[Webkit-unassigned] [Bug 127902] [EFL] Fix the remaining regression caused by the jsCStack branch merge
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Feb 3 02:21:56 PST 2014
https://bugs.webkit.org/show_bug.cgi?id=127902
--- Comment #3 from Zan Dobersek <zandobersek at gmail.com> 2014-02-03 02:19:18 PST ---
Here's the disassembled code, with the point of crash highlighted.
Generated Baseline JIT code for g#DSCS4i:[0x54e2a0->0x7fffb0ade070, BaselineFunctionCall, 67], instruction count = 67
Source: function g() { return f.apply(null, arguments); }
Code at [0x7fffb2b0f8c0, 0x7fffb2b0feac):
0x7fffb2b0f8c0: push %rbp
0x7fffb2b0f8c1: mov %rsp, %rbp
0x7fffb2b0f8c4: mov $0x54e2a0, %r11
0x7fffb2b0f8ce: mov %r11, 0x10(%rbp)
0x7fffb2b0f8d2: mov 0x30(%rbp), %rax
0x7fffb2b0f8d6: mov %rax, 0x4fbf90
0x7fffb2b0f8e0: lea -0x70(%rbp), %rdx
0x7fffb2b0f8e4: mov $0x44e828, %r11
0x7fffb2b0f8ee: cmp %rdx, (%r11)
0x7fffb2b0f8f1: ja 0x7fffb2b0fdb0
0x7fffb2b0f8f7: lea -0x70(%rbp), %rsp
0x7fffb2b0f8fb: test $0xf, %spl
0x7fffb2b0f8ff: jz 0x7fffb2b0f906
0x7fffb2b0f905: int3
0x7fffb2b0f906: mov $0xffff000000000000, %r11
0x7fffb2b0f910: cmp %r11, %r14
0x7fffb2b0f913: jz 0x7fffb2b0f91a
0x7fffb2b0f919: int3
0x7fffb2b0f91a: mov $0xffff000000000002, %r11
0x7fffb2b0f924: cmp %r11, %r15
0x7fffb2b0f927: jz 0x7fffb2b0f92e
0x7fffb2b0f92d: int3
0x7fffb2b0f92e: cmp $0x989680, 0x28(%rbp)
0x7fffb2b0f935: jb 0x7fffb2b0f93c
0x7fffb2b0f93b: int3
[ 0] enter
0x7fffb2b0f93c: mov $0xa, %r11
0x7fffb2b0f946: mov %r11, -0x8(%rbp)
0x7fffb2b0f94a: mov $0xa, %r11
0x7fffb2b0f954: mov %r11, -0x10(%rbp)
0x7fffb2b0f958: mov $0x1, 0x2c(%rbp)
0x7fffb2b0f95f: mov $0x44cd08, %r11
0x7fffb2b0f969: mov %rbp, (%r11)
0x7fffb2b0f96c: mov %rbp, %rdi
0x7fffb2b0f96f: mov $0x54fad8, %rsi
0x7fffb2b0f979: mov $0x7ffff75a6300, %r11
0x7fffb2b0f983: call %r11
0x7fffb2b0f986: mov $0x44e838, %r11
0x7fffb2b0f990: mov (%r11), %r11
0x7fffb2b0f993: test %r11, %r11
0x7fffb2b0f996: jnz 0x7fffb2b0fe83
[ 1] init_lazy_reg loc1
0x7fffb2b0f99c: mov $0x0, %r11
0x7fffb2b0f9a6: mov %r11, -0x10(%rbp)
[ 3] init_lazy_reg loc0
0x7fffb2b0f9aa: mov $0x0, %r11
0x7fffb2b0f9b4: mov %r11, -0x8(%rbp)
[ 5] touch_entry
0x7fffb2b0f9b8: mov $0x6, 0x2c(%rbp)
0x7fffb2b0f9bf: mov $0x44cd08, %r11
