[Webkit-unassigned] [Bug 123277] REGRESSION(r157164): v8-v6/v8-raytrace.js crashes on arm and sh4
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Oct 25 02:16:33 PDT 2013
https://bugs.webkit.org/show_bug.cgi?id=123277
--- Comment #2 from Julien Brianceau <jbriance at cisco.com> 2013-10-25 02:15:19 PST ---
Here is the backtrace leading to this code generation on my ARM platform:
#0 0x000969f4 in JSC::virtualForThunkGenerator (vm=0xa18710, kind=JSC::CodeForCall)
at /webkit/Source/JavaScriptCore/jit/ThunkGenerators.cpp:198
#1 0x00096dd8 in JSC::virtualCallThunkGenerator (vm=0xa18710)
at /webkit/Source/JavaScriptCore/jit/ThunkGenerators.cpp:267
#2 0x000902dc in JSC::JITThunks::ctiStub (this=0xa23be0, vm=0xa18710, generator=0x96db0 <JSC::virtualCallThunkGenerator(JSC::VM*)>)
at /webkit/Source/JavaScriptCore/jit/JITThunks.cpp:71
#3 0x0007dbc4 in JSC::VM::getCTIStub (this=0xa18710, generator=0x96db0 <JSC::virtualCallThunkGenerator(JSC::VM*)>)
at /webkit/Source/JavaScriptCore/runtime/VM.h:326
#4 0x0035a734 in JSC::linkSlowFor (repatchBuffer=..., vm=0xa18710, callLinkInfo=..., kind=JSC::CodeForCall)
at /webkit/Source/JavaScriptCore/jit/Repatch.cpp:1219
#5 0x0035ab34 in JSC::linkSlowFor (exec=0x3531bd48, callLinkInfo=..., kind=JSC::CodeForCall)
at /webkit/Source/JavaScriptCore/jit/Repatch.cpp:1263
#6 0x00345f00 in JSC::operationLinkClosureCall (execCallee=0x3531bd48)
at /webkit/Source/JavaScriptCore/jit/JITOperations.cpp:658
#7 0x34d655d4 in ?? ()
#8 0x34d655d4 in ?? ()
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list