[Webkit-unassigned] [Bug 129101] New: ASSERTION FAILED: isUInt16() after r113253 on ARMv7

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Feb 20 05:41:14 PST 2014 

https://bugs.webkit.org/show_bug.cgi?id=129101

           Summary: ASSERTION FAILED: isUInt16() after r113253 on ARMv7
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Unspecified
        OS/Version: Linux
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: rgabor at webkit.org


Testcase:
  var args = "a";
  for (var i = 0; i < 600; ++i)
      args += ",a";
  var myFunc = Function(args, "print(myFunc.length)");
  myFunc();



#0  0xb69fd2b8 in WTFCrash () at /home/rgabor/WebKit/Source/WTF/wtf/Assertions.cpp:333
#1  0xb6705faa in JSC::ARMThumbImmediate::getUInt16 (this=0xbeffe984) at /home/rgabor/WebKit/Source/JavaScriptCore/assembler/ARMv7Assembler.h:437
#2  0xb67060fa in JSC::ARMv7Assembler::add (this=0xbeffea18, rd=JSC::ARMRegisters::r13, rn=JSC::ARMRegisters::r13, imm=...)
    at /home/rgabor/WebKit/Source/JavaScriptCore/assembler/ARMv7Assembler.h:861
#3  0xb67075ae in JSC::MacroAssemblerARMv7::add32 (this=0xbeffea18, imm=..., src=JSC::ARMRegisters::r13, dest=JSC::ARMRegisters::r13)
    at /home/rgabor/WebKit/Source/JavaScriptCore/assembler/MacroAssemblerARMv7.h:182
#4  0xb670754c in JSC::MacroAssemblerARMv7::add32 (this=0xbeffea18, imm=..., dest=JSC::ARMRegisters::r13) at /home/rgabor/WebKit/Source/JavaScriptCore/assembler/MacroAssemblerARMv7.h:161
#5  0xb6707d88 in JSC::MacroAssembler::addPtr (this=0xbeffea18, imm=..., srcDest=JSC::ARMRegisters::r13) at /home/rgabor/WebKit/Source/JavaScriptCore/assembler/MacroAssembler.h:444
#6  0xb681d8b8 in JSC::ArityCheckFailReturnThunks::returnPCsFor (this=0x5b6f8, vm=..., numExpectedArgumentsIncludingThis=524)
    at /home/rgabor/WebKit/Source/JavaScriptCore/jit/ArityCheckFailReturnThunks.cpp:86
#7  0xb681db82 in JSC::ArityCheckFailReturnThunks::returnPCFor (this=0x5b6f8, vm=..., slotsToAdd=524) at /home/rgabor/WebKit/Source/JavaScriptCore/jit/ArityCheckFailReturnThunks.cpp:128
#8  0xb68e5b4a in JSC::setupArityCheckData (vm=..., slotsToAdd=262) at /home/rgabor/WebKit/Source/JavaScriptCore/runtime/CommonSlowPaths.cpp:173
#9  0xb68e5c34 in JSC::slow_path_call_arityCheck (exec=0xbeffec88, pc=0x772c8) at /home/rgabor/WebKit/Source/JavaScriptCore/runtime/CommonSlowPaths.cpp:193
#10 0xb69e8516 in llint_function_for_call_arity_check () from /home/rgabor/WebKit/WebKitBuild/Debug/lib/libjavascriptcore_efl.so.0
#11 0xb69ec2a2 in llint_op_call () from /home/rgabor/WebKit/WebKitBuild/Debug/lib/libjavascriptcore_efl.so.0
#12 0xb69ec2a2 in llint_op_call () from /home/rgabor/WebKit/WebKitBuild/Debug/lib/libjavascriptcore_efl.so.0

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list