[Webkit-unassigned] [Bug 179479] [JSC][MIPS] Sampling Profiler crashes with functions of arity >=6

Thu Nov 9 09:11:26 PST 2017

https://bugs.webkit.org/show_bug.cgi?id=179479

--- Comment #3 from Guillaume Emont <guijemont at igalia.com> ---
Apologies, I should have started with that: the info I get from gdb with a debug version might be more useful:

Program received signal SIGSEGV, Segmentation fault.
0x00e924e4 in WTF::RefCountedArray<JSC::Instruction>::begin (this=0x34) at ../../Source/WTF/wtf/RefCountedArray.h:141
141         T* begin() { return m_data; }
(gdb) bt
#0  0x00e924e4 in WTF::RefCountedArray<JSC::Instruction>::begin (this=0x34) at ../../Source/WTF/wtf/RefCountedArray.h:141
#1  0x013564f0 in JSC::CodeBlock::bytecodeOffset (this=0x0, returnAddress=0x2d4e6938) at ../../Source/JavaScriptCore/bytecode/CodeBlock.h:306
#2  0x0158a8e0 in JSC::slow_path_enter (warning: GDB can't find the start of the function at 0x2f500cb3.

    GDB is unable to find the start of the function at 0x2f500cb3
and thus can't determine the size of that function's stack frame.
This means that GDB may be unable to access that stack frame, or
the frames below it.
    This problem is most likely caused by an invalid program counter or
stack pointer.
    However, if you think GDB should simply search farther back
from 0x2f500cb3 for code which looks like the beginning of a
function, you can increase the range of the search using the `set
heuristic-fence-post' command.
exec=0x7fff6248, pc=0x2d4e6938) at ../../Source/JavaScriptCore/runtime/CommonSlowPaths.cpp:680
#3  0x2f500cb4 in ?? ()

frame #3 is in the jitted code of bar(). I am going to attach the disassembly of it.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20171109/b61cd139/attachment.html>