[Webkit-unassigned] [Bug 203854] [Win] 64-bit builds unusable on current Visual Studio 2019 (16.3.7, 16.3.8, and 16.3.9)

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Nov 20 15:32:47 PST 2019 

https://bugs.webkit.org/show_bug.cgi?id=203854

--- Comment #16 from Brent Fulgham <bfulgham at webkit.org> ---
Using the fibonacci example (above) in Debug, I see:

        ucrtbase.dll!00007ffad0eedb8e() Unknown
>	JavaScriptCore.dll!WTFCrashWithInfo(int __formal, const char * __formal, const char * __formal, int __formal) Line 617	C++
        JavaScriptCore.dll!WTF::BasicRawSentinelNode<JSC::LLIntCallLinkInfo,WTF::PackedPtrTraits<JSC::LLIntCallLinkInfo>>::isOnList() Line 65   C++
        JavaScriptCore.dll!JSC::LLIntCallLinkInfo::link(JSC::VM & vm, JSC::JSCell * owner, JSC::JSObject * callee, JSC::MacroAssemblerCodePtr<357> codePtr) Line 56     C++
        JavaScriptCore.dll!JSC::LLInt::setUpCall(JSC::CallFrame * calleeFrame, JSC::CodeSpecializationKind kind, JSC::JSValue calleeAsValue, JSC::LLIntCallLinkInfo * callLinkInfo) Line 1532   C++
        JavaScriptCore.dll!JSC::LLInt::genericCall<JSC::OpCall>(JSC::CodeBlock * codeBlock, JSC::CallFrame * callFrame, JSC::OpCall && bytecode, JSC::CodeSpecializationKind kind) Line 1558    C++
        JavaScriptCore.dll!llint_slow_path_call(JSC::CallFrame * callFrame, const JSC::Instruction * pc) Line 1565      C++
        JavaScriptCore.dll!llint_entry()       Unknown
        0000005c6d1b3620()      Unknown

Which is triggering an assertion here:

    bool isOnList() const
    {
        ASSERT(!!m_prev == !!m_next);
        return !!m_prev;
    }

Which is definitely not a true assertion. Dumping m_prev and m_next shows:

-               m_next  {...}   WTF::Packed<WTF::BasicRawSentinelNode<JSC::LLIntCallLinkInfo,WTF::PackedPtrTraits<JSC::LLIntCallLinkInfo>> *>
-               WTF::PackedAlignedPtr<WTF::BasicRawSentinelNode<JSC::LLIntCallLinkInfo,WTF::PackedPtrTraits<JSC::LLIntCallLinkInfo> >,1>        {m_storage={ size=6 } } WTF::PackedAlignedPtr<WTF::BasicRawSentinelNode<JSC::LLIntCallLinkInfo,WTF::PackedPtrTraits<JSC::LLIntCallLinkInfo>>,1>
-               m_storage       { size=6 }      std::array<unsigned char,6>
                [0]     0 '\0'  unsigned char
                [1]     0 '\0'  unsigned char
                [2]     0 '\0'  unsigned char
                [3]     0 '\0'  unsigned char
                [4]     0 '\0'  unsigned char
                [5]     0 '\0'  unsigned char
+               [Raw View]      {_Elems=0x0000025b5b1e55c8 "" } std::array<unsigned char,6>
-               m_prev  {...}   WTF::Packed<WTF::BasicRawSentinelNode<JSC::LLIntCallLinkInfo,WTF::PackedPtrTraits<JSC::LLIntCallLinkInfo>> *>
-               WTF::PackedAlignedPtr<WTF::BasicRawSentinelNode<JSC::LLIntCallLinkInfo,WTF::PackedPtrTraits<JSC::LLIntCallLinkInfo> >,1>        {m_storage={ size=6 } } WTF::PackedAlignedPtr<WTF::BasicRawSentinelNode<JSC::LLIntCallLinkInfo,WTF::PackedPtrTraits<JSC::LLIntCallLinkInfo>>,1>
-               m_storage       { size=6 }      std::array<unsigned char,6>
                [0]     0 '\0'  unsigned char
                [1]     0 '\0'  unsigned char
                [2]     195 'Ã' unsigned char
                [3]     2 '\x2' unsigned char
                [4]     0 '\0'  unsigned char
                [5]     0 '\0'  unsigned char
+               [Raw View]      {_Elems=0x0000025b5b1e55ce "" } std::array<unsigned char,6>

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20191120/034d03bb/attachment.htm>

More information about the webkit-unassigned mailing list