[Webkit-unassigned] [Bug 97569] Assertion failure in non-JIT'ed LLInt on ARM Thumb

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sat Nov 2 21:55:04 PDT 2013 

https://bugs.webkit.org/show_bug.cgi?id=97569





--- Comment #9 from Mark Lam <mark.lam at apple.com>  2013-11-02 21:53:51 PST ---
(In reply to comment #8)
> Thank you, Mark. Essentially, ASSERT_VALID_CODE_POINTER becomes a mere ASSERT.
> 
> But since I filed this patch, many moons ago, I discovered other failures, similar in nature, but due to a different cause: thumb-interwork thunks. See the following backtrace snippet (collected a while ago on ARM Linux):
> 
> #1  0x76adda10 in JSC::FunctionPtr::FunctionPtr<int, double> (this=0x7effadb4, value=0xc6c0 <JSC::toInt32(double)>)
>     at ~/WebKit/Source/JavaScriptCore/assembler/MacroAssemblerCodeRef.h:105
> #2  0x76ad9bec in JSC::DFG::SpeculativeJIT::callOperation (this=0x7effd798, operation=0xc6c0 <JSC::toInt32(double)>, 
>     result=JSC::ARMRegisters::r0, arg1=JSC::ARMRegisters::d0)
>     at ~/WebKit/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h:1314
> #3  0x76aca8b8 in JSC::DFG::SpeculativeJIT::compileValueToInt32 (this=0x7effd798, node=0x738e14f8)
>     at ~/WebKit/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:2311
> 
> This is happening because JSC::toInt32 is exported from libJavaScriptCore.so, and the exports are done via thunks.
> 
> So removing the check for decorated code pointers inside createFromExecutableAddress() isn't sufficient. It also needs to be removed from the FunctionPtr constructor. What do you think about that?

Cosmin, I believe you filed this bug to deal with an "assertion failure in non-JIT'ed LLInt on ARM Thumb".  The stack trace you showed above is for a DFG build.  If there's a DFG issue, please file a separate bug.  

Anyway, while I was investigating this issue, I found more build issues in the current CLoop LLINT build on the ARM Thumb build.  It was just easier for me to go ahead and just fix it.  I'll upload a patch for the complete fix shortly.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list