[Webkit-unassigned] [Bug 144921] New: ASSERTION FAILED: offset == static_cast<int32_t>(offset) with useLLInt=false and useJIT=false

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue May 12 12:18:54 PDT 2015 

https://bugs.webkit.org/show_bug.cgi?id=144921

            Bug ID: 144921
           Summary: ASSERTION FAILED: offset ==
                    static_cast<int32_t>(offset) with useLLInt=false and
                    useJIT=false
    Classification: Unclassified
           Product: WebKit
           Version: 528+ (Nightly build)
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: basile_clement at apple.com

Created attachment 252975
  --> https://bugs.webkit.org/attachment.cgi?id=252975&action=review
Failing test

Running the following command segfaults on the system jsc:

$ jsc --useLLInt=false --useJIT=false native_call.js
OK
OK
Segmentation fault: 11

With a ToT debug build I get:

$ DYLD_FRAMEWORK_PATH=WebKitBuild/Debug/ WebKitBuild/Debug/jsc --useLLInt=false --useJIT=false native_call.js 
OK
ASSERTION FAILED: offset == static_cast<int32_t>(offset)
/Volumes/Data/secondary/OpenSource/Source/JavaScriptCore/assembler/X86Assembler.h(2327) : static void JSC::X86Assembler::setRel32(void *, void *)
1   0x10ad9d7e0 WTFCrash
2   0x10a3b9159 JSC::X86Assembler::setRel32(void*, void*)
3   0x10a98c0fd JSC::X86Assembler::relinkCall(void*, void*)
4   0x10a98c0d8 JSC::AbstractMacroAssembler<JSC::X86Assembler, JSC::MacroAssemblerX86Common>::repatchNearCall(JSC::CodeLocationNearCall, JSC::CodeLocationLabel)
5   0x10acb2861 JSC::RepatchBuffer::relink(JSC::CodeLocationNearCall, JSC::MacroAssemblerCodePtr)
6   0x10acaa408 JSC::linkFor(JSC::ExecState*, JSC::CallLinkInfo&, JSC::CodeBlock*, JSC::JSFunction*, JSC::MacroAssemblerCodePtr, JSC::CodeSpecializationKind, JSC::RegisterPreservationMode)
7   0x10a9aa5ad linkFor
8   0x10a9a4cb6 operationLinkCall
9   0x2ec507e0103c
10  0x2ec507e01b5e
11  0x2ec507e016b4
12  0x10ab31a49 vmEntryToJavaScript
13  0x10a993c6a JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*)
14  0x10a9773a1 JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::JSObject*)
15  0x10a4a03c0 JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, JSC::JSValue*)
16  0x10a30fa24 runWithScripts(GlobalObject*, WTF::Vector<Script, 0ul, WTF::CrashOnOverflow, 16ul> const&, bool)
17  0x10a30efe6 jscmain(int, char**)
18  0x10a30eb01 main
19  0x7fff904435c9 start
Segmentation fault: 11

The attachment uses print() but any native function seem to work as well.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20150512/1d70e42d/attachment.html>

More information about the webkit-unassigned mailing list