[Webkit-unassigned] [Bug 128743] New: [JSC] Crash in LLInt CLoop on S390X

Thu Feb 13 08:02:44 PST 2014

https://bugs.webkit.org/show_bug.cgi?id=128743

           Summary: [JSC] Crash in LLInt CLoop on S390X
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Unspecified
        OS/Version: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: tpopela at redhat.com
                CC: fpizlo at apple.com, mark.lam at apple.com

JSC in GTK port is crashing on S390X in JSC::LLInt::CLoop::execute. The crash occurs when you open Yelp (Gnome help) and it loads the JQuery. It can be reproduced on WebKitGTK+ 2.0.x and 2.2.x, but the crash is different as on 2.0.x it is crashing in getScope macro ( http://trac.webkit.org/browser/releases/WebKitGTK/webkit-2.0.4/Source/JavaScriptCore/llint/LowLevelInterpreter.asm#L588 ) that was removed before 2.2.x. In 2.2.x it is crashing in getById macro ( http://trac.webkit.org/browser/releases/WebKitGTK/webkit-2.2.4/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm#L867 ) - t3 is empty there. The backtraces and LLIntAssambly.h are attached.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.