[Webkit-unassigned] [Bug 23551] Crash on page load with profiler enabled and running
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Jan 29 02:06:14 PST 2009
https://bugs.webkit.org/show_bug.cgi?id=23551
cwzwarich at uwaterloo.ca changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |oliver at apple.com,
| |ggaren at apple.com
------- Comment #9 from cwzwarich at uwaterloo.ca 2009-01-29 02:06 PDT -------
So, this appears to be a difference in ScopeChain handling between Debug and
Release. It's not a random compiler bug, because I still get it with NDEBUG and
-O0. Printing out the ScopeChain right before the offending profiler hook along
with ref counts shows this difference.
I have no clue what is causing this. Oliver suspects it is a difference in
conservative GC marking that is saving the day. Since ScopeChainNodes aren't
allocated on the JS heap, it would have to be some other object, like a
closure, keeping the ScopeChainNode alive.
Geoff, you seem to be the only one who really understands the ScopeChainNode
management scheme. Any thoughts?
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list