[Webkit-unassigned] [Bug 161356] New: Assertion failure in JITMathIC<JSC::JITAddGenerator>::generateInline (static_cast<ptrdiff_t>(inlineSize) <= MacroAssembler::maxJumpReplacementSize()) on many URLs
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Aug 29 16:02:38 PDT 2016
https://bugs.webkit.org/show_bug.cgi?id=161356
Bug ID: 161356
Summary: Assertion failure in
JITMathIC<JSC::JITAddGenerator>::generateInline
(static_cast<ptrdiff_t>(inlineSize) <=
MacroAssembler::maxJumpReplacementSize()) on many URLs
Classification: Unclassified
Product: WebKit
Version: Other
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: JavaScriptCore
Assignee: webkit-unassigned at lists.webkit.org
Reporter: mitz at webkit.org
On an iPhone 5, The Web Content process is failing an assertion in JITMathIC<JSC::JITAddGenerator>::generateInline():
ASSERTION FAILED: static_cast<ptrdiff_t>(inlineSize) <= MacroAssembler::maxJumpReplacementSize()
Source/JavaScriptCore/jit/JITMathIC.h(89) : bool JSC::JITMathIC<JSC::JITAddGenerator>::generateInline(JSC::CCallHelpers &, JSC::MathICGenerationState &, bool) [Generator = JSC::JITAddGenerator]
1 0x376ae2f WTFCrash
2 0x341f6f3 JSC::JITMathIC<JSC::JITAddGenerator>::generateInline(JSC::CCallHelpers&, JSC::MathICGenerationState&, bool)
3 0x33fc137 void JSC::JIT::emitMathICFast<JSC::JITAddGenerator, long long (*)(JSC::ExecState*, long long, long long, JSC::ArithProfile*), long long (*)(JSC::ExecState*, long long, long long)>(JSC::JITMathIC<JSC::JITAddGenerator>*, JSC::Instruction*, long long (*)(JSC::ExecState*, long long, long long, JSC::ArithProfile*), long long (*)(JSC::ExecState*, long long, long long))
4 0x33fbe23 JSC::JIT::emit_op_add(JSC::Instruction*)
5 0x33f0469 JSC::JIT::privateCompileMainPass()
6 0x33f2379 JSC::JIT::compileWithoutLinking(JSC::JITCompilationEffort)
7 0x34df131 JSC::JITWorklist::Plan::compileInThread()
8 0x34ded7f JSC::JITWorklist::Plan::compileNow(JSC::CodeBlock*)
9 0x34dec5d JSC::JITWorklist::compileLater(JSC::CodeBlock*)
10 0x356accb JSC::LLInt::jitCompileAndSetHeuristics(JSC::CodeBlock*, JSC::ExecState*)
11 0x356aea1 llint_replace
12 0x3578d09 llint_entry
13 0x357aa55 llint_entry
14 0x357ad67 llint_entry
15 0x3575261 vmEntryToJavaScript
16 0x34060ff JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*)
17 0x33c8811 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)
18 0x2fb599d JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)
19 0x3446953 JSC::boundThisNoArgsFunctionCall(JSC::ExecState*)
20 0x5e45ac61
21 0x357aa9f llint_entry
22 0x3575261 vmEntryToJavaScript
23 0x34060ff JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*)
24 0x33c8811 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)
25 0x2fb599d JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)
26 0x2fb5b47 JSC::profiledCall(JSC::ExecState*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)
27 0x349f939 JSC::JSJobMicrotask::run(JSC::ExecState*)
28 0x5cc75a3 WebCore::JSMainThreadExecState::runTask(JSC::ExecState*, JSC::Microtask&)
29 0x5cc74fd WebCore::JSDOMWindowMicrotaskCallback::call()
30 0x5cc7489 WebCore::JSDOMWindowBase::queueTaskToEventLoop(JSC::JSGlobalObject const*, WTF::Ref<JSC::Microtask>&&)::$_0::operator()()
31 0x5cc73b9 WTF::Function<void ()>::CallableWrapper<WebCore::JSDOMWindowBase::queueTaskToEventLoop(JSC::JSGlobalObject const*, WTF::Ref<JSC::Microtask>&&)::$_0>::call()
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160829/0843024a/attachment.html>
More information about the webkit-unassigned
mailing list