<html>
<head>
<base href="https://bugs.webkit.org/" />
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - ASSERTION FAILED: offset == static_cast<int32_t>(offset) with useLLInt=false and useJIT=false"
href="https://bugs.webkit.org/show_bug.cgi?id=144921">144921</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>ASSERTION FAILED: offset == static_cast<int32_t>(offset) with useLLInt=false and useJIT=false
</td>
</tr>
<tr>
<th>Classification</th>
<td>Unclassified
</td>
</tr>
<tr>
<th>Product</th>
<td>WebKit
</td>
</tr>
<tr>
<th>Version</th>
<td>528+ (Nightly build)
</td>
</tr>
<tr>
<th>Hardware</th>
<td>Unspecified
</td>
</tr>
<tr>
<th>OS</th>
<td>Unspecified
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>Normal
</td>
</tr>
<tr>
<th>Priority</th>
<td>P2
</td>
</tr>
<tr>
<th>Component</th>
<td>JavaScriptCore
</td>
</tr>
<tr>
<th>Assignee</th>
<td>webkit-unassigned@lists.webkit.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>basile_clement@apple.com
</td>
</tr></table>
<p>
<div>
<pre>Created <span class=""><a href="attachment.cgi?id=252975" name="attach_252975" title="Failing test">attachment 252975</a> <a href="attachment.cgi?id=252975&action=edit" title="Failing test">[details]</a></span>
Failing test
Running the following command segfaults on the system jsc:
$ jsc --useLLInt=false --useJIT=false native_call.js
OK
OK
Segmentation fault: 11
With a ToT debug build I get:
$ DYLD_FRAMEWORK_PATH=WebKitBuild/Debug/ WebKitBuild/Debug/jsc --useLLInt=false --useJIT=false native_call.js
OK
ASSERTION FAILED: offset == static_cast<int32_t>(offset)
/Volumes/Data/secondary/OpenSource/Source/JavaScriptCore/assembler/X86Assembler.h(2327) : static void JSC::X86Assembler::setRel32(void *, void *)
1 0x10ad9d7e0 WTFCrash
2 0x10a3b9159 JSC::X86Assembler::setRel32(void*, void*)
3 0x10a98c0fd JSC::X86Assembler::relinkCall(void*, void*)
4 0x10a98c0d8 JSC::AbstractMacroAssembler<JSC::X86Assembler, JSC::MacroAssemblerX86Common>::repatchNearCall(JSC::CodeLocationNearCall, JSC::CodeLocationLabel)
5 0x10acb2861 JSC::RepatchBuffer::relink(JSC::CodeLocationNearCall, JSC::MacroAssemblerCodePtr)
6 0x10acaa408 JSC::linkFor(JSC::ExecState*, JSC::CallLinkInfo&, JSC::CodeBlock*, JSC::JSFunction*, JSC::MacroAssemblerCodePtr, JSC::CodeSpecializationKind, JSC::RegisterPreservationMode)
7 0x10a9aa5ad linkFor
8 0x10a9a4cb6 operationLinkCall
9 0x2ec507e0103c
10 0x2ec507e01b5e
11 0x2ec507e016b4
12 0x10ab31a49 vmEntryToJavaScript
13 0x10a993c6a JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*)
14 0x10a9773a1 JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::JSObject*)
15 0x10a4a03c0 JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, JSC::JSValue*)
16 0x10a30fa24 runWithScripts(GlobalObject*, WTF::Vector<Script, 0ul, WTF::CrashOnOverflow, 16ul> const&, bool)
17 0x10a30efe6 jscmain(int, char**)
18 0x10a30eb01 main
19 0x7fff904435c9 start
Segmentation fault: 11
The attachment uses print() but any native function seem to work as well.</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are the assignee for the bug.</li>
</ul>
</body>
</html>