RESOLVED FIXED115167
REGRESSION(r137994): Random crashes in Yarr JIT for SH4 arch 
https://bugs.webkit.org/show_bug.cgi?id=115167
Summary REGRESSION(r137994): Random crashes in Yarr JIT for SH4 arch
Julien Brianceau
Reported 2013-04-25 03:24:52 PDT
Random crashes seen when using SH4 RegExp JIT. These crashes "disappear" if "JSC_useRegExpJIT=false" environment variable is set. Unit test to reproduce: $ ./jsc -s Source/JavaScriptCore/tests/mozilla/ecma_3/shell.js -s Source/JavaScriptCore/tests/mozilla/ecma_3/RegExp/shell.js /usr/WebKit-jsc/jsctest/ecma_3/RegExp/perlstress-001.js According to http://trac.webkit.org/changeset/144170 and http://trac.webkit.org/changeset/145194, I also suspect that SH4 cacheFlush() should also be aligned on page size (or function receives incorrect values from caller).
Attachments
Flush each page separately in cacheFlush function for SH4 arch (2.44 KB, patch)
2013-04-25 07:30 PDT, Julien Brianceau 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Julien Brianceau
Comment 1 2013-04-25 03:29:16 PDT
I forgot to mention that if I revert r137994, issue is "solved".
Julien Brianceau
Comment 2 2013-04-25 07:30:08 PDT
Created attachment 199659 [details] Flush each page separately in cacheFlush function for SH4 arch
WebKit Commit Bot
Comment 3 2013-04-25 09:17:40 PDT
Comment on attachment 199659 [details] Flush each page separately in cacheFlush function for SH4 arch Clearing flags on attachment: 199659 Committed r149114: <http://trac.webkit.org/changeset/149114>
WebKit Commit Bot
Comment 4 2013-04-25 09:17:42 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.