[webkit-dev] x86-64 JIT

Mike Hommey mh+webkit at glandium.org
Thu Mar 19 10:12:33 PDT 2009

On Thu, Mar 19, 2009 at 09:43:36AM -0700, Maciej Stachowiak wrote:
> On Mar 18, 2009, at 1:47 PM, Mike Hommey wrote:
>> On Wed, Mar 18, 2009 at 01:07:51PM -0700, Gavin Barraclough wrote:
>>> On Mar 18, 2009, at 11:06 AM, Mike Hommey wrote:
>>>> An earlier call to JSC::JITStubs::cti_op_call_NotJSFunction works  
>>>> and a
>>>> lot
>>>> of other stub functions are called before the crash, so it means  
>>>> most
>>>> of
>>>> the JIT works, but it is failing in a subtle way.
>>> I'd suggest trying to produce a reduction of the test case your  
>>> looking
>>> at – JIT crashers can usually be reduced down to a very small test  
>>> case.
>>> You may then want to step though the JIT code to see where the bogus
>>> value is coming from.  Adding calls to breakpoint() from
>>> JIT::privateCompile and JIT::privateCompileMainPass can help with  
>>> this,
>>> inserting breakpoints into the JIT code that the debugger will then  
>>> hit.
>> Apparently, any javascript containing page is enough to trigger the
>> crash. The default homepage, google.com does trigger it, and the much
>> simpler alert() testcase i found with a quick search crashes too.
>> http://liblearn.osu.edu/tutor/jscript.html
>> I'll give a try to breakpoints when I'll have the occasion.
> It may be easier to debug using the command-line jsc tool and simple  
> script that's not in a Web page.

Except alert() isn't defined under jsc. Are there any other non-js (native)
functions available in jsc, since it seems to be the problem ?


More information about the webkit-dev mailing list