[Webkit-unassigned] [Bug 27077] Workers + garbage collector: weird crashes
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Jul 13 06:59:36 PDT 2009
https://bugs.webkit.org/show_bug.cgi?id=27077
--- Comment #7 from Zoltan Herczeg <zherczeg at inf.u-szeged.hu> 2009-07-13 06:59:35 PDT ---
> Yes - I was wondering if that's premature optimization, perhaps its effect is
> negligible.
Ok, then I will file a patch which removes those static variables.
The next bug happens on Mac as well. Run v8 suite (1 worker, 2 tabs). It stops
at v8-earley-boyer (usually).
What I know now:
- With command line jsc, the benchmark does not throw any exception.
- With full WebKit engine, a notAFunctionError is raised (because the cell
points to an object).
- when the error is raised, a toString() method is called for the object,
which raises a notAFunctionError again. This happens 32 times, when something
stops the process, and the evaluate() returns with an exception.
Call stack [32 times]:
#0 0xb72f641d in JSC::Interpreter::execute ()
#1 0xb734f495 in JSC::JSFunction::call ()
#2 0xb732eefa in JSC::call ()
#3 0xb7355b50 in JSC::JSObject::defaultValue ()
#4 0xb7265b2f in JSC::JSObject::toPrimitive ()
#5 0xb7353c2e in JSC::JSObject::toString ()
#6 0xb72f391e in JSC::createErrorMessage ()
#7 0xb72f4538 in JSC::createNotAFunctionError ()
#8 0xb72d02c0 in cti_op_call_NotJSFunction ()
#9 0xb597cddf in ?? ()
#10 0x00000000 in ?? ()
It seems the toString() method of that object is jitted as well. And the code
is large and complex.
If you have any idea, please tell me.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list