[Webkit-unassigned] [Bug 128743] [JSC] Crash in LLInt CLoop on S390X
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu May 15 20:54:53 PDT 2014
https://bugs.webkit.org/show_bug.cgi?id=128743
Mike Gorse <mgorse at suse.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |mgorse at suse.com
--- Comment #17 from Mike Gorse <mgorse at suse.com> 2014-05-15 20:55:15 PST ---
For get_from_scope and probably put_to_scope, bytecode/CodeBlock.cpp has code that writes a pointer to the instruction at +6. Sometimes it is an actual pointer, and sometimes it is an integer offset cast to a pointer. But sometimes the offset is added later in llint/LLIntSlowPaths.cpp, and there it the instruction's operand is set. These code paths need to be made to behave consistently; otherwise a big-endian system will sometimes have the offset in the low word and sometimes in the high word.
I have a patch that modifies the code in LLIntSlowPaths.cpp to cast to a pointer and changes the loadisfrominstruction in getProperty and putProperty to loadpfrominstruction. I don't really understand the code and don't know if this is the best way to fix it, and I'm holding off on ataching it because I haven't tried to run the tests yet, although it fixes the crash that I'm seeing, when combined with adjusting the commit size (that's a separate bug; not sure if it is filed here yet or not).
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list