Bug 150513

Summary: REGRESSION (r179357-r179359): WebContent Crash using AOL Mail @ com.apple.JavascriptCore JSC::linkPolymorphicCall(JSC::ExecState*, JSC::CallLinkInfo&, JSC::CallVariant, JSC::RegisterPreservationMode) + 1584
Product: WebKit Reporter: Michael Saboff <msaboff>
Component: JavaScriptCoreAssignee: Michael Saboff <msaboff>
Status: RESOLVED FIXED    
Severity: Normal CC: benjamin
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: All   
OS: All   
Attachments:
Description Flags
Patch saam: review+

Michael Saboff
Reported 2015-10-23 14:26:53 PDT
It appears that the website is running out of stack space while making a virtual call to a Javascript function for the first time. The call to the function properly fails due to out of stack space, but we try to add the function to a polymorphic cache and it doesn't have a CodeBlock. linkPolymorphicCall crashes without a CodeBlock. We need to make linkPolymorphicCall() properly handle a function without a CodeBlock.
Attachments
Patch (17.93 KB, patch)
2015-10-23 16:20 PDT, Michael Saboff 		saam: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Michael Saboff
Comment 1 2015-10-23 14:27:22 PDT
rdar://problem/23097422
Michael Saboff
Comment 2 2015-10-23 16:20:47 PDT
Created attachment 263954 [details] Patch
Saam Barati
Comment 3 2015-10-23 17:37:16 PDT
Comment on attachment 263954 [details] Patch r=me
Benjamin Poulain
Comment 4 2015-10-23 17:37:41 PDT
View in context: https://bugs.webkit.org/attachment.cgi?id=263954&action=review > Source/JavaScriptCore/jit/Repatch.cpp:686 > // If we cannot handle a callee, assume that it's better for this whole thing to be a > // virtual call. It would be good to update the comment too. > Source/JavaScriptCore/runtime/VM.h:635 > + bool m_failNextNewCodeBlock; Let's use m_failNextNewCodeBlock { false } then you don't need the initializer in the constructor. > Tools/DumpRenderTree/TestRunner.cpp:1940 > + if (argumentCount < 1) > + return JSValueMakeUndefined(context); > + ??? Do we care about argument here?
Michael Saboff
Comment 5 2015-10-23 18:46:10 PDT
Committed r191530: <http://trac.webkit.org/changeset/191530>
Note You need to log in before you can comment on or make changes to this bug.