[jsc-dev] Crashing on iOS 9
shuan zhao
hszhsh at icloud.com
Sun Feb 5 01:32:17 PST 2017
I’m running apps embedding my own build of JavaScriptCore on iOS (using C APIs only). It runs well on iOS 10 but crashes on iOS 9 or iOS 8. I guess it will also crash on iOS 7 or earlier systems which I have not tested on.
I found the bug (Bug 160337 <https://bugs.webkit.org/show_bug.cgi?id=160337> - Crash in JavaScriptCore GC when using JSC on dispatch queues (thread_get_state returns NULL stack pointer)). But my case is totally different because I have never got null stack pointer from thread_get_state. And I found that when launched with the option “Malloc Scribble” or “Malloc Guard Edges” checked in Xcode, my app won’t crash any more.
I have no idea what causes this crash. It would be very nice of you if you would give me some hints on the issue.
Mostly the crash stack was as follows, but sometimes it was different. And sometimes it reported errors that should not exist and crashed later.
#0 0x0000000100d66ca4 in JSC::Lexer<unsigned short>::setCode(JSC::SourceCode const&, JSC::ParserArena*) at /Users/hoolai/WebKit-GIT/Source/JavaScriptCore/parser/Lexer.cpp:571
#1 0x0000000100e037f8 in JSC::Parser<JSC::Lexer<unsigned short> >::Parser(JSC::VM*, JSC::SourceCode const&, JSC::JSParserBuiltinMode, JSC::JSParserStrictMode, JSC::JSParserScriptMode, JSC::SourceParseMode, JSC::SuperBinding, JSC::ConstructorKind, JSC::DerivedContextType, bool, JSC::EvalContextType, JSC::DebuggerParseData*) at /Users/hoolai/WebKit-GIT/Source/JavaScriptCore/parser/Parser.cpp:125
#2 0x0000000100e03c28 in JSC::Parser<JSC::Lexer<unsigned short> >::Parser(JSC::VM*, JSC::SourceCode const&, JSC::JSParserBuiltinMode, JSC::JSParserStrictMode, JSC::JSParserScriptMode, JSC::SourceParseMode, JSC::SuperBinding, JSC::ConstructorKind, JSC::DerivedContextType, bool, JSC::EvalContextType, JSC::DebuggerParseData*) at /Users/hoolai/WebKit-GIT/Source/JavaScriptCore/parser/Parser.cpp:123
#3 0x0000000100f3311c in std::__1::unique_ptr<JSC::FunctionNode, std::__1::default_delete<JSC::FunctionNode> > JSC::parse<JSC::FunctionNode>(JSC::VM*, JSC::SourceCode const&, JSC::Identifier const&, JSC::JSParserBuiltinMode, JSC::JSParserStrictMode, JSC::JSParserScriptMode, JSC::SourceParseMode, JSC::SuperBinding, JSC::ParserError&, JSC::JSTextPosition*, JSC::ConstructorKind, JSC::DerivedContextType, JSC::EvalContextType, JSC::DebuggerParseData*) at /Users/hoolai/WebKit-GIT/Source/JavaScriptCore/parser/Parser.h:1890
#4 0x0000000100f32b8c in JSC::generateUnlinkedFunctionCodeBlock(JSC::VM&, JSC::UnlinkedFunctionExecutable*, JSC::SourceCode const&, JSC::CodeSpecializationKind, JSC::DebuggerMode, JSC::UnlinkedFunctionKind, JSC::ParserError&, JSC::SourceParseMode) [inlined] at /Users/hoolai/WebKit-GIT/Source/JavaScriptCore/bytecode/UnlinkedFunctionExecutable.cpp:56
#5 0x0000000100f32b4c in JSC::UnlinkedFunctionExecutable::unlinkedCodeBlockFor(JSC::VM&, JSC::SourceCode const&, JSC::CodeSpecializationKind, JSC::DebuggerMode, JSC::ParserError&, JSC::SourceParseMode) at /Users/hoolai/WebKit-GIT/Source/JavaScriptCore/bytecode/UnlinkedFunctionExecutable.cpp:210
#6 0x0000000100ee8518 in JSC::ScriptExecutable::newCodeBlockFor(JSC::CodeSpecializationKind, JSC::JSFunction*, JSC::JSScope*, JSC::JSObject*&) at /Users/hoolai/WebKit-GIT/Source/JavaScriptCore/runtime/ScriptExecutable.cpp:217
#7 0x0000000100ee8bc8 in JSC::ScriptExecutable::prepareForExecutionImpl(JSC::VM&, JSC::JSFunction*, JSC::JSScope*, JSC::CodeSpecializationKind, JSC::CodeBlock*&) at /Users/hoolai/WebKit-GIT/Source/JavaScriptCore/runtime/ScriptExecutable.cpp:310
#8 0x0000000100da0cd4 in JSC::JSObject* JSC::ScriptExecutable::prepareForExecution<JSC::FunctionExecutable>(JSC::VM&, JSC::JSFunction*, JSC::JSScope*, JSC::CodeSpecializationKind, JSC::CodeBlock*&) [inlined] at /Users/hoolai/WebKit-GIT/Source/JavaScriptCore/bytecode/CodeBlock.h:1095
#9 0x0000000100da0cbc in JSC::LLInt::setUpCall(JSC::ExecState*, JSC::Instruction*, JSC::CodeSpecializationKind, JSC::JSValue, JSC::LLIntCallLinkInfo*) at /Users/hoolai/WebKit-GIT/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp:1304
#10 0x0000000100daa270 in llint_entry ()
#11 0x0000000100da9e84 in llint_entry ()
#12 0x0000000100da9ee8 in llint_entry ()
#13 0x0000000100da35f8 in vmEntryToJavaScript ()
#14 0x0000000100c4defc in JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) at /Users/hoolai/WebKit-GIT/Source/JavaScriptCore/jit/JITCode.cpp:81
#15 0x0000000100c20fc0 in JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) at /Users/hoolai/WebKit-GIT/Source/JavaScriptCore/interpreter/Interpreter.cpp:927
#16 0x00000001008d8000 in JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) [inlined] at /Users/hoolai/WebKit-GIT/Source/JavaScriptCore/runtime/CallData.cpp:39
#17 0x00000001008d7fd0 in JSC::profiledCall(JSC::ExecState*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) at /Users/hoolai/WebKit-GIT/Source/JavaScriptCore/runtime/CallData.cpp:59
#18 0x0000000100cecb38 in ::JSObjectCallAsFunction(JSContextRef, JSObjectRef, JSObjectRef, size_t, const JSValueRef *, JSValueRef *) at /Users/hoolai/WebKit-GIT/Source/JavaScriptCore/API/JSObjectRef.cpp:563
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/jsc-dev/attachments/20170205/7fdb16c5/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1789 bytes
Desc: not available
URL: <https://lists.webkit.org/pipermail/jsc-dev/attachments/20170205/7fdb16c5/attachment.p7s>
More information about the jsc-dev
mailing list