0x7fffb2b0f9c9: mov %rbp, (%r11)
0x7fffb2b0f9cc: mov %rbp, %rdi
0x7fffb2b0f9cf: mov $0x54fb00, %rsi
0x7fffb2b0f9d9: mov $0x7ffff75a2310, %r11
0x7fffb2b0f9e3: call %r11
0x7fffb2b0f9e6: mov $0x44e838, %r11
0x7fffb2b0f9f0: mov (%r11), %r11
0x7fffb2b0f9f3: test %r11, %r11
0x7fffb2b0f9f6: jnz 0x7fffb2b0fe83
[ 6] resolve_scope loc2, f(@id0), 1<ThrowIfNotFound|GlobalVar>, 0
0x7fffb2b0f9fc: mov $0x7ffff7f3f970, %rax
0x7fffb2b0fa06: mov %rax, -0x18(%rbp)
[ 12] get_from_scope loc3, loc2, f(@id0), 1<ThrowIfNotFound|GlobalVar>, <structure>, 4695632
0x7fffb2b0fa0a: mov 0x47a650, %rax
0x7fffb2b0fa14: mov %rax, -0x20(%rbp)
0x7fffb2b0fa18: mov %rax, 0x5001e0
[ 20] get_by_id loc4, loc3, apply(@id1) predicting None
0x7fffb2b0fa22: mov -0x20(%rbp), %rax
0x7fffb2b0fa26: test %rax, %r15
0x7fffb2b0fa29: jnz 0x7fffb2b0fcd4
0x7fffb2b0fa2f: mov $0xd1e7beef, %r11
0x7fffb2b0fa39: cmp %r11, (%rax)
0x7fffb2b0fa3c: jnz 0x7fffb2b0fcd4
0x7fffb2b0fa42: mov 0x8(%rax), %rax
0x7fffb2b0fa46: mov 0x0(%rax), %rax
0x7fffb2b0fa4a: mov %rax, 0x500200
0x7fffb2b0fa54: mov %rax, -0x28(%rbp)
[ 29] jneq_ptr loc4, 1 (0x7ffff7ecff70), 17(->46)
0x7fffb2b0fa58: mov -0x28(%rbp), %rax
0x7fffb2b0fa5c: mov $0x7ffff7ecff70, %r11
0x7fffb2b0fa66: cmp %r11, %rax
0x7fffb2b0fa69: jnz 0x7fffb2b0fbe1
[ 33] mov loc5, loc3
0x7fffb2b0fa6f: mov -0x20(%rbp), %rax
0x7fffb2b0fa73: mov %rax, -0x30(%rbp)
[ 36] call_varargs loc4, loc5, Null(@k0), loc1, -7 predicting None
0x7fffb2b0fa77: mov -0x10(%rbp), %rax
0x7fffb2b0fa7b: test %rax, %rax
0x7fffb2b0fa7e: jnz 0x7fffb2b0faf3
0x7fffb2b0fa84: mov 0x28(%rbp), %eax
0x7fffb2b0fa87: cmp $0x10001, %eax
0x7fffb2b0fa8d: ja 0x7fffb2b0faf3
0x7fffb2b0fa93: mov %rax, %rdx
0x7fffb2b0fa96: add $0xd, %rdx
0x7fffb2b0fa9a: inc %rdx
0x7fffb2b0fa9d: and $0xfffffffffffffffe, %rdx
0x7fffb2b0faa1: neg %rdx
0x7fffb2b0faa4: shl $0x3, %rdx
0x7fffb2b0faa8: add %rbp, %rdx
0x7fffb2b0faab: mov $0x44e828, %r11
0x7fffb2b0fab5: cmp %rdx, (%r11)
0x7fffb2b0fab8: ja 0x7fffb2b0faf3
========> 0x7fffb2b0fabe: mov %eax, 0x28(%rdx)
0x7fffb2b0fac1: mov $0x2, %rcx
0x7fffb2b0facb: mov %rcx, 0x30(%rdx)
0x7fffb2b0facf: movsxd %eax, %rax
0x7fffb2b0fad2: dec %rax
0x7fffb2b0fad5: jz 0x7fffb2b0fb8a
0x7fffb2b0fadb: mov 0x30(%rbp,%rax,8), %rcx
