[Webkit-unassigned] [Bug 164351] JSC is crashing on release mode when running exit-from-setter.js when compiled with MSVC

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Nov 2 17:05:03 PDT 2016


https://bugs.webkit.org/show_bug.cgi?id=164351

--- Comment #1 from Christopher Reid <Christopher.reid at sony.com> ---
I have tried a fix moving rsp if needed instead of using an offset of rbp, but that seems to be causing issues I'm assuming because rsp is not restored in all cases.

I don't know enough about the javascript core to know exactly what is off but I was wondering if that offset used in the DFG JIT code is correct. I was also wondering if the access stub is supposed to be regenerated with the correct offset in the DFG jit case.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20161103/42d34caa/attachment.html>


More information about the webkit-unassigned mailing list