[Webkit-unassigned] [Bug 181570] New: REGRESSION(226788): AppStore Crashed @ JavaScriptCore: JSC::MacroAssemblerARM64::pushToSaveImmediateWithoutTouchingRegisters

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Jan 11 18:33:52 PST 2018


https://bugs.webkit.org/show_bug.cgi?id=181570

            Bug ID: 181570
           Summary: REGRESSION(226788): AppStore Crashed @ JavaScriptCore:
                    JSC::MacroAssemblerARM64::pushToSaveImmediateWithoutTo
                    uchingRegisters
           Product: WebKit
           Version: Other
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: msaboff at apple.com

Backtrace

- Crashing App -
AppStore

- Crash Information -
Exception Type:  EXC_BREAKPOINT (SIGTRAP)
Exception Codes: 0x0000000000000001, 0x0000000102388d90
Termination Signal: Trace/BPT trap: 5
Termination Reason: Namespace SIGNAL, Code 0x5
Terminating Process: exc handler [0]
Triggered by Thread:  24

Backtrace:
Thread 24 name:  WTF::AutomaticThread
Thread 24 Crashed:
0   JavaScriptCore                      0x0000000102388d90 JSC::MacroAssemblerARM64::pushToSaveImmediateWithoutTouchingRegisters(JSC::AbstractMacroAssembler<JSC::ARM64Assembler>::TrustedImm32) + 200
1   JavaScriptCore                      0x0000000102386ab0 JSC::FTL::OSRExitHandle::emitExitThunk(JSC::FTL::State&, JSC::CCallHelpers&) + 88


The change in change set r226788, changed pushToSaveImmediateWithoutTouchingRegisters() to use getCachedDataTempRegisterIDAndInvalidate() instead of dataTempRegister.  That doesn't work here in the FTL code because there aren't any cached registers and so we hit the RELEASE_ASSERT() at the top of getCachedDataTempRegisterIDAndInvalidate().  Reverting pushToSaveImmediateWithoutTouchingRegisters() to use dataTempRegister with a comment why it has to be that way.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20180112/2dabc711/attachment-0001.html>


More information about the webkit-unassigned mailing list