[Webkit-unassigned] [Bug 97586] [Qt] Fix crashes with LLInt C loop on 64 bit release mode

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Oct 30 10:50:24 PDT 2012 

https://bugs.webkit.org/show_bug.cgi?id=97586





--- Comment #12 from Mark Lam <mark.lam at apple.com>  2012-10-30 10:51:41 PST ---
(In reply to comment #11)
> Thanks for the debugging guys.
> 
> Here is the output what Mark asked:
> ------------------------------------
>  &rPC.i32 = 0x7fff1bfaa478
>  &rPC.i   = 0x7fff1bfaa478
>  Setting rPC.i = 0xfedcba9876543211;
>  raw rPC  = 0xfedcba9876543211
>  Setting rPC.i32 = 0x00000000;
>  raw rPC  = 0xfedcba9800000000
> Segmentation fault
> 
> 
> and the output after s/rPC.i32/rPC.i/g:
> ----------------------------------------
>  &rPC.i32 = 0x7fff01be4b58
>  &rPC.i   = 0x7fff01be4b58
>  Setting rPC.i = 0xfedcba9876543211;
>  raw rPC  = 0xfedcba9876543211
>  Setting rPC.i32 = 0x00000000;
>  raw rPC  = 0xfedcba9800000000
> caught: ReferenceError: Can't find variable: array

That rules out any C++ compiler issue.  At this point, I'd suggest you guys do some debugging (since I can't reproduce the issue on my side) and audit the values of rBasePC and rPC on your port, and see where things went wrong.  As I said earlier, rPC is a bytecode offset (i.e. should be a small integer), and rBasePC should be a pointer to the start of the bytecode.

Since, you're working with the C++ llint, you can easily add this auditing (i.e. printfs or whatever) as follows: in the llint asm files, you can use the cloopDo debug llint instruction.  See the comment for cloopDo in offline/instructions.rb for details.  Here's an example of using it:

    cloopDo // printf(" TRACE rPC = %p\n", *(void**)&rPC);

The text you put after the // comment will be copied verbatim into the generated LLIntAssembly.h file.  Hence, you can use this mechanism to insert probes for your debugging.  The above example will add a printf to print the value of the rPC.

Good bug hunting.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list