122838 – run-javascriptcore-tests crashes in LLINT due to bad CallFrame*

ASSIGNED 122838

run-javascriptcore-tests crashes in LLINT due to bad CallFrame*

https://bugs.webkit.org/show_bug.cgi?id=122838

Summary run-javascriptcore-tests crashes in LLINT due to bad CallFrame*

Mark Lam

Reported 2013-10-15 09:31:58 PDT

With the debugger enabled, run-javascriptcore-tests crashes in the LLINT slow path for op_debug. The crash is due to a bad CodeBlock* value in the CallFrame. The op_debug being process is for a "DidExecuteProgram" notification. When this issue manifests, the CodeBlock* value is always 0x7. Investigating.

Attachments
Add attachment proposed patch, testcase, etc.

Mark Lam

Comment 1 2013-10-15 12:17:03 PDT

Turns out the issue reproduces even when I don't force the Debugger to be enabled. It reproduces readily with the C Loop LLINT. Still investigating.

Note You need to log in before you can comment on or make changes to this bug.

Status ASSIGNED

Resolution

Priority P2

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware Unspecified

OS Unspecified

Product WebKit

Component JavaScriptCore

Assignee

Mark Lam

Reported

2013-10-15 09:31 PDT

Modified

2013-11-06 16:17 PST History

CC List

1 user Show

URL

Keywords

Depends on

122839

Blocks

Dependencies

tree graph