124278 – [sh4] JavaScript engine randomly crashes

RESOLVED FIXED Bug 124278

[sh4] JavaScript engine randomly crashes

https://bugs.webkit.org/show_bug.cgi?id=124278

Summary [sh4] JavaScript engine randomly crashes

Julien Brianceau

Reported 2013-11-13 06:26:51 PST

This uncommon case is seen when a flushConstantPool occurs in movlMemRegCompact. As in this case a branch opcode and the constant pool are put before the movlMemRegCompact, the branch itself is patched when calling repatchCompact instead of the mov instruction, which is really bad.

Attachments
Protect repatchCompact from flushConstantPool in sh4 baseline JIT. (2.11 KB, patch) 2013-11-13 06:28 PST, Julien Brianceau	no flags	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Julien Brianceau

Comment 1 2013-11-13 06:28:21 PST

Created attachment 216795 [details] Protect repatchCompact from flushConstantPool in sh4 baseline JIT.

WebKit Commit Bot

Comment 2 2013-11-13 09:37:34 PST

Comment on attachment 216795 [details] Protect repatchCompact from flushConstantPool in sh4 baseline JIT. Clearing flags on attachment: 216795 Committed r159203: <http://trac.webkit.org/changeset/159203>

WebKit Commit Bot

Comment 3 2013-11-13 09:37:35 PST

All reviewed patches have been landed. Closing bug.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware Unspecified

OS Unspecified

Product WebKit

Component JavaScriptCore

Assignee

Nobody

Reported

2013-11-13 06:26 PST

Modified

2013-11-13 09:37 PST History

CC List

3 users Show

URL

Keywords

Depends on

Blocks