[Webkit-unassigned] [Bug 119395] Crash in JSCell::methodTable under errorDescriptionForValue()
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Aug 16 08:07:22 PDT 2013
https://bugs.webkit.org/show_bug.cgi?id=119395
--- Comment #7 from Mark Hahnenberg <mhahnenberg at apple.com> 2013-08-16 08:06:55 PST ---
(In reply to comment #6)
> I'm frequently getting this crash. Trying another patch, but I assume it's not sufficient, as it doesn't address the root cause of the crash, but only avoids it :) I have not yet been able to figure out the origin of the empty JSValue.
The original backtrace seems to indicate that you got the empty JSValue from inside the baseline JIT (cti_op_blah_blah_blah is a baseline JIT stub). Have you tried disabling the JITs to see if the issue goes away? You can do this by setting "useJIT() = false;" in Options::initialize in Options.cpp and recompiling. If that makes the problem go away then try just disabling the top tier JIT by setting "useDFGJIT() = false;" in the same manner (and removing "useJIT() = false;" where you added it previously). These experiments will tell us which execution engine (the LLInt, the baseline JIT, or the DFG JIT) is responsible for the empty JSValue you're seeing.
This all should take < 5 minutes to build both versions. How long does it usually take to see this crash when browsing around the web?
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list