| Summary: | Proxy all functions, except the $ objects | ||||||
|---|---|---|---|---|---|---|---|
| Product: | WebKit | Reporter: | JF Bastien <jfbastien> | ||||
| Component: | JavaScriptCore | Assignee: | JF Bastien <jfbastien> | ||||
| Status: | RESOLVED FIXED | ||||||
| Severity: | Normal | CC: | commit-queue, fpizlo, jfbastien, keith_miller, mark.lam, mcatanzaro, msaboff, rmorisset, saam, webkit-bug-importer, ysuzuki | ||||
| Priority: | P2 | Keywords: | InRadar | ||||
| Version: | WebKit Nightly Build | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Bug Depends on: | 180306 | ||||||
| Bug Blocks: | |||||||
| Attachments: |
|
||||||
|
Description
JF Bastien
2017-12-04 13:22:24 PST
OK, I can reproduce the crashes locally:
#0 0x000000000067c7b6 in JSC::CodeBlock::unlinkIncomingCalls() ()
#1 0x0000000000ce044d in JSC::ScriptExecutable::installCode(JSC::VM&, JSC::CodeBlock*, JSC::CodeType, JSC::CodeSpecializationKind) ()
#2 0x0000000000a1d4cc in JSC::JITWorklist::Plan::compileNow(JSC::CodeBlock*, unsigned int) ()
#3 0x0000000000a1a66a in JSC::JITWorklist::compileLater(JSC::CodeBlock*, unsigned int) ()
#4 0x0000000000a45923 in JSC::LLInt::jitCompileAndSetHeuristics(JSC::CodeBlock*, JSC::ExecState*, unsigned int) ()
#5 0x0000000000a44073 in llint_loop_osr ()
#6 0x0000000000a32964 in llint_entry ()
#7 0x0000000000a32c90 in llint_entry ()
#8 0x0000000000a2bb08 in vmEntryToJavaScript ()
#9 0x00000000009d4952 in JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*)
()
#10 0x00000000009ae252 in JSC::Interpreter::executeProgram(JSC::SourceCode const&, JSC::ExecState*, JSC::JSObject*) ()
#11 0x0000000000b5b94d in JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) ()
#12 0x0000000000666419 in jscmain(int, char**) ()
#13 0x000000000065c1ea in main ()
#0 0x000000000067c7b6 in JSC::CodeBlock::unlinkIncomingCalls() ()
#1 0x0000000000ce044d in JSC::ScriptExecutable::installCode(JSC::VM&, JSC::CodeBlock*, JSC::CodeType, JSC::CodeSpecializationKind) ()
#2 0x0000000000a1d4cc in JSC::JITWorklist::Plan::compileNow(JSC::CodeBlock*, unsigned int) ()
#3 0x0000000000a1a66a in JSC::JITWorklist::compileLater(JSC::CodeBlock*, unsigned int) ()
#4 0x0000000000a45923 in JSC::LLInt::jitCompileAndSetHeuristics(JSC::CodeBlock*, JSC::ExecState*, unsigned int) ()
#5 0x0000000000a44073 in llint_loop_osr ()
#6 0x0000000000a32964 in llint_entry ()
#7 0x0000000000a32c90 in llint_entry ()
#8 0x0000000000a2bb08 in vmEntryToJavaScript ()
#9 0x00000000009d4952 in JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*)
()
#10 0x00000000009ae252 in JSC::Interpreter::executeProgram(JSC::SourceCode const&, JSC::ExecState*, JSC::JSObject*) ()
#11 0x0000000000b5b94d in JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) ()
#12 0x0000000000666419 in jscmain(int, char**) ()
#13 0x000000000065c1ea in main ()
No data members because I was silly and did a release build specifically for this, thinking to avoid all the extra failures from asserts that are occurring in debug builds (we need to get a handle on those). I can redo it with a debug build if filtering out the $ objects doesn't work and you need a better backtrace.
Created attachment 328381 [details]
patch
(In reply to Michael Catanzaro from comment #1) > OK, I can reproduce the crashes locally: Does it still repo with my change? Comment on attachment 328381 [details] patch Clearing flags on attachment: 328381 Committed r225493: <https://trac.webkit.org/changeset/225493> All reviewed patches have been landed. Closing bug. (In reply to JF Bastien from comment #3) > (In reply to Michael Catanzaro from comment #1) > > OK, I can reproduce the crashes locally: > > Does it still repo with my change? No, the bots are happy again. Thanks! |