[Webkit-unassigned] [Bug 182923] New: REGRESSION(r227717): Hardcoded page size causing JSC crashes
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Feb 19 03:01:18 PST 2018
https://bugs.webkit.org/show_bug.cgi?id=182923
Bug ID: 182923
Summary: REGRESSION(r227717): Hardcoded page size causing JSC
crashes
Product: WebKit
Version: WebKit Nightly Build
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: JavaScriptCore
Assignee: webkit-unassigned at lists.webkit.org
Reporter: tpopela at redhat.com
CC: fpizlo at apple.com
After r227717 the JSC crashes on architectures that do have 64KB page size with:
1 0x7ffff76b4090 WTFCrash
2 0x7ffff776f0e8 WTF::OSAllocator::decommit(void*, unsigned long)
3 0x7ffff6e7493c JSC::IsoAlignedMemoryAllocator::freeAlignedMemory(void*)
4 0x7ffff6ea00a8 JSC::MarkedBlock::Handle::~Handle()
5 0x7ffff6ea3fe8 JSC::MarkedSpace::freeBlock(JSC::MarkedBlock::Handle*)
6 0x7ffff6dfca70
7 0x7ffff6dfe628
8 0x7ffff6dfcb14 JSC::BlockDirectory::shrink()
9 0x7ffff6ea40c0
10 0x7ffff6eac0ac
11 0x7ffff6ea4114 JSC::MarkedSpace::shrink()
12 0x7ffff6e17e48 JSC::Heap::sweepSynchronously()
13 0x7ffff6e181bc JSC::Heap::collectNow(JSC::Synchronousness, JSC::GCRequest)
14 0x1004d184
15 0x7ffff704cfe0 JSC::LLInt::CLoop::execute(JSC::OpcodeID, void*, JSC::VM*, JSC::ProtoCallFrame*, bool)
16 0x7ffff705e29c vmEntryToJavaScript
17 0x7ffff702c720 JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*)
18 0x7ffff7007170 JSC::Interpreter::executeProgram(JSC::SourceCode const&, JSC::ExecState*, JSC::JSObject*)
19 0x7ffff729b8a8 JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&)
20 0x1005bb68
21 0x1005d0b8
22 0x1005e5a0
23 0x1005d1a8 jscmain(int, char**)
24 0x1005a3c4 main
25 0x7ffff3685b90
26 0x7ffff3685db8 __libc_start_main
It's because of
static constexpr size_t blockSize = 16 * KB;
in MarkedBlock.cpp. Ideally the code should use pageSize() from wtf/PageBlock.h. But the code will need to be changed as the current way (static variable) won't work. And I don't know what sollution the JSC devs will prefer. Also I see that it was hardcoded even before, but the code was not crashing (at least in our PPC64(LE) CI).
Filip (or other JSC devs) can you please look at this?
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20180219/d7b3cff6/attachment.html>
More information about the webkit-unassigned
mailing list