Bug 122838
| Summary: | run-javascriptcore-tests crashes in LLINT due to bad CallFrame* | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Mark Lam <mark.lam> |
| Component: | JavaScriptCore | Assignee: | Mark Lam <mark.lam> |
| Status: | ASSIGNED | ||
| Severity: | Normal | CC: | ggaren |
| Priority: | P2 | ||
| Version: | 528+ (Nightly build) | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Bug Depends on: | 122839 | ||
| Bug Blocks: | |||
Mark Lam
With the debugger enabled, run-javascriptcore-tests crashes in the LLINT slow path for op_debug. The crash is due to a bad CodeBlock* value in the CallFrame.
The op_debug being process is for a "DidExecuteProgram" notification. When this issue manifests, the CodeBlock* value is always 0x7.
Investigating.
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Mark Lam
Turns out the issue reproduces even when I don't force the Debugger to be enabled. It reproduces readily with the C Loop LLINT. Still investigating.