0x7fffb2b0fae0: mov %rcx, 0x30(%rdx,%rax,8)
0x7fffb2b0fae5: dec %rax
0x7fffb2b0fae8: jnz 0x7fffb2b0fadb
0x7fffb2b0faee: jmp 0x7fffb2b0fb8a
0x7fffb2b0faf3: mov -0x10(%rbp), %rdx
0x7fffb2b0faf7: mov %rdx, %rsi
0x7fffb2b0fafa: mov $0xfffffff9, %edx
0x7fffb2b0faff: mov %rbp, %rdi
0x7fffb2b0fb02: mov $0x25, 0x2c(%rbp)
0x7fffb2b0fb09: mov $0x44cd08, %r11
0x7fffb2b0fb13: mov %rbp, (%r11)
0x7fffb2b0fb16: mov $0x7ffff747f050, %r11
0x7fffb2b0fb20: call %r11
0x7fffb2b0fb23: mov $0x44e838, %r11
0x7fffb2b0fb2d: mov (%r11), %r11
0x7fffb2b0fb30: test %r11, %r11
0x7fffb2b0fb33: jnz 0x7fffb2b0fe83
0x7fffb2b0fb39: mov %rax, %rsp
0x7fffb2b0fb3c: mov $0x2, %rdx
0x7fffb2b0fb46: mov -0x10(%rbp), %rcx
0x7fffb2b0fb4a: mov %rax, %rsi
0x7fffb2b0fb4d: mov %rbp, %rdi
0x7fffb2b0fb50: mov $0x25, 0x2c(%rbp)
0x7fffb2b0fb57: mov $0x44cd08, %r11
0x7fffb2b0fb61: mov %rbp, (%r11)
0x7fffb2b0fb64: mov $0x7ffff747f0d0, %r11
0x7fffb2b0fb6e: call %r11
0x7fffb2b0fb71: mov $0x44e838, %r11
0x7fffb2b0fb7b: mov (%r11), %r11
0x7fffb2b0fb7e: test %r11, %r11
0x7fffb2b0fb81: jnz 0x7fffb2b0fe83
0x7fffb2b0fb87: mov %rax, %rdx
0x7fffb2b0fb8a: lea 0x10(%rdx), %rsp
0x7fffb2b0fb8e: mov $0x24, 0x2c(%rbp)
0x7fffb2b0fb95: mov -0x30(%rbp), %rax
0x7fffb2b0fb99: mov %rax, 0x10(%rsp)
0x7fffb2b0fb9e: mov $0x0, %r11
0x7fffb2b0fba8: cmp %r11, %rax
0x7fffb2b0fbab: jnz 0x7fffb2b0fd46
0x7fffb2b0fbb1: mov 0x20(%rax), %rcx
0x7fffb2b0fbb5: mov %rcx, 0x8(%rsp)
0x7fffb2b0fbba: call 0x7fffb2b0fbbf
0x7fffb2b0fbbf: lea -0x70(%rbp), %rsp
0x7fffb2b0fbc3: test $0xf, %spl
0x7fffb2b0fbc7: jz 0x7fffb2b0fbce
0x7fffb2b0fbcd: int3
0x7fffb2b0fbce: mov %rax, 0x500220
0x7fffb2b0fbd8: mov %rax, -0x28(%rbp)
[ 44] jmp 21(->65)
0x7fffb2b0fbdc: jmp 0x7fffb2b0fcc0
[ 46] mov loc7, loc3
0x7fffb2b0fbe1: mov -0x20(%rbp), %rax
0x7fffb2b0fbe5: mov %rax, -0x40(%rbp)
[ 49] mov loc6, Null(@k0)
0x7fffb2b0fbe9: mov $0x2, %rax
0x7fffb2b0fbf3: mov %rax, -0x38(%rbp)
[ 52] create_arguments loc1
0x7fffb2b0fbf7: cmp $0x0, -0x10(%rbp)
0x7fffb2b0fbfc: jnz 0x7fffb2b0fc44
0x7fffb2b0fc02: mov %rbp, %rdi
0x7fffb2b0fc05: mov $0x35, 0x2c(%rbp)
0x7fffb2b0fc0c: mov $0x44cd08, %r11
0x7fffb2b0fc16: mov %rbp, (%r11)
0x7fffb2b0fc19: mov $0x7ffff747e140, %r11
0x7fffb2b0fc23: call %r11
0x7fffb2b0fc26: mov $0x44e838, %r11
