<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">I’m running apps embedding my own build of JavaScriptCore on iOS (using C APIs only). It runs well on iOS 10 but crashes on iOS 9 or iOS 8. I guess it will also crash on iOS 7 or earlier systems which I have not tested on.<div class=""><br class=""><div class="">I found the bug (<a href="https://bugs.webkit.org/show_bug.cgi?id=160337" style="color: rgb(102, 51, 102); font-family: Verdana, Arial, Helvetica; font-size: 15px; font-weight: bold; background-color: rgb(208, 208, 208);" class=""><b class="">Bug 160337</b></a><span style="font-family: Verdana, Arial, Helvetica; font-size: 15px; font-weight: bold; background-color: rgb(208, 208, 208);" class=""> -</span><span id="summary_alias_container" style="font-family: Verdana, Arial, Helvetica; font-size: 15px; font-weight: bold; background-color: rgb(208, 208, 208);" class=""> <span id="short_desc_nonedit_display" class="">Crash in JavaScriptCore GC when using JSC on dispatch queues (thread_get_state returns NULL stack pointer)</span></span>). But my case is totally different because I have never got null stack pointer from thread_get_state. And I found that when launched with the option “Malloc Scribble” or “Malloc Guard Edges” checked in Xcode, my app won’t crash any more.</div><div class=""><br class=""></div><div class="">I have no idea what causes this crash. It would be very nice of you if you would give me some hints on the issue.</div><div class=""><br class=""></div><div class="">Mostly the crash stack was as follows, but sometimes it was different. And sometimes it reported errors that should not exist and crashed later.</div><div class=""><br class=""></div><div class=""><div class="">#0<span class="Apple-tab-span" style="white-space:pre">        </span>0x0000000100d66ca4 in JSC::Lexer<unsigned short>::setCode(JSC::SourceCode const&, JSC::ParserArena*) at /Users/hoolai/WebKit-GIT/Source/JavaScriptCore/parser/Lexer.cpp:571</div><div class="">#1<span class="Apple-tab-span" style="white-space:pre">        </span>0x0000000100e037f8 in JSC::Parser<JSC::Lexer<unsigned short> >::Parser(JSC::VM*, JSC::SourceCode const&, JSC::JSParserBuiltinMode, JSC::JSParserStrictMode, JSC::JSParserScriptMode, JSC::SourceParseMode, JSC::SuperBinding, JSC::ConstructorKind, JSC::DerivedContextType, bool, JSC::EvalContextType, JSC::DebuggerParseData*) at /Users/hoolai/WebKit-GIT/Source/JavaScriptCore/parser/Parser.cpp:125</div><div class="">#2<span class="Apple-tab-span" style="white-space:pre">        </span>0x0000000100e03c28 in JSC::Parser<JSC::Lexer<unsigned short> >::Parser(JSC::VM*, JSC::SourceCode const&, JSC::JSParserBuiltinMode, JSC::JSParserStrictMode, JSC::JSParserScriptMode, JSC::SourceParseMode, JSC::SuperBinding, JSC::ConstructorKind, JSC::DerivedContextType, bool, JSC::EvalContextType, JSC::DebuggerParseData*) at /Users/hoolai/WebKit-GIT/Source/JavaScriptCore/parser/Parser.cpp:123</div><div class="">#3<span class="Apple-tab-span" style="white-space:pre">        </span>0x0000000100f3311c in std::__1::unique_ptr<JSC::FunctionNode, std::__1::default_delete<JSC::FunctionNode> > JSC::parse<JSC::FunctionNode>(JSC::VM*, JSC::SourceCode const&, JSC::Identifier const&, JSC::JSParserBuiltinMode, JSC::JSParserStrictMode, JSC::JSParserScriptMode, JSC::SourceParseMode, JSC::SuperBinding, JSC::ParserError&, JSC::JSTextPosition*, JSC::ConstructorKind, JSC::DerivedContextType, JSC::EvalContextType, JSC::DebuggerParseData*) at /Users/hoolai/WebKit-GIT/Source/JavaScriptCore/parser/Parser.h:1890</div><div class="">#4<span class="Apple-tab-span" style="white-space:pre">        </span>0x0000000100f32b8c in JSC::generateUnlinkedFunctionCodeBlock(JSC::VM&, JSC::UnlinkedFunctionExecutable*, JSC::SourceCode