124278 – [sh4] JavaScript engine randomly crashes

Bug 124278 - [sh4] JavaScript engine randomly crashes

Summary: [sh4] JavaScript engine randomly crashes

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	JavaScriptCore (show other bugs)
Version:	528+ (Nightly build)
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:

Depends on:
Blocks:

Reported:	2013-11-13 06:26 PST by Julien Brianceau
Modified:	2013-11-13 09:37 PST (History)
CC List:	3 users (show)

See Also:

Attachments
Protect repatchCompact from flushConstantPool in sh4 baseline JIT. (2.11 KB, patch) 2013-11-13 06:28 PST, Julien Brianceau	no flags	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Julien Brianceau 2013-11-13 06:26:51 PST

This uncommon case is seen when a flushConstantPool occurs in movlMemRegCompact.
As in this case a branch opcode and the constant pool are put before the movlMemRegCompact, the branch itself is patched when calling repatchCompact instead of the mov instruction, which is really bad.

Comment 1 Julien Brianceau 2013-11-13 06:28:21 PST

Created attachment 216795 [details]
Protect repatchCompact from flushConstantPool in sh4 baseline JIT.

Comment 2 WebKit Commit Bot 2013-11-13 09:37:34 PST

Comment on attachment 216795 [details]
Protect repatchCompact from flushConstantPool in sh4 baseline JIT.

Clearing flags on attachment: 216795

Committed r159203: <http://trac.webkit.org/changeset/159203>

Comment 3 WebKit Commit Bot 2013-11-13 09:37:35 PST

All reviewed patches have been landed.  Closing bug.