[Webkit-unassigned] [Bug 202844] New: Invalid instruction generated for ARM_THUMB2 in llint
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Oct 11 02:05:09 PDT 2019
https://bugs.webkit.org/show_bug.cgi?id=202844
Bug ID: 202844
Summary: Invalid instruction generated for ARM_THUMB2 in llint
Product: WebKit
Version: WebKit Nightly Build
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: JavaScriptCore
Assignee: webkit-unassigned at lists.webkit.org
Reporter: pmatos at igalia.com
Post bug 197993 (r250806), JSC 32bit started failing with many segmentation faults.
Debugging the segfault we see that we are hitting addresses that shouldn't be reachable.
0x2582ee <llint_op_call+314> blx r0
>│0x2582f0 <llint_op_call+316> eorseq lr, r4, r8, lsr sp
0x2582f4 <llint_op_call+320> andeq r2, r0, r8, rrx
0x2582f8 <llint_op_call+324> ldr r2, [r7, #8]
LLIntAssembly.h looks like:
OFFLINE_ASM_LOCAL_LABEL(_offlineasm_callOp__commonCallOp__llintOpWithMetadata__llintOpWithRe
turn__llintOp__commonOp__fn__fn__makeReturn__fn__fn__fn__slowPathForCall__callCallSlowPath__51
1_action__dontUpdateSP)
"\tmovw r10, #55459\n" // /home/pmatos/dev/igalia/WebKit
/Source/JavaScriptCore/llint/LowLevelInterpreter.asm:256
"\tblx r0\n" // /home/pmatos/dev/igalia/WebKit/Source/JavaScriptCore/llint/LowLevelInterpreter.asm:952
"\t" LOCAL_LABEL_STRING(offlineasm_arm_got_1020) ":\n"
"\t.word _GLOBAL_OFFSET_TABLE_-(" LOCAL_LABEL_STRING(offlineasm_arm_got_offset_1020) "+4)\n"
"\t.word " LOCAL_REFERENCE(g_opcodeMap) "(GOT)\n"
OFFLINE_ASM_GLUE_LABEL(op_construct_slow_return_location_wide32)
"\tldr r2, [r7, #8]\n"
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20191011/7b6f0bf6/attachment.html>
More information about the webkit-unassigned
mailing list