| Summary: | fourthTier: Segfault in jsc with simple test program when running with profile dumping enabled | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Product: | WebKit | Reporter: | Mark Hahnenberg <mhahnenberg> | ||||||||||
| Component: | JavaScriptCore | Assignee: | Mark Hahnenberg <mhahnenberg> | ||||||||||
| Status: | RESOLVED FIXED | ||||||||||||
| Severity: | Normal | CC: | fpizlo | ||||||||||
| Priority: | P2 | ||||||||||||
| Version: | 528+ (Nightly build) | ||||||||||||
| Hardware: | Unspecified | ||||||||||||
| OS: | Unspecified | ||||||||||||
| Attachments: |
|
||||||||||||
|
Description
Mark Hahnenberg
2013-05-13 17:43:32 PDT
Nevermind about the test case, I think this has to do with having the profiling option enabled on the command line. Created attachment 201656 [details]
test case
Steps to repro:
1) build
2) DYLD_FRAMEWORK_PATH=WebKitBuild/Debug/ WebKitBuild/Debug/jsc -f ~/Code/WebKit-svn-03/OpenSource/test.js -p out.profile
3) Crash.
I tried disabling both the FTL and concurrent compilation, but the crash still happens. (In reply to comment #0) > If I run the attached test on the latest revision on the dfgFourthTier branch, I get a segfault. I've also attached the crash log. Did you attach the crash log? Created attachment 201676 [details]
crash log
Created attachment 201677 [details]
crash log 2
The previous crash log isn't where I was seeing the crash. Attaching a better one.
From email with Phil: "It's crashing because CodeBlock::baselineVersion() doesn't know how to handle the case where 'this' is the baseline version but it hasn't been assigned to the m_blahCodeBlock field in BlahExecutable." Patch coming soon to a theater near you. Created attachment 201747 [details]
Patch
Committed r150086: <http://trac.webkit.org/changeset/150086> |