[Webkit-unassigned] [Bug 169724] New: WebAssembly: function-tests/load-offset.js fails on ARM64
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Mar 15 17:21:05 PDT 2017
https://bugs.webkit.org/show_bug.cgi?id=169724
Bug ID: 169724
Summary: WebAssembly: function-tests/load-offset.js fails on
ARM64
Classification: Unclassified
Product: WebKit
Version: WebKit Nightly Build
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: JavaScriptCore
Assignee: webkit-unassigned at lists.webkit.org
Reporter: jfbastien at apple.com
CC: fpizlo at apple.com, jfbastien at apple.com,
keith_miller at apple.com, mark.lam at apple.com,
msaboff at apple.com, sbarati at apple.com
Blocks: 161709
Segfaults on ARM64, not on x86:
# DYLD_FRAMEWORK_PATH=... lldb .../jsc -- -m --useWebAssembly=1 ./function-tests/load-offset.js ; echo $?
(lldb) r
Process 64578 stopped
* thread #1: tid = 0x5a2002, 0x00000002cca6d860, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x2c2800004)
frame #0: 0x00000002cca6d860
-> 0x2cca6d860: ldur w0, [x1, #4]
0x2cca6d864: movz x1, #0xf38
0x2cca6d868: movk x1, #0xa0, lsl #16
0x2cca6d86c: movk x1, #0x1, lsl #32
(lldb) bt
* thread #1: tid = 0x5a2002, 0x00000002cca6d860, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x2c2800004)
* frame #0: 0x00000002cca6d860
frame #1: 0x00000002cca6d8f4
frame #2: 0x0000000100861fc8 JavaScriptCore`llintPCRangeStart + 264
frame #3: 0x0000000100a4bc44 JavaScriptCore`JSC::callWebAssemblyFunction(JSC::ExecState*) + 1620
frame #4: 0x000000010085fbf4 JavaScriptCore`JSC::LLInt::setUpCall(JSC::ExecState*, JSC::Instruction*, JSC::CodeSpecializationKind, JSC::JSValue, JSC::LLIntCallLinkInfo*) + 384
frame #5: 0x00000001008688a8 JavaScriptCore`llint_entry + 26392
frame #6: 0x0000000100861fc8 JavaScriptCore`llintPCRangeStart + 264
frame #7: 0x00000001006fd9b4 JavaScriptCore`JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) + 136
frame #8: 0x00000001006d1278 JavaScriptCore`JSC::Interpreter::execute(JSC::ModuleProgramExecutable*, JSC::ExecState*, JSC::JSModuleEnvironment*) + 468
frame #9: 0x000000010078d800 JavaScriptCore`JSC::JSModuleRecord::evaluate(JSC::ExecState*) + 60
frame #10: 0x0000000100789cb8 JavaScriptCore`JSC::JSModuleLoader::evaluate(JSC::ExecState*, JSC::JSValue, JSC::JSValue, JSC::JSValue) + 412
frame #11: 0x00000002cca50030
frame #12: 0x0000000100868854 JavaScriptCore`llint_entry + 26308
frame #13: 0x00000001008688b8 JavaScriptCore`llint_entry + 26408
frame #14: 0x00000002cca584a0
frame #15: 0x0000000100861fc8 JavaScriptCore`llintPCRangeStart + 264
frame #16: 0x00000001006fd9b4 JavaScriptCore`JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) + 136
frame #17: 0x00000001006d0aec JavaScriptCore`JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 400
frame #18: 0x0000000100330c60 JavaScriptCore`JSC::profiledCall(JSC::ExecState*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 168
frame #19: 0x0000000100783628 JavaScriptCore`JSC::JSJobMicrotask::run(JSC::ExecState*) + 400
frame #20: 0x00000001009f2f58 JavaScriptCore`JSC::VM::drainMicrotasks() + 272
frame #21: 0x0000000100007b40 jsc`jscmain(int, char**) + 3328
frame #22: 0x0000000100006e30 jsc`main + 52
frame #23: 0x0000000182ddd59c libdyld.dylib`start + 4
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20170316/1bfddb9e/attachment-0001.html>
More information about the webkit-unassigned
mailing list