[Webkit-unassigned] [Bug 153819] [JavaScriptCore] JavaScriptCore is crashed when PARRELLEL GC is enabled.

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Feb 2 23:18:57 PST 2016 

https://bugs.webkit.org/show_bug.cgi?id=153819

--- Comment #3 from Peng Xinchao <xinchao.peng at samsung.com> ---
Thanks a lot for your quickly response.

m_stack is the thread-local stack, you are right. I made a mistake before.

But we met some similar crashes like:

#0  0x47dac0f0 in isJSString (v=...) at /usr/src/debug/webkit2-efl-tv-152340_0.10.193.0+tv/Source/JavaScriptCore/runtime/JSString.h:493
No locals.
#1  visitChildren (cell=0xb3ad5018, visitor=...) at /usr/src/debug/webkit2-efl-tv-152340_0.10.193.0+tv/Source/JavaScriptCore/heap/SlotVisitor.cpp:80
No locals.
#2  JSC::SlotVisitor::drain (this=this at entry=0xa54e8) at /usr/src/debug/webkit2-efl-tv-152340_0.10.193.0+tv/Source/JavaScriptCore/heap/SlotVisitor.cpp:136
        countdown = 32
#3  0x47dac3a0 in JSC::SlotVisitor::drainFromShared (this=0xa54e8, sharedDrainMode=JSC::SlotVisitor::SlaveDrain) at /usr/src/debug/webkit2-efl-tv-152340_0.10.193.0+tv/Source/JavaScriptCore/heap/SlotVisitor.cpp:225
No locals.
#4  0x47d9e2be in JSC::GCThread::gcThreadMain (this=0xa5550) at /usr/src/debug/webkit2-efl-tv-152340_0.10.193.0+tv/Source/JavaScriptCore/heap/GCThread.cpp:104
        enabler = {m_stack = @0xa54e8}
#5  0x47f4c2cc in WTF::wtfThreadEntryPoint (param=0xa5f98) at /usr/src/debug/webkit2-efl-tv-152340_0.10.193.0+tv/Source/WTF/wtf/ThreadingPthreads.cpp:195
        invocation = {m_ptr = 0xa5f98}
#6  0x42a56418 in start_thread (arg=0xb48ff070) at pthread_create.c:314
        pd = 0xb48ff070
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {-1081256549, 1235737603, -1265635216, 0, -1108857128, 338, -1238645568, 0, 0, -1265636436, 1, 0 <repeats 53 times>}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
        not_first_call = <optimized out>
        pagesize_m1 = <optimized out>
        sp = <optimized out>
        freesize = <optimized out>
        __PRETTY_FUNCTION__ = "start_thread"
#7  0x429597c0 in ?? () at ../sysdeps/unix/sysv/linux/arm/clone.S:89 from ./symbols/lib/libc.so.6
No locals.
Backtrace stopped: previous frame identical to this frame (corrupt stack?)


Our codes that have crashes are a little old.
Do you mean that the latest JavaScriptCore does not have this kind of crash? 

Is this crash PARALLEL GC's issue?
If PARALLEL GC is disabled, could the crash be avoided?

Because I have poor knowledge about GC, could you give me some suggestions?

Thanks very much!

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160203/3db620b7/attachment-0001.html>

More information about the webkit-unassigned mailing list