0x7fffb2b0fc30: mov (%r11), %r11
0x7fffb2b0fc33: test %r11, %r11
0x7fffb2b0fc36: jnz 0x7fffb2b0fe83
0x7fffb2b0fc3c: mov %rax, -0x10(%rbp)
0x7fffb2b0fc40: mov %rax, -0x8(%rbp)
[ 54] mov loc5, loc1
0x7fffb2b0fc44: mov -0x10(%rbp), %rax
0x7fffb2b0fc48: mov %rax, -0x30(%rbp)
[ 57] call loc4, loc4, 3, 14 status(Not Set) Original; predicting None
0x7fffb2b0fc4c: mov -0x40(%rbp), %rax
0x7fffb2b0fc50: test %rax, %r15
0x7fffb2b0fc53: jnz 0x7fffb2b0fc66
0x7fffb2b0fc59: mov (%rax), %rax
0x7fffb2b0fc5c: mov %rax, 0x500f98
0x7fffb2b0fc66: lea -0x60(%rbp), %rsp
0x7fffb2b0fc6a: mov $0x3, 0x18(%rsp)
0x7fffb2b0fc72: mov $0x39, 0x2c(%rbp)
0x7fffb2b0fc79: mov -0x28(%rbp), %rax
0x7fffb2b0fc7d: mov %rax, 0x10(%rsp)
0x7fffb2b0fc82: mov $0x0, %r11
0x7fffb2b0fc8c: cmp %r11, %rax
0x7fffb2b0fc8f: jnz 0x7fffb2b0fd7b
0x7fffb2b0fc95: mov 0x20(%rax), %rcx
0x7fffb2b0fc99: mov %rcx, 0x8(%rsp)
0x7fffb2b0fc9e: call 0x7fffb2b0fca3
0x7fffb2b0fca3: lea -0x70(%rbp), %rsp
0x7fffb2b0fca7: test $0xf, %spl
0x7fffb2b0fcab: jz 0x7fffb2b0fcb2
0x7fffb2b0fcb1: int3
0x7fffb2b0fcb2: mov %rax, 0x500240
0x7fffb2b0fcbc: mov %rax, -0x28(%rbp)
[ 65] ret loc4
0x7fffb2b0fcc0: mov -0x28(%rbp), %rax
0x7fffb2b0fcc4: test $0xf, %spl
0x7fffb2b0fcc8: jz 0x7fffb2b0fccf
0x7fffb2b0fcce: int3
0x7fffb2b0fccf: mov %rbp, %rsp
0x7fffb2b0fcd2: pop %rbp
0x7fffb2b0fcd3: ret
(End Of Main Path)
(S) [ 20] get_by_id loc4, loc3, apply(@id1) predicting None
0x7fffb2b0fcd4: mov %rax, %rdx
0x7fffb2b0fcd7: mov $0x500380, %rsi
0x7fffb2b0fce1: mov $0x4533b0, %rcx
0x7fffb2b0fceb: mov %rbp, %rdi
0x7fffb2b0fcee: mov $0x15, 0x2c(%rbp)
0x7fffb2b0fcf5: mov $0x44cd08, %r11
0x7fffb2b0fcff: mov %rbp, (%r11)
0x7fffb2b0fd02: mov $0x7ffff74793e0, %r11
0x7fffb2b0fd0c: call %r11
0x7fffb2b0fd0f: mov $0x44e838, %r11
0x7fffb2b0fd19: mov (%r11), %r11
0x7fffb2b0fd1c: test %r11, %r11
0x7fffb2b0fd1f: jnz 0x7fffb2b0fe83
0x7fffb2b0fd25: mov %rax, 0x500200
0x7fffb2b0fd2f: mov %rax, -0x28(%rbp)
0x7fffb2b0fd33: mov $0x500514, %r11
0x7fffb2b0fd3d: add $0x1, (%r11)
0x7fffb2b0fd41: jmp 0x7fffb2b0fa58
(S) [ 36] call_varargs loc4, loc5, Null(@k0), loc1, -7 predicting None
0x7fffb2b0fd46: call 0x7fffb2af3960
0x7fffb2b0fd4b: lea -0x70(%rbp), %rsp
0x7fffb2b0fd4f: test $0xf, %spl
0x7fffb2b0fd53: jz 0x7fffb2b0fd5a
