[Webkit-unassigned] [Bug 185608] REGRESSION (iOS 11.3) Crash on windy.com, and in the Windy app (jetsam?)
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed May 23 10:48:28 PDT 2018
https://bugs.webkit.org/show_bug.cgi?id=185608
Simon Fraser (smfr) <simon.fraser at apple.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Component|Canvas |JavaScriptCore
--- Comment #15 from Simon Fraser (smfr) <simon.fraser at apple.com> ---
I have reproduced, and I agree that it looks like a JIT bug. The crash looks like:
Thread 0 name: Dispatch queue: com.apple.main-thread
Thread 0 Crashed:
0 ??? 0x0000000edb98beb4 0 + 63813762740
1 ??? 0x0000000edbad9054 0 + 63815127124
2 JavaScriptCore 0x0000000188c7bd20 llint_entry + 29232
3 JavaScriptCore 0x0000000188c7bd20 llint_entry + 29232
4 JavaScriptCore 0x0000000188c7bd20 llint_entry + 29232
5 ??? 0x0000000edb9def6c 0 + 63814102892
6 JavaScriptCore 0x0000000188c74920 vmEntryToJavaScript + 272
7 JavaScriptCore 0x0000000189237e98 JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) + 184
8 JavaScriptCore 0x0000000188b7db50 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 464
9 JavaScriptCore 0x000000018935fc2c JSC::profiledCall(JSC::ExecState*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 168
10 JavaScriptCore 0x0000000189415aa8 JSC::JSJobMicrotask::run(JSC::ExecState*) + 488
11 WebCore 0x000000018ab49dd0 WebCore::JSDOMWindowMicrotaskCallback::call() + 152
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20180523/0bb186ee/attachment.html>
More information about the webkit-unassigned
mailing list