const&, JSC::CodeSpecializationKind, JSC::DebuggerMode, JSC::UnlinkedFunctionKind, JSC::ParserError&, JSC::SourceParseMode) [inlined] at /Users/hoolai/WebKit-GIT/Source/JavaScriptCore/bytecode/UnlinkedFunctionExecutable.cpp:56</div><div class="">#5<span class="Apple-tab-span" style="white-space:pre">        </span>0x0000000100f32b4c in JSC::UnlinkedFunctionExecutable::unlinkedCodeBlockFor(JSC::VM&, JSC::SourceCode const&, JSC::CodeSpecializationKind, JSC::DebuggerMode, JSC::ParserError&, JSC::SourceParseMode) at /Users/hoolai/WebKit-GIT/Source/JavaScriptCore/bytecode/UnlinkedFunctionExecutable.cpp:210</div><div class="">#6<span class="Apple-tab-span" style="white-space:pre">        </span>0x0000000100ee8518 in JSC::ScriptExecutable::newCodeBlockFor(JSC::CodeSpecializationKind, JSC::JSFunction*, JSC::JSScope*, JSC::JSObject*&) at /Users/hoolai/WebKit-GIT/Source/JavaScriptCore/runtime/ScriptExecutable.cpp:217</div><div class="">#7<span class="Apple-tab-span" style="white-space:pre">        </span>0x0000000100ee8bc8 in JSC::ScriptExecutable::prepareForExecutionImpl(JSC::VM&, JSC::JSFunction*, JSC::JSScope*, JSC::CodeSpecializationKind, JSC::CodeBlock*&) at /Users/hoolai/WebKit-GIT/Source/JavaScriptCore/runtime/ScriptExecutable.cpp:310</div><div class="">#8<span class="Apple-tab-span" style="white-space:pre">        </span>0x0000000100da0cd4 in JSC::JSObject* JSC::ScriptExecutable::prepareForExecution<JSC::FunctionExecutable>(JSC::VM&, JSC::JSFunction*, JSC::JSScope*, JSC::CodeSpecializationKind, JSC::CodeBlock*&) [inlined] at /Users/hoolai/WebKit-GIT/Source/JavaScriptCore/bytecode/CodeBlock.h:1095</div><div class="">#9<span class="Apple-tab-span" style="white-space:pre">        </span>0x0000000100da0cbc in JSC::LLInt::setUpCall(JSC::ExecState*, JSC::Instruction*, JSC::CodeSpecializationKind, JSC::JSValue, JSC::LLIntCallLinkInfo*) at /Users/hoolai/WebKit-GIT/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp:1304</div><div class="">#10<span class="Apple-tab-span" style="white-space:pre">        </span>0x0000000100daa270 in llint_entry ()</div><div class="">#11<span class="Apple-tab-span" style="white-space:pre">        </span>0x0000000100da9e84 in llint_entry ()</div><div class="">#12<span class="Apple-tab-span" style="white-space:pre">        </span>0x0000000100da9ee8 in llint_entry ()</div><div class="">#13<span class="Apple-tab-span" style="white-space:pre">        </span>0x0000000100da35f8 in vmEntryToJavaScript ()</div><div class="">#14<span class="Apple-tab-span" style="white-space:pre">        </span>0x0000000100c4defc in JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) at /Users/hoolai/WebKit-GIT/Source/JavaScriptCore/jit/JITCode.cpp:81</div><div class="">#15<span class="Apple-tab-span" style="white-space:pre">        </span>0x0000000100c20fc0 in JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) at /Users/hoolai/WebKit-GIT/Source/JavaScriptCore/interpreter/Interpreter.cpp:927</div><div class="">#16<span class="Apple-tab-span" style="white-space:pre">        </span>0x00000001008d8000 in JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) [inlined] at /Users/hoolai/WebKit-GIT/Source/JavaScriptCore/runtime/CallData.cpp:39</div><div class="">#17<span class="Apple-tab-span" style="white-space:pre">        </span>0x00000001008d7fd0 in JSC::profiledCall(JSC::ExecState*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) at /Users/hoolai/WebKit-GIT/Source/JavaScriptCore/runtime/CallData.cpp:59</div><div class="">#18<span class="Apple-tab-span" style="white-space:pre">        </span>0x0000000100cecb38 in ::JSObjectCallAsFunction(JSContextRef, JSObjectRef, JSObjectRef, size_t, const JSValueRef *, JSValueRef *) at /Users/hoolai/WebKit-GIT/Source/JavaScriptCore/API/JSObjectRef.cpp:563</div></div><div class=""><br class=""></div></div></body></html>