[Webkit-unassigned] [Bug 200863] Crash in JSC::SlotVisitor::visitChildren
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Nov 15 07:44:23 PST 2022
https://bugs.webkit.org/show_bug.cgi?id=200863
--- Comment #17 from Mark Lam <mark.lam at apple.com> ---
(In reply to Michael Catanzaro from comment #14)
> (In reply to Mark Lam from comment #13)
> > 6. This appears to reproduce only on your "custom AArch64 platform".
> >
> > Is this "custom AArch64 platform" stable?
> > Have you ruled out silicon or OS kernel bugs?
>
> It's definitely not an architecture-specific or hardware-specific issue,
> since I reported this originally, and I use x86_64. I cannot reproduce it,
> but it definitely happens sometimes.
This is a faulty assumption. A crash in SlotVisitor::visitChildren can mean any number of things, for example:
1. You have 1 missing write barrier.
2. You have 1000 missing different write barriers.
3. You have some random memory corruption bug.
4. Your compiler toolchain had a bug.
If any of these (and some others) go wrong, you can see a crash in SlotVisitor::visitChildren. Since you initially filed this bug against x86_64 in 2019, there have been some GC bugs that have been fixed. There has also been a lot of new code that have been added, which may or may not have introduced new GC bugs. So, the fact that this manifested for you back in 2019 on x86_64 tells you nothing about whether today's manifestation of this crash is due to the same bug.
Hence, when it comes to GC type crashes like this, we shouldn't make such assumptions, especially based on a crash manifestation from many years ago.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20221115/5922fd53/attachment.htm>
More information about the webkit-unassigned
mailing list