[Webkit-unassigned] [Bug 119140] REGRESSION: Crash beneath cti_vm_throw_slowpath due to invalid CallFrame pointer
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Aug 1 13:48:27 PDT 2013
https://bugs.webkit.org/show_bug.cgi?id=119140
--- Comment #33 from Michael Saboff <msaboff at apple.com> 2013-08-01 13:48:10 PST ---
(In reply to comment #32)
> (In reply to comment #31)
> > unfortunately ARM is still unhappy with this patch:
> > - ARM traditional: http://build.webkit.sed.hu/builders/ARMv7%20Linux%20Qt5%20Release%20%28Test%29/builds/9246
> > - ARM thumb2: http://build.webkit.sed.hu/builders/ARMv7%20Linux%20Qt5%20Release%20%28Test%29/builds/9247
> >
> > I'll check a disassembly soon.
>
> Here is an ARM Thumb2 disassembly:
> 00179dc8 <cti_vm_throw_slowpath>:
> 179dc8: b570 push {r4, r5, r6, lr}
> 179dca: 4603 mov r3, r0
> 179dcc: f850 1c08 ldr.w r1, [r0, #-8]
> 179dd0: b084 sub sp, #16
> 179dd2: ae02 add r6, sp, #8
> 179dd4: 4602 mov r2, r0
> 179dd6: 6b49 ldr r1, [r1, #52] ; 0x34
> 179dd8: 4630 mov r0, r6
> 179dda: f501 4592 add.w r5, r1, #18688 ; 0x4900
> 179dde: f501 44b1 add.w r4, r1, #22656 ; 0x5880
> 179de2: 622b str r3, [r5, #32]
> 179de4: e9d4 450e ldrd r4, r5, [r4, #56] ; 0x38
> 179de8: e9cd 4500 strd r4, r5, [sp]
> 179dec: f7e6 ffb0 bl 160d50 <JSC::jitThrowNew(JSC::VM*, JSC::ExecState*, JSC::JSValue)>
> 179df0: e896 0003 ldmia.w r6, {r0, r1}
> 179df4: f7e6 ff5c bl 160cb0 <JSC::encode(JSC::ExceptionHandler)>
> 179df8: b004 add sp, #16
> 179dfa: bd70 pop {r4, r5, r6, pc}
What about a disassembly of JSC::encode(JSC::ExceptionHandler)?
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list