[Webkit-unassigned] [Bug 128743] [JSC] Crash in LLInt CLoop on S390X

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu May 15 20:54:53 PDT 2014


Mike Gorse <mgorse at suse.com> changed:

           What    |Removed                     |Added
                 CC|                            |mgorse at suse.com

--- Comment #17 from Mike Gorse <mgorse at suse.com>  2014-05-15 20:55:15 PST ---
For get_from_scope and probably put_to_scope, bytecode/CodeBlock.cpp has code that writes a pointer to the instruction at +6. Sometimes it is an actual pointer, and sometimes it is an integer offset cast to a pointer. But sometimes the offset is added later in llint/LLIntSlowPaths.cpp, and there it the instruction's operand is set. These code paths need to be made to behave consistently; otherwise a big-endian system will sometimes have the offset in the low word and sometimes in the high word.

I have a patch that modifies the code in LLIntSlowPaths.cpp to cast to a pointer and changes the loadisfrominstruction in getProperty and putProperty to loadpfrominstruction. I don't really understand the code and don't know if this is the best way to fix it, and I'm holding off on ataching it because I haven't tried to run the tests yet, although it fixes the crash that I'm seeing, when combined with adjusting the commit size (that's a separate bug; not sure if it is filed here yet or not).

Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list