[Webkit-unassigned] [Bug 154857] [ARM] ASSERTION FAILED: !(reinterpret_cast<intptr_t>(to) & 1) on Linux

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Mar 1 06:39:34 PST 2016 

https://bugs.webkit.org/show_bug.cgi?id=154857

Csaba Osztrogonác <ossy at webkit.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |fpizlo at apple.com,
                   |                            |mark.lam at apple.com,
                   |                            |msaboff at apple.com,
                   |                            |ossy at webkit.org,
                   |                            |utatane.tea at gmail.com

--- Comment #2 from Csaba Osztrogonác <ossy at webkit.org> ---
Linking call in localeCompare#CjXQDP:[0xb2a691d0->0xb2a3e2e0, BaselineFunctionCall, 252 (StrictMode)] at bc#173 to (null), entrypoint at CodePtr(executable = 0xb0a1e821, dataLocation = 0xb0a1e820)
ASSERTION FAILED: !(reinterpret_cast<intptr_t>(to) & 1)
../../Source/JavaScriptCore/assembler/ARMv7Assembler.h(2206) : static void JSC::ARMv7Assembler::relinkJump(void*, void*)
1   0xb650ca3c WTFCrash
2   0xb6012fb8 JSC::ARMv7Assembler::relinkJump(void*, void*)
3   0xb6229ca4 JSC::AbstractMacroAssembler<JSC::ARMv7Assembler, JSC::MacroAssemblerARMv7>::repatchNearCall(JSC::CodeLocationNearCall, JSC::CodeLocationLabel)
4   0xb6226d0a JSC::linkFor(JSC::ExecState*, JSC::CallLinkInfo&, JSC::CodeBlock*, JSC::JSFunction*, JSC::MacroAssemblerCodePtr)
5   0xb620815e

Generated Baseline JIT code for localeCompare#CjXQDP:[0xb2a691d0->0xb2a3e2e0, BaselineFunctionCall, 252 (StrictMode)], instruction count = 252
   Source: function (that) { "use strict"; if (this === null) throw new @TypeError("String.prototype.localeCompare requires that |this| not be null"); if (this === @undefined) throw new @TypeError("String.prototype.localeCompare requires that |this| not be undefined"); var thisString = @toString(this); var thatString = @toString(that); if (arguments[1] === @undefined && arguments[2] === @undefined) return @Collator.prototype.compare(thisString, thatString); var collator = new @Collator(arguments[1], arguments[2]); return collator.compare(thisString, thatString); }
   Code at [0xb0a1e920, 0xb0a20124):
....
   [ 173] tail_call         loc9, loc9, 3, 18 status(Could Take Slow Path)    NonArray; predicting None
....

It seems the assertion hits near tail call which was added in
http://trac.webkit.org/changeset/189884 (bug148661) near half year ago.

Could you possible give us any hint what can be the problem here?

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160301/011cf7e7/attachment-0001.html>

More information about the webkit-unassigned mailing list