[Webkit-unassigned] [Bug 119140] REGRESSION: Crash beneath cti_vm_throw_slowpath due to invalid CallFrame pointer
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Aug 1 13:41:16 PDT 2013
https://bugs.webkit.org/show_bug.cgi?id=119140
--- Comment #32 from Csaba Osztrogonac <ossy at webkit.org> 2013-08-01 13:41:00 PST ---
(In reply to comment #31)
> unfortunately ARM is still unhappy with this patch:
> - ARM traditional: http://build.webkit.sed.hu/builders/ARMv7%20Linux%20Qt5%20Release%20%28Test%29/builds/9246
> - ARM thumb2: http://build.webkit.sed.hu/builders/ARMv7%20Linux%20Qt5%20Release%20%28Test%29/builds/9247
>
> I'll check a disassembly soon.
Here is an ARM Thumb2 disassembly:
00179dc8 <cti_vm_throw_slowpath>:
179dc8: b570 push {r4, r5, r6, lr}
179dca: 4603 mov r3, r0
179dcc: f850 1c08 ldr.w r1, [r0, #-8]
179dd0: b084 sub sp, #16
179dd2: ae02 add r6, sp, #8
179dd4: 4602 mov r2, r0
179dd6: 6b49 ldr r1, [r1, #52] ; 0x34
179dd8: 4630 mov r0, r6
179dda: f501 4592 add.w r5, r1, #18688 ; 0x4900
179dde: f501 44b1 add.w r4, r1, #22656 ; 0x5880
179de2: 622b str r3, [r5, #32]
179de4: e9d4 450e ldrd r4, r5, [r4, #56] ; 0x38
179de8: e9cd 4500 strd r4, r5, [sp]
179dec: f7e6 ffb0 bl 160d50 <JSC::jitThrowNew(JSC::VM*, JSC::ExecState*, JSC::JSValue)>
179df0: e896 0003 ldmia.w r6, {r0, r1}
179df4: f7e6 ff5c bl 160cb0 <JSC::encode(JSC::ExceptionHandler)>
179df8: b004 add sp, #16
179dfa: bd70 pop {r4, r5, r6, pc}
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list