On Mar 18, 2009, at 1:47 PM, Mike Hommey wrote:
On Wed, Mar 18, 2009 at 01:07:51PM -0700, Gavin Barraclough wrote:
On Mar 18, 2009, at 11:06 AM, Mike Hommey wrote:
An earlier call to JSC::JITStubs::cti_op_call_NotJSFunction works
and a
lot
of other stub functions are called before the crash, so it means
most
of
the JIT works, but it is failing in a subtle way.
I'd suggest trying to produce a reduction of the test case your
looking
at – JIT crashers can usually be reduced down to a very small test
case.
You may then want to step though the JIT code to see where the bogus
value is coming from. Adding calls to breakpoint() from
JIT::privateCompile and JIT::privateCompileMainPass can help with
this,
inserting breakpoints into the JIT code that the debugger will then
hit.
Apparently, any javascript containing page is enough to trigger the
crash. The default homepage, google.com does trigger it, and the much
simpler alert() testcase i found with a quick search crashes too.
http://liblearn.osu.edu/tutor/jscript.html
I'll give a try to breakpoints when I'll have the occasion.
It may be easier to debug using the command-line jsc tool and simple
script that's not in a Web page.
- Maciej
_______________________________________________
webkit-dev mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev
