[Webkit-unassigned] [Bug 119140] REGRESSION: Crash beneath cti_vm_throw_slowpath due to invalid CallFrame pointer

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Aug 1 13:41:16 PDT 2013


--- Comment #32 from Csaba Osztrogonac <ossy at webkit.org>  2013-08-01 13:41:00 PST ---
(In reply to comment #31)
> unfortunately ARM is still unhappy with this patch:
> - ARM traditional: http://build.webkit.sed.hu/builders/ARMv7%20Linux%20Qt5%20Release%20%28Test%29/builds/9246
> - ARM thumb2: http://build.webkit.sed.hu/builders/ARMv7%20Linux%20Qt5%20Release%20%28Test%29/builds/9247
> I'll check a disassembly soon.

Here is an ARM Thumb2 disassembly:
00179dc8 <cti_vm_throw_slowpath>:
  179dc8:       b570            push    {r4, r5, r6, lr}
  179dca:       4603            mov     r3, r0
  179dcc:       f850 1c08       ldr.w   r1, [r0, #-8]
  179dd0:       b084            sub     sp, #16
  179dd2:       ae02            add     r6, sp, #8
  179dd4:       4602            mov     r2, r0
  179dd6:       6b49            ldr     r1, [r1, #52]   ; 0x34
  179dd8:       4630            mov     r0, r6
  179dda:       f501 4592       add.w   r5, r1, #18688  ; 0x4900
  179dde:       f501 44b1       add.w   r4, r1, #22656  ; 0x5880
  179de2:       622b            str     r3, [r5, #32]
  179de4:       e9d4 450e       ldrd    r4, r5, [r4, #56]       ; 0x38
  179de8:       e9cd 4500       strd    r4, r5, [sp]
  179dec:       f7e6 ffb0       bl      160d50 <JSC::jitThrowNew(JSC::VM*, JSC::ExecState*, JSC::JSValue)>
  179df0:       e896 0003       ldmia.w r6, {r0, r1}
  179df4:       f7e6 ff5c       bl      160cb0 <JSC::encode(JSC::ExceptionHandler)>
  179df8:       b004            add     sp, #16
  179dfa:       bd70            pop     {r4, r5, r6, pc}

Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list