[Webkit-unassigned] [Bug 115167] New: REGRESSION(r137994): Random crashes in Yarr JIT for SH4 arch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Apr 25 03:26:32 PDT 2013
https://bugs.webkit.org/show_bug.cgi?id=115167
Summary: REGRESSION(r137994): Random crashes in Yarr JIT for
SH4 arch
Product: WebKit
Version: 528+ (Nightly build)
Platform: Unspecified
OS/Version: Unspecified
Status: UNCONFIRMED
Severity: Normal
Priority: P2
Component: JavaScriptCore
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: jbrianceau at nds.com
Random crashes seen when using SH4 RegExp JIT. These crashes "disappear" if "JSC_useRegExpJIT=false" environment variable is set.
Unit test to reproduce:
$ ./jsc -s Source/JavaScriptCore/tests/mozilla/ecma_3/shell.js -s Source/JavaScriptCore/tests/mozilla/ecma_3/RegExp/shell.js /usr/WebKit-jsc/jsctest/ecma_3/RegExp/perlstress-001.js
According to http://trac.webkit.org/changeset/144170 and http://trac.webkit.org/changeset/145194, I also suspect that SH4 cacheFlush() should also be aligned on page size (or function receives incorrect values from caller).
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list