RESOLVED FIXED275014
SIGTRAP in JIT'ed code 
https://bugs.webkit.org/show_bug.cgi?id=275014
Summary SIGTRAP in JIT'ed code
Gary Kwong [:gkw] [:nth10sd]
Reported 2024-05-31 21:43:48 PDT
``` new (function () { /x/.constructor.input = /x/.constructor; this.constructor(); }); ``` This testcase hits a SIGTRAP on debug builds on rev https://github.com/WebKit/WebKit/commit/427a310bda2e, run with: --useConcurrentJIT=false --useDFGJIT=true --useFTLJIT=false. The SIGTRAP goes away when --useDFGJIT=false. The regressor seems to be: https://github.com/WebKit/WebKit/commit/10748e5975cd ``` 10748e5975cd1f538bd71b5e68bcf61ad142fc18 is the first bad commit commit 10748e5975cd1f538bd71b5e68bcf61ad142fc18 Author: Keith Miller Date: Tue May 7 13:08:55 2024 -0700 JIT operations should return the current exception in a return GPR when it's free. https://bugs.webkit.org/show_bug.cgi?id=273264 rdar://127065985 Reviewed by Yusuke Suzuki. ``` Setting s-s to be safe, as JIT'ed code may sometimes be problematic. Please feel free to open this up as needed.
Attachments
Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2024-05-31 21:44:00 PDT
<rdar://problem/129096982>
Gary Kwong [:gkw] [:nth10sd]
Comment 2 2024-06-01 22:03:47 PDT
If it helps, I also found this on Ubuntu Linux 22.04.
Keith Miller
Comment 3 2024-06-02 08:25:11 PDT
Hi, thanks for the report! I don't think this needs to be in security since it hasn't shipped yet. I think the fix is easy.
Keith Miller
Comment 4 2024-06-02 08:37:18 PDT
Pull request: https://github.com/WebKit/WebKit/pull/29427
EWS
Comment 5 2024-06-02 11:35:57 PDT
Committed 279625@main (e44e4c11207c): <https://commits.webkit.org/279625@main> Reviewed commits have been landed. Closing PR #29427 and removing active labels.
Note You need to log in before you can comment on or make changes to this bug.