css3/shapes/shape-outside/values/shape-outside-ellipse-004.html is crashing and this started on commit 254969 I did not try to reproduce the crash. It is happening on debug with wk1 and wk2 on macOS and iOS. History: https://results.webkit.org/?suite=layout-tests&test=css3%2Fshapes%2Fshape-outside%2Fvalues%2Fshape-outside-ellipse-004.html Crasher: No crash log found for com.apple.WebKit.WebContent.Development:19258. stdout: stderr: ASSERTION FAILED: bits < (1ULL << maxBits) /Volumes/Data/slave/ios-simulator-13-debug/build/Source/JavaScriptCore/bytecode/Operands.h(79) : uint64_t JSC::Operand::asBits() const 1 0x3e4f76be9 WTFCrash 2 0x3e61777fb WTFCrashWithInfo(int, char const*, char const*, int) 3 0x3e57137ee JSC::Operand::asBits() const 4 0x3e572eac1 JSC::DFG::OpInfo::OpInfo(JSC::Operand) 5 0x3e572ea2d JSC::DFG::OpInfo::OpInfo(JSC::Operand) 6 0x3e5752b67 JSC::DFG::ByteCodeParser::setDirect(JSC::Operand, JSC::DFG::Node*, JSC::DFG::ByteCodeParser::SetMode) 7 0x3e579b4d8 JSC::DFG::ByteCodeParser::handleVarargsInlining(JSC::DFG::Node*, JSC::VirtualRegister, JSC::CallLinkStatus const&, int, JSC::VirtualRegister, JSC::VirtualRegister, unsigned int, JSC::DFG::NodeType, JSC::InlineCallFrame::Kind)::$_3::operator()(JSC::CodeBlock*) const 8 0x3e5751b3a void JSC::DFG::ByteCodeParser::inlineCall<JSC::DFG::ByteCodeParser::handleVarargsInlining(JSC::DFG::Node*, JSC::VirtualRegister, JSC::CallLinkStatus const&, int, JSC::VirtualRegister, JSC::VirtualRegister, unsigned int, JSC::DFG::NodeType, JSC::InlineCallFrame::Kind)::$_3>(JSC::DFG::Node*, JSC::VirtualRegister, JSC::CallVariant, int, int, JSC::InlineCallFrame::Kind, JSC::DFG::BasicBlock*, JSC::DFG::ByteCodeParser::handleVarargsInlining(JSC::DFG::Node*, JSC::VirtualRegister, JSC::CallLinkStatus const&, int, JSC::VirtualRegister, JSC::VirtualRegister, unsigned int, JSC::DFG::NodeType, JSC::InlineCallFrame::Kind)::$_3 const&) 9 0x3e5751815 JSC::DFG::ByteCodeParser::handleVarargsInlining(JSC::DFG::Node*, JSC::VirtualRegister, JSC::CallLinkStatus const&, int, JSC::VirtualRegister, JSC::VirtualRegister, unsigned int, JSC::DFG::NodeType, JSC::InlineCallFrame::Kind) 10 0x3e57748dc JSC::DFG::ByteCodeParser::Terminality JSC::DFG::ByteCodeParser::handleVarargsCall<JSC::OpCallVarargs>(JSC::Instruction const*, JSC::DFG::NodeType, JSC::CallMode) 11 0x3e5768b93 JSC::DFG::ByteCodeParser::parseBlock(unsigned int) 12 0x3e5778ba4 JSC::DFG::ByteCodeParser::parseCodeBlock() 13 0x3e57792b0 JSC::DFG::ByteCodeParser::parse() 14 0x3e577a7bb JSC::DFG::parse(JSC::DFG::Graph&) 15 0x3e59f4af8 JSC::DFG::Plan::compileInThreadImpl() 16 0x3e59f4298 JSC::DFG::Plan::compileInThread(JSC::DFG::ThreadData*) 17 0x3e5b3a8c0 JSC::DFG::Worklist::ThreadBody::work() 18 0x3e4f8d139 WTF::AutomaticThread::start(WTF::AbstractLocker const&)::$_0::operator()() const 19 0x3e4f8cd29 WTF::Detail::CallableWrapper<WTF::AutomaticThread::start(WTF::AbstractLocker const&)::$_0, void>::call() 20 0x3e4fa10aa WTF::Function<void ()>::operator()() const 21 0x3e504a610 WTF::Thread::entryPoint(WTF::Thread::NewThreadContext*) 22 0x3e5056795 WTF::wtfThreadEntryPoint(void*) 23 0x10e8cad76 _pthread_start 24 0x10e8c75d7 thread_start LEAK: 1 WebPageProxy
<rdar://problem/58836312>
This bug looks like it has been fixed https://trac.webkit.org/changeset/254975/webkit
<rdar://problem/58836481>