[Webkit-unassigned] [Bug 130539] REGRESSION(r164205): WebKit crash @StructureIDTable::get

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Apr 18 08:26:58 PDT 2014


https://bugs.webkit.org/show_bug.cgi?id=130539


Mark Lam <mark.lam at apple.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |ASSIGNED
         AssignedTo|webkit-unassigned at lists.web |mark.lam at apple.com
                   |kit.org                     |




--- Comment #4 from Mark Lam <mark.lam at apple.com>  2014-04-18 08:27:17 PST ---
Here's what I know so far:
1. This issue manifests with the following disabled, and hence is probably not due to these:
     a. FTL JIT
     b. Inlining
     c. Concurrent JIT

2. No GC activity was seen in the vicinity of the issue.

3. The issue is dependent on stack layout of local variables.
    a. Removing unused local vars can cause the issue to stop manifesting.
    b. Removing code that stores unused values to those vars do NOT stop the issue from manifesting.

4. The issue is intermittent, and is probably dependent on what value happen to be on the stack.
    - If the issue does not manifest, running a few more times often helps get it to manifest.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.



More information about the webkit-unassigned mailing list