874 #3 0xf5282c8c in JSC::DFG::SpeculativeJIT::compile (this=0xff985fbc, block=0xe10d92e0) at /home/zzb/qt5/qtwebkit/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:1795 #4 0xf5283333 in JSC::DFG::SpeculativeJIT::compile (this=0xff985fbc) at /home/zzb/qt5/qtwebkit/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:1913 #5 0xf5252483 in JSC::DFG::JITCompiler::compileBody (this=0xff986b98, speculative=0xff985fbc) at /home/zzb/qt5/qtwebkit/Source/JavaScriptCore/dfg/DFGJITCompiler.cpp:108 #6 0xf5253612 in JSC::DFG::JITCompiler::compileFunction(JSC::JITCode&, JSC::MacroAssemblerCodePtr&) () at /home/zzb/qt5/qtwebkit/Source/JavaScriptCore/dfg/DFGJITCompiler.cpp:301 #7 0xf5242954 in JSC::DFG::compile(JSC::DFG::CompileMode, JSC::ExecState*, JSC::CodeBlock*, JSC::JITCode&, JSC::MacroAssemblerCodePtr*, unsigned int) () at /home/zzb/qt5/qtwebkit/Source/WTF/wtf/PrintStream.h:58 #8 0xf52421aa in JSC::DFG::tryCompileFunction(JSC::ExecState*, JSC::CodeBlock*, JSC::JITCode&, JSC::MacroAssemblerCodePtr&, unsigned int) () at /home/zzb/qt5/qtwebkit/Source/JavaScriptCore/dfg/DFGDriver.cpp:182 #9 0xf53d2d44 in JSC::jitCompileFunctionIfAppropriate(JSC::ExecState*, WTF::OwnPtr<JSC::FunctionCodeBlock>&, JSC::JITCode&, JSC::MacroAssemblerCodePtr&, JSC::JITCode::JITType, unsigned int, JSC::JITCompilationEffort) () at /home/zzb/qt5/qtwebkit/Source/WTF/wtf/PageBlock.h:52 #10 0xf53d3000 in JSC::prepareFunctionForExecution(JSC::ExecState*, WTF::OwnPtr<JSC::FunctionCodeBlock>&, JSC::JITCode&, JSC::MacroAssemblerCodePtr&, JSC::JITCode::JITType, unsigned int, JSC::CodeSpecializationKind) () at /home/zzb/qt5/qtwebkit/Source/WTF/wtf/PageBlock.h:52 #11 0xf53d1495 in JSC::FunctionExecutable::compileForCallInternal (this=0xe2ede5b0, exec=0xe47bb908, scope=0xe2e5ff58, jitType=DFGJIT, bytecodeIndex=<unknown type>) at /home/zzb/qt5/qtwebkit/Source/JavaScriptCore/runtime/Executable.cpp:544 #12 0xf53d0cc7 in JSC::FunctionExecutable::compileOptimizedForCall (this=0xe2ede5b0, exec=0xe47bb908, scope=0xe2e5ff58, bytecodeIndex=<unknown type>) at /home/zzb/qt5/qtwebkit/Source/JavaScriptCore/runtime/Executable.cpp:465 #13 0xf514e854 in JSC::FunctionExecutable::compileOptimizedFor(JSC::ExecState*, JSC::JSScope*, unsigned int, JSC::CodeSpecializationKind) () at /home/zzb/qt5/qtwebkit/Source/WTF/wtf/PrintStream.h:58 #14 0xf5149be9 in JSC::FunctionCodeBlock::compileOptimized (this=0xe32ec2f8, exec=0xe47bb908, scope=0xe2e5ff58, bytecodeIndex=<unknown type>) at /home/zzb/qt5/qtwebkit/Source/JavaScriptCore/bytecode/CodeBlock.cpp:2859 #15 0xf532737e in cti_optimize (args=0xff9870b0) at /home/zzb/qt5/qtwebkit/Source/JavaScriptCore/jit/JITStubs.cpp:2039 #16 0xf5324398 in JSC::tryCacheGetByID (callFrame=0xe34131e0, codeBlock=0x84eb818, returnAddress=..., baseValue=..., propertyName=0xe8400018, slot=0xff987138, stubInfo=0xf5261dfc) ---Type <return> to continue, or q <return> to quit---
This issue is reproducible on three 32 bit platforms, but it is not reproducible on 64 bit linux pc. In my case, I am all using a gcc 4.7.x compiler (either native or cross ).
I think this is same as: https://bugs.webkit.org/show_bug.cgi?id=120167