0x7fffb2b0fd59: int3
0x7fffb2b0fd5a: mov %rax, 0x500220
0x7fffb2b0fd64: mov %rax, -0x28(%rbp)
0x7fffb2b0fd68: mov $0x50051c, %r11
0x7fffb2b0fd72: add $0x1, (%r11)
0x7fffb2b0fd76: jmp 0x7fffb2b0fbdc
(S) [ 57] call loc4, loc4, 3, 14 status(Not Set) Original; predicting None
0x7fffb2b0fd7b: call 0x7fffb2af3960
0x7fffb2b0fd80: lea -0x70(%rbp), %rsp
0x7fffb2b0fd84: test $0xf, %spl
0x7fffb2b0fd88: jz 0x7fffb2b0fd8f
0x7fffb2b0fd8e: int3
0x7fffb2b0fd8f: mov %rax, 0x500240
0x7fffb2b0fd99: mov %rax, -0x28(%rbp)
0x7fffb2b0fd9d: mov $0x500524, %r11
0x7fffb2b0fda7: add $0x1, (%r11)
0x7fffb2b0fdab: jmp 0x7fffb2b0fcc0
(End Of Slow Path)
0x7fffb2b0fdb0: mov $0x54e2a0, %rsi
0x7fffb2b0fdba: mov %rbp, %rdi
0x7fffb2b0fdbd: mov $0x1, 0x2c(%rbp)
0x7fffb2b0fdc4: mov $0x44cd08, %r11
0x7fffb2b0fdce: mov %rbp, (%r11)
0x7fffb2b0fdd1: mov $0x7ffff7479000, %r11
0x7fffb2b0fddb: call %r11
0x7fffb2b0fdde: mov $0x44e838, %r11
0x7fffb2b0fde8: mov (%r11), %r11
0x7fffb2b0fdeb: test %r11, %r11
0x7fffb2b0fdee: jnz 0x7fffb2b0fe7a
0x7fffb2b0fdf4: mov $0x54e2e2, %r11
0x7fffb2b0fdfe: mov $0x0, (%r11)
0x7fffb2b0fe02: push %rbp
0x7fffb2b0fe03: mov %rsp, %rbp
0x7fffb2b0fe06: mov $0x54e2a0, %r11
0x7fffb2b0fe10: mov %r11, 0x10(%rbp)
0x7fffb2b0fe14: mov 0x28(%rbp), %edx
0x7fffb2b0fe17: cmp $0x1, %edx
0x7fffb2b0fe1a: jae 0x7fffb2b0f8d2
0x7fffb2b0fe20: mov %rbp, %rdi
0x7fffb2b0fe23: mov $0x1, 0x2c(%rbp)
0x7fffb2b0fe2a: mov $0x44cd08, %r11
0x7fffb2b0fe34: mov %rbp, (%r11)
0x7fffb2b0fe37: mov $0x7ffff74790a0, %r11
0x7fffb2b0fe41: call %r11
0x7fffb2b0fe44: mov $0x44e838, %r11
0x7fffb2b0fe4e: mov (%r11), %r11
0x7fffb2b0fe51: test %r11, %r11
0x7fffb2b0fe54: jnz 0x7fffb2b0fe7a
0x7fffb2b0fe5a: test %eax, %eax
0x7fffb2b0fe5c: jz 0x7fffb2b0f8d2
0x7fffb2b0fe62: mov $0x472600, %rsi
0x7fffb2b0fe6c: mov (%rsi,%rax,8), %rsi
0x7fffb2b0fe70: call 0x7fffb2afd2a0
0x7fffb2b0fe75: jmp 0x7fffb2b0f8d2
0x7fffb2b0fe7a: mov 0x0(%rbp), %rsi
0x7fffb2b0fe7e: jmp 0x7fffb2b0fe86
0x7fffb2b0fe83: mov %rbp, %rsi
0x7fffb2b0fe86: mov $0x442960, %rdi
0x7fffb2b0fe90: mov $0x7ffff747fe10, %r11
0x7fffb2b0fe9a: call %r11
0x7fffb2b0fe9d: mov $0x44e750, %rdx
0x7fffb2b0fea7: mov (%rdx), %rdx
0x7fffb2b0feaa: jmp %rdx
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list