[Webkit-unassigned] [Bug 179479] [JSC][MIPS] Sampling Profiler crashes with functions of arity >=6
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Nov 9 09:24:56 PST 2017
https://bugs.webkit.org/show_bug.cgi?id=179479
--- Comment #4 from Guillaume Emont <guijemont at igalia.com> ---
Created attachment 326456
--> https://bugs.webkit.org/attachment.cgi?id=326456&action=review
Disassembly of jit code for bar(), with the output of jsc (with --dumpDisassembly=true) at the beginning in comment for context.
As we see here, it seems that frame #3 is in the [enter] part of bar(). I did try to put a jit breakpoint in emit_op_enter if the codeblock entry in the frame is 0 (which is what we see in the stack trace), and it is hit. Not sure yet where to go from there though, as I have a hard time figuring out where execution came into this. What looks like the storage of $ra in the stack points to garbage right after a c++ function. I wonder if we could be coming from OSR? In any case, I still don't understand the link with the Sampling Profiler.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20171109/dd3f9868/attachment-0001.html>
More information about the webkit-unassigned
mailing list