[webkit-dev] x86-64 JIT

Mike Hommey mh+webkit at glandium.org
Wed Mar 18 13:47:35 PDT 2009

On Wed, Mar 18, 2009 at 01:07:51PM -0700, Gavin Barraclough wrote:
> On Mar 18, 2009, at 11:06 AM, Mike Hommey wrote:
>> An earlier call to JSC::JITStubs::cti_op_call_NotJSFunction works and a 
>> lot
>> of other stub functions are called before the crash, so it means most 
>> of
>> the JIT works, but it is failing in a subtle way.
> I'd suggest trying to produce a reduction of the test case your looking 
> at – JIT crashers can usually be reduced down to a very small test case.  
> You may then want to step though the JIT code to see where the bogus 
> value is coming from.  Adding calls to breakpoint() from  
> JIT::privateCompile and JIT::privateCompileMainPass can help with this, 
> inserting breakpoints into the JIT code that the debugger will then hit.

Apparently, any javascript containing page is enough to trigger the
crash. The default homepage, google.com does trigger it, and the much
simpler alert() testcase i found with a quick search crashes too.

I'll give a try to breakpoints when I'll have the occasion.



More information about the webkit-dev mailing list