[Webkit-unassigned] [Bug 200983] [Android] 64-bit JSC r245459 crashes in JSC::AccessCase::propagateTransitions(JSC::SlotVisitor&)
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Oct 18 14:27:52 PDT 2019
https://bugs.webkit.org/show_bug.cgi?id=200983
--- Comment #11 from Yusuke Suzuki <ysuzuki at apple.com> ---
(In reply to Pratik from comment #9)
> Here is the original JSC repository that is used for building the JSC in
> react-native. Which uploaded to npm later.
> https://github.com/react-native-community/jsc-android-buildscripts
> and here are all the customized options,
> https://github.com/react-native-community/jsc-android-buildscripts/blob/
> master/scripts/compile/jsc.sh.
>
> I would appreciate if you take a quick look and spot something that you
> think is causing the issues.
I've checked the passed options, and now I'm slightly thinking that this options seem wrong.
> -DENABLE_DFG_JIT=OFF \
> -DENABLE_FTL_JIT=OFF \
These options could disable CONCURRENT_JS option while the listed option is not disabling ConcurrentGC. I'm not sure whether this is true, but it would be possible that this makes JSC binary with contradiction,
1. ConcurrentJS = OFF
2. ConcurrentGC = ON
If the above misconfiguration happens, this crash can easily happen. To ensure this, the best way is checking stacktrace of all the threads.
Please send us crash traces of all the threads, and we can easily say whether the above guess is correct or not. And if the above guess is correct, we can easily offer the way to fix this misconfiguration.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20191018/e79d4bfd/attachment.html>
More information about the webkit-unassigned
mailing list