<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal"><span style="color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%">Hello,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%"><o:p> </o:p></span></p>
<p style="margin:0in;margin-bottom:.0001pt"><span style="color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%">We are seeing an access violation exception, on our PC-32 bit version of EAWebKit Demo (which is using JIT) on
a 3d-demo i.e. </span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""><a href="http://deanm.github.com/pre3d/monster.html"><span style="color:#508AFF">http://deanm.github.com/pre3d/monster.html</span></a>
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%">We’ve seen the same crash on WinCairo, however it doesn’t happen on our PS4 version of EAWebKitDemo, which doesn’t use JIT. So that points
the corruption happening within JSC. Looking at the heap stats from debugger, we don’t see any leaks, and that is the reason, we are more sure about it being an invalid write, most probably overwriting the guard fill.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%">We don’t see the crash with older WebKit build, which was too old (WebKit-r157437) though. Our present webkit is build – 179714 of the
trunk. Are you aware of the memory corruption issues with JIT?<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%">Although it’s way ahead than the point of interest, but here is the call stack of the crash on WinCairo debug build:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%"><o:p> </o:p></span></p>
<p class="MsoNormal"><i><span style="font-size:9.0pt;color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%">00 0018ee74 0a8e4759 WTF!WTFCrash+0x21 [c:\cygwin\home\rupsharma\archives\179714\source\wtf\wtf\assertions.cpp @ 321]<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span style="font-size:9.0pt;color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%">01 0018ee98 0a90fe80 JavaScriptCore!JSC::PropertyTable::reinsert+0xa9 [c:\cygwin\home\rupsharma\archives\179714\source\javascriptcore\runtime\propertymaphashtable.h
@ 484]<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span style="font-size:9.0pt;color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%">02 0018eec8 0a90cecf JavaScriptCore!JSC::PropertyTable::rehash+0x110 [c:\cygwin\home\rupsharma\archives\179714\source\javascriptcore\runtime\propertymaphashtable.h
@ 512]<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span style="font-size:9.0pt;color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%">03 0018ef04 0a906b0d JavaScriptCore!JSC::PropertyTable::add+0xbf [c:\cygwin\home\rupsharma\archives\179714\source\javascriptcore\runtime\propertymaphashtable.h
@ 356]<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span style="font-size:9.0pt;color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%">04 0018ef5c 0a903141 JavaScriptCore!JSC::Structure::add+0x12d [c:\cygwin\home\rupsharma\archives\179714\source\javascriptcore\runtime\structure.cpp
@ 902]<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span style="font-size:9.0pt;color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%">05 0018ef8c 0a839222 JavaScriptCore!JSC::Structure::addPropertyTransition+0x221 [c:\cygwin\home\rupsharma\archives\179714\source\javascriptcore\runtime\structure.cpp
@ 422]<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span style="font-size:9.0pt;color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%">06 0018f014 0a882369 JavaScriptCore!JSC::JSObject::putDirectInternal<0>+0x572 [c:\cygwin\home\rupsharma\archives\179714\source\javascriptcore\runtime\jsobject.h
@ 1392]<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span style="font-size:9.0pt;color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%">07 0018f0c0 0a5a15b8 JavaScriptCore!JSC::JSObject::put+0x229 [c:\cygwin\home\rupsharma\archives\179714\source\javascriptcore\runtime\jsobject.cpp
@ 356]<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span style="font-size:9.0pt;color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%">08 0018f0e8 0a7205fa JavaScriptCore!JSC::JSValue::put+0x78 [c:\cygwin\home\rupsharma\archives\179714\source\javascriptcore\runtime\jscjsvalueinlines.h
@ 750]<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span style="font-size:9.0pt;color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%">09 0018f154 0a71b109 JavaScriptCore!putByVal+0x17a [c:\cygwin\home\rupsharma\archives\179714\source\javascriptcore\jit\jitoperations.cpp
@ 476]<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span style="font-size:9.0pt;color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%">0a 0018f1e8 11c33a35 JavaScriptCore!operationPutByVal+0x259 [c:\cygwin\home\rupsharma\archives\179714\source\javascriptcore\jit\jitoperations.cpp
@ 533]<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span style="font-size:9.0pt;color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%">WARNING: Frame IP not in any known module. Following frames may be wrong.<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span style="font-size:9.0pt;color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%">0b 0018f358 0a9b1e8b 0x11c33a35<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span style="font-size:9.0pt;color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%">0c 0018f3b0 0a80f604 JavaScriptCore!llint_entry+0x425f [C:\Debug_WinCairo\bin32\Debug_WinCairo\obj32\JavaScriptCore\DerivedSources\LowLevelInterpreterWin.asm
@ 7119]<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span style="font-size:9.0pt;color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%">0d 0018f3f8 114c023d JavaScriptCore!slow_path_enter+0x114 [c:\cygwin\home\rupsharma\archives\179714\source\javascriptcore\runtime\commonslowpaths.cpp
@ 520]<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span style="font-size:9.0pt;color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%">0e 0018f448 0a9ada99 0x114c023d<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span style="font-size:9.0pt;color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%">0f 0018f4a4 0a70c599 JavaScriptCore!vmEntryToJavaScript+0x109 [C:\Debug_WinCairo\bin32\Debug_WinCairo\obj32\JavaScriptCore\DerivedSources\LowLevelInterpreterWin.asm
@ 110]<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span style="font-size:9.0pt;color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%">10 0018f500 0a6e71e2 JavaScriptCore!JSC::JITCode::execute+0xd9 [c:\cygwin\home\rupsharma\archives\179714\source\javascriptcore\jit\jitcode.cpp
@ 77]<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span style="font-size:9.0pt;color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%">11 0018f604 0a801fce JavaScriptCore!JSC::Interpreter::executeCall+0x3e2 [c:\cygwin\home\rupsharma\archives\179714\source\javascriptcore\interpreter\interpreter.cpp
@ 978]<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span style="font-size:9.0pt;color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%">12 0018f630 0a802027 JavaScriptCore!JSC::call+0x7e [c:\cygwin\home\rupsharma\archives\179714\source\javascriptcore\runtime\calldata.cpp
@ 39]<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span style="font-size:9.0pt;color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%">*** WARNING: Unable to verify checksum for WebKit.dll<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span style="font-size:9.0pt;color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%">13 0018f678 047f7dc4 JavaScriptCore!JSC::call+0x47 [c:\cygwin\home\rupsharma\archives\179714\source\javascriptcore\runtime\calldata.cpp
@ 44]<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span style="font-size:9.0pt;color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%">14 0018f6bc 0479a24e WebKit!WebCore::JSMainThreadExecState::call+0x54 [c:\cygwin\home\rupsharma\archives\179714\source\webcore\bindings\js\jsmainthreadexecstate.h
@ 56]<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span style="font-size:9.0pt;color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%">15 0018f7e0 0479a4a2 WebKit!WebCore::ScheduledAction::executeFunctionInContext+0x1de [c:\cygwin\home\rupsharma\archives\179714\source\webcore\bindings\js\scheduledaction.cpp
@ 104]<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span style="font-size:9.0pt;color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%">16 0018f820 04799f76 WebKit!WebCore::ScheduledAction::execute+0xf2 [c:\cygwin\home\rupsharma\archives\179714\source\webcore\bindings\js\scheduledaction.cpp
@ 126]<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span style="font-size:9.0pt;color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%">17 0018f830 0536d9a4 WebKit!WebCore::ScheduledAction::execute+0x36 [c:\cygwin\home\rupsharma\archives\179714\source\webcore\bindings\js\scheduledaction.cpp
@ 79]<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span style="font-size:9.0pt;color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%">18 0018f904 051fc8c5 WebKit!WebCore::DOMTimer::fired+0x1f4 [c:\cygwin\home\rupsharma\archives\179714\source\webcore\page\domtimer.cpp
@ 369]<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span style="font-size:9.0pt;color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%">19 0018f93c 051fc766 WebKit!WebCore::ThreadTimers::sharedTimerFiredInternal+0x155 [c:\cygwin\home\rupsharma\archives\179714\source\webcore\platform\threadtimers.cpp
@ 132]<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span style="font-size:9.0pt;color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%">1a 0018f944 05793d1f WebKit!WebCore::ThreadTimers::sharedTimerFired+0x16 [c:\cygwin\home\rupsharma\archives\179714\source\webcore\platform\threadtimers.cpp
@ 108]<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span style="font-size:9.0pt;color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%">1b 0018f950 755962fa WebKit!WebCore::TimerWindowWndProc+0xaf [c:\cygwin\home\rupsharma\archives\179714\source\webcore\platform\win\sharedtimerwin.cpp
@ 92]<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span style="font-size:9.0pt;color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%">1c 0018f97c 75596d3a user32!InternalCallWinProc+0x23<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span style="font-size:9.0pt;color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%">1d 0018f9f4 755977c4 user32!UserCallWinProcCheckWow+0x109<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span style="font-size:9.0pt;color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%">1e 0018fa54 7559788a user32!DispatchMessageWorker+0x3bc<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span style="font-size:9.0pt;color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%">1f 0018fa64 046cbd6d user32!DispatchMessageW+0xf<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span style="font-size:9.0pt;color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%">*** WARNING: Unable to verify checksum for WinLauncher.dll<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span style="font-size:9.0pt;color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%">20 0018fa8c 1000ab25 WebKit!WebKitMessageLoop::run+0x6d [c:\cygwin\home\rupsharma\archives\179714\source\webkit\win\webkitmessageloop.cpp
@ 96]<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span style="font-size:9.0pt;color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%">21 0018fb58 1000cfc8 WinLauncher_10000000!wWinMain+0x625 [c:\cygwin\home\rupsharma\archives\179714\tools\winlauncher\winmain.cpp
@ 168]<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span style="font-size:9.0pt;color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%">*** WARNING: Unable to verify checksum for WinLauncher.exe<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span style="font-size:9.0pt;color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%">*** ERROR: Module load completed but symbols could not be loaded for WinLauncher.exe<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span style="font-size:9.0pt;color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%">22 0018fb70 004014ab WinLauncher_10000000!dllLauncherEntryPoint+0x18 [c:\cygwin\home\rupsharma\archives\179714\tools\winlauncher\common.cpp
@ 832]<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span style="font-size:9.0pt;color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%">23 0018ff3c 00404203 WinLauncher+0x14ab<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span style="font-size:9.0pt;color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%">*** ERROR: Symbol file could not be found. Defaulted to export symbols for kernel32.dll -
<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span style="font-size:9.0pt;color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%">24 0018ff88 76d2337a WinLauncher+0x4203<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span style="font-size:9.0pt;color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%">25 0018ff94 773392e2 kernel32!BaseThreadInitThunk+0x12<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span style="font-size:9.0pt;color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%">26 0018ffd4 773392b5 ntdll!__RtlUserThreadStart+0x70<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span style="font-size:9.0pt;color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%">27 0018ffec 00000000 ntdll!_RtlUserThreadStart+0x1b<o:p></o:p></span></i></p>
<p class="MsoNormal"><span style="color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%">Thanks,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%">Rupali<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#203864;mso-style-textfill-fill-color:#203864;mso-style-textfill-fill-alpha:100.0%"><o:p> </o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>