[Webkit-unassigned] [Bug 143037] WebContent Crash when instantiating class with Type Profiling enabled
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Mar 26 17:09:08 PDT 2015
https://bugs.webkit.org/show_bug.cgi?id=143037
Joseph Pecoraro <joepeck at webkit.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |saambarati1 at gmail.com
Summary|WebContent Crash when |WebContent Crash when
|instantiating class in Web |instantiating class with
|Inspector console |Type Profiling enabled
--- Comment #2 from Joseph Pecoraro <joepeck at webkit.org> ---
Thanks to Mark Lam's help, we deduced this crash only happens when the type profiler is enabled.
Reduction using `jsc`:
shell> cd Build/Debug
shell> JSC_enableTypeProfiler=1 DYLD_FRAMEWORK_PATH=$PWD ./jsc
jsc> var base = class A { constructor() {} }; var derived = class B extends base { constructor() { super(); } }; new derived;
Segmentation fault: 11
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20150327/ae68255c/attachment-0002.html>
More information about the webkit-unassigned
mailing list