[Webkit-unassigned] [Bug 27077] Workers + garbage collector: weird crashes
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Jul 15 06:05:03 PDT 2009
https://bugs.webkit.org/show_bug.cgi?id=27077
--- Comment #11 from Zoltan Herczeg <zherczeg at inf.u-szeged.hu> 2009-07-15 06:05:02 PDT ---
(In reply to comment #10)
> This effects all jitted platforms, and appears to be caused by op_method_check.
I try to give a more detailed description:
In the attached tgz, there is a V8.js. The test T_v8_earley_boyer() fails with
an exception. This is due to the cached JSFunction value "return
o.sc_toDisplayString();" refers to an object, which has already been collected
by GC. It only throws an exception, since the JSCell is reused by some
JSObject.
I was a wrong track for a long time, but Oiver helped me to find the real
solution: the "emitOpcode(op_method_check);" should be commented out in
BytecodeGenerator.cpp, and it is working now.
Run the test:
extract the attached gzip file.
set var benchmarkSelector to 1 in index.html
run a browser: ./QtLauncher index.html
You can specify index.html multiple times, and can increase numOfWorkers in
index.html as well.
See rhe results:
Numbers will appear after the test names. However, it stops in v8-early-boyer.
Note: it is not necessary happens all the time. Run it multiple times.
Actually it works with Standalone jsc for me, but you need to change
postMessage()-s to print() in V8.js.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list