Bug 169018

Summary: Crashes are observed in JavaScriptCore/heap maintainer on Ubuntu/ppc64le.
Product: WebKit Reporter: sowania
Component: JavaScriptCoreAssignee: Nobody <webkit-unassigned>
Status: NEW ---    
Severity: Normal    
Priority: P2    
Version: WebKit Local Build   
Hardware: Other   
OS: Linux   
Attachments:
Description Flags
Test JavaScript and sample backtraces. none

Description sowania 2017-03-01 00:26:45 PST 
Created attachment 303046 [details]
Test JavaScript and sample backtraces.

While testing PhantomJS, which uses WebKit 5.5.1 internally - crashes are seen in the heap maintainer code inside JavaScriptCore module. The crash is typically seen when PhantomJS completes the task and then starts winding down for exit. The tests is being done on Power8/LE using Ubuntu 16.04LTS. As the issue is first seen with PhantomJS, a bug has been raised at https://github.com/ariya/phantomjs/issues/14859, but in reality the issue is with the WebKit, so I think it is logical to file a bug with WebKit as well.

Unfortunately I don't have any test script which can directly be used with WebKit. However I am attaching the test script I am using with PhantomJS. Additionally, I am also attaching a couple of backtraces as samples. I think heap handling and synchronization requires to be rechecked and fixed in order to avoid these crashes.

I am attaching the sample script and the backtraces. Please remove the backtrace part in the attached file before using it for tests. Typically, the command issued to test it is: bin/phantomjs ./run-qunit.js http://engadget.com