<html>
<head>
<base href="https://bugs.webkit.org/" />
</head>
<body><span class="vcard"><a class="email" href="mailto:ossy@webkit.org" title="Csaba Osztrogonác <ossy@webkit.org>"> <span class="fn">Csaba Osztrogonác</span></a>
</span> changed
<a class="bz_bug_link
bz_status_NEW "
title="NEW - [ARM] ASSERTION FAILED: !(reinterpret_cast<intptr_t>(to) & 1) on Linux"
href="https://bugs.webkit.org/show_bug.cgi?id=154857">bug 154857</a>
<br>
<table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>What</th>
<th>Removed</th>
<th>Added</th>
</tr>
<tr>
<td style="text-align:right;">CC</td>
<td>
</td>
<td>fpizlo@apple.com, mark.lam@apple.com, msaboff@apple.com, ossy@webkit.org, utatane.tea@gmail.com
</td>
</tr></table>
<p>
<div>
<b><a class="bz_bug_link
bz_status_NEW "
title="NEW - [ARM] ASSERTION FAILED: !(reinterpret_cast<intptr_t>(to) & 1) on Linux"
href="https://bugs.webkit.org/show_bug.cgi?id=154857#c2">Comment # 2</a>
on <a class="bz_bug_link
bz_status_NEW "
title="NEW - [ARM] ASSERTION FAILED: !(reinterpret_cast<intptr_t>(to) & 1) on Linux"
href="https://bugs.webkit.org/show_bug.cgi?id=154857">bug 154857</a>
from <span class="vcard"><a class="email" href="mailto:ossy@webkit.org" title="Csaba Osztrogonác <ossy@webkit.org>"> <span class="fn">Csaba Osztrogonác</span></a>
</span></b>
<pre>Linking call in localeCompare#CjXQDP:[0xb2a691d0->0xb2a3e2e0, BaselineFunctionCall, 252 (StrictMode)] at bc#173 to (null), entrypoint at CodePtr(executable = 0xb0a1e821, dataLocation = 0xb0a1e820)
ASSERTION FAILED: !(reinterpret_cast<intptr_t>(to) & 1)
../../Source/JavaScriptCore/assembler/ARMv7Assembler.h(2206) : static void JSC::ARMv7Assembler::relinkJump(void*, void*)
1 0xb650ca3c WTFCrash
2 0xb6012fb8 JSC::ARMv7Assembler::relinkJump(void*, void*)
3 0xb6229ca4 JSC::AbstractMacroAssembler<JSC::ARMv7Assembler, JSC::MacroAssemblerARMv7>::repatchNearCall(JSC::CodeLocationNearCall, JSC::CodeLocationLabel)
4 0xb6226d0a JSC::linkFor(JSC::ExecState*, JSC::CallLinkInfo&, JSC::CodeBlock*, JSC::JSFunction*, JSC::MacroAssemblerCodePtr)
5 0xb620815e
Generated Baseline JIT code for localeCompare#CjXQDP:[0xb2a691d0->0xb2a3e2e0, BaselineFunctionCall, 252 (StrictMode)], instruction count = 252
Source: function (that) { "use strict"; if (this === null) throw new @TypeError("String.prototype.localeCompare requires that |this| not be null"); if (this === @undefined) throw new @TypeError("String.prototype.localeCompare requires that |this| not be undefined"); var thisString = @toString(this); var thatString = @toString(that); if (arguments[1] === @undefined && arguments[2] === @undefined) return @Collator.prototype.compare(thisString, thatString); var collator = new @Collator(arguments[1], arguments[2]); return collator.compare(thisString, thatString); }
Code at [0xb0a1e920, 0xb0a20124):
....
[ 173] tail_call loc9, loc9, 3, 18 status(Could Take Slow Path) NonArray; predicting None
....
It seems the assertion hits near tail call which was added in
<a href="http://trac.webkit.org/changeset/189884">http://trac.webkit.org/changeset/189884</a> (<a class="bz_bug_link
bz_status_RESOLVED bz_closed"
title="RESOLVED FIXED - [ES6] Implement tail calls in the LLInt and Baseline JIT"
href="show_bug.cgi?id=148661">bug148661</a>) near half year ago.
Could you possible give us any hint what can be the problem here?</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are the assignee for the bug.</li>
</ul>
</body>
</html>