NEW 273854
[Win][JSC] REGRESSION(278477@main): crashing in operationPutByValSloppyOptimize of JITOperations.cpp
https://bugs.webkit.org/show_bug.cgi?id=273854
Summary [Win][JSC] REGRESSION(278477@main): crashing in operationPutByValSloppyOptimi...
Fujii Hironori
Reported 2024-05-07 17:12:10 PDT
[Win][JSC] REGRESSION(278477@main): crashing in operationPutByValSloppyOptimize of JITOperations.cpp After 278477@main, Windows port is crashing. 00 0000003b`110fd060 000001d1`80002ca4 JavaScriptCore!operationPutByValSloppyOptimize(int64 encodedBaseValue = 0n2000416968128, int64 encodedSubscript = 0n2000417086208, int64 encodedValue = 0n2000384729672, class JSC::JSGlobalObject * globalObject = 0x000001d1`c22a6270, class JSC::StructureStubInfo * stubInfo = 0x000001d1`c03fceac, class JSC::ArrayProfile * profile = 0x000001d1`fc3283a0)+0x6f [C:\webkit\build\Source\JavaScriptCore\jit\JITOperations.cpp @ 1751] 01 0000003b`110fd1a0 0000bd9e`1ddb6d6f 0x000001d1`80002ca4 02 0000003b`110fd1a8 000001d1`8000301a 0x0000bd9e`1ddb6d6f 03 0000003b`110fd1b0 fffffff9`c2278a00 0x000001d1`8000301a
Attachments
crash log (165.48 KB, text/plain)
2024-05-07 17:19 PDT, Fujii Hironori
no flags
Fujii Hironori
Comment 1 2024-05-07 17:15:04 PDT
I confirmed setting a env bar $env:JSC_useJIT=0 works around the crash. But, $env:JSC_useDFGJIT=0 doesn't.
Fujii Hironori
Comment 2 2024-05-07 17:19:08 PDT
Created attachment 471307 [details] crash log
Fujii Hironori
Comment 3 2024-05-07 17:43:46 PDT
bug#273854 is going to disable Windows JIT to work around crashing.
Radar WebKit Bug Importer
Comment 4 2024-05-14 17:13:16 PDT
Note You need to log in before you can comment on or make changes